Jump to content

Redirect after ComboFix, CF Log + HJT Log attached


Recommended Posts

Dear all,

Your expertise is most welcome and appreciated.

I'm fighting a redirect and hightacks ie8 and firefox and causes chrome to crash.

I'm running malwarebytes, avast, adaware and (ad hoc) sypbot. Also the pc has McAfee Securift Scan (free) that mostly wants to sell me their software I canceled after this one got through. These didnt find anything on the scans.

My guess is that maybe it is from a fake java, ie or antivirus update but that is jsut a guess.

ComboFix found something but i'm still being redirected.

Logs for Combofix and HJT follow. My direct email is das_fmr@msn.com. Thanks much.

***ComboFix Log***

ComboFix 10-08-24.0B - Dean Slack 08/25/2010 10:13:29.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.3070 [GMT -4:00]

Running from: c:\documents and settings\Dean Slack\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\pswi_preloaded.exe

c:\documents and settings\Dean Slack\GoToAssistDownloadHelper.exe

c:\documents and settings\NetworkService\Local Settings\Application Data\uhbpgsgwu

c:\documents and settings\NetworkService\Local Settings\Application Data\uhbpgsgwu\vsjlbctshdw.exe

C:\UNWISE.EXE

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_IAS

-------\Service_6to4

-------\Service_Ias

((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))

.

2010-08-19 17:56 . 2010-03-18 23:11 23360 ----a-w- c:\windows\system32\Ckldrv.sys

2010-08-19 17:56 . 2010-03-18 20:25 126976 ----a-w- c:\windows\system32\Crypserv.exe

2010-08-19 17:56 . 2010-01-20 16:28 11776 ----a-w- c:\windows\Ckrfresh.exe

2010-08-19 17:56 . 2010-01-20 16:28 165888 ----a-r- c:\windows\Ckconfig.exe

2010-08-19 17:52 . 2010-03-18 21:11 267304 ----a-w- c:\temp\cks.exe

2010-08-19 17:52 . 2010-03-18 21:11 271672 ----a-w- c:\temp\SetupEx.exe

2010-08-19 17:52 . 2010-08-19 17:57 -------- d-----w- C:\temp

2010-08-19 14:06 . 2010-08-19 14:06 12872 ----a-w- c:\windows\system32\bootdelete.exe

2010-08-18 15:29 . 2010-08-18 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Editor Software

2010-08-11 15:10 . 2010-08-11 15:10 -------- d-----w- c:\program files\Editor Software

2010-08-11 15:09 . 2010-08-11 15:09 -------- d-----w- c:\documents and settings\Dean Slack\Local Settings\Application Data\Downloaded Installations

2010-08-10 17:41 . 1996-08-24 05:11 27632 ----a-w- c:\windows\system\CTL3DV2.DLL

2010-08-10 17:41 . 2010-08-10 17:41 -------- d-----w- c:\program files\Home Attorney

2010-08-10 17:38 . 2010-08-10 17:38 -------- d-----w- c:\program files\Business Attorney

2010-08-09 19:28 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-09 17:51 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-09 17:49 . 2010-08-09 17:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-08-09 17:49 . 2010-08-09 17:49 -------- d-----w- c:\program files\Lavasoft

2010-08-09 12:24 . 2010-08-09 12:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee

2010-08-05 13:29 . 2010-08-05 13:29 123584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-08-05 11:22 . 2010-08-05 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-08-05 11:22 . 2010-08-09 12:21 -------- d-----w- c:\program files\McAfee Security Scan

2010-08-03 18:43 . 2010-08-03 18:43 -------- d-----w- c:\program files\Common Files\Java

2010-08-02 21:56 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-02 21:56 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-08-02 21:56 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-02 21:56 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-08-02 21:56 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-08-02 21:55 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-08-02 21:55 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-08-02 21:55 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-08-02 21:55 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-08-02 21:55 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-08-02 21:55 . 2008-04-14 02:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-08-02 21:55 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-08-02 21:53 . 2001-08-17 16:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-08-02 21:52 . 2001-08-18 02:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2010-08-02 21:51 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-02 21:50 . 2001-08-17 16:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-08-02 21:49 . 2008-04-14 04:06 5888 -c--a-w- c:\windows\system32\dllcache\smbali.sys

2010-08-02 21:48 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-02 21:47 . 2001-08-17 18:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2010-08-02 21:46 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-02 21:45 . 2008-04-14 09:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2010-08-02 21:44 . 2001-08-17 16:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys

2010-08-02 21:43 . 2001-08-17 16:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys

2010-08-02 21:42 . 2008-04-14 04:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2010-08-02 21:41 . 2001-08-17 17:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2010-08-02 21:40 . 2008-04-14 09:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2010-08-02 21:39 . 2001-08-17 18:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys

2010-08-02 21:38 . 2001-08-17 17:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys

2010-08-02 21:37 . 2008-04-14 04:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2010-08-02 21:36 . 2008-04-14 02:06 137088 -c--a-w- c:\windows\system32\dllcache\essm2e.sys

2010-08-02 21:35 . 2008-04-14 04:10 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys

2010-08-02 21:34 . 2001-08-17 16:19 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys

2010-08-02 21:33 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-08-02 21:32 . 2008-04-14 02:04 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys

2010-08-02 21:31 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-08-02 19:29 . 2010-08-02 19:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-08-02 17:42 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-02 17:42 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-02 17:42 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-02 17:42 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-02 17:42 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-08-02 17:42 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-08-02 17:42 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-02 17:42 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-02 17:42 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-02 17:42 . 2010-08-02 17:42 -------- d-----w- c:\program files\Alwil Software

2010-08-02 17:42 . 2010-08-02 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-02 17:12 . 2010-08-02 17:12 -------- d-----w- c:\program files\Registry Distiller 1.03

2010-08-02 17:01 . 2010-08-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix

2010-08-02 17:00 . 2010-08-02 17:00 -------- d-----w- c:\program files\Citrix

2010-08-02 16:43 . 2010-08-02 16:43 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\WeatherBug

2010-08-02 16:42 . 2010-08-02 16:42 -------- d-----w- c:\program files\AWS

2010-08-02 15:57 . 2010-06-24 21:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-08-02 15:57 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-08-02 15:57 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-08-02 15:57 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-08-02 15:57 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-08-02 15:57 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-08-02 15:57 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-02 15:57 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-08-02 15:12 . 2010-08-02 15:12 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys

2010-08-02 13:25 . 2008-06-13 11:05 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys

2010-08-02 13:03 . 2010-04-28 02:25 2189952 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-08-02 00:26 . 2008-04-14 12:00 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll

2010-08-02 00:25 . 2008-04-14 12:00 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe

2010-08-02 00:23 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2010-08-01 22:45 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-08-01 22:45 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2010-08-01 22:45 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-08-01 22:45 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-08-01 20:39 . 2010-08-01 20:39 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com

2010-08-01 20:39 . 2010-08-01 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-01 18:42 . 2010-08-01 21:27 -------- d-----w- c:\windows\system32\MpEngineStore

2010-08-01 18:28 . 2010-08-01 18:28 -------- d-----w- c:\windows\Dell

2010-08-01 17:41 . 2010-08-01 17:41 0 ----a-w- c:\windows\nsreg.dat

2010-08-01 17:41 . 2010-08-01 17:41 -------- d-----w- c:\documents and settings\Dean Slack\Local Settings\Application Data\Mozilla

2010-08-01 16:16 . 2010-08-01 16:16 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Malwarebytes

2010-08-01 16:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-01 16:15 . 2010-08-01 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-01 16:15 . 2010-08-01 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-01 16:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\DVDVideoSoft

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search

2010-07-30 20:46 . 2010-08-19 13:41 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-07-30 20:45 . 2010-07-30 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-07-30 20:45 . 2010-07-30 20:49 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-07-30 16:56 . 2010-07-30 16:56 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-30 16:53 . 2010-07-30 16:53 -------- d-----w- c:\documents and settings\Dean Slack\Local Settings\Application Data\Sunbelt Software

2010-07-30 16:52 . 2010-08-09 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-30 14:06 . 2010-08-01 16:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-30 14:06 . 2010-07-30 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-28 19:51 . 2010-07-28 19:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-25 12:58 . 2009-11-09 21:27 -------- d-----w- c:\program files\QuickTime

2010-08-25 12:58 . 2010-01-12 22:38 -------- d-----w- c:\program files\DVDVideoSoft

2010-08-24 23:37 . 2010-05-25 14:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-24 22:27 . 2009-07-22 19:14 -------- d-----w- c:\program files\Microsoft Small Business

2010-08-24 15:53 . 2009-07-24 21:18 4 ----a-w- c:\windows\vx86036.dat

2010-08-23 20:47 . 2010-08-23 20:47 2767794 ----a-w- c:\documents and settings\All Users\SPL8.tmp

2010-08-18 22:29 . 2009-07-24 12:15 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-18 16:53 . 2010-08-18 16:53 5828444 ----a-w- c:\documents and settings\All Users\SPL35.tmp

2010-08-18 15:29 . 2009-07-13 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-13 17:17 . 2009-07-25 21:06 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\AdobeUM

2010-08-10 17:30 . 2009-07-24 02:19 -------- d-----w- c:\program files\Glary Utilities

2010-08-05 14:15 . 2009-07-24 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-08-05 11:22 . 2009-07-22 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-08-04 01:50 . 2009-10-31 13:10 -------- d-----w- c:\program files\SPSS

2010-08-03 19:13 . 2009-07-22 18:57 -------- d-----w- c:\program files\McAfee

2010-08-03 19:13 . 2009-07-22 18:57 -------- d-----w- c:\program files\Common Files\McAfee

2010-08-03 18:43 . 2010-08-03 18:43 61440 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-26964190-n\decora-sse.dll

2010-08-03 18:43 . 2010-08-03 18:43 503808 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\msvcp71.dll

2010-08-03 18:43 . 2010-08-03 18:43 499712 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\jmc.dll

2010-08-03 18:43 . 2010-08-03 18:43 348160 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\msvcr71.dll

2010-08-03 18:43 . 2010-08-03 18:43 12800 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-26964190-n\decora-d3d.dll

2010-08-03 18:43 . 2009-07-13 18:46 -------- d-----w- c:\program files\Java

2010-08-02 19:45 . 2009-07-23 01:25 -------- d-----w- c:\program files\Dell 968 AIO Printer

2010-08-02 16:42 . 2010-08-02 16:42 18944 ----a-r- c:\documents and settings\Dean Slack\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2010-08-02 16:42 . 2010-08-02 16:42 11264 ----a-r- c:\documents and settings\Dean Slack\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe

2010-08-02 15:42 . 2009-11-10 00:02 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Apple Computer

2010-08-02 15:38 . 2010-07-30 19:03 112 ----a-w- c:\documents and settings\All Users\Application Data\w5Lg7QxAV.dat

2010-08-02 15:28 . 2010-08-01 20:40 63488 ----a-w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-02 15:28 . 2010-08-01 20:40 117760 ----a-w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-02 15:05 . 2009-07-13 19:03 51200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-02 15:01 . 2009-07-13 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic

2010-08-02 14:42 . 2010-01-30 16:18 -------- d-----w- c:\program files\SystemRequirementsLab

2010-08-02 00:56 . 2010-01-15 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall

2010-08-02 00:56 . 2009-07-13 19:10 -------- d-----w- c:\program files\Roxio

2010-08-02 00:56 . 2009-07-13 19:09 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-08-02 00:55 . 2010-08-02 00:55 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-08-02 00:41 . 2009-07-13 19:15 51200 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-02 00:39 . 2009-07-14 01:34 -------- d-----w- c:\program files\DellTPad

2010-08-02 00:22 . 2008-04-25 21:27 23444 ----a-w- c:\windows\system32\emptyregdb.dat

2010-08-01 21:26 . 2009-07-13 19:00 -------- d-----w- c:\program files\Wave Systems Corp

2010-08-01 20:40 . 2010-08-01 20:40 52224 ------w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-01 18:07 . 2009-07-22 17:43 0 ------w- c:\documents and settings\Dean Slack\Local Settings\Application Data\WavXMapDrive.bat

2010-07-17 21:09 . 2009-07-22 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-17 09:00 . 2010-04-22 12:30 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-15 23:11 . 2009-08-06 22:30 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\U3

2010-07-12 08:56 . 2010-08-09 17:49 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Scientific Software

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\program files\Scientific Software

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Scientific Software

2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 12:23 . 2010-06-23 12:23 501936 ------w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb32.tmp.exe

2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 20:30 . 2010-06-18 20:30 5095017 ------w- c:\documents and settings\All Users\SPLB5.tmp

2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-15 16:51 . 2010-06-15 16:51 872964 ------w- c:\documents and settings\All Users\SPLB8.tmp

2010-06-15 15:11 . 2010-06-15 15:11 5102928 ------w- c:\documents and settings\All Users\SPL3B.tmp

2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-12 22:35 . 2010-06-12 22:35 2159732 ------w- c:\documents and settings\All Users\SPL8C.tmp

2010-06-07 02:10 . 2010-06-07 02:10 1355037 ------w- c:\documents and settings\All Users\SPL42.tmp

2008-03-13 23:59 . 2008-03-13 23:59 108 --sha-r- c:\windows\neoqaz2.dll

2009-09-25 21:57 . 2009-07-29 11:43 88 --sha-r- c:\windows\system32\332FC4176A.sys

2009-09-25 21:58 . 2009-07-29 11:42 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

<pre>
c:\program files\Boingo\Boingo Wi-Fi\Boingo .exe
c:\program files\CardScan\CardScan\CardScanAgent .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX .exe
c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12 .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint .exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM .exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService .exe
c:\program files\Dell\Latitude ON Reader Data\BIOSEvent .exe
c:\program files\Dell\Latitude ON Reader Data\CLIVFR .exe
c:\program files\Dell 968 AIO Printer\dldomon .exe
c:\program files\Dell 968 AIO Printer\fm3032 .exe
c:\program files\Dell 968 AIO Printer\memcard .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
c:\program files\Hitman Pro 3.5\HitmanPro35 .exe
c:\program files\HP\hpcoretech\hpcmpmgr .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\Roxio 2010\5.0\CPMonitor .exe
c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Wave Systems Corp\SecureUpgrade .exe
c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
c:\windows\OA001Mon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-06-30 1652736]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TDxVGAUTIL"="c:\windows\system32\TDxVGAUTIL.EXE" [2007-08-01 237568]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]

"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]

"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico [2010-1-15 29310]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]

backup=c:\windows\pss\Dell ControlPoint System Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UltraMon.lnk]

backup=c:\windows\pss\UltraMon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dean Slack^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]

2009-03-17 01:57 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]

2009-02-26 21:53 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbSound]

cmcnfgu.cpl [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]

2009-04-10 16:08 1810432 ----a-w- c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]

2009-03-19 22:25 667648 ----a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]

2010-07-30 12:54 388608 ----a-w- c:\downloads\Hijack This AntiVirus\HijackThis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 21:08 166912 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 21:08 134656 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 21:08 134656 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"TdmService"=2 (0x2)

"STacSV"=2 (0x2)

"SMManager"=2 (0x2)

"SeaPort"=2 (0x2)

"RoxWatch9"=2 (0x2)

"RoxWatch12"=2 (0x2)

"RoxMediaDB9"=3 (0x3)

"RoxMediaDB12"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"MDM"=2 (0x2)

"LBTServ"=3 (0x3)

"Lavasoft Ad-Aware Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"IntuitUpdateService"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"dcpsysmgrsvc"=2 (0x2)

"buttonsvc32"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\dldocoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\Wireless\\dldowpss.exe"=

"c:\\WINDOWS\\system32\\dldocfg.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldomon .exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/9/2010 1:51 PM 64288]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/2/2010 1:42 PM 165456]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/2/2010 1:42 PM 17744]

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]

R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [4/10/2009 1:08 PM 77824]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 3:11 AM 17184]

R3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [10/11/2009 1:48 PM 27135]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/13/2009 5:28 PM 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [7/13/2009 5:28 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/13/2009 5:28 PM 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/13/2009 5:28 PM 109568]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [7/13/2009 5:28 PM 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [7/13/2009 5:28 PM 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [7/13/2009 5:28 PM 280096]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [7/13/2009 3:09 PM 232744]

R3 TdxMrMINI;TdxMrMINI;c:\windows\system32\drivers\TdxMrMini.sys [10/11/2009 1:48 PM 249600]

R3 TdxVGAMINI;TdxVGAMINI;c:\windows\system32\drivers\TdxVgaMini.sys [10/11/2009 1:48 PM 252160]

R3 TdxVGAUSB;TARGUS USB2.0 VGA DOCK DEVICE(USB);c:\windows\system32\drivers\TdxVGAUSB.SYS [10/11/2009 1:48 PM 33280]

S0 cerc6;cerc6; [x]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/13/2010 6:50 AM 15008]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [8/13/2009 4:11 PM 33024]

S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [8/13/2009 4:11 PM 41344]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [8/13/2009 4:11 PM 39936]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [8/13/2009 4:11 PM 59904]

S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

S4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]

S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]

S4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]

S4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 3:02 PM 447264]

S4 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [7/22/2009 9:32 PM 99568]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 11:18 AM 135664]

S4 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]

S4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]

.

Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 10:49]

2010-08-25 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-07-24 15:21]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:17]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:17]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3126383029-2725622883-1919746972-1005Core.job

- c:\documents and settings\Dean Slack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-03 00:53]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3126383029-2725622883-1919746972-1005UA.job

- c:\documents and settings\Dean Slack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-03 00:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: cinemanow.com

Trusted Zone: intuit.com\ttlc

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

FF - ProfilePath - c:\documents and settings\Dean Slack\Application Data\Mozilla\Firefox\Profiles\y22ac2x0.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\documents and settings\Dean Slack\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-25 10:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\WININET.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

c:\windows\System32\TdmNetworkProvider.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL

c:\windows\system32\NetProvCredMan.dll

- - - - - - - > 'lsass.exe'(972)

c:\windows\system32\WININET.dll

c:\windows\system32\wvauth.dll

- - - - - - - > 'explorer.exe'(3864)

c:\windows\system32\WININET.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\program files\UltraMon\RTSUltraMonHook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NetProvCredMan.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\crypserv.exe

c:\windows\system32\dldocoms.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\UltraMon\UltraMon.exe

c:\program files\UltraMon\UltraMonTaskbar.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-08-25 10:49:54 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-25 14:48

Pre-Run: 178,210,717,696 bytes free

Post-Run: 178,159,824,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 30D884EC546FF22D544F48539AC740AD

***HJT Log***

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:55:34 AM, on 8/25/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\dldocoms.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\TDxVGAUTIL.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Dell 968 AIO Printer\dldomon.exe

C:\Program Files\Dell 968 AIO Printer\memcard.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe

C:\Downloads\Hijack This AntiVirus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [TDxVGAUTIL] C:\WINDOWS\system32\TDxVGAUTIL.EXE

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"

O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: UltraMon.lnk = ?

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab

O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: CrypKey License - CrypKey (Canada) Ltd. - C:\WINDOWS\system32\crypserv.exe

O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe

O23 - Service: Intel

Link to post
Share on other sites

Hi,

Please remove your copy of ComboFix.exe from the Desktop.

Then download the latest version of ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

Please remove your copy of ComboFix.exe from the Desktop.

Then download the latest version of ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

= = =

Dear Gammo,

Thanks. I am glad you are there to help me.

I followed your instructions. ere is the log:

ComboFix 10-08-27.03 - Dean Slack 08/28/2010 11:39:06.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.3089 [GMT -4:00]

Running from: c:\documents and settings\Dean Slack\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))

.

2010-08-26 12:58 . 2010-08-26 12:58 53248 ----a-r- c:\documents and settings\Dean Slack\Application Data\Microsoft\Installer\{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}\ARPPRODUCTICON.exe

2010-08-19 17:56 . 2010-03-18 23:11 23360 ----a-w- c:\windows\system32\Ckldrv.sys

2010-08-19 17:56 . 2010-03-18 20:25 126976 ----a-w- c:\windows\system32\Crypserv.exe

2010-08-19 17:56 . 2010-01-20 16:28 11776 ----a-w- c:\windows\Ckrfresh.exe

2010-08-19 17:56 . 2010-01-20 16:28 165888 ----a-r- c:\windows\Ckconfig.exe

2010-08-19 17:52 . 2010-03-18 21:11 267304 ----a-w- c:\temp\cks.exe

2010-08-19 17:52 . 2010-03-18 21:11 271672 ----a-w- c:\temp\SetupEx.exe

2010-08-19 17:52 . 2010-08-19 17:57 -------- d-----w- C:\temp

2010-08-19 14:06 . 2010-08-19 14:06 12872 ----a-w- c:\windows\system32\bootdelete.exe

2010-08-18 15:29 . 2010-08-18 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Editor Software

2010-08-11 15:10 . 2010-08-11 15:10 -------- d-----w- c:\program files\Editor Software

2010-08-11 15:09 . 2010-08-11 15:09 -------- d-----w- c:\documents and settings\Dean Slack\Local Settings\Application Data\Downloaded Installations

2010-08-10 17:41 . 1996-08-24 05:11 27632 ----a-w- c:\windows\system\CTL3DV2.DLL

2010-08-10 17:41 . 2010-08-10 17:41 -------- d-----w- c:\program files\Home Attorney

2010-08-10 17:38 . 2010-08-10 17:38 -------- d-----w- c:\program files\Business Attorney

2010-08-09 19:28 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-09 17:51 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-09 17:49 . 2010-08-09 17:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-08-09 17:49 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-08-09 17:49 . 2010-08-09 17:49 -------- d-----w- c:\program files\Lavasoft

2010-08-09 12:24 . 2010-08-09 12:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee

2010-08-05 13:29 . 2010-08-05 13:29 123584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-08-03 18:43 . 2010-08-03 18:43 -------- d-----w- c:\program files\Common Files\Java

2010-08-03 18:43 . 2010-08-03 18:43 61440 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-26964190-n\decora-sse.dll

2010-08-03 18:43 . 2010-08-03 18:43 503808 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\msvcp71.dll

2010-08-03 18:43 . 2010-08-03 18:43 499712 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\jmc.dll

2010-08-03 18:43 . 2010-08-03 18:43 348160 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\msvcr71.dll

2010-08-03 18:43 . 2010-08-03 18:43 12800 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-26964190-n\decora-d3d.dll

2010-08-02 21:56 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-02 21:56 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-08-02 21:56 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-02 21:56 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-08-02 21:56 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-08-02 21:55 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-08-02 21:55 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-08-02 21:55 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-08-02 21:55 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-08-02 21:55 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-08-02 21:55 . 2008-04-14 02:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-08-02 21:55 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-08-02 21:53 . 2001-08-17 16:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-08-02 21:52 . 2001-08-18 02:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2010-08-02 21:51 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-02 21:50 . 2001-08-17 16:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-08-02 21:49 . 2008-04-14 04:06 5888 -c--a-w- c:\windows\system32\dllcache\smbali.sys

2010-08-02 21:48 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-02 21:47 . 2001-08-17 18:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2010-08-02 21:46 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-02 21:45 . 2008-04-14 09:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2010-08-02 21:44 . 2001-08-17 16:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys

2010-08-02 21:43 . 2001-08-17 16:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys

2010-08-02 21:42 . 2008-04-14 04:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2010-08-02 21:41 . 2001-08-17 17:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2010-08-02 21:40 . 2008-04-14 09:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2010-08-02 21:39 . 2001-08-17 18:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys

2010-08-02 21:38 . 2001-08-17 17:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys

2010-08-02 21:37 . 2008-04-14 04:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2010-08-02 21:36 . 2008-04-14 02:06 137088 -c--a-w- c:\windows\system32\dllcache\essm2e.sys

2010-08-02 21:35 . 2008-04-14 04:10 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys

2010-08-02 21:34 . 2001-08-17 16:19 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys

2010-08-02 21:33 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-08-02 21:32 . 2008-04-14 02:04 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys

2010-08-02 21:31 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-08-02 19:29 . 2010-08-02 19:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-08-02 17:42 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-02 17:42 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-02 17:42 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-02 17:42 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-02 17:42 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-08-02 17:42 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-08-02 17:42 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-02 17:42 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-02 17:42 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-02 17:42 . 2010-08-02 17:42 -------- d-----w- c:\program files\Alwil Software

2010-08-02 17:42 . 2010-08-02 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-02 17:12 . 2010-08-02 17:12 -------- d-----w- c:\program files\Registry Distiller 1.03

2010-08-02 17:01 . 2010-08-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix

2010-08-02 17:00 . 2010-08-02 17:00 -------- d-----w- c:\program files\Citrix

2010-08-02 16:43 . 2010-08-02 16:43 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\WeatherBug

2010-08-02 16:42 . 2010-08-02 16:42 18944 ----a-r- c:\documents and settings\Dean Slack\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2010-08-02 16:42 . 2010-08-02 16:42 11264 ----a-r- c:\documents and settings\Dean Slack\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe

2010-08-02 16:42 . 2010-08-02 16:42 -------- d-----w- c:\program files\AWS

2010-08-02 15:57 . 2010-06-24 21:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-08-02 15:57 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-08-02 15:57 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-08-02 15:57 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-08-02 15:57 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-08-02 15:57 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-08-02 15:57 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-02 15:57 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-08-02 15:12 . 2010-08-02 15:12 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys

2010-08-02 13:25 . 2008-06-13 11:05 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys

2010-08-02 13:03 . 2010-04-28 02:25 2189952 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-08-02 00:26 . 2008-04-14 12:00 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll

2010-08-02 00:25 . 2008-04-14 12:00 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe

2010-08-02 00:23 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2010-08-01 22:45 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-08-01 22:45 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2010-08-01 22:45 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-08-01 22:45 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-08-01 20:40 . 2010-08-02 15:28 63488 ----a-w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-01 20:40 . 2010-08-01 20:40 52224 ------w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-01 20:40 . 2010-08-02 15:28 117760 ----a-w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-01 20:39 . 2010-08-01 20:39 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com

2010-08-01 20:39 . 2010-08-01 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-01 18:42 . 2010-08-01 21:27 -------- d-----w- c:\windows\system32\MpEngineStore

2010-08-01 18:28 . 2010-08-01 18:28 -------- d-----w- c:\windows\Dell

2010-08-01 17:41 . 2010-08-01 17:41 0 ----a-w- c:\windows\nsreg.dat

2010-08-01 17:41 . 2010-08-01 17:41 -------- d-----w- c:\documents and settings\Dean Slack\Local Settings\Application Data\Mozilla

2010-08-01 16:16 . 2010-08-01 16:16 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Malwarebytes

2010-08-01 16:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-01 16:15 . 2010-08-01 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-01 16:15 . 2010-08-01 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-01 16:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\DVDVideoSoft

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search

2010-07-30 20:46 . 2010-08-19 13:41 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-07-30 20:45 . 2010-07-30 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-07-30 20:45 . 2010-07-30 20:49 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-07-30 16:56 . 2010-07-30 16:56 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-30 16:53 . 2010-07-30 16:53 -------- d-----w- c:\documents and settings\Dean Slack\Local Settings\Application Data\Sunbelt Software

2010-07-30 16:52 . 2010-08-09 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-26 16:23 . 2010-05-25 14:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-26 12:57 . 2009-07-25 18:10 256 ----a-w- c:\windows\system32\pool.bin

2010-08-26 12:42 . 2009-12-29 19:39 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\uTorrent

2010-08-25 12:58 . 2009-11-09 21:27 -------- d-----w- c:\program files\QuickTime

2010-08-24 22:27 . 2009-07-22 19:14 -------- d-----w- c:\program files\Microsoft Small Business

2010-08-24 15:53 . 2009-07-24 21:18 4 ----a-w- c:\windows\vx86036.dat

2010-08-23 20:47 . 2010-08-23 20:47 2767794 ----a-w- c:\documents and settings\All Users\SPL8.tmp

2010-08-18 22:29 . 2009-07-24 12:15 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-18 16:53 . 2010-08-18 16:53 5828444 ----a-w- c:\documents and settings\All Users\SPL35.tmp

2010-08-18 15:29 . 2009-07-13 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-13 17:17 . 2009-07-25 21:06 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\AdobeUM

2010-08-10 17:30 . 2009-07-24 02:19 -------- d-----w- c:\program files\Glary Utilities

2010-08-05 14:15 . 2009-07-24 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-08-05 11:22 . 2009-07-22 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-08-04 01:50 . 2009-10-31 13:10 -------- d-----w- c:\program files\SPSS

2010-08-03 19:13 . 2009-07-22 18:57 -------- d-----w- c:\program files\McAfee

2010-08-03 19:13 . 2009-07-22 18:57 -------- d-----w- c:\program files\Common Files\McAfee

2010-08-03 18:43 . 2009-07-13 18:46 -------- d-----w- c:\program files\Java

2010-08-02 19:45 . 2009-07-23 01:25 -------- d-----w- c:\program files\Dell 968 AIO Printer

2010-08-02 15:42 . 2009-11-10 00:02 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Apple Computer

2010-08-02 15:38 . 2010-07-30 19:03 112 ----a-w- c:\documents and settings\All Users\Application Data\w5Lg7QxAV.dat

2010-08-02 15:05 . 2009-07-13 19:03 51200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-02 15:01 . 2009-07-13 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic

2010-08-02 14:42 . 2010-01-30 16:18 -------- d-----w- c:\program files\SystemRequirementsLab

2010-08-02 00:56 . 2010-01-15 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall

2010-08-02 00:56 . 2009-07-13 19:10 -------- d-----w- c:\program files\Roxio

2010-08-02 00:56 . 2009-07-13 19:09 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-08-02 00:55 . 2010-08-02 00:55 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-08-02 00:41 . 2009-07-13 19:15 51200 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-02 00:39 . 2009-07-14 01:34 -------- d-----w- c:\program files\DellTPad

2010-08-02 00:22 . 2008-04-25 21:27 23444 ----a-w- c:\windows\system32\emptyregdb.dat

2010-08-01 21:26 . 2009-07-13 19:00 -------- d-----w- c:\program files\Wave Systems Corp

2010-08-01 18:07 . 2009-07-22 17:43 0 ------w- c:\documents and settings\Dean Slack\Local Settings\Application Data\WavXMapDrive.bat

2010-07-28 19:51 . 2010-07-28 19:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-07-17 21:09 . 2009-07-22 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-17 09:00 . 2010-04-22 12:30 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-15 23:11 . 2009-08-06 22:30 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\U3

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Scientific Software

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\program files\Scientific Software

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Scientific Software

2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 12:23 . 2010-06-23 12:23 501936 ------w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb32.tmp.exe

2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 20:30 . 2010-06-18 20:30 5095017 ------w- c:\documents and settings\All Users\SPLB5.tmp

2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-15 16:51 . 2010-06-15 16:51 872964 ------w- c:\documents and settings\All Users\SPLB8.tmp

2010-06-15 15:11 . 2010-06-15 15:11 5102928 ------w- c:\documents and settings\All Users\SPL3B.tmp

2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-12 22:35 . 2010-06-12 22:35 2159732 ------w- c:\documents and settings\All Users\SPL8C.tmp

2010-06-07 02:10 . 2010-06-07 02:10 1355037 ------w- c:\documents and settings\All Users\SPL42.tmp

2008-03-13 23:59 . 2008-03-13 23:59 108 --sha-r- c:\windows\neoqaz2.dll

2009-09-25 21:57 . 2009-07-29 11:43 88 --sha-r- c:\windows\system32\332FC4176A.sys

2009-09-25 21:58 . 2009-07-29 11:42 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

<pre>
c:\program files\Boingo\Boingo Wi-Fi\Boingo .exe
c:\program files\CardScan\CardScan\CardScanAgent .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX .exe
c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12 .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint .exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM .exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService .exe
c:\program files\Dell\Latitude ON Reader Data\BIOSEvent .exe
c:\program files\Dell\Latitude ON Reader Data\CLIVFR .exe
c:\program files\Dell 968 AIO Printer\dldomon .exe
c:\program files\Dell 968 AIO Printer\fm3032 .exe
c:\program files\Dell 968 AIO Printer\memcard .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
c:\program files\Hitman Pro 3.5\HitmanPro35 .exe
c:\program files\HP\hpcoretech\hpcmpmgr .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\Roxio 2010\5.0\CPMonitor .exe
c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Wave Systems Corp\SecureUpgrade .exe
c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
c:\windows\OA001Mon .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-08-25_14.40.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-28 15:37 . 2010-08-28 15:37 16384 c:\windows\Temp\Perflib_Perfdata_8cc.dat

+ 2008-05-21 00:33 . 2008-05-21 00:33 22784 c:\windows\system32\drivers\RimUsb.sys

+ 2010-08-26 12:58 . 2010-08-26 12:58 1168384 c:\windows\Installer\320c5c.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-06-30 1652736]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TDxVGAUTIL"="c:\windows\system32\TDxVGAUTIL.EXE" [2007-08-01 237568]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]

"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]

"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico [2010-1-15 29310]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]

backup=c:\windows\pss\Dell ControlPoint System Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UltraMon.lnk]

backup=c:\windows\pss\UltraMon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dean Slack^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]

2009-03-17 01:57 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]

2009-02-26 21:53 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbSound]

cmcnfgu.cpl [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]

2009-04-10 16:08 1810432 ----a-w- c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]

2009-03-19 22:25 667648 ----a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]

2010-07-30 12:54 388608 ----a-w- c:\downloads\Hijack This AntiVirus\HijackThis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 21:08 166912 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 21:08 134656 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 21:08 134656 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"TdmService"=2 (0x2)

"STacSV"=2 (0x2)

"SMManager"=2 (0x2)

"SeaPort"=2 (0x2)

"RoxWatch9"=2 (0x2)

"RoxWatch12"=2 (0x2)

"RoxMediaDB9"=3 (0x3)

"RoxMediaDB12"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"MDM"=2 (0x2)

"LBTServ"=3 (0x3)

"Lavasoft Ad-Aware Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"IntuitUpdateService"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"dcpsysmgrsvc"=2 (0x2)

"buttonsvc32"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\dldocoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\Wireless\\dldowpss.exe"=

"c:\\WINDOWS\\system32\\dldocfg.exe"=

"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldomon .exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/9/2010 1:51 PM 64288]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/2/2010 1:42 PM 165456]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/2/2010 1:42 PM 17744]

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]

R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [4/10/2009 1:08 PM 77824]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 3:11 AM 17184]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/13/2009 5:28 PM 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [7/13/2009 5:28 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/13/2009 5:28 PM 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/13/2009 5:28 PM 109568]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [7/13/2009 5:28 PM 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [7/13/2009 5:28 PM 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [7/13/2009 5:28 PM 280096]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [7/13/2009 3:09 PM 232744]

R3 TdxMrMINI;TdxMrMINI;c:\windows\system32\drivers\TdxMrMini.sys [10/11/2009 1:48 PM 249600]

R3 TdxVGAMINI;TdxVGAMINI;c:\windows\system32\drivers\TdxVgaMini.sys [10/11/2009 1:48 PM 252160]

S0 cerc6;cerc6; [x]

S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [10/11/2009 1:48 PM 27135]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/13/2010 6:50 AM 15008]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [8/13/2009 4:11 PM 33024]

S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [8/13/2009 4:11 PM 41344]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [8/13/2009 4:11 PM 39936]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [8/13/2009 4:11 PM 59904]

S3 TdxVGAUSB;TARGUS USB2.0 VGA DOCK DEVICE(USB);c:\windows\system32\drivers\TdxVGAUSB.SYS [10/11/2009 1:48 PM 33280]

S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

S4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]

S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]

S4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]

S4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 3:02 PM 447264]

S4 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [7/22/2009 9:32 PM 99568]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 11:18 AM 135664]

S4 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]

S4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]

.

Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 10:49]

2010-08-28 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-07-24 15:21]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:17]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: cinemanow.com

Trusted Zone: intuit.com\ttlc

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

FF - ProfilePath - c:\documents and settings\Dean Slack\Application Data\Mozilla\Firefox\Profiles\y22ac2x0.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe

AddRemove-Free Studio_is1 - c:\program files\DVDVideoSoft\Free Studio\unins000.exe

AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-28 11:51

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AE72ACE]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9e38852

\Driver\iaStor -> iastor.sys @ 0xb9e874fc

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Intel® 82567LM Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d2dbb0

PacketIndicateHandler -> NDIS.sys @ 0xb9d1ca0d

SendHandler -> NDIS.sys @ 0xb9d30b40

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)

c:\windows\system32\WININET.dll

c:\windows\System32\dimsntfy.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

c:\windows\System32\TdmNetworkProvider.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\NetProvCredMan.dll

- - - - - - - > 'lsass.exe'(808)

c:\windows\system32\WININET.dll

c:\windows\system32\wvauth.dll

.

Completion time: 2010-08-28 11:55:41

ComboFix-quarantined-files.txt 2010-08-28 15:55

Pre-Run: 183,240,495,104 bytes free

Post-Run: 183,247,376,384 bytes free

- - End Of File - - 2D1D563B44482F816AA00D1AEDB8B4E1

H

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the button that says None.
  • Under the Custom Scan box paste this in
    dir /b "C:\Windows\*.exe" | find /i " " /c
    dir /b "c:\program files\Common Files\InstallShield\UpdateService\*.exe" | find /i " " /c


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.

Please attach the log in your next post.

To attach a file, do the following:

  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on attach_add.png to insert the attachment into your post

Link to post
Share on other sites

Thank you Gammo,

The OTL.txt is attached for your review.

Needshelp99

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the button that says None.
  • Under the Custom Scan box paste this in
    dir /b "C:\Windows\*.exe" | find /i " " /c
    dir /b "c:\program files\Common Files\InstallShield\UpdateService\*.exe" | find /i " " /c


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.

Please attach the log in your next post.

To attach a file, do the following:

  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on attach_add.png to insert the attachment into your post

Thank you Gammo, the OTL txt is attached. Needshelp99

Link to post
Share on other sites

Hi,

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillerMain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

RenV::
c:\program files\Boingo\Boingo Wi-Fi\Boingo .exe
c:\program files\CardScan\CardScan\CardScanAgent .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX .exe
c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12 .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint .exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM .exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService .exe
c:\program files\Dell\Latitude ON Reader Data\BIOSEvent .exe
c:\program files\Dell\Latitude ON Reader Data\CLIVFR .exe
c:\program files\Dell 968 AIO Printer\dldomon .exe
c:\program files\Dell 968 AIO Printer\fm3032 .exe
c:\program files\Dell 968 AIO Printer\memcard .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
c:\program files\Hitman Pro 3.5\HitmanPro35 .exe
c:\program files\HP\hpcoretech\hpcmpmgr .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\Roxio 2010\5.0\CPMonitor .exe
c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Wave Systems Corp\SecureUpgrade .exe
c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
c:\windows\OA001Mon .exe

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi,

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillerMain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

RenV::
c:\program files\Boingo\Boingo Wi-Fi\Boingo .exe
c:\program files\CardScan\CardScan\CardScanAgent .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX .exe
c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12 .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint .exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM .exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService .exe
c:\program files\Dell\Latitude ON Reader Data\BIOSEvent .exe
c:\program files\Dell\Latitude ON Reader Data\CLIVFR .exe
c:\program files\Dell 968 AIO Printer\dldomon .exe
c:\program files\Dell 968 AIO Printer\fm3032 .exe
c:\program files\Dell 968 AIO Printer\memcard .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
c:\program files\Hitman Pro 3.5\HitmanPro35 .exe
c:\program files\HP\hpcoretech\hpcmpmgr .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\Roxio 2010\5.0\CPMonitor .exe
c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Wave Systems Corp\SecureUpgrade .exe
c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
c:\windows\OA001Mon .exe

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Dear Gammo,

There are the TDSSK and ComboFix logs per your request.

TDSSK found something and rebooted.

As for the Combofix, dragging the txt file onto it launched CF which wanted to update itself (yes) before auto-running.

That log is attached as well.

(I defer to the experts and your read of the logs. FYI, I had avast off and though I had adaware off.

It was still concerned it Mcafee's free av running in the background which, by the way, I had uninstalled some time ago. Nor could I find its related process running. I'm wondering if the problem is masking itself as a McAfee av program?).

Anyway, glad and thankful for the help.

Needshelp99

Link to post
Share on other sites

Hi,

Please do not attach your logs as it is harder for me to read them that way. Post them instead:

ComboFix 10-08-29.04 - Dean Slack 08/30/2010 15:45:19.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2794 [GMT -4:00]

Running from: c:\documents and settings\Dean Slack\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Dean Slack\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))

.

2010-08-19 17:56 . 2010-03-18 23:11 23360 ----a-w- c:\windows\system32\Ckldrv.sys

2010-08-19 17:56 . 2010-03-18 20:25 126976 ----a-w- c:\windows\system32\Crypserv.exe

2010-08-19 17:56 . 2010-01-20 16:28 11776 ----a-w- c:\windows\Ckrfresh.exe

2010-08-19 17:56 . 2010-01-20 16:28 165888 ----a-r- c:\windows\Ckconfig.exe

2010-08-19 17:52 . 2010-03-18 21:11 267304 ----a-w- c:\temp\cks.exe

2010-08-19 17:52 . 2010-03-18 21:11 271672 ----a-w- c:\temp\SetupEx.exe

2010-08-19 17:52 . 2010-08-19 17:57 -------- d-----w- C:\temp

2010-08-19 14:06 . 2010-08-19 14:06 12872 ----a-w- c:\windows\system32\bootdelete.exe

2010-08-18 15:29 . 2010-08-18 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Editor Software

2010-08-11 15:10 . 2010-08-11 15:10 -------- d-----w- c:\program files\Editor Software

2010-08-11 15:09 . 2010-08-11 15:09 -------- d-----w- c:\documents and settings\Dean Slack\Local Settings\Application Data\Downloaded Installations

2010-08-10 17:41 . 1996-08-24 05:11 27632 ----a-w- c:\windows\system\CTL3DV2.DLL

2010-08-10 17:41 . 2010-08-10 17:41 -------- d-----w- c:\program files\Home Attorney

2010-08-10 17:38 . 2010-08-10 17:38 -------- d-----w- c:\program files\Business Attorney

2010-08-09 19:28 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-09 17:51 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-09 17:49 . 2010-08-09 17:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-08-09 17:49 . 2010-08-09 17:49 -------- d-----w- c:\program files\Lavasoft

2010-08-09 12:24 . 2010-08-09 12:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee

2010-08-05 13:29 . 2010-08-05 13:29 123584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-08-03 18:43 . 2010-08-03 18:43 -------- d-----w- c:\program files\Common Files\Java

2010-08-02 21:56 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-02 21:56 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-08-02 21:56 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-02 21:56 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-08-02 21:56 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-08-02 21:55 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-08-02 21:55 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-08-02 21:55 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-08-02 21:55 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-08-02 21:55 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-08-02 21:55 . 2008-04-14 02:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-08-02 21:55 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-08-02 21:53 . 2001-08-17 16:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-08-02 21:52 . 2001-08-18 02:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2010-08-02 21:51 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-02 21:50 . 2001-08-17 16:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-08-02 21:49 . 2008-04-14 04:06 5888 -c--a-w- c:\windows\system32\dllcache\smbali.sys

2010-08-02 21:48 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-02 21:47 . 2001-08-17 18:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2010-08-02 21:46 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-02 21:45 . 2008-04-14 09:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2010-08-02 21:44 . 2001-08-17 16:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys

2010-08-02 21:43 . 2001-08-17 16:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys

2010-08-02 21:42 . 2008-04-14 04:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2010-08-02 21:41 . 2001-08-17 17:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2010-08-02 21:40 . 2008-04-14 09:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2010-08-02 21:39 . 2001-08-17 18:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys

2010-08-02 21:38 . 2001-08-17 17:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys

2010-08-02 21:37 . 2008-04-14 04:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2010-08-02 21:36 . 2008-04-14 02:06 137088 -c--a-w- c:\windows\system32\dllcache\essm2e.sys

2010-08-02 21:35 . 2008-04-14 04:10 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys

2010-08-02 21:34 . 2001-08-17 16:19 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys

2010-08-02 21:33 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-08-02 21:32 . 2008-04-14 02:04 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys

2010-08-02 21:31 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-08-02 19:29 . 2010-08-02 19:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-08-02 17:42 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-02 17:42 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-02 17:42 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-02 17:42 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-02 17:42 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-08-02 17:42 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-08-02 17:42 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-02 17:42 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-02 17:42 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-02 17:42 . 2010-08-02 17:42 -------- d-----w- c:\program files\Alwil Software

2010-08-02 17:42 . 2010-08-02 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-02 17:12 . 2010-08-02 17:12 -------- d-----w- c:\program files\Registry Distiller 1.03

2010-08-02 17:01 . 2010-08-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix

2010-08-02 17:00 . 2010-08-02 17:00 -------- d-----w- c:\program files\Citrix

2010-08-02 16:43 . 2010-08-02 16:43 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\WeatherBug

2010-08-02 16:42 . 2010-08-02 16:42 -------- d-----w- c:\program files\AWS

2010-08-02 15:57 . 2010-06-24 21:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-08-02 15:57 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-08-02 15:57 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-08-02 15:57 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-08-02 15:57 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-08-02 15:57 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-08-02 15:57 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-02 15:57 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-08-02 15:12 . 2010-08-02 15:12 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys

2010-08-02 13:25 . 2008-06-13 11:05 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys

2010-08-02 13:03 . 2010-04-28 02:25 2189952 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-08-02 00:26 . 2008-04-14 12:00 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll

2010-08-02 00:25 . 2008-04-14 12:00 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe

2010-08-02 00:23 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2010-08-01 22:45 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-08-01 22:45 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2010-08-01 22:45 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-08-01 22:45 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-08-01 20:39 . 2010-08-01 20:39 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com

2010-08-01 20:39 . 2010-08-01 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-01 18:42 . 2010-08-01 21:27 -------- d-----w- c:\windows\system32\MpEngineStore

2010-08-01 18:28 . 2010-08-01 18:28 -------- d-----w- c:\windows\Dell

2010-08-01 17:41 . 2010-08-01 17:41 0 ----a-w- c:\windows\nsreg.dat

2010-08-01 17:41 . 2010-08-01 17:41 -------- d-----w- c:\documents and settings\Dean Slack\Local Settings\Application Data\Mozilla

2010-08-01 16:16 . 2010-08-01 16:16 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Malwarebytes

2010-08-01 16:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-01 16:15 . 2010-08-01 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-01 16:15 . 2010-08-01 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-01 16:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\DVDVideoSoft

2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-30 19:45 . 2009-07-13 19:00 -------- d-----w- c:\program files\Wave Systems Corp

2010-08-30 19:45 . 2010-07-30 20:45 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-08-30 19:45 . 2009-07-14 01:34 -------- d-----w- c:\program files\DellTPad

2010-08-30 19:45 . 2009-07-23 01:25 -------- d-----w- c:\program files\Dell 968 AIO Printer

2010-08-30 15:19 . 2009-07-24 21:18 4 ----a-w- c:\windows\vx86036.dat

2010-08-30 14:40 . 2010-05-25 14:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-26 12:58 . 2010-08-26 12:58 53248 ----a-r- c:\documents and settings\Dean Slack\Application Data\Microsoft\Installer\{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}\ARPPRODUCTICON.exe

2010-08-26 12:57 . 2009-07-25 18:10 256 ----a-w- c:\windows\system32\pool.bin

2010-08-26 12:42 . 2009-12-29 19:39 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\uTorrent

2010-08-25 12:58 . 2009-11-09 21:27 -------- d-----w- c:\program files\QuickTime

2010-08-24 22:27 . 2009-07-22 19:14 -------- d-----w- c:\program files\Microsoft Small Business

2010-08-23 20:47 . 2010-08-23 20:47 2767794 ----a-w- c:\documents and settings\All Users\SPL8.tmp

2010-08-19 13:41 . 2010-07-30 20:46 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-08-18 22:29 . 2009-07-24 12:15 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-18 16:53 . 2010-08-18 16:53 5828444 ----a-w- c:\documents and settings\All Users\SPL35.tmp

2010-08-18 15:29 . 2009-07-13 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-13 17:17 . 2009-07-25 21:06 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\AdobeUM

2010-08-10 17:30 . 2009-07-24 02:19 -------- d-----w- c:\program files\Glary Utilities

2010-08-09 17:49 . 2010-07-30 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-08-05 14:15 . 2009-07-24 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-08-05 11:22 . 2009-07-22 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-08-04 01:50 . 2009-10-31 13:10 -------- d-----w- c:\program files\SPSS

2010-08-03 19:13 . 2009-07-22 18:57 -------- d-----w- c:\program files\McAfee

2010-08-03 19:13 . 2009-07-22 18:57 -------- d-----w- c:\program files\Common Files\McAfee

2010-08-03 18:43 . 2010-08-03 18:43 61440 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-26964190-n\decora-sse.dll

2010-08-03 18:43 . 2010-08-03 18:43 503808 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\msvcp71.dll

2010-08-03 18:43 . 2010-08-03 18:43 499712 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\jmc.dll

2010-08-03 18:43 . 2010-08-03 18:43 348160 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6fa87c38-n\msvcr71.dll

2010-08-03 18:43 . 2010-08-03 18:43 12800 ----a-w- c:\documents and settings\Dean Slack\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-26964190-n\decora-d3d.dll

2010-08-03 18:43 . 2009-07-13 18:46 -------- d-----w- c:\program files\Java

2010-08-02 16:42 . 2010-08-02 16:42 18944 ----a-r- c:\documents and settings\Dean Slack\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2010-08-02 16:42 . 2010-08-02 16:42 11264 ----a-r- c:\documents and settings\Dean Slack\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe

2010-08-02 15:42 . 2009-11-10 00:02 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Apple Computer

2010-08-02 15:38 . 2010-07-30 19:03 112 ----a-w- c:\documents and settings\All Users\Application Data\w5Lg7QxAV.dat

2010-08-02 15:28 . 2010-08-01 20:40 63488 ----a-w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-02 15:28 . 2010-08-01 20:40 117760 ----a-w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-02 15:05 . 2009-07-13 19:03 51200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-02 15:01 . 2009-07-13 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic

2010-08-02 14:42 . 2010-01-30 16:18 -------- d-----w- c:\program files\SystemRequirementsLab

2010-08-02 00:56 . 2010-01-15 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall

2010-08-02 00:56 . 2009-07-13 19:10 -------- d-----w- c:\program files\Roxio

2010-08-02 00:56 . 2009-07-13 19:09 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-08-02 00:55 . 2010-08-02 00:55 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-08-02 00:41 . 2009-07-13 19:15 51200 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-02 00:22 . 2008-04-25 21:27 23444 ----a-w- c:\windows\system32\emptyregdb.dat

2010-08-01 20:40 . 2010-08-01 20:40 52224 ------w- c:\documents and settings\Dean Slack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-01 18:07 . 2009-07-22 17:43 0 ------w- c:\documents and settings\Dean Slack\Local Settings\Application Data\WavXMapDrive.bat

2010-08-01 16:57 . 2010-07-30 14:06 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-30 20:48 . 2010-07-30 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-07-30 19:01 . 2010-07-30 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-30 16:56 . 2010-07-30 16:56 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-28 19:51 . 2010-07-28 19:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2010-07-17 21:09 . 2009-07-22 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-17 09:00 . 2010-04-22 12:30 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-15 23:11 . 2009-08-06 22:30 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\U3

2010-07-12 08:56 . 2010-08-09 17:49 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\documents and settings\Dean Slack\Application Data\Scientific Software

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\program files\Scientific Software

2010-07-06 13:38 . 2010-07-06 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Scientific Software

2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 12:23 . 2010-06-23 12:23 501936 ------w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb32.tmp.exe

2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 20:30 . 2010-06-18 20:30 5095017 ------w- c:\documents and settings\All Users\SPLB5.tmp

2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-15 16:51 . 2010-06-15 16:51 872964 ------w- c:\documents and settings\All Users\SPLB8.tmp

2010-06-15 15:11 . 2010-06-15 15:11 5102928 ------w- c:\documents and settings\All Users\SPL3B.tmp

2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-12 22:35 . 2010-06-12 22:35 2159732 ------w- c:\documents and settings\All Users\SPL8C.tmp

2010-06-07 02:10 . 2010-06-07 02:10 1355037 ------w- c:\documents and settings\All Users\SPL42.tmp

2008-03-13 23:59 . 2008-03-13 23:59 108 --sha-r- c:\windows\neoqaz2.dll

2009-09-25 21:57 . 2009-07-29 11:43 88 --sha-r- c:\windows\system32\332FC4176A.sys

2009-09-25 21:58 . 2009-07-29 11:42 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-06-30 1652736]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TDxVGAUTIL"="c:\windows\system32\TDxVGAUTIL.EXE" [2007-08-01 237568]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]

"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]

"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico [2010-1-15 29310]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]

backup=c:\windows\pss\Dell ControlPoint System Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UltraMon.lnk]

backup=c:\windows\pss\UltraMon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dean Slack^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]

2009-03-17 01:57 729088 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]

2009-02-26 21:53 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbSound]

cmcnfgu.cpl [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]

2009-04-10 17:08 1810432 ----a-w- c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]

2009-03-19 23:25 667648 ----a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]

2010-07-30 12:54 388608 ----a-w- c:\downloads\Hijack This AntiVirus\HijackThis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 21:08 166912 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 21:08 134656 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 21:08 134656 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"TdmService"=2 (0x2)

"STacSV"=2 (0x2)

"SMManager"=2 (0x2)

"SeaPort"=2 (0x2)

"RoxWatch9"=2 (0x2)

"RoxWatch12"=2 (0x2)

"RoxMediaDB9"=3 (0x3)

"RoxMediaDB12"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"MDM"=2 (0x2)

"LBTServ"=3 (0x3)

"Lavasoft Ad-Aware Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"IntuitUpdateService"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"dcpsysmgrsvc"=2 (0x2)

"buttonsvc32"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\dldocoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\Wireless\\dldowpss.exe"=

"c:\\WINDOWS\\system32\\dldocfg.exe"=

"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/9/2010 1:51 PM 64288]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/2/2010 1:42 PM 165456]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/2/2010 1:42 PM 17744]

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]

R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [4/10/2009 1:08 PM 77824]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 3:11 AM 17184]

R3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [10/11/2009 1:48 PM 27135]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/13/2009 5:28 PM 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [7/13/2009 5:28 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/13/2009 5:28 PM 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/13/2009 5:28 PM 109568]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [7/13/2009 5:28 PM 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [7/13/2009 5:28 PM 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [7/13/2009 5:28 PM 280096]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [7/13/2009 3:09 PM 232744]

R3 TdxMrMINI;TdxMrMINI;c:\windows\system32\drivers\TdxMrMini.sys [10/11/2009 1:48 PM 249600]

R3 TdxVGAMINI;TdxVGAMINI;c:\windows\system32\drivers\TdxVgaMini.sys [10/11/2009 1:48 PM 252160]

R3 TdxVGAUSB;TARGUS USB2.0 VGA DOCK DEVICE(USB);c:\windows\system32\drivers\TdxVGAUSB.SYS [10/11/2009 1:48 PM 33280]

S0 cerc6;cerc6; [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/13/2010 6:50 AM 15008]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [8/13/2009 4:11 PM 33024]

S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [8/13/2009 4:11 PM 41344]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [8/13/2009 4:11 PM 39936]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [8/13/2009 4:11 PM 59904]

S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

S4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]

S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]

S4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]

S4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 3:02 PM 447264]

S4 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [7/22/2009 9:32 PM 99568]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 11:18 AM 135664]

S4 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]

S4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]

.

Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 10:49]

2010-08-30 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-07-24 15:21]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:17]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: cinemanow.com

Trusted Zone: intuit.com\ttlc

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

FF - ProfilePath - c:\documents and settings\Dean Slack\Application Data\Mozilla\Firefox\Profiles\y22ac2x0.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-30 15:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,e8,ac,ab,d6,ed,fb,40,ae,ff,36,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

c:\windows\System32\TdmNetworkProvider.dll

c:\windows\system32\NetProvCredMan.dll

- - - - - - - > 'lsass.exe'(984)

c:\windows\system32\wvauth.dll

- - - - - - - > 'explorer.exe'(2524)

c:\windows\system32\WININET.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\program files\UltraMon\RTSUltraMonHook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\crypserv.exe

c:\windows\system32\dldocoms.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\UltraMon\UltraMon.exe

c:\program files\UltraMon\UltraMonTaskbar.exe

.

**************************************************************************

.

Completion time: 2010-08-30 16:01:44 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-30 20:01

ComboFix2.txt 2010-08-28 15:55

Pre-Run: 183,231,832,064 bytes free

Post-Run: 183,228,657,664 bytes free

- - End Of File - - F1813FFEF0D16E0D566EDC9263D52BDB

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Dear Gammo,

Thanks again for the help.

Here are 2 of the 3 logs you reguested and related updates.

1) I followed your instructions in sequence but ran into a little trouble with TFC so did warm boots and reran. It helped much I think but never would end cleanly and produce a log.

"TFC enountered problemds and needed to close" came up on each of three attempts.

Each attempt followed a warm boot. The first time through the above message came up about 25% through. It wanted to send a report to MS so I said ok (after taking a look at the name of the problem but not opening the file). After hitting ok, TFC continued between 4 and 20 times of the same message followed by my saying ok. Eventually it actually did close but did not reboot or restore windows. So here I pulled up taskmanager and did a warm restart.

The next attempt got through about 50%. The last attempt got all the way through but end not sucessfully close.

One all three the problem files were ????_appcompat.txt (where ???? appeared random). After runs 1 and 2 explorer search asssit various files with the ????_appcompat.txt. After the last run the files could not be found. The number of deleted files decreased each time until the last when it was 0. It was not happy trying to empty the recycle bin. (please ardon the novice approach- I used Glary utilities afterward and it didn't see any temp files either.

Never could get a log for TFC.

2) MBAM was updated and the quick scan did not find anything.

3) ESET online found win32/induc and ad aware (60 + minute run time)

Gammo, much thanks for your expertise and ongoing help in getting this pc fixed.

Link to post
Share on other sites

Hi,

Your logs appears to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :)

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Link to post
Share on other sites

Hi,

Your logs appears to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ;)

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Well you did it. And here I am much safer, more productive and more knowledgable. Imnportantly, I know what I don't know and will certainly be careful / come back if needed and not attempt on my own.

I've followed your wrap up steps and also deleted any stray logs, downlaods, etc. related to the clean.

Also, I've tested IE and Firefox and they appear to go where I tell them.

=>Gammo, thanks much for your help in figuring out and getting rid of the malware. You really made a difference.

=>Novice readers, seriously, read up on all this to become more knowledable but do not attempt on your own. Gammo's expertise and application/sequencing of help and responsivness was extrorinary. I'm sure the other experts are as well. Support/donate if you can. Do not do surgery on your own.

Needshelp99

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.