Redirect Virus

Dell / E520
January 1, 2010 at 14:44:28
Specs: Windows XP
My husband's computer has contracted this awful redirect virus. The computer is exceptionally slow, it freezes up and last time this happened i was able to fix it but cannot this time. I'm not extremely technical, so i have seen this site to be very helpful so your assistance is greatly appreciate. I have Malware loaded and have some past logs.

See More: Redirect Virus

Report •


#1
January 1, 2010 at 14:55:07
If Malwarebytes is more than a week old uninstall it then download it again and post its log.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 1, 2010 at 15:22:40
can you kindly post Malware link? I cannot get to it now online

Report •

#3
January 1, 2010 at 16:28:34
Here is Malware log. I am doing the RSIT now

Malwarebytes' Anti-Malware 1.43
Database version: 3471
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/1/2010 6:26:05 PM
mbam-log-2010-01-01 (18-26-05).txt

Scan type: Quick Scan
Objects scanned: 128129
Time elapsed: 36 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

Related Solutions

#4
January 1, 2010 at 16:34:07
Will need to do several posts. It is not posting

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rob Hoffman at 2010-01-01 18:29:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 267 GB (89%) free of 300 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:34 PM, on 1/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
C:\Documents and Settings\Rob Hoffman\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Rob Hoffman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=m...
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O18 - Protocol: bw+0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe


Report •

#5
January 1, 2010 at 16:35:12
Part 2

End of file - 25120 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\SpyHunter Scanner.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EE31A232-E355-4AD5-870F-7D942D570B85}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-28 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-12-08 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-16 7323648]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2009-12-09 866200]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-03 68856]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-07-04 36864]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Rob Hoffman\Application Data\Facebook\facebook.exe"="C:\Documents and Settings\Rob Hoffman\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9456df2-7df8-11dc-a157-0019d12e6538}]
shell\AutoRun\command - F:\DTE_Privacy_launcher.exe


======List of files/folders created in the last 1 months======

2010-01-01 18:29:54 ----D---- C:\Program Files\trend micro
2010-01-01 18:29:44 ----D---- C:\rsit
2009-12-28 12:39:03 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-28 12:35:02 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-28 01:05:13 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-16 00:30:37 ----D---- C:\Documents and Settings\Rob Hoffman\Application Data\MSNInstaller
2009-12-15 10:49:30 ----D---- C:\Documents and Settings\Rob Hoffman\Application Data\Malwarebytes
2009-12-15 10:48:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-15 10:48:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-15 00:48:27 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-15 00:48:24 ----D---- C:\Program Files\Alwil Software
2009-12-14 08:01:25 ----D---- C:\Documents and Settings\Rob Hoffman\Application Data\Ipswitch
2009-12-14 08:01:25 ----D---- C:\Documents and Settings\All Users\Application Data\Ipswitch
2009-12-10 00:30:39 ----D---- C:\Documents and Settings\Rob Hoffman\Application Data\Ipswitch(2)

======List of files/folders modified in the last 1 months======

2010-01-01 18:30:18 ----D---- C:\WINDOWS\Temp
2010-01-01 18:29:54 ----D---- C:\Program Files
2010-01-01 17:44:25 ----D---- C:\WINDOWS\system32\drivers
2010-01-01 17:21:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-01 17:14:34 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-01-01 17:11:45 ----D---- C:\WINDOWS
2010-01-01 17:10:29 ----D---- C:\WINDOWS\Prefetch
2010-01-01 17:08:26 ----D---- C:\Program Files\Google
2010-01-01 17:07:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-01 16:39:46 ----D---- C:\Program Files\Mozilla Firefox
2010-01-01 13:06:33 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-01 13:05:59 ----SHD---- C:\WINDOWS\Installer
2010-01-01 12:52:06 ----HD---- C:\Config.Msi
2010-01-01 12:50:30 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-01 12:50:02 ----D---- C:\WINDOWS\system32
2010-01-01 12:33:12 ----SD---- C:\WINDOWS\Tasks
2010-01-01 01:21:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-12-28 12:46:37 ----D---- C:\Program Files\Adobe
2009-12-28 12:42:35 ----D---- C:\Program Files\Common Files\Adobe
2009-12-28 12:42:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-28 12:39:03 ----D---- C:\Program Files\Common Files
2009-12-28 02:47:07 ----D---- C:\Program Files\McAfee
2009-12-27 21:31:03 ----HD---- C:\WINDOWS\inf
2009-12-16 00:30:58 ----D---- C:\Program Files\MSN
2009-12-16 00:06:24 ----D---- C:\WINDOWS\occache
2009-12-15 11:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB929338$
2009-12-15 09:49:08 ----D---- C:\WINDOWS\system32\config
2009-12-15 07:34:34 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-15 00:39:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-14 08:02:09 ----D---- C:\WINDOWS\system32\wbem
2009-12-14 08:02:09 ----D---- C:\WINDOWS\Registration
2009-12-14 08:01:38 ----D---- C:\Program Files\Common Files\Nikon
2009-12-14 08:01:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-14 08:01:16 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-12-13 12:08:52 ----D---- C:\Program Files\iTunes
2009-12-13 12:08:48 ----D---- C:\Program Files\iPod
2009-12-13 12:08:46 ----D---- C:\Program Files\Common Files\Apple
2009-12-13 12:08:40 ----D---- C:\Program Files\QuickTime
2009-12-13 12:08:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-13 10:12:36 ----A---- C:\WINDOWS\win.ini
2009-12-13 10:12:36 ----A---- C:\WINDOWS\system.ini
2009-12-13 10:12:32 ----D---- C:\WINDOWS\pss
2009-12-06 19:51:08 ----SD---- C:\Documents and Settings\Rob Hoffman\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2008-12-16 114712]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-12-16 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-12-17 6364440]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-16 3581888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-12-17 23832]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2006-12-08 15360]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2004-08-03 95360]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-16 143427]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------


Report •

#6
January 1, 2010 at 16:36:27
Part 3

Please let me know what to do next

info.txt logfile of random's system information tool 1.06 2010-01-01 18:32:46

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
Ipswitch WS_FTP Home 2007-->C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ACCESSR /dll OSETUP.DLL
Microsoft Office Access 2007-->MsiExec.exe /X{91120000-0015-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Snood for Windows version 3.52-W-->"C:\Program Files\Snood\unins000.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyhunter Compact OS 1.0b-->"C:\sh4ldr\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0015-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
W Photo Studio-->MsiExec.exe /X{CBF3C503-946E-45EA-B347-EACC41781989}
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890927-->C:\WINDOWS\$NtUninstallKB890927$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Music Jukebox-->MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Protection System (outdated)
AV: avast! antivirus 4.8.1368 [VPS 091231-0]
AV: McAfee VirusScan

======System event log======

Computer Name: D3Z96FC1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 75553
Source Name: W32Time
Time Written: 20091118204444.000000-360
Event Type: warning
User:

Computer Name: D3Z96FC1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 75540
Source Name: W32Time
Time Written: 20091117204421.000000-360
Event Type: warning
User:

Computer Name: D3Z96FC1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 75527
Source Name: W32Time
Time Written: 20091116204625.000000-360
Event Type: warning
User:

Computer Name: D3Z96FC1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 75515
Source Name: W32Time
Time Written: 20091115204419.000000-360
Event Type: warning
User:

Computer Name: D3Z96FC1
Event Code: 10010
Message: The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register with DCOM within the required timeout.

Record Number: 75511
Source Name: DCOM
Time Written: 20091115134428.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: D3Z96FC1
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 2484
Source Name: crypt32
Time Written: 20091026185628.000000-300
Event Type: error
User:

Computer Name: D3Z96FC1
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 2483
Source Name: crypt32
Time Written: 20091026185313.000000-300
Event Type: error
User:

Computer Name: D3Z96FC1
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 2482
Source Name: crypt32
Time Written: 20091026185313.000000-300
Event Type: error
User:

Computer Name: D3Z96FC1
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 2481
Source Name: crypt32
Time Written: 20091026184958.000000-300
Event Type: error
User:

Computer Name: D3Z96FC1
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 2480
Source Name: crypt32
Time Written: 20091026184958.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#7
January 1, 2010 at 19:23:03
You need to uninstall either your Avast or McAfee antivirus as they will conflict and cause you problems but make a decision and do it before you continue.

Please download Combofix with internet explorer instead of FireFox.

Remember..your McAfee or Avast antivirus, aand Spy Hunter be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#8
January 1, 2010 at 20:01:32
Is there a specific way to Disable Spyhunter? Didn't see it listed in the link

Report •

#9
January 1, 2010 at 20:23:42
From their website:

If you need to completely shut down SpyHunter, locate the “SpyHunter” icon next to the system clock (found on the bottom right side of your Desktop), then right-click the “SpyHunter” icon and select “Exit”.


Report •

#10
January 1, 2010 at 20:41:22
I received a Message:

THERE'S A NEW VERSION OF COMBOFIX AVAILABLE. WOULD YOU LIKE TO UPDATE COMBOFIX?

WHAT SHOULD I DO?


Report •

#11
January 1, 2010 at 20:53:21
I selected No since your instructions said not to run any updates. Hope that was the right thing to do

Tx


Report •

#12
January 1, 2010 at 21:57:32
Posting Combo-fix in a couple parts, won't post all the data at once:

ComboFix 09-12-31.A1 - Rob Hoffman 01/01/2010 23:08:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1532 [GMT -6:00]
Running from: c:\documents and settings\Rob Hoffman\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Rob Hoffman\Application Data\Google\T-Scan
c:\documents and settings\Rob Hoffman\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Rob Hoffman\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Rob Hoffman\Application Data\Google\T-Scan\y.gif
c:\windows\kb913800.exe
c:\windows\system32\_003428_.tmp.dll
c:\windows\system32\_003429_.tmp.dll
c:\windows\system32\_003430_.tmp.dll
c:\windows\system32\_003431_.tmp.dll
c:\windows\system32\_003438_.tmp.dll
c:\windows\system32\_003439_.tmp.dll
c:\windows\system32\_003440_.tmp.dll
c:\windows\system32\_003441_.tmp.dll
c:\windows\system32\_003443_.tmp.dll
c:\windows\system32\_003444_.tmp.dll
c:\windows\system32\_003447_.tmp.dll
c:\windows\system32\_003448_.tmp.dll
c:\windows\system32\_003450_.tmp.dll
c:\windows\system32\_003451_.tmp.dll
c:\windows\system32\_003452_.tmp.dll
c:\windows\system32\_003454_.tmp.dll
c:\windows\system32\_003457_.tmp.dll
c:\windows\system32\_003458_.tmp.dll
c:\windows\system32\_003462_.tmp.dll
c:\windows\system32\_003463_.tmp.dll
c:\windows\system32\_003465_.tmp.dll
c:\windows\system32\_003468_.tmp.dll
c:\windows\system32\_003470_.tmp.dll
c:\windows\system32\_003471_.tmp.dll
c:\windows\system32\_003472_.tmp.dll
c:\windows\system32\_003473_.tmp.dll
c:\windows\system32\_003474_.tmp.dll
c:\windows\system32\_003477_.tmp.dll
c:\windows\system32\_003478_.tmp.dll
c:\windows\system32\_003479_.tmp.dll
c:\windows\system32\_003480_.tmp.dll
c:\windows\system32\_003481_.tmp.dll
c:\windows\system32\_003486_.tmp.dll
c:\windows\system32\_003488_.tmp.dll
c:\windows\system32\_003489_.tmp.dll

----- BITS: Possible infected sites -----

hxxp://www.dellsj+|Cv+@J:NGD_DQ{ztHG.XH2WU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXuO>xiO>x<{ktHG.XtHG.X"[O[iu!hWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXuf+|if+|<{,tHG.XtHG.XI_@3|SprtSyncJob(dellsupportcenter)
c:\windows\system32\drivers\iaStor.sys . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1095\A0151005.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 00:29 . 2010-01-02 00:30 -------- d-----w- c:\program files\trend micro
2010-01-02 00:29 . 2010-01-02 00:32 -------- d-----w- C:\rsit
2010-01-01 23:44 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 23:44 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 02:40 . 2009-12-31 02:57 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-12-28 19:12 . 2009-12-16 22:05 43008 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-28 19:12 . 2009-12-16 22:05 347136 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-28 19:12 . 2009-12-16 22:05 340992 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-28 19:12 . 2009-12-16 22:05 1452032 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-28 19:12 . 2009-12-16 22:05 471040 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-28 18:46 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-28 18:35 . 2009-12-28 18:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-28 18:35 . 2009-12-29 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-16 06:30 . 2009-12-16 06:30 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\MSNInstaller
2009-12-15 16:49 . 2009-12-15 16:49 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Malwarebytes
2009-12-15 16:48 . 2009-12-15 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-15 16:48 . 2010-01-01 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 06:48 . 2009-12-15 06:48 -------- d-----w- c:\program files\Alwil Software
2009-12-14 18:15 . 2009-12-14 18:15 -------- d-----w- c:\documents and settings\Rob Hoffman\Local Settings\Application Data\Dell
2009-12-14 14:02 . 2009-12-14 14:02 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-14 14:01 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Ipswitch
2009-12-14 14:01 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ipswitch
2009-12-10 06:30 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Ipswitch(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 05:24 . 2007-07-05 01:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-02 05:23 . 2007-12-30 16:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-02 05:04 . 2007-01-24 13:10 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-01 23:08 . 2007-01-24 13:38 -------- d-----w- c:\program files\Google
2010-01-01 18:50 . 2009-09-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-01 07:21 . 2007-02-13 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-28 18:42 . 2007-01-24 13:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-28 08:47 . 2007-01-30 02:06 -------- d-----w- c:\program files\McAfee
2009-12-15 13:34 . 2008-01-20 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-15 06:39 . 2008-03-28 04:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-14 14:01 . 2009-11-27 18:19 -------- d-----w- c:\program files\Common Files\Nikon
2009-12-14 14:01 . 2007-01-24 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 18:08 . 2009-11-11 15:09 -------- d-----w- c:\program files\iTunes
2009-12-13 18:08 . 2009-11-11 15:09 -------- d-----w- c:\program files\iPod
2009-12-13 18:08 . 2007-09-20 01:10 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 18:08 . 2009-11-11 15:06 -------- d-----w- c:\program files\QuickTime
2009-11-28 20:24 . 2009-11-27 18:21 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Nikon
2009-11-28 20:24 . 2009-11-27 18:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-11-27 18:19 . 2009-11-27 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-11-27 18:19 . 2009-11-27 18:19 -------- d-----w- c:\program files\Nikon
2009-11-27 18:18 . 2009-11-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-11-27 18:18 . 2009-11-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-11-27 18:17 . 2009-11-27 18:17 -------- d-----w- c:\program files\ArcSoft
2009-11-11 16:32 . 2007-02-09 16:58 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Apple Computer
2009-11-11 15:10 . 2009-11-11 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 14:44 . 2009-11-11 14:44 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-06 08:15 . 2007-01-24 13:46 73880 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-01 19:35 . 2007-02-14 22:49 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 11:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll


Report •

#13
January 1, 2010 at 21:58:11
Part 2 of Combo-fix

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2006-12-19 . 57B9D140E1EB8B0EA06DF927B63B0EEE . 2137600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-06-23 . 5611F453C6D20AB0552956F39BCDDB88 . 2136064 . . [5.1.2600.2705] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 04:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-10 11:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 11:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2006-12-19 . FA64F313F5237C53A909906113ACAE7D . 2017280 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-06-23 . 65F4B29A0793ADB5D924FB3F47F1BCA4 . 2015744 . . [5.1.2600.2705] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-05 36864]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-24 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-4 196608]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\documents and settings\Rob Hoffman\Application Data\Facebook\facebook.exe"= c:\documents and settings\Rob Hoffman\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/28/2008 9:19 PM 93320]
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 11:00]

2009-12-28 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-30 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-01-30 17:22]

2010-01-01 c:\windows\Tasks\User_Feed_Synchronization-{EE31A232-E355-4AD5-870F-7D942D570B85}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - component: c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Lavasoft Ad-Aware Service

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 23:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A7A4618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\iaStor -> iaStor.sys @ 0xb9e74f80
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805815d0
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805815d0
NDIS: Intel(R) 82562V 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d68ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d75b21
SendHandler -> NDIS.sys @ 0xb9d5387b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7184)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\docume~1\ROBHOF~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\stsystra.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\fxssvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-01 23:57:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-02 05:57

Pre-Run: 280,104,038,400 bytes free
Post-Run: 280,092,995,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 29AD93D3A58326D61770C45433CA7C91


Report •

#14
January 1, 2010 at 22:04:11
Are you still being redirected?

Report •

#15
January 1, 2010 at 22:09:00
Unfortunately yes. I haven't rebooted or anything tho since I ran combo-fix

Report •

#16
January 2, 2010 at 06:27:16
Do you have a windows cd or reinstall cd?

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#17
January 2, 2010 at 06:36:01
I have my Dell Operating System Reinstallation DVD. Do I need this in conjunction with what you have above or no?

Report •

#18
January 2, 2010 at 07:00:37
We may need it, run the scan and we will know whether we will or not.

Report •

#19
January 2, 2010 at 10:46:18
Notepad log, posting in 2 sections as it's too large
OTL logfile created on: 1/2/2010 9:44:05 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Rob Hoffman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.39 Gb Total Space | 260.93 Gb Free Space | 88.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3Z96FC1
Current User Name: Rob Hoffman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/01/02 09:42:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Hoffman\Desktop\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/27 18:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/02 11:02:00 | 00,552,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFLB.EXE
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/20 07:50:34 | 02,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 00,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2007/11/15 09:24:00 | 00,016,384 | ---- | M] ( ) -- C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
PRC - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/07/04 19:02:06 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 20:49:37 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/07/24 10:20:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/16 08:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/11/04 19:50:52 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
PRC - [2004/11/04 19:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/09/13 15:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/08/10 05:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/01/02 09:42:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Hoffman\Desktop\OTL.exe
MOD - [2007/07/04 19:02:03 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Rob Hoffman\Local Settings\temp\IadHide5.dll
MOD - [2006/08/25 08:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 05:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2004/08/10 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 06:49:42 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/06/16 08:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/01/01 23:04:43 | 00,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/17 00:02:06 | 00,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 00:01:42 | 06,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2008/12/17 00:01:20 | 00,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 00:00:12 | 00,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 23:58:30 | 00,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2008/12/16 21:58:54 | 00,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/22 20:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/12/08 14:49:56 | 00,015,360 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/07/24 10:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/19 15:42:16 | 00,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/06/16 08:39:00 | 03,581,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/05 03:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/12/14 10:07:44 | 00,051,120 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2004/12/14 10:07:44 | 00,021,744 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/12/14 10:07:44 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/11/17 14:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 11:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/29 21:30:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/01 13:03:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 19:08:54 | 00,000,000 | ---D | M]

[2008/06/26 09:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Hoffman\Application Data\Mozilla\Extensions
[2010/01/01 01:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions
[2007/02/05 19:51:42 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\searchplugins\siteadvisor.xml
[2008/06/26 09:26:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Report •

#20
January 2, 2010 at 10:48:18
Actually here is part 2 and will have to post part 3


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls... (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl... (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/ji... (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/ge... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/ji... (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/ge... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\bw+0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {9668fe76-f3e3-4cae-a4cb-05f65e49708a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {9668FE76-F3E3-4CAE-A4CB-05F65E49708A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*


Report •

#21
January 2, 2010 at 10:49:09
Part 3


NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 04:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (52920800314916864)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/01/02 09:42:48 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Hoffman\Desktop\OTL.exe
[2010/01/01 23:01:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/01 22:57:01 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/01 22:57:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/01 22:57:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/01 22:57:01 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/01 22:42:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/01 22:38:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/01 18:29:54 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/01/01 18:29:44 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/01 17:44:25 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/01 17:44:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 17:43:15 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob Hoffman\Desktop\tool.exe
[2009/12/28 12:39:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/12/28 12:35:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/12/28 01:05:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/16 00:30:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Hoffman\Application Data\MSNInstaller
[2009/12/15 10:49:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Hoffman\Application Data\Malwarebytes
[2009/12/15 10:48:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/15 10:48:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/15 00:48:24 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/14 12:15:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Hoffman\Local Settings\Application Data\Dell
[2009/12/14 12:05:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Hoffman\My Documents\My Google Gadgets
[2009/12/14 08:01:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Hoffman\Application Data\Ipswitch
[2009/12/14 08:01:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ipswitch
[2009/12/10 00:30:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Hoffman\Application Data\Ipswitch(2)
[2009/12/07 09:41:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/08/26 18:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/08/19 09:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/05/20 10:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/08/16 04:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[529 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/01/02 09:42:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Hoffman\Desktop\OTL.exe
[2010/01/02 02:34:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/01/02 02:22:42 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/02 00:50:15 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EE31A232-E355-4AD5-870F-7D942D570B85}.job
[2010/01/02 00:33:37 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/02 00:33:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/02 00:33:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/02 00:33:29 | 21,452,96384 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/02 00:33:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/01/02 00:33:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/01/02 00:32:19 | 05,505,024 | ---- | M] () -- C:\Documents and Settings\Rob Hoffman\ntuser.dat
[2010/01/02 00:32:19 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Rob Hoffman\ntuser.ini
[2010/01/01 23:36:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/01 23:28:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/01 23:24:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/01 23:04:43 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2010/01/01 23:01:26 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2010/01/01 22:21:31 | 03,879,975 | R--- | M] () -- C:\Documents and Settings\Rob Hoffman\Desktop\Combo-Fix.exe
[2010/01/01 21:55:24 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/01 21:53:23 | 00,009,928 | ---- | M] () -- C:\Documents and Settings\Rob Hoffman\Desktop\web link.docx
[2010/01/01 18:57:29 | 00,035,643 | ---- | M] () -- C:\Documents and Settings\Rob Hoffman\Desktop\Malwarebytes Log 1-1-10.docx
[2010/01/01 17:49:33 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Rob Hoffman\Desktop\RSIT.exe
[2010/01/01 17:44:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/01 17:43:15 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob Hoffman\Desktop\tool.exe
[2010/01/01 01:00:03 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/12/31 14:45:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/31 13:30:47 | 00,131,584 | ---- | M] () -- C:\Documents and Settings\Rob Hoffman\My Documents\filmtitle.doc
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 11:55:00 | 01,197,744 | ---- | M] () -- C:\Documents and Settings\Rob Hoffman\My Documents\Holiday newsletter 2009.pdf
[2009/12/28 03:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/12/15 23:41:41 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/13 10:12:36 | 00,000,874 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 01:30:01 | 00,031,512 | ---- | M] () -- C:\Documents and Settings\Rob Hoffman\My Documents\eClinicalWorks LLC.docx
[529 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/01/02 00:33:43 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/01 23:01:25 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2010/01/01 23:01:18 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/01 22:57:02 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/01 22:57:01 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/01 22:57:01 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/01 22:57:01 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/01 22:57:01 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/01 22:21:27 | 03,879,975 | R--- | C] () -- C:\Documents and Settings\Rob Hoffman\Desktop\Combo-Fix.exe
[2010/01/01 21:53:15 | 00,009,928 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\Desktop\web link.docx
[2010/01/01 17:49:30 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\Desktop\RSIT.exe
[2010/01/01 17:44:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/01 16:33:16 | 00,035,643 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\Desktop\Malwarebytes Log 1-1-10.docx
[2009/12/28 11:55:00 | 01,197,744 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\My Documents\Holiday newsletter 2009.pdf
[2009/12/05 14:13:46 | 00,031,512 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\My Documents\eClinicalWorks LLC.docx
[2009/11/27 12:18:52 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Audio
[2009/11/27 12:18:52 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\Rob Hoffman\Application Data\Applause and Laugher
[2009/11/27 12:18:52 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/11/27 12:18:52 | 00,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\BSD
[2009/05/06 10:40:19 | 00,024,455 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\Application Data\Microsoft Excel.ADR
[2008/12/16 21:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/01/26 11:57:10 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/01/02 14:56:59 | 00,000,207 | ---- | C] () -- C:\WINDOWS\CD_Viewer.INI
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/19 19:21:42 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/04 19:03:11 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/03/05 09:43:37 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/14 16:49:20 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/10 11:52:37 | 00,000,217 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/04 13:26:14 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/29 20:32:05 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/01/29 20:32:05 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/01/28 16:43:38 | 00,000,158 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\Application Data\wklnhst.dat
[2007/01/28 16:39:10 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Rob Hoffman\Local Settings\Application Data\fusioncache.dat
[2007/01/24 07:47:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/24 07:41:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/24 07:37:42 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/24 07:10:30 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/01/24 07:08:53 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2005/10/31 09:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2006/10/10 13:03:48 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\R130118\iastor.sys
[2006/07/06 06:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\i386\iaStor.sys
[2006/07/06 06:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2010/01/01 23:04:43 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/10/10 13:03:48 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys
[2006/07/06 07:01:32 | 00,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


Report •

#22
January 2, 2010 at 10:50:08
It also has a log from "Extras" do you need that?

Report •

#23
January 2, 2010 at 11:57:43
No, don't need it.

We need to run the system file checker to check for damaged system files.

1.Locate your Windows XP installation CD. If you don't have one, you'll need to locate a directory on your system that's named"i386" (without the quotes). This directory may be on a hidden partition on your hard drive.


2.Go to Start, then to Run, and type in "SFC.EXE /SCANNOW" (without the quotes - and with a space between the SFC.EXE and the /SCANNOW). The press Enter.


3.The program may (or it may not) ask you for your Windows XP installation CD - please insert it at the prompt. If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.

4.In the event the the system asks you for the CD, you must visit Windows Update immediately after the scan is completed (Please note that there won't be any confirmation dialog - the program will just exit without telling you anything).

5.If this doesn't repair the problem with your system other troubleshooting procedures are required.

Let me know if you had to use the cd.


Report •

#24
January 2, 2010 at 12:07:19
Sorry is this is a silly question, but is my "reinstallation DVD MS Windows XP Media Center Version 2005 with Update Rollup 2" the same thing as the Windows XP Install CD? If not, I don't have any other CD. So if I don't have a CD, can i still continue w/above?

Report •

#25
January 2, 2010 at 12:20:27
Yes, there is an i386 folder in it.

To check put it in your dvd drive then quickly go to start> my computer> right click the appropriate drive> click open. It should be listed, if not run sfc anyway as it may replace a damaged file from one stored on your computer.


Report •

#26
January 2, 2010 at 12:32:49
I ran the scan, it showed it was doing something and then appeared to finish after about say 1.5 minutes. Did no't ask me for any CD.

Report •

#27
January 2, 2010 at 12:49:58
Also, i still have not reactivated my antivirus and spyhunter so please advise if i should keep them off. I'm not doing any computing other than the troubleshooting on that computer

Report •

#28
January 2, 2010 at 12:53:58
Put your reinstall cd in the dvd drive> go to start> my computer> right click the appropriate drive letter for the dvd> click open> look for the i386 folder> when found open it> locate this file iaStor.sys> right click on it> edit> copy. Remove the dvd > go to start> my computer> local disk (C:)> open it> click edit> click paste.

Let me know if you are successful in coping iaStor.sys to the C:\ drive.


Report •

#29
January 2, 2010 at 13:03:58
Ok - IASTOR.sys is on C:\

Report •

#30
January 2, 2010 at 13:46:42
Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip

1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

Copy all the text contained in the code box below between the X's to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to move:
C:\iaStor.sys | C:\WINDOWS\System32\drivers\iaStor.sys

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
Click the Execute button
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


Report •

#31
January 2, 2010 at 14:26:28
Here is Avenger Log - doesn't look promising.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not move file "C:\iaStor.sys"
File move operation "C:\iaStor.sys|C:\WINDOWS\System32\drivers\iaStor.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.


Report •

#32
January 2, 2010 at 14:35:01
Looks like we don't have access.

Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Then delete that log.




Please run win32kdiag.exe again, with the following command to fix some malware related changes.
Please make sure that a copy of win32kdiag.exe is located on your desktop.

Click on Start->Run, and copy-paste (or type) the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


Report •

#33
January 2, 2010 at 15:27:08
This is all it gave me so i didn't do the 2nd part of what you said yet because this was all there was. Please advise if I should do it again??


Running from: C:\Documents and Settings\Rob Hoffman\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Rob Hoffman\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!


Report •

#34
January 2, 2010 at 15:42:04
Run the second scan please.

Report •

#35
January 2, 2010 at 15:54:34
2nd scan using that command above:

Running from: C:\Documents and Settings\Rob Hoffman\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Rob Hoffman\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!


Report •

#36
January 2, 2010 at 16:05:41
Ok, we will use the reinstall cd to do a direct replacement of the file.

Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.


1) Locate this file - C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS

2) Right click it and rename it to IASTOR.SYS.BAD

3) Then copy the file from the i386 folder (as you did before) on the cd to C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS

Do not restart the computer until we are certain that you have the new file copied into the driver folder. So you should be able to see both of these files when you finish:


C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS.bad

Let me know.


Report •

#37
January 2, 2010 at 16:27:58
Ok, got it, i have both files under the Driver folder now on C:. Sys and Sys.bad.

Next step? restart?


Report •

#38
January 2, 2010 at 18:29:44
Go ahead and restart the computer and let me know if you are still being redirected.

Report •

#39
January 2, 2010 at 18:50:03
Appears to be locked in restart. Do you suggest i just shut down? It does take an exceptionally long time to do anything, but this is unusual to take so long to restart

Report •

#40
January 2, 2010 at 18:55:32
It is restarting now. I CTRL ALT DEL and choose restart again and it restarted

Report •

#41
January 2, 2010 at 18:57:13
Getting error on restart. "Groove monitor.exe - application error" The application failed to initialize properly (0xc00)0005). Click on OK to terminate the application

Report •

#42
January 2, 2010 at 19:03:12
Still redirecting, still exceptionally slow at start up and everything else. Am I really in a pickle?

Report •

#43
January 2, 2010 at 19:22:17
These are some bad infections to detect and remove..yours appears to be one of the new morphs.

Temporarily disable groovemonitor:


1. Go to Start menu and click Run
2. Type msconfig and press Enter.
3. Go to Startup tab and then uncheck any reference to "groovemonitor"
4. Reboot

Next, go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Redownload combofix using internet explorer and run it as you did eariler.


Report •

#44
January 2, 2010 at 19:29:02
Do you know what DMXLauncher is? When i go to reboot it says END PROGRAM - DMXLauncher. Anything to be worried about?

Report •

#45
January 2, 2010 at 19:37:10
Now i am getting:

You have used the System Configuation Utility to make changes to the way Windows starts. The system config utility is currently in Dianostic or Selective Startup mode, causing this msg to be displayed and the utility to run every time windows starts. Choose the normal startup mode on the general tab to start windows normally and undo the changes you made to using the sys config utility.

???


Report •

#46
January 2, 2010 at 19:41:14
Part of Dell's Media Experience you can probably disable it in msconfig also temporarily.

Report •

#47
January 2, 2010 at 19:46:30
You should be able to tell it not to show by checking a box on startup.

Report •

#48
January 2, 2010 at 19:55:39
I rcvd message, COMBOFIX has detected the presence of rootkit activity and needs to reboot the machine (it did this last night too)

Report •

#49
January 2, 2010 at 20:14:57
"I received a Message:

THERE'S A NEW VERSION OF COMBOFIX AVAILABLE. WOULD YOU LIKE TO UPDATE COMBOFIX?

WHAT SHOULD I DO?" I remeber this but didn't recall the other. Let it run.


Report •

#50
January 2, 2010 at 20:48:52
Part 1 of Combo-Fix Log. I see issues with that IASTOR

ComboFix 10-01-02.01 - Rob Hoffman 01/02/2010 22:02:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1535 [GMT -6:00]
Running from: c:\documents and settings\Rob Hoffman\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SET4BA.tmp

c:\windows\system32\drivers\iaStor.sys . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

.
((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 00:31 . 2010-01-03 03:59 247808 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-02 21:07 . 2006-05-11 16:30 247808 ----a-w- C:\IASTOR.SYS
2010-01-02 00:29 . 2010-01-02 00:30 -------- d-----w- c:\program files\trend micro
2010-01-02 00:29 . 2010-01-02 00:32 -------- d-----w- C:\rsit
2010-01-01 23:44 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 23:44 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 19:12 . 2009-12-16 22:05 43008 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-28 19:12 . 2009-12-16 22:05 347136 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-28 19:12 . 2009-12-16 22:05 340992 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-28 19:12 . 2009-12-16 22:05 1452032 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-28 19:12 . 2009-12-16 22:05 471040 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-28 18:46 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-28 18:35 . 2009-12-28 18:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-28 18:35 . 2009-12-29 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-16 06:30 . 2009-12-16 06:30 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\MSNInstaller
2009-12-15 16:49 . 2009-12-15 16:49 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Malwarebytes
2009-12-15 16:48 . 2009-12-15 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-15 16:48 . 2010-01-01 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 06:48 . 2009-12-15 06:48 -------- d-----w- c:\program files\Alwil Software
2009-12-14 18:15 . 2009-12-14 18:15 -------- d-----w- c:\documents and settings\Rob Hoffman\Local Settings\Application Data\Dell
2009-12-14 14:02 . 2009-12-14 14:02 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-14 14:01 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Ipswitch
2009-12-14 14:01 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ipswitch
2009-12-10 06:30 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Ipswitch(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 04:16 . 2007-07-05 01:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-03 04:16 . 2007-12-30 16:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-02 08:22 . 2007-02-13 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-02 05:04 . 2007-01-24 13:10 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys.bad
2010-01-01 23:08 . 2007-01-24 13:38 -------- d-----w- c:\program files\Google
2010-01-01 18:50 . 2009-09-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-28 18:42 . 2007-01-24 13:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-28 08:47 . 2007-01-30 02:06 -------- d-----w- c:\program files\McAfee
2009-12-15 13:34 . 2008-01-20 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-15 06:39 . 2008-03-28 04:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-14 14:01 . 2009-11-27 18:19 -------- d-----w- c:\program files\Common Files\Nikon
2009-12-14 14:01 . 2007-01-24 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 18:08 . 2009-11-11 15:09 -------- d-----w- c:\program files\iTunes
2009-12-13 18:08 . 2009-11-11 15:09 -------- d-----w- c:\program files\iPod
2009-12-13 18:08 . 2007-09-20 01:10 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 18:08 . 2009-11-11 15:06 -------- d-----w- c:\program files\QuickTime
2009-11-28 20:24 . 2009-11-27 18:21 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Nikon
2009-11-28 20:24 . 2009-11-27 18:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-11-27 18:19 . 2009-11-27 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-11-27 18:19 . 2009-11-27 18:19 -------- d-----w- c:\program files\Nikon
2009-11-27 18:18 . 2009-11-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-11-27 18:18 . 2009-11-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-11-27 18:17 . 2009-11-27 18:17 -------- d-----w- c:\program files\ArcSoft
2009-11-11 16:32 . 2007-02-09 16:58 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Apple Computer
2009-11-11 15:10 . 2009-11-11 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 14:44 . 2009-11-11 14:44 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-06 08:15 . 2007-01-24 13:46 73880 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-01 19:35 . 2007-02-14 22:49 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 11:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2006-12-19 . 57B9D140E1EB8B0EA06DF927B63B0EEE . 2137600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-06-23 . 5611F453C6D20AB0552956F39BCDDB88 . 2136064 . . [5.1.2600.2705] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 04:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys


Report •

#51
January 2, 2010 at 20:50:19
Part 2

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-10 11:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 11:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2006-12-19 . FA64F313F5237C53A909906113ACAE7D . 2017280 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-06-23 . 65F4B29A0793ADB5D924FB3F47F1BCA4 . 2015744 . . [5.1.2600.2705] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-02_05.36.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-02 16:10 . 2010-01-03 03:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010220100103\index.dat
- 2007-01-28 22:35 . 2010-01-02 05:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-01-28 22:35 . 2010-01-03 04:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-01-28 22:35 . 2010-01-03 04:16 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-01-28 22:35 . 2010-01-02 05:24 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-01-02 05:24 . 2008-12-17 03:59 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2010-01-03 04:16 . 2008-12-17 03:59 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2007-01-28 22:35 . 2010-01-03 04:16 753664 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-01-28 22:35 . 2010-01-02 05:24 753664 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-18 21:30 . 2010-01-02 05:24 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-09-18 21:30 . 2010-01-03 04:16 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-05 36864]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-24 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-4 196608]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\documents and settings\Rob Hoffman\Application Data\Facebook\facebook.exe"= c:\documents and settings\Rob Hoffman\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/28/2008 9:19 PM 93320]
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 11:00]

2010-01-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 12:49]

2009-12-28 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-30 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-01-30 17:22]

2010-01-02 c:\windows\Tasks\User_Feed_Synchronization-{EE31A232-E355-4AD5-870F-7D942D570B85}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 22:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A7A4618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\iaStor -> iaStor.sys @ 0xb9e74f80
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805815d0
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805815d0
NDIS: Intel(R) 82562V 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d68ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d75b21
SendHandler -> NDIS.sys @ 0xb9d5387b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7144)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\docume~1\ROBHOF~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2010-01-02 22:48:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-03 04:47
ComboFix2.txt 2010-01-02 05:57

Pre-Run: 280,123,891,712 bytes free
Post-Run: 280,101,089,280 bytes free

- - End Of File - - 6899CEDCDAE6CEEC1773837EC5250076


Report •

#52
January 3, 2010 at 07:16:50
Good morning, next steps?

Report •

#53
January 3, 2010 at 08:20:13
Good morning.

Download SystemLook.exe from the following link.


SystemLook.exe


1. Double-click SystemLook.exe to run it.
2. Copy the content of the following code between the X's into the main textfield:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:filefind
*iastor.sys*
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3. Click the Look button to start the scan.
4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Report •

#54
January 3, 2010 at 09:05:19
Cannot even get to internet now on main desktop so switching on thumb drive to my laptop to post. That or accessing the internet takes over 30 minutes now.

Here is systemlook.txt log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:02 on 03/01/2010 by Rob Hoffman (Administrator - Elevation successful)

========== filefind ==========

Searching for "*iastor.sys*"
C:\drivers\storage\R130118\iastor.sys --a--c 246784 bytes [13:10 24/01/2007] [19:03 10/10/2006] 019CF5F31C67030841233C545A0E217A
C:\i386\iaStor.sys --a--c 246784 bytes [02:15 30/01/2007] [12:59 06/07/2006] 019CF5F31C67030841233C545A0E217A
C:\IASTOR.SYS --a--- 247808 bytes [21:07 02/01/2010] [16:30 11/05/2006] 294110966CEDD127629C5BE48367C8CF
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--c 484864 bytes [13:32 24/01/2007] [13:01 06/07/2006] 6A3C354BFC163B81F6EF2FC421280DB5
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys --a--c 246784 bytes [13:32 24/01/2007] [12:59 06/07/2006] 019CF5F31C67030841233C545A0E217A
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\IASTOR.SYS.vir --a--- 247808 bytes [00:31 03/01/2010] [00:31 03/01/2010] 370976761B97508C62492122CB068349
C:\WINDOWS\system32\drivers\iaStor.sys --a--- 247808 bytes [00:31 03/01/2010] [06:27 03/01/2010] 5548A6C02EDAA1CE6D36D5503CFA7297
C:\WINDOWS\system32\drivers\iaStor.sys.bad --a--- 246784 bytes [13:10 24/01/2007] [05:04 02/01/2010] 1557377C8C1E86FF35B1AFAEDFF89D53
C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys --a--c 246784 bytes [13:32 24/01/2007] [19:03 10/10/2006] 019CF5F31C67030841233C545A0E217A

-=End Of File=-


Report •

#55
January 3, 2010 at 09:12:02
Actually was able to get to internet finally on main desktop just FYI

Report •

#56
January 3, 2010 at 09:27:30
If you have anything you want to be sure you don't lose on the computer you should copy it to a disk.

The following is a Kaspersky tool that has worked in the past. Remember do not restart the computer until we know there is a copy of iastor.sys in the driver folder.

Download the follow to your usb drive and run it on the infected computer.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.You will need to drag TDSSKiller.exe out of the extracted folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#57
January 3, 2010 at 11:50:22
Sorry - little confused on the directions. So i got TDS on my desktop and cut/pasted the command above into the RUN line and this is the script that came up. You said NOT to reboot but it's telling me to reboot. Can I Reboot now??

TDSS rootkit removing tool, Kaspersky Lab 2009
version 2.1.1 Dec 20 2009 02:40:02
Start log failed

Scanning Registry ...

Scanning Kernel memory ...

Driver "iaStor" Irp handler infected by TDSS rootkit ... cured
Driver "iaStor" StartIo handler infected by TDSS rootkit ... cured
File C:\WINDOWS\system32\drivers\iastor.sys infected by TDSS rootkit ... cure fa
iled

Completed

Results:
Infected objects in memory: 2
Cured objects in memory: 2
Infected objects on disk: 1
Objects on disk cured on reboot: 0
Objects on disk deleted on reboot: 0
Registry nodes deleted on reboot: 0

To finalize removal of infection and avoid loosing of data program will
reboot your PC now.
Close all programs and choose Y to restart or N to continue.


Report •

#58
January 3, 2010 at 12:05:56
Also, FYI I still have IASTOR.sys and IASTOR.SYS.BAD in my c:\windows\system\drivers folder

Report •

#59
January 3, 2010 at 12:50:20
That looks promising.

Navigate to and delete this file:

C:\WINDOWS\system32\drivers\iaStor.sys.bad

Then run TDDSKiller again then reboot.


Report •

#60
January 3, 2010 at 12:58:46
Is a log going to come up after it reboots?

Report •

#61
January 3, 2010 at 13:03:41
Yes,a log should be produced.

Report •

#62
January 3, 2010 at 13:08:56
Ok - computer has rebooted, it's been about 13 minutes m+ and still slowly programs are loading but no TDSSkiller.txt log on my desktop.

Report •

#63
January 3, 2010 at 13:14:21
Look on the C:\ drive for C:\TDSSKIller.txt .

Report •

#64
January 3, 2010 at 13:20:17
Ah - silly me. Here it is:

14:58:42:669 4052 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
14:58:42:669 4052 ================================================================================
14:58:42:669 4052 SystemInfo:

14:58:42:669 4052 OS Version: 5.1.2600 ServicePack: 3.0
14:58:42:669 4052 Product type: Workstation
14:58:42:669 4052 ComputerName: D3Z96FC1
14:58:42:669 4052 UserName: Rob Hoffman
14:58:42:669 4052 Windows directory: C:\WINDOWS
14:58:42:669 4052 Processor architecture: Intel x86
14:58:42:669 4052 Number of processors: 2
14:58:42:669 4052 Page size: 0x1000
14:58:42:794 4052 Boot type: Normal boot
14:58:42:794 4052 ================================================================================
14:58:42:794 4052 ForceUnloadDriver: NtUnloadDriver error 2
14:58:42:794 4052 ForceUnloadDriver: NtUnloadDriver error 2
14:58:42:794 4052 ForceUnloadDriver: NtUnloadDriver error 2
14:58:42:794 4052 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
14:58:42:794 4052 main: Driver KLMD successfully dropped
14:58:42:794 4052 main: Driver KLMD successfully loaded
14:58:42:794 4052
Scanning Registry ...
14:58:42:794 4052 ScanServices: Searching service UACd.sys
14:58:42:810 4052 ScanServices: Open/Create key error 2
14:58:42:810 4052 ScanServices: Searching service TDSSserv.sys
14:58:42:810 4052 ScanServices: Open/Create key error 2
14:58:42:810 4052 ScanServices: Searching service gaopdxserv.sys
14:58:42:810 4052 ScanServices: Open/Create key error 2
14:58:42:810 4052 ScanServices: Searching service gxvxcserv.sys
14:58:42:810 4052 ScanServices: Open/Create key error 2
14:58:42:810 4052 ScanServices: Searching service MSIVXserv.sys
14:58:42:810 4052 ScanServices: Open/Create key error 2
14:58:42:810 4052 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
14:58:42:810 4052 UnhookRegistry: Kernel local addr: E40000
14:58:42:810 4052 UnhookRegistry: KeServiceDescriptorTable addr: EC46E0
14:58:42:810 4052 UnhookRegistry: KiServiceTable addr: E6CA70
14:58:42:810 4052 UnhookRegistry: NtEnumerateKey service number (local): 47
14:58:42:810 4052 UnhookRegistry: NtEnumerateKey local addr: F8BB12
14:58:42:810 4052 KLMD_OpenDevice: Trying to open KLMD device
14:58:42:810 4052 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
14:58:42:810 4052 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
14:58:42:810 4052 KLMD_ReadMem: Trying to ReadMemory 0x804FF909[0x4]
14:58:42:810 4052 UnhookRegistry: NtEnumerateKey service number (kernel): 47
14:58:42:810 4052 KLMD_ReadMem: Trying to ReadMemory 0x80503B8C[0x4]
14:58:42:810 4052 UnhookRegistry: NtEnumerateKey real addr: 80622B12
14:58:42:810 4052 UnhookRegistry: NtEnumerateKey calc addr: 80622B12
14:58:42:810 4052 UnhookRegistry: No SDT hooks found on NtEnumerateKey
14:58:42:810 4052 KLMD_ReadMem: Trying to ReadMemory 0x80622B12[0xA]
14:58:42:810 4052 UnhookRegistry: No splicing found on NtEnumerateKey
14:58:42:810 4052
Scanning Kernel memory ...
14:58:42:810 4052 KLMD_OpenDevice: Trying to open KLMD device
14:58:42:810 4052 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
14:58:42:810 4052 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:58:42:810 4052 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A2B03E8
14:58:42:810 4052 DetectCureTDL3: KLMD_GetDeviceObjectList returned 10 DevObjects
14:58:42:810 4052 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 88B5A2B8
14:58:42:810 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88B5A2B8
14:58:42:810 4052 KLMD_ReadMem: Trying to ReadMemory 0x88B5A2B8[0x38]
14:58:42:810 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:810 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:810 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:810 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:810 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:810 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:810 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:810 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:810 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:810 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:810 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:810 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:810 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:810 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:810 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:810 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:825 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:825 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:825 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:825 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:825 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:825 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:825 4052 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 88DF7908
14:58:42:825 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88DF7908
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x88DF7908[0x38]
14:58:42:825 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:825 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:825 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:825 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:825 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:825 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:825 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:825 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:825 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:825 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:825 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:825 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:825 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:825 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:825 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:825 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:825 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:825 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:825 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:825 4052 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 88D4BAB8
14:58:42:825 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88D4BAB8
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x88D4BAB8[0x38]
14:58:42:825 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:825 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:825 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:825 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:825 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:825 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:825 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:825 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:825 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:825 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:825 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:825 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:825 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:825 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:825 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:825 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:825 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:825 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:825 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:825 4052 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 88DEC030
14:58:42:825 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88DEC030
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x88DEC030[0x38]
14:58:42:825 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:825 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:825 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:825 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:825 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:825 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:825 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:825 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:825 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:825 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:825 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:825 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:825 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:825 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:825 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:825 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:825 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:825 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:825 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:825 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:825 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:857 4052 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 88DD0710
14:58:42:857 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88DD0710
14:58:42:857 4052 KLMD_ReadMem: Trying to ReadMemory 0x88DD0710[0x38]
14:58:42:857 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:857 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:857 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:857 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:857 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:857 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:857 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:857 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:857 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:857 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:857 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:857 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:857 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:857 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:857 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:857 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:857 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:857 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:857 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:857 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:857 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:857 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:857 4052 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 88F47030
14:58:42:857 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88F47030
14:58:42:857 4052 KLMD_ReadMem: Trying to ReadMemory 0x88F47030[0x38]
14:58:42:857 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:857 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:857 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:857 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:857 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:857 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:857 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:857 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:857 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:857 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:857 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:857 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:857 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:857 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:857 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:857 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:857 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:857 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:857 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:857 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:857 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:857 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:857 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:888 4052 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 89EAE8A0
14:58:42:888 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89EAE8A0
14:58:42:888 4052 KLMD_ReadMem: Trying to ReadMemory 0x89EAE8A0[0x38]
14:58:42:888 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:888 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:888 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:888 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:888 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:888 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:888 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:888 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:888 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:888 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:888 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:888 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:888 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:888 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:888 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:888 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:888 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:888 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:888 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:888 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:888 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:888 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:888 4052 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 89EAEC68
14:58:42:888 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89EAEC68
14:58:42:888 4052 KLMD_ReadMem: Trying to ReadMemory 0x89EAEC68[0x38]
14:58:42:888 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:888 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:888 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:888 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:888 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:888 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:888 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:888 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:888 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:888 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:888 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:888 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:888 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:888 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:888 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:888 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:888 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:888 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:888 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:888 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:888 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:888 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:888 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:919 4052 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 8A7DE7E8
14:58:42:919 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A7DE7E8
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A7DE7E8[0x38]
14:58:42:919 4052 DetectCureTDL3: DRIVER_OBJECT addr: 8A2B03E8
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2B03E8[0xA8]
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0xE10159A0[0x208]
14:58:42:919 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:58:42:919 4052 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30
14:58:42:919 4052 DetectCureTDL3: IrpHandler (1) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30
14:58:42:919 4052 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B
14:58:42:919 4052 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B
14:58:42:919 4052 DetectCureTDL3: IrpHandler (5) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (6) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (7) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (8) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (9) addr: BA0E9366
14:58:42:919 4052 DetectCureTDL3: IrpHandler (10) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (11) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (12) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (13) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (14) addr: BA0E944D
14:58:42:919 4052 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3
14:58:42:919 4052 DetectCureTDL3: IrpHandler (16) addr: BA0E9366
14:58:42:919 4052 DetectCureTDL3: IrpHandler (17) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (18) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (19) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (20) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (21) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3
14:58:42:919 4052 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24
14:58:42:919 4052 DetectCureTDL3: IrpHandler (24) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (25) addr: 804F4536
14:58:42:919 4052 DetectCureTDL3: IrpHandler (26) addr: 804F4536
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:58:42:919 4052 KLMD_ReadMem: DeviceIoControl error 1
14:58:42:919 4052 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:58:42:919 4052 TDL3_FileDetect: Processing driver: Disk
14:58:42:919 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:58:42:919 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:58:42:919 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:58:42:919 4052 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 8A7F7968
14:58:42:919 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A7F7968
14:58:42:919 4052 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 8A2AF030
14:58:42:919 4052 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A2AF030
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A2AF030[0x38]
14:58:42:919 4052 DetectCureTDL3: DRIVER_OBJECT addr: 89E2E4C8
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x89E2E4C8[0xA8]
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A7F8030[0x38]
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A808428[0xA8]
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0xE188E768[0x208]
14:58:42:919 4052 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
14:58:42:919 4052 DetectCureTDL3: IrpHandler (0) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (1) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (2) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (3) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (4) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (5) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (6) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (7) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (8) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (9) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (10) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (11) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (12) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (13) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (14) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (15) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (16) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (17) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (18) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (19) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (20) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (21) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (22) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (23) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (24) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (25) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: IrpHandler (26) addr: 8A7A4618
14:58:42:919 4052 DetectCureTDL3: All IRP handlers pointed to one addr: 8A7A4618
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A7A4618[0x400]
14:58:42:919 4052 TDL3_IrpHookDetect: TDL3 is already cured
14:58:42:919 4052 KLMD_ReadMem: Trying to ReadMemory 0x8A7A44BF[0x400]
14:58:42:919 4052 TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 0
14:58:42:919 4052 TDL3_FileDetect: Processing driver: iaStor
14:58:42:919 4052 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\iastor.sys, C:\WINDOWS\system32\Drivers\iastor.tsk, SYSTEM\CurrentControlSet\Services\iaStor, system32\Drivers\iastor.tsk
14:58:42:919 4052 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\iastor.sys
14:58:42:919 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iastor.sys
14:58:42:935 4052 File C:\WINDOWS\system32\drivers\iastor.sys infected by TDSS rootkit ... 14:58:42:935 4052 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\iastor.sys
14:58:42:935 4052 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iastor.sys
14:58:42:935 4052 TDL3_FileCure: Driver file C:\WINDOWS\system32\drivers\iastor.sys cure failed
14:58:42:935 4052 cure failed
14:58:42:935 4052
Completed

Results:
14:58:42:935 4052 Infected objects in memory: 0
14:58:42:935 4052 Cured objects in memory: 0
14:58:42:935 4052 Infected objects on disk: 1
14:58:42:935 4052 Objects on disk cured on reboot: 0
14:58:42:935 4052 Objects on disk deleted on reboot: 0
14:58:42:935 4052 Registry nodes deleted on reboot: 0
14:58:42:935 4052


Report •

#65
January 3, 2010 at 13:22:52
I also still have a copy of IASTOR.sys on c: We copied it there yesterday - FYI

Report •

#66
January 3, 2010 at 13:49:35
It acts like a permission setting is locked.


Please download inherit from the following link to your desktop.

Inherit.exe

* Go to Start => Run => Copy and paste the following bolded line in the run box and click OK:


"%userprofile%\desktop\inherit" "c:\windows\system32\drivers\iastor.sys"

* If you get a security warning select Run.
* You will get a "Finish" popup. Click OK.

Then run TDSSKiller.exe again and let it reboot if ask. The post its log.




Report •

#67
January 3, 2010 at 13:52:37
I'm getting "File not found" on the link

Report •

#68
January 3, 2010 at 14:33:06
Just copy this into your browser address bar:

http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe


Report •

#69
January 3, 2010 at 14:59:41
Did the Interhit thing. Ran TDSS again. Rebooted but not getting a new TDSS log????

Report •

#70
January 3, 2010 at 16:16:11
Delete the old log, if there is one, and run it again and see if it produces a log.

If no log was produced run Combofix and post its log.


Report •

#71
January 3, 2010 at 16:21:14
I need to delete combo-fix and reinstall it first?

Report •

#72
January 3, 2010 at 16:26:08
No it should be up to date, just follow the same guidelines as before.

Report •

#73
January 3, 2010 at 17:26:49
Combo-fix in a couple posts:

Post 1

ComboFix 10-01-02.01 - Rob Hoffman 01/03/2010 18:53:49.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1532 [GMT -6:00]
Running from: c:\documents and settings\Rob Hoffman\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\iaStor.sys . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1098\A0155936.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-03 00:31 . 2010-01-04 00:50 247808 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-02 21:07 . 2006-05-11 16:30 247808 ----a-w- C:\IASTOR.SYS
2010-01-02 00:29 . 2010-01-02 00:30 -------- d-----w- c:\program files\trend micro
2010-01-02 00:29 . 2010-01-02 00:32 -------- d-----w- C:\rsit
2010-01-01 23:44 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 23:44 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 19:12 . 2009-12-16 22:05 43008 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-28 19:12 . 2009-12-16 22:05 347136 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-28 19:12 . 2009-12-16 22:05 340992 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-28 19:12 . 2009-12-16 22:05 1452032 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-28 19:12 . 2009-12-16 22:05 471040 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-28 18:46 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Rob Hoffman\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-28 18:35 . 2009-12-28 18:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-28 18:35 . 2009-12-29 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-16 06:30 . 2009-12-16 06:30 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\MSNInstaller
2009-12-15 16:49 . 2009-12-15 16:49 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Malwarebytes
2009-12-15 16:48 . 2009-12-15 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-15 16:48 . 2010-01-01 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 06:48 . 2009-12-15 06:48 -------- d-----w- c:\program files\Alwil Software
2009-12-14 18:15 . 2009-12-14 18:15 -------- d-----w- c:\documents and settings\Rob Hoffman\Local Settings\Application Data\Dell
2009-12-14 14:02 . 2009-12-14 14:02 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-14 14:01 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Ipswitch
2009-12-14 14:01 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ipswitch
2009-12-10 06:30 . 2009-12-14 14:01 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Ipswitch(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 01:08 . 2007-07-05 01:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-04 01:08 . 2007-12-30 16:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-02 08:22 . 2007-02-13 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-01 23:08 . 2007-01-24 13:38 -------- d-----w- c:\program files\Google
2010-01-01 18:50 . 2009-09-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-28 18:42 . 2007-01-24 13:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-28 08:47 . 2007-01-30 02:06 -------- d-----w- c:\program files\McAfee
2009-12-15 13:34 . 2008-01-20 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-15 06:39 . 2008-03-28 04:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-14 14:01 . 2009-11-27 18:19 -------- d-----w- c:\program files\Common Files\Nikon
2009-12-14 14:01 . 2007-01-24 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 18:08 . 2009-11-11 15:09 -------- d-----w- c:\program files\iTunes
2009-12-13 18:08 . 2009-11-11 15:09 -------- d-----w- c:\program files\iPod
2009-12-13 18:08 . 2007-09-20 01:10 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 18:08 . 2009-11-11 15:06 -------- d-----w- c:\program files\QuickTime
2009-11-28 20:24 . 2009-11-27 18:21 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Nikon
2009-11-28 20:24 . 2009-11-27 18:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-11-27 18:19 . 2009-11-27 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-11-27 18:19 . 2009-11-27 18:19 -------- d-----w- c:\program files\Nikon
2009-11-27 18:18 . 2009-11-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-11-27 18:18 . 2009-11-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-11-27 18:17 . 2009-11-27 18:17 -------- d-----w- c:\program files\ArcSoft
2009-11-11 16:32 . 2007-02-09 16:58 -------- d-----w- c:\documents and settings\Rob Hoffman\Application Data\Apple Computer
2009-11-11 15:10 . 2009-11-11 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 14:44 . 2009-11-11 14:44 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-06 08:15 . 2007-01-24 13:46 73880 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-01 19:35 . 2007-02-14 22:49 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 11:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2006-12-19 . 57B9D140E1EB8B0EA06DF927B63B0EEE . 2137600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-06-23 . 5611F453C6D20AB0552956F39BCDDB88 . 2136064 . . [5.1.2600.2705] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll


Report •

#74
January 3, 2010 at 17:27:41
Post 2 - hope this is all good news

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 04:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-10 11:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 11:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2006-12-19 . FA64F313F5237C53A909906113ACAE7D . 2017280 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-06-23 . 65F4B29A0793ADB5D924FB3F47F1BCA4 . 2015744 . . [5.1.2600.2705] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-02_05.36.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-03 16:52 . 2010-01-03 22:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010320100104\index.dat
+ 2010-01-02 16:10 . 2010-01-03 03:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010220100103\index.dat
+ 2007-01-28 22:35 . 2010-01-04 01:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-01-28 22:35 . 2010-01-02 05:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-01-28 22:35 . 2010-01-04 01:08 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-04 01:08 . 2008-12-17 03:59 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2010-01-02 05:24 . 2008-12-17 03:59 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2007-01-28 22:35 . 2010-01-04 01:08 770048 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-18 21:30 . 2010-01-02 05:24 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-09-18 21:30 . 2010-01-04 01:08 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-05 36864]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-24 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-4 196608]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\documents and settings\Rob Hoffman\Application Data\Facebook\facebook.exe"= c:\documents and settings\Rob Hoffman\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/28/2008 9:19 PM 93320]
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-03 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 11:00]

2010-01-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 12:49]

2009-12-28 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-30 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-01-30 17:22]

2010-01-03 c:\windows\Tasks\User_Feed_Synchronization-{EE31A232-E355-4AD5-870F-7D942D570B85}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Rob Hoffman\Application Data\Mozilla\Firefox\Profiles\hyac6g30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 19:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A7A3618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\iaStor -> iaStor.sys @ 0xb9e74f80
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805815d0
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805815d0
NDIS: Intel(R) 82562V 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d68ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d75b21
SendHandler -> NDIS.sys @ 0xb9d5387b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6680)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\docume~1\ROBHOF~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-03 19:26:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-04 01:26
ComboFix2.txt 2010-01-02 05:57

Pre-Run: 280,010,162,176 bytes free
Post-Run: 279,988,424,704 bytes free

- - End Of File - - 9AF3323FD0D69B07436740579F4876B0


Report •

#75
January 3, 2010 at 19:18:05
Run this clean up tool when you get a chance. I have not given up but will be late tomorrow getting back when I leave tonight.

Please download TFC by Old Timer from the following link and save it to your desktop.

TFC by Old Timer



1. Save any unsaved work. TFC will close ALL open programs including your browser

2. Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.

3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

4. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.


Report •

#76
January 3, 2010 at 19:41:52
I ran it and it didn't take long cause i always clean out temp files, etc. but when I went to reboot it started to boot up, and now it's just sitting there and not rebooting all the way but the hard drive shows it's "working".

Does this program do more work on reboot?


Report •

#77
January 3, 2010 at 19:44:52
If i do ctrl ALT del it shows
McAgent Main Hidden Window running? Should i terminate it?

Report •

#78
January 3, 2010 at 19:47:19
I ended it because it's McAfee related so Hopefully it will reboot now.

Report •

#79
January 3, 2010 at 19:50:22
Yes you can terminate it and yes it removes items on reboot. You had a lot of temp files in the system32 folder, 529 to be exact and that may take a little while. Just let it run.

Report •

#80
January 3, 2010 at 19:54:02
Ok, it's all done and rebooted. Next?

Report •

#81
January 3, 2010 at 20:15:48
I have to go to work tomorrow as well so thanks for everything you have done so far.


Report •

#82
January 5, 2010 at 17:06:01
Navigate to and delete this folder:

C:\Program Files\BAE

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Uninstall Combofix using the same procedure you did in response #43. Do a manual search for combofix and delete any files/folders found. Navigate to and delete C:\Qoobox if found. Then redownload Combofix using internet explorer and use only the top link of the three links that are available but don't run it yet.

Should the following procedure fail, restart with your windows cd and go to the recovery console and type the following command in> remove the cd> restart the computer.


copy C:\iastor.sys C:\Windows\System32\drivers\iastor.sys (there is a needed space after copy and the first iastor.sys)

Navigate to and delete C:\Windows\System32
drivers\iastor.sys

Next empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore" >apply (takes a minute)>ok.

Run Combofix, post the log when you are finished.

Next go to C:\iastor > copy the file > paste it in the C:\WIndows\System32\drivers folder

Turn System Restore back on. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

Post the combofix log let me know if you are being redirected.


Report •

#83
January 5, 2010 at 18:38:26
I will try this. My computer barely will even boot up now so we'll see if I can accomplish. I leave out of town tomorrow for CES and then another trip so won't be able to do anything beyond this until 1/15 unless I'm successful tonight. I will post again tonight is my desktop lets me and if not, then again 1/15

Report •

#84
January 5, 2010 at 18:45:13
OK Have a nice trip.

Report •


Ask Question