Sign in to follow this  
seansmall

Search redirects

Recommended Posts

Every time I use Google, I click on the result and get redirected to various ad sites. Takes about 4 or 5 clicks to get to where I'm going. I've run Ad-Aware a couple of times and now I'm clean except for cookies, but it's still happening. What should I do?

I'll be out of town for the next week, so I won't be able to post logs until I return.

Share this post


Link to post
Share on other sites
Hi SeanNeedsHelps,

Please, to get help with cleaning your computer post follow the instructions in the topic [url="http://www.lavasoftsupport.com/index.php?showtopic=30823"]Read This Before You Post![/url].

Share this post


Link to post
Share on other sites
[quote name='CeciliaB' post='127531' date='Jun 14 2011, 12:30 PM']Hi SeanNeedsHelps,

Please, to get help with cleaning your computer post follow the instructions in the topic [url="http://www.lavasoftsupport.com/index.php?showtopic=30823"]Read This Before You Post![/url].[/quote]


Here are the results of the OTL scan.

OTL logfile created on: 6/14/2011 10:31:17 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Sean Pierce\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.08% Memory free
3.85 Gb Paging File | 2.64 Gb Available in Paging File | 68.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 30.42 Gb Free Space | 20.84% Space Free | Partition Type: NTFS
Drive E: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 483.56 Mb Total Space | 435.84 Mb Free Space | 90.13% Space Free | Partition Type: FAT

Computer Name: D83CRHD1 | User Name: Sean Pierce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color="#E56717"]========== Processes (SafeList) ==========[/color]

PRC - C:\Documents and Settings\Sean Pierce\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Registry Mechanic\Upgrade.exe (PC Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\Upgrade.exe (PC Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\Linksys\WUSB54GSC\WLService.exe (GEMTEKS)


[color="#E56717"]========== Modules (SafeList) ==========[/color]

MOD - C:\Documents and Settings\Sean Pierce\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll (PC Tools)


[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - (WUSB54GSC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (ThreatFire) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


[color="#E56717"]========== Driver Services (SafeList) ==========[/color]

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (BCM42RLY) -- C:\WINDOWS\system32\bcm42rly.sys (Broadcom Corporation)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#E56717"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.yahoo.com"]http://www.yahoo.com[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com"]http://www.yahoo.com[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070822
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070822

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"]http://www.google.com/search?q={searchTerm...tf8&oe=utf8[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color="#E56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..keyword.URL: "http://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/01 18:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/01 18:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/30 21:46:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 21:46:12 | 000,000,000 | ---D | M]

[2008/06/20 15:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Extensions
[2011/06/09 19:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\extensions
[2008/03/03 20:20:18 | 000,000,000 | ---D | M] (UCF Knights) -- C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\extensions\{e7d10f70-e922-11dc-95ff-0800200c9a66}
[2010/11/14 17:03:13 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\extensions\[email protected]
[2010/11/14 17:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\pwnm6ka6.Default User\extensions
[2010/11/14 17:03:14 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\pwnm6ka6.Default User\extensions\[email protected]
[2009/01/26 17:04:18 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\searchplugins\aim-search.xml
[2010/07/21 07:55:27 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\searchplugins\search-defender.xml
[2011/05/30 15:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 20:53:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2009/10/23 08:23:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\SEAN PIERCE\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SEAN PIERCE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F3SMWI2K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/01/09 11:58:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/30 21:45:53 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_.dll
[2011/05/30 21:45:56 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\VistaCodecPack\QT\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries00000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries00000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries00000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries00000000019 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} [url="http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab"]http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[/url] (StagingUI Object)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [url="http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab"]http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab[/url] (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} [url="http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab"]http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[/url] (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} [url="http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab"]http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[/url] (ZonePAChat Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [url="http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab"]http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab[/url] (MSN Games - Installer)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} [url="http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab"]http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab[/url] (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} [url="http://zone.msn.com/binframework/v10/StProxy.cab55579.cab"]http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[/url] (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} [url="http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab"]http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab[/url] (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Sean Pierce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean Pierce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/11 18:13:39 | 000,000,279 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/10/03 16:21:08 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{01fb53cf-3c60-11de-9707-001d7e0d48a4}\Shell - "" = AutoRun
O33 - MountPoints2\{01fb53cf-3c60-11de-9707-001d7e0d48a4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01fb53cf-3c60-11de-9707-001d7e0d48a4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/04/18 18:33:36 | 000,950,272 | R--- | M] ()
O33 - MountPoints2\{18928bba-2ea7-11dd-96c0-000f66e90383}\Shell - "" = AutoRun
O33 - MountPoints2\{18928bba-2ea7-11dd-96c0-000f66e90383}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18928bba-2ea7-11dd-96c0-000f66e90383}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/04/18 18:33:36 | 000,950,272 | R--- | M] ()
O33 - MountPoints2\{18928bbb-2ea7-11dd-96c0-000f66e90383}\Shell\AutoRun\command - "" = LinksysConnectPC.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ntsdpsrv - (C:\WINDOWS\system32\caclnstl.dll) - File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/06/12 20:07:38 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/12 20:02:54 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/06/12 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/12 20:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/06/10 17:54:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/10 17:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/06/10 17:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\FileOpen
[2011/06/10 17:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/06/10 16:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/06/09 19:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/09 19:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]

[2011/06/14 22:46:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/14 22:02:33 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/14 22:00:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/14 22:00:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/14 22:00:11 | 2145,288,192 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 20:59:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/14 11:17:40 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/06/12 20:07:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/12 20:07:36 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/12 20:03:04 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/06/11 00:46:55 | 010,080,256 | ---- | M] () -- C:\Ad-Aware90Install(1).msi
[2011/06/10 20:34:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/06 20:03:53 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\Sean Pierce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color="#E56717"]========== Files Created - No Company Name ==========[/color]

[2011/06/13 00:05:43 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/12 20:03:13 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/12 20:03:04 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/06/11 00:45:49 | 010,080,256 | ---- | C] () -- C:\Ad-Aware90Install(1).msi
[2011/05/30 21:46:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2010/11/21 17:31:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/23 02:08:40 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/05/12 03:02:56 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/11 22:44:15 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Sean Pierce\Application Data\lipoqz.dat
[2010/04/13 18:51:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/08 13:45:49 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/08 13:45:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/08 13:45:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/08 13:45:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/08 13:45:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/05 22:57:11 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0554.old
[2010/01/05 22:57:11 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2008/06/12 18:38:04 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/06/12 18:33:24 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/05/21 05:41:47 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sean Pierce\Application Data\dvd.bmk
[2008/05/21 04:08:02 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Sean Pierce\Local Settings\Application Data\fusioncache.dat
[2008/01/29 01:16:54 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007/09/19 00:14:04 | 000,128,000 | ---- | C] () -- C:\Documents and Settings\Sean Pierce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/13 12:16:25 | 000,000,815 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/02 18:03:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/02 17:23:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/08/22 08:20:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/22 08:11:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/22 08:09:14 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/08/22 08:09:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/22 07:49:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/08/22 07:48:16 | 000,001,123 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/07/29 17:51:44 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/10 07:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/02/25 14:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[color="#E56717"]========== LOP Check ==========[/color]

[2008/05/05 00:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/03/23 23:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/04/28 19:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/01/23 03:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2007/12/14 15:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/14 22:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/21 00:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/17 03:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2008/09/11 19:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/01/12 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/01 18:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\Azureus
[2008/03/30 23:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\FileOpen
[2008/08/12 06:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\iWin
[2010/04/13 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\Leawo
[2009/01/12 23:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\LimeWire
[2009/04/16 21:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\PowerChallenge
[2009/01/23 03:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\Sports Interactive
[2011/01/12 21:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\URSoft
[2007/10/19 09:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\Viewpoint
[2010/11/14 17:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Pierce\Application Data\vShare
[2011/06/14 22:02:33 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[color="#E56717"]========== Purity Check ==========[/color]



[color="#E56717"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D17E8AFC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >

Share this post


Link to post
Share on other sites
OTL Extras logfile created on: 6/14/2011 10:31:17 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Sean Pierce\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.08% Memory free
3.85 Gb Paging File | 2.64 Gb Available in Paging File | 68.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 30.42 Gb Free Space | 20.84% Space Free | Partition Type: NTFS
Drive E: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 483.56 Mb Total Space | 435.84 Mb Free Space | 90.13% Space Free | Partition Type: FAT

Computer Name: D83CRHD1 | User Name: Sean Pierce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color="#E56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#E56717"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color="#E56717"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#E56717"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color="#E56717"]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color="#E56717"]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"" =

[color="#E56717"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(tm) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus


[color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(tm) 6 Update 20
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(tm) SE Development Kit 6 Update 17
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{685DEA21-3622-455A-A41B-89557A168DFD}" = Ad-Aware
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced X Video Converter_is1" = Advanced X Video Converter
"DivX Setup.divx.com" = DivX Setup
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SearchAssist" = SearchAssist
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"vShare" = vShare Plugin
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"YU2010_is1" = Your Uninstaller! 2010

[color="#E56717"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

[color="#E56717"]========== Last 10 Event Log Errors ==========[/color]

Share this post


Link to post
Share on other sites
Sorry about the multiple posts. 2nd file is having some problems posting. Not sure why it won't let me include the last part of it.

Share this post


Link to post
Share on other sites
Maybe there are some texts in the last part that seems to be malicious or something similar. Nice that you managed to get the most of the log anyway. The multiple posts have been removed :)

Uninstall [b]vShare Plugin[/b] both in [b]Control Panel[/b] - [b]Add and remove programs[/b] and in [b]Firefox [/b]- [b]Tools [/b]- [b]Add-ons[/b]. Restart the computer.

Please, follow the instructions on [url="http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url] for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

Share this post


Link to post
Share on other sites
I pasted the contents into a post, but it said it was too long. So I tried to copy pieces of it, but it's just showing up as empty posts. I've decided to attach the log to this post if that's ok.

Share this post


Link to post
Share on other sites
Yes, that was really a very long log from ComboFix, but the next one will be much shorter.

Copy all lines in the box:
[code]Killall&#58;&#58;
FireFox&#58;&#58;
FF - ProfilePath - c&#58;\documents and settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\
FF - prefs.js&#58; keyword.URL - hxxp&#58;//www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=
Folder&#58;&#58;
C&#58;\Documents and Settings\Sean Pierce\Application Data\vShare
C&#58;\Program Files\vShare[/code]
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer and, please, inform us if the search redirections have stopped.

Share this post


Link to post
Share on other sites
I followed your directions, but I don't have a new log. I got a message saying ComboFix is compromised and I need to download a fresh version. It also said I may be infected with a virus called Virut.

The search redirections are continuing.

Share this post


Link to post
Share on other sites
Virut is a very difficult virus, but a computer that is infected with virut behaves very strange with many programs stopping to work, so let us hope that your computer isn't infected with virut.

Please, remove the ComboFix file on the desktop and download it again. That should let you follow my previous post.

Share this post


Link to post
Share on other sites
I'm trying to run it, but my computer keeps freezing. I had to reboot into Safe Mode. Can I run the CFScript from here, or do I need to find a way to do it when I'm not in Safe Mode?

Share this post


Link to post
Share on other sites
Yes, you can run CFScript and ComboFix in safe mode.

But if your computer has started to freeze it might be a virut infection and then Windows needs to be installed.

Share this post


Link to post
Share on other sites
ComboFix 11-06-19.0r1 - Sean Pierce 06/20/2011 23:21:07.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1726 [GMT -4:00]
Running from: c:\documents and settings\Sean Pierce\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean Pierce\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-21 00:47 . 2011-06-21 00:47 -------- d-----w- c:\documents and settings\Sean Pierce\Application Data\Registry Mechanic
2011-06-20 23:49 . 2011-06-21 00:49 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-15 03:39 . 2011-06-15 03:46 -------- d-----w- c:\documents and settings\Sean Pierce\Local Settings\Application Data\Audible
2011-06-15 03:36 . 2001-08-18 02:43 24576 ------w- c:\windows\system32\msxml3a.dll
2011-06-13 04:05 . 2011-06-13 00:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-13 00:07 . 2011-06-13 00:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-13 00:02 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-13 00:02 . 2011-06-13 00:02 -------- d-----w- c:\program files\Lavasoft
2011-06-11 04:45 . 2011-06-11 04:46 10080256 ----a-w- C:\Ad-Aware90Install(1).msi
2011-06-10 21:00 . 2011-06-10 21:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\FileOpen
2011-06-10 21:00 . 2011-06-10 21:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-06-09 23:37 . 2011-06-09 23:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-31 01:45 . 2011-05-31 01:45 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-31 01:45 . 2011-05-31 01:45 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-31 01:45 . 2011-05-31 01:45 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-31 01:45 . 2011-05-31 01:45 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-31 01:45 . 2011-05-31 01:45 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-31 01:45 . 2011-05-31 01:45 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-31 01:45 . 2011-05-31 01:45 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-31 01:45 . 2011-05-31 01:45 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 02:49 . 2004-08-10 16:51 26112 ----a-w- c:\windows\system32\userinit.exe
2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-31 01:45 . 2011-05-31 01:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-16_03.41.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 22:54 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 22:54 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2009-07-27 10:31 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-07-27 10:31 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-13 22:37 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-13 22:37 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-15 04:01 . 2011-06-21 03:33 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-15 04:01 . 2011-06-16 03:25 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-02 21:08 . 2011-06-16 03:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-09-02 21:08 . 2011-06-21 03:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-06-16 15:05 . 2011-06-21 03:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-03-15 04:01 . 2011-06-16 03:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-06-04 07:01 . 2011-04-21 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 07:01 . 2011-06-20 23:55 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2004-08-10 16:51 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2004-08-10 16:51 . 2008-04-14 09:42 551936 c:\windows\system32\oleaut32.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
- 2007-08-13 22:54 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 16:51 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
- 2004-08-10 16:51 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
- 2004-08-10 16:50 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-10 16:50 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-10 16:51 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-10 17:02 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2004-08-10 16:51 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2004-08-10 16:51 . 2008-04-14 09:42 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-10 16:51 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
+ 2004-08-10 16:51 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-06-13 22:37 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-13 22:37 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-10 16:51 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-10 17:02 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2004-08-10 17:02 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-07-27 10:31 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-07-27 10:31 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 21:30 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 21:30 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-10 16:51 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-10 16:51 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 16:51 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 16:50 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
- 2004-08-10 16:50 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-06-20 23:57 . 2011-06-20 23:57 223744 c:\windows\Installer\5ce9d.msi
+ 2011-06-20 23:50 . 2011-06-20 23:50 467456 c:\windows\Installer\5ce8d.msi
+ 2011-06-20 23:46 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-06-20 23:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-06-20 23:46 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-06-20 23:50 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
+ 2011-06-20 23:50 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
+ 2011-06-20 23:50 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
+ 2011-06-20 23:50 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
+ 2011-06-20 23:50 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
+ 2008-11-12 21:10 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll
+ 2004-08-10 16:51 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:34 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
- 2007-08-13 22:34 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-10 16:51 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll
+ 2008-06-13 22:37 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2008-06-13 22:37 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
+ 2011-06-20 23:50 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
+ 2008-06-13 22:35 . 2011-06-20 23:58 47716296 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll
+ 2008-06-13 22:37 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-06-20 23:52 . 2011-06-20 23:52 20333056 c:\windows\Installer\5ce97.msp
+ 2011-06-20 23:50 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-04-08 3233752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-22 169984]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\qttask.exe" [2010-11-29 421888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-25 68592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2011 8:02 PM 64512]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/13/2009 3:16 AM 218592]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/13/2009 3:16 AM 233136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/25/2011 2:00 AM 2151128]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/31/2011 11:07 PM 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/31/2011 11:07 PM 59664]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 6:24 PM 135664]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/18/2010 8:11 PM 632792]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/26/2007 10:02 AM 24652]
S2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [6/12/2008 6:38 PM 53307]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 6:24 PM 135664]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/13/2009 3:16 AM 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/2/2008 7:27 PM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/31/2011 11:07 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 06:00]
.
2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 22:24]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 22:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070822
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-06-20 23:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\WININET.dll
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-06-20 23:40:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-21 03:40
ComboFix2.txt 2011-06-16 03:45
ComboFix3.txt 2010-02-19 04:29
ComboFix4.txt 2010-01-09 04:52
ComboFix5.txt 2011-06-21 02:27
.
Pre-Run: 62,341,877,760 bytes free
Post-Run: 62,334,009,344 bytes free
.
- - End Of File - - A9116711D0C23CB8A6E84539BAD3500B

Share this post


Link to post
Share on other sites
Do you still have redirects?
If yes, continue with step 1 and 2.

1.
Save the program on the desktop:
[url="http://download.avgfree.com/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.exe"]http://download.avgfree.com/filedir/util/a...rut/rmvirut.exe[/url]
Run the program and save its log:
File - Save log
Post the log here.

2.
Save TDSSKiller on the Desktop:
[url="http://support.kaspersky.com/downloads/utils/tdsskiller.zip"]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url]

Right-click and select [b]Extract all[/b]. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on [b]Start Scan[/b].

If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

Share this post


Link to post
Share on other sites
2011/06/21 20:36:20.0125 3648 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/21 20:36:20.0531 3648 ================================================================================
2011/06/21 20:36:20.0531 3648 SystemInfo:
2011/06/21 20:36:20.0531 3648
2011/06/21 20:36:20.0531 3648 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/21 20:36:20.0531 3648 Product type: Workstation
2011/06/21 20:36:20.0531 3648 ComputerName: D83CRHD1
2011/06/21 20:36:20.0531 3648 UserName: Sean Pierce
2011/06/21 20:36:20.0531 3648 Windows directory: C:\WINDOWS
2011/06/21 20:36:20.0531 3648 System windows directory: C:\WINDOWS
2011/06/21 20:36:20.0531 3648 Processor architecture: Intel x86
2011/06/21 20:36:20.0531 3648 Number of processors: 2
2011/06/21 20:36:20.0531 3648 Page size: 0x1000
2011/06/21 20:36:20.0531 3648 Boot type: Normal boot
2011/06/21 20:36:20.0531 3648 ================================================================================
2011/06/21 20:36:20.0859 3648 Initialize success
2011/06/21 20:36:24.0421 3260 ================================================================================
2011/06/21 20:36:24.0421 3260 Scan started
2011/06/21 20:36:24.0421 3260 Mode: Manual;
2011/06/21 20:36:24.0421 3260 ================================================================================
2011/06/21 20:36:29.0406 3260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/21 20:36:29.0484 3260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/21 20:36:29.0531 3260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/21 20:36:29.0609 3260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/21 20:36:29.0734 3260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/21 20:36:29.0781 3260 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/21 20:36:29.0859 3260 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/21 20:36:29.0953 3260 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/21 20:36:30.0000 3260 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/21 20:36:30.0046 3260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/21 20:36:30.0062 3260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/21 20:36:30.0109 3260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/21 20:36:30.0140 3260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/21 20:36:30.0203 3260 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/21 20:36:30.0265 3260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/21 20:36:30.0328 3260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/21 20:36:30.0390 3260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/21 20:36:30.0453 3260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/21 20:36:30.0453 3260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/21 20:36:30.0531 3260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/21 20:36:30.0546 3260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/21 20:36:30.0609 3260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/21 20:36:30.0718 3260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/21 20:36:30.0765 3260 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
2011/06/21 20:36:30.0812 3260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/21 20:36:30.0890 3260 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/06/21 20:36:30.0953 3260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/21 20:36:30.0968 3260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/21 20:36:31.0000 3260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/21 20:36:31.0062 3260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/21 20:36:31.0093 3260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/21 20:36:31.0156 3260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/21 20:36:31.0218 3260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/21 20:36:31.0250 3260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/21 20:36:31.0312 3260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/21 20:36:31.0375 3260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/21 20:36:31.0468 3260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/21 20:36:31.0531 3260 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/06/21 20:36:31.0546 3260 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/21 20:36:31.0578 3260 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/21 20:36:31.0593 3260 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/06/21 20:36:31.0609 3260 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/21 20:36:31.0625 3260 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/21 20:36:31.0640 3260 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/21 20:36:31.0687 3260 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/06/21 20:36:31.0765 3260 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/21 20:36:31.0796 3260 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/21 20:36:31.0859 3260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/21 20:36:31.0921 3260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/21 20:36:31.0937 3260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/21 20:36:31.0984 3260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/21 20:36:32.0015 3260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/21 20:36:32.0062 3260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/21 20:36:32.0109 3260 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/21 20:36:32.0203 3260 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/21 20:36:32.0296 3260 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/06/21 20:36:32.0328 3260 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/06/21 20:36:32.0375 3260 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/21 20:36:32.0421 3260 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/06/21 20:36:32.0500 3260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/21 20:36:32.0546 3260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/21 20:36:32.0609 3260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/21 20:36:32.0687 3260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/21 20:36:32.0828 3260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/21 20:36:32.0859 3260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/21 20:36:32.0921 3260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/21 20:36:32.0968 3260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/21 20:36:33.0000 3260 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/06/21 20:36:33.0125 3260 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/21 20:36:33.0187 3260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/21 20:36:33.0234 3260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/21 20:36:33.0296 3260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/21 20:36:33.0375 3260 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/21 20:36:33.0421 3260 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/21 20:36:33.0500 3260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/21 20:36:33.0562 3260 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/21 20:36:33.0593 3260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/21 20:36:33.0625 3260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/21 20:36:33.0687 3260 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/21 20:36:33.0750 3260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/21 20:36:33.0812 3260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/21 20:36:33.0875 3260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/21 20:36:33.0921 3260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/21 20:36:33.0968 3260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/21 20:36:34.0031 3260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/21 20:36:34.0093 3260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/21 20:36:34.0140 3260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/21 20:36:34.0187 3260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/21 20:36:34.0250 3260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/21 20:36:34.0312 3260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/21 20:36:34.0390 3260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/21 20:36:34.0468 3260 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/06/21 20:36:34.0531 3260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/21 20:36:34.0578 3260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/21 20:36:34.0640 3260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/21 20:36:34.0703 3260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/21 20:36:34.0765 3260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/21 20:36:34.0796 3260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/21 20:36:34.0859 3260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/21 20:36:34.0968 3260 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/21 20:36:35.0000 3260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/21 20:36:35.0046 3260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/21 20:36:35.0109 3260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/21 20:36:35.0171 3260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/21 20:36:35.0218 3260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/21 20:36:35.0265 3260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/21 20:36:35.0343 3260 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/06/21 20:36:35.0406 3260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/21 20:36:35.0453 3260 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/21 20:36:35.0468 3260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/21 20:36:35.0515 3260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/21 20:36:35.0593 3260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/21 20:36:35.0640 3260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/21 20:36:35.0750 3260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/21 20:36:35.0828 3260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/21 20:36:35.0890 3260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/21 20:36:35.0968 3260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/21 20:36:36.0203 3260 nv (b702be0aa72ea2e1d644baef9123a4ce) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/21 20:36:36.0406 3260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/21 20:36:36.0437 3260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/21 20:36:36.0500 3260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/21 20:36:36.0546 3260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/21 20:36:36.0609 3260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/21 20:36:36.0718 3260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/21 20:36:36.0906 3260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/21 20:36:36.0968 3260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/21 20:36:37.0031 3260 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/06/21 20:36:37.0140 3260 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/06/21 20:36:37.0250 3260 pctplsg (30c931fcb8df713bcd2fb7ce763a0b47) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/06/21 20:36:37.0375 3260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/21 20:36:37.0453 3260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/21 20:36:37.0531 3260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/21 20:36:37.0546 3260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/21 20:36:37.0562 3260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/21 20:36:37.0609 3260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/21 20:36:37.0656 3260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/21 20:36:37.0687 3260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/21 20:36:37.0718 3260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/21 20:36:37.0718 3260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/21 20:36:37.0750 3260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/21 20:36:37.0781 3260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/21 20:36:37.0828 3260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/21 20:36:37.0843 3260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/21 20:36:37.0859 3260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/21 20:36:37.0937 3260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/21 20:36:37.0968 3260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/21 20:36:38.0031 3260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/21 20:36:38.0046 3260 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/21 20:36:38.0140 3260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/21 20:36:38.0234 3260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/21 20:36:38.0296 3260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/21 20:36:38.0390 3260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/21 20:36:38.0468 3260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/21 20:36:38.0531 3260 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/21 20:36:38.0562 3260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/21 20:36:38.0625 3260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/21 20:36:38.0734 3260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/21 20:36:38.0796 3260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/21 20:36:38.0890 3260 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/21 20:36:38.0953 3260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/21 20:36:38.0984 3260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/21 20:36:39.0015 3260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/21 20:36:39.0046 3260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/21 20:36:39.0093 3260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/21 20:36:39.0171 3260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/21 20:36:39.0234 3260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/21 20:36:39.0312 3260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/21 20:36:39.0390 3260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/21 20:36:39.0421 3260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/21 20:36:39.0484 3260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/21 20:36:39.0515 3260 TfFsMon (d2a1cd31200a6c9d3dfad022503e4836) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/06/21 20:36:39.0578 3260 TfNetMon (3e3a544d10b0ac1c4c133048f84390ac) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/06/21 20:36:39.0640 3260 TfSysMon (706be7328a35c39dbe449e10c1ac6a38) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/06/21 20:36:39.0718 3260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/21 20:36:39.0781 3260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/21 20:36:39.0812 3260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/21 20:36:39.0859 3260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/21 20:36:39.0906 3260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/21 20:36:39.0937 3260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/21 20:36:39.0984 3260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/21 20:36:40.0046 3260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/21 20:36:40.0046 3260 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/06/21 20:36:40.0062 3260 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/06/21 20:36:40.0125 3260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/21 20:36:40.0187 3260 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/21 20:36:40.0234 3260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/21 20:36:40.0312 3260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/21 20:36:40.0359 3260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/21 20:36:40.0437 3260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/21 20:36:40.0546 3260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/21 20:36:40.0578 3260 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0
2011/06/21 20:36:40.0578 3260 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/21 20:36:40.0593 3260 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
2011/06/21 20:36:40.0593 3260 ================================================================================
2011/06/21 20:36:40.0593 3260 Scan finished
2011/06/21 20:36:40.0593 3260 ================================================================================
2011/06/21 20:36:40.0609 1308 Detected object count: 1
2011/06/21 20:36:40.0609 1308 Actual detected object count: 1
2011/06/21 20:37:07.0609 1308 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/21 20:37:07.0609 1308 \Device\Harddisk0\DR0 - ok
2011/06/21 20:37:07.0609 1308 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/21 20:37:13.0921 0728 Deinitialize success

Share this post


Link to post
Share on other sites
No sign of virut, that is good.

TDSSKiller cured a file :)
Please, run ComboFix according to the instructions (remember to turn off antivirus and similar programs first) and post the log. Check how it is with redirections and other problems now.

Share this post


Link to post
Share on other sites
ComboFix 11-06-19.0r1 - Sean Pierce 06/27/2011 22:03:43.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1458 [GMT -4:00]
Running from: c:\documents and settings\Sean Pierce\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-21 00:47 . 2011-06-21 00:47 -------- d-----w- c:\documents and settings\Sean Pierce\Application Data\Registry Mechanic
2011-06-20 23:49 . 2011-06-21 00:49 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-15 03:39 . 2011-06-15 03:46 -------- d-----w- c:\documents and settings\Sean Pierce\Local Settings\Application Data\Audible
2011-06-15 03:36 . 2001-08-18 02:43 24576 ------w- c:\windows\system32\msxml3a.dll
2011-06-13 04:05 . 2011-06-13 00:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-13 00:07 . 2011-06-13 00:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-13 00:02 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-13 00:02 . 2011-06-13 00:02 -------- d-----w- c:\program files\Lavasoft
2011-06-11 04:45 . 2011-06-11 04:46 10080256 ----a-w- C:\Ad-Aware90Install(1).msi
2011-06-10 21:00 . 2011-06-10 21:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\FileOpen
2011-06-10 21:00 . 2011-06-10 21:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-06-09 23:37 . 2011-06-09 23:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-31 01:45 . 2011-05-31 01:45 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-31 01:45 . 2011-05-31 01:45 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-31 01:45 . 2011-05-31 01:45 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-31 01:45 . 2011-05-31 01:45 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-31 01:45 . 2011-05-31 01:45 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-31 01:45 . 2011-05-31 01:45 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-31 01:45 . 2011-05-31 01:45 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-31 01:45 . 2011-05-31 01:45 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 02:49 . 2004-08-10 16:51 26112 ----a-w- c:\windows\system32\userinit.exe
2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-31 01:45 . 2011-05-31 01:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-04-08 3233752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-22 169984]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\qttask.exe" [2010-11-29 421888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-25 68592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2011 8:02 PM 64512]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/13/2009 3:16 AM 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/31/2011 11:07 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/31/2011 11:07 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/13/2009 3:16 AM 233136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/18/2010 8:11 PM 632792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/26/2007 10:02 AM 24652]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [6/12/2008 6:38 PM 53307]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 6:24 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/25/2011 2:00 AM 2151128]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 6:24 PM 135664]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/13/2009 3:16 AM 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/2/2008 7:27 PM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/31/2011 11:07 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 06:00]
.
2011-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 22:24]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 22:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070822
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-06-27 22:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(620)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(4436)
c:\windows\system32\WININET.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-06-27 22:08:58
ComboFix-quarantined-files.txt 2011-06-28 02:08
ComboFix2.txt 2011-06-21 03:40
ComboFix3.txt 2011-06-16 03:45
ComboFix4.txt 2010-02-19 04:29
ComboFix5.txt 2011-06-28 02:01
.
Pre-Run: 59,924,713,472 bytes free
Post-Run: 60,316,848,128 bytes free
.
- - End Of File - - AB6550F950A56F669CCFAC76FB129090

Share this post


Link to post
Share on other sites
ComboFix ran with reduced functionality probably because "Spyware Doctor with AntiVirus" was running. Is it possible for you to turn off "Spyware Doctor with AntiVirus" before running ComboFix?

Is "Spyware Doctor with AntiVirus" the latest version? I noticed that some of its files are pretty old. In each new version the manufacturer adds features that help the program combat the latest threats.

Please, run OTL and post its log, too.

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this