picghaw

Java Stuff is Done. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:27:55 AM, on 6/10/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\nvsvc32.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\soulsis\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\SOULSIS\\APPLICATION DATA\\Mozilla\\Profiles\\default\\34yscgug.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\soulsis\\Desktop"); user_pref("browser.history.grouping", "none"); user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); user_pref("browser.startup.homepage_override.mston N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\SOULSIS\\APPLICATION DATA\\Mozilla\\Profiles\\default\\34yscgug.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\soulsis\\Desktop"); user_pref("browser.history.grouping", "none"); user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); user_pref("browser.startup.homepage_override.mston O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Supreme Office Suite 3.0.lnk = C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://ehelp.nelnet.net/netagent/objects/custappx3.CAB O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} - http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129601807465 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 12790 bytes

FYI ........... mew virus program is Norton, McAfee was uninstalled before I ran ComboFix. ###################### LOGS ###################### ComboFix 10-06-06.03 - soulsis 06/07/2010 1:34.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.397 [GMT -5:00] Running from: c:\documents and settings\soulsis\Desktop\Combo-Fix.exe AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Vb40032.dll . ((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 ))))))))))))))))))))))))))))))) . 2010-06-07 03:47 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-06-07 03:47 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-06-07 03:47 . 2010-06-07 03:47 -------- d-----w- c:\windows\LastGood 2010-06-07 03:47 . 2010-06-07 03:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-06-07 03:47 . 2010-06-07 03:47 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-06-07 03:46 . 2010-06-07 05:51 -------- d-----w- c:\windows\system32\drivers\N360 2010-06-07 03:45 . 2010-06-07 03:46 -------- d-----w- c:\program files\Norton Security Suite 2010-06-07 03:45 . 2010-06-07 03:45 -------- d-----w- c:\program files\Windows Sidebar 2010-06-07 03:33 . 2010-06-07 03:33 -------- d-----w- c:\program files\NortonInstaller 2010-06-07 03:33 . 2010-06-07 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-06-07 03:30 . 2010-06-07 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-06-07 02:58 . 2010-06-07 02:57 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-29 07:44 . 2010-05-29 07:44 -------- d-----w- c:\documents and settings\soulsis\DoctorWeb 2010-05-28 04:31 . 2010-05-28 04:31 -------- d-sh--w- c:\documents and settings\soulsis\PrivacIE 2010-05-28 04:04 . 2010-05-28 04:04 -------- d-sh--w- c:\documents and settings\soulsis\IETldCache 2010-05-26 13:35 . 2010-05-26 13:35 -------- d-----w- c:\documents and settings\Limited\Application Data\Kodak 2010-05-24 07:48 . 2010-05-24 07:48 -------- d-sh--w- c:\documents and settings\Limited\PrivacIE 2010-05-23 19:55 . 2010-05-23 19:55 -------- d-sh--w- c:\documents and settings\Limited\IETldCache 2010-05-23 19:42 . 2010-05-23 19:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-05-23 12:24 . 2010-05-24 03:03 -------- d-----w- c:\windows\ie8updates 2010-05-23 12:17 . 2010-05-23 12:21 -------- dc-h--w- c:\windows\ie8 2010-05-23 12:14 . 2010-02-25 06:24 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-05-23 12:14 . 2010-02-25 06:24 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-05-23 12:14 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-23 12:14 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-05-23 12:14 . 2010-02-25 06:24 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-05-23 12:14 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll 2010-05-22 13:22 . 2010-05-29 20:22 664 ----a-w- c:\windows\system32\d3d9caps.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-07 03:53 . 2003-08-30 02:00 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-06-07 03:47 . 2003-08-30 01:59 -------- d-----w- c:\program files\Symantec 2010-06-07 03:47 . 2010-06-07 03:47 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-06-07 03:47 . 2010-06-07 03:47 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-06-07 03:25 . 2008-06-08 18:20 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-07 02:57 . 2007-10-03 06:08 -------- d-----w- c:\program files\Java 2010-06-07 01:57 . 2010-04-22 03:37 439816 ----a-w- c:\documents and settings\soulsis\Application Data\Real\Update\setup3.10\setup.exe 2010-05-30 23:03 . 2010-05-23 02:03 664 ----a-w- c:\documents and settings\Limited\Local Settings\Application Data\d3d9caps.tmp 2010-05-23 02:03 . 2010-05-23 02:03 503808 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20b80f55-n\msvcp71.dll 2010-05-23 02:03 . 2010-05-23 02:03 499712 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20b80f55-n\jmc.dll 2010-05-23 02:03 . 2010-05-23 02:03 348160 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20b80f55-n\msvcr71.dll 2010-05-23 02:03 . 2010-05-23 02:03 61440 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba4bca1-n\decora-sse.dll 2010-05-23 02:03 . 2010-05-23 02:03 12800 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba4bca1-n\decora-d3d.dll 2010-05-22 21:37 . 2006-01-03 22:20 105800 -c--a-w- c:\documents and settings\Limited\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-22 15:48 . 2008-07-05 06:36 -------- d-----w- c:\documents and settings\soulsis\Application Data\gtk-2.0 2010-05-22 10:45 . 2007-01-30 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-22 10:29 . 2010-05-22 10:29 348160 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-29fa67f4-n\msvcr71.dll 2010-05-22 10:29 . 2010-05-22 10:29 61440 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-107985a4-n\decora-sse.dll 2010-05-22 10:29 . 2010-05-22 10:29 503808 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-29fa67f4-n\msvcp71.dll 2010-05-22 10:29 . 2010-05-22 10:29 499712 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-29fa67f4-n\jmc.dll 2010-05-22 10:29 . 2010-05-22 10:29 12800 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-107985a4-n\decora-d3d.dll 2010-05-20 16:14 . 2009-10-14 14:39 0 -c--a-w- c:\windows\brdfxspd.dat 2010-05-17 13:03 . 2010-03-13 20:03 664 ----a-w- c:\documents and settings\Limited\Local Settings\Application Data\d3d9caps.dat 2010-05-12 16:21 . 2009-10-03 04:17 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-03-12 08:18 . 2010-03-12 08:18 348160 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d0e6296-n\msvcr71.dll 2010-03-12 08:18 . 2010-03-12 08:18 503808 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d0e6296-n\msvcp71.dll 2010-03-12 08:18 . 2010-03-12 08:18 61440 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59d4f46c-n\decora-sse.dll 2010-03-12 08:18 . 2010-03-12 08:18 499712 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d0e6296-n\jmc.dll 2010-03-12 08:18 . 2010-03-12 08:18 12800 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59d4f46c-n\decora-d3d.dll 2010-03-12 07:10 . 2010-03-12 07:10 61440 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-67842eb8-n\decora-sse.dll 2010-03-12 07:10 . 2010-03-12 07:10 503808 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b9961f5-n\msvcp71.dll 2010-03-12 07:10 . 2010-03-12 07:10 499712 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b9961f5-n\jmc.dll 2010-03-12 07:10 . 2010-03-12 07:10 348160 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b9961f5-n\msvcr71.dll 2010-03-12 07:10 . 2010-03-12 07:10 12800 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-67842eb8-n\decora-d3d.dll 2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2003-11-28 05:33 . 2003-11-28 05:33 267472 -c--a-w- c:\program files\NSSetup.exe 2003-08-23 04:28 . 2003-08-23 04:28 5327648 -c--a-w- c:\program files\WindowsXP-KB821557-x86-ENU.exe 2003-08-13 18:25 . 2003-08-13 18:25 1291040 ----a-w- c:\program files\WindowsXP-KB823980-x86-ENU.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672] "nwiz"="nwiz.exe" [2003-10-06 741376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-12-11 98304] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-06 180269] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-05-20 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] c:\documents and settings\soulsis\Start Menu\Programs\Startup\ Supreme Office Suite 3.0.lnk - c:\program files\Supreme Office Suite3.0\program\quickstart.exe [2002-7-4 24576] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Album Fast Start.lnk - c:\program files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE [2005-12-1 36864] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-13 45056] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"= "c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"= R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [8/5/2009 10:42 PM 64160] R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys [6/7/2010 12:51 AM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys [6/7/2010 12:51 AM 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [6/6/2010 11:50 PM 537136] R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys [6/7/2010 12:51 AM 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys [6/7/2010 12:51 AM 116784] R2 kqemu;kqemu driver;c:\windows\SYSTEM32\DRIVERS\kqemu.sys [2/6/2007 4:02 PM 123939] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/7/2010 12:51 AM 126392] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [5/28/2010 2:33 PM 331640] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2010 3:32 PM 135664] --- Other Services/Drivers In Memory --- *NewlyCreated* - BHDRVX86 *NewlyCreated* - CCHP *NewlyCreated* - EECTRL *NewlyCreated* - ERASERUTILDRV11010 *NewlyCreated* - IDSXPX86 *NewlyCreated* - N360 *NewlyCreated* - NAVENG *NewlyCreated* - NAVEX15 *NewlyCreated* - SRTSP *NewlyCreated* - SRTSPX *NewlyCreated* - SYMDS *NewlyCreated* - SYMEFA *NewlyCreated* - SYMEVENT *NewlyCreated* - SYMIRON *Deregistered* - EraserUtilDrv11010 . Contents of the 'Scheduled Tasks' folder 2010-06-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 04:41] 2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 20:32] 2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 20:32] 2010-06-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2010-06-07 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 03:18] . . ------- Supplementary Scan ------- . mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\soulsis\Application Data\Mozilla\Firefox\Profiles\vu693bl9.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - HKCU-RunOnce-DelayShred - c:\program files\mcafee.com\shredder\SHRED32.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 01:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1" . Completion time: 2010-06-07 01:53:46 ComboFix-quarantined-files.txt 2010-06-07 06:53 ComboFix2.txt 2010-03-20 16:58 Pre-Run: 23,667,814,400 bytes free Post-Run: 23,633,829,888 bytes free - - End Of File - - DB91EA36D5408F724F48A9F88725CAF8 ###################### END OF LOGS ######################

Step 1 : Done. I re-check the scan logs and those 6 deleted items were gone. Step 2 : Done. Step 3 : I'm unable to access my McAfee to turn it off at the moment as my subscription via Comcast has expired. Apparently Norton is the new Anti-virus that I will be using now ..... which sort-of made Step 2 unnecessary, but oh well I'll work on that either later tonight or tomorrow night.

Hey, I've been on vacation since Thursday morning and I just got back......forgot to post that on b4 I left. I'll try to work on this tonight b4 I got to bed.

Yes, I just did a restart of the computer and the DLL pop-up is gone now. as a FYI .... When I run this on the non-admin account I get this pop-up (see after logs), just thought I mention it. I don't think its an issue. ######################## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:17:30 AM, on 6/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Limited\Desktop\HiJackThis.exe C:\WINDOWS\SYSTEM32\mspaint.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518040942.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://ehelp.nelnet.net/netagent/objects/custappx3.CAB O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129601807465 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 12481 bytes ############################

## LOGS ########## All processes killed ========== PROCESSES ========== No active process named heguhidew was found! ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\heguhidew deleted successfully. File c:\DOCUME~1\ALLUSE~1\APPLIC~1\sajuyaya\sajuyaya.DLL not found. ========== FILES ========== File\Folder C:\Documents and Settings\All Users\Application Data\sajuyaya\sajuyaya.DLL not found. File\Folder C:\Documents and Settings\All Users\Application Data\sajuyaya not found. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. C:\RECYCLER\S-1-5-21-1143873491-3534893803-2643926262-1009 folder moved successfully. Folder move failed. C:\RECYCLER\S-1-5-21-1143873491-3534893803-2643926262-1005 scheduled to be moved on reboot. Folder move failed. C:\RECYCLER scheduled to be moved on reboot. File\Folder D:\recycler not found. File\Folder e:\recycler not found. File\Folder f:\recycler not found. File\Folder g:\recycler not found. File\Folder h:\recycler not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\heguhidew not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Limited ->Temp folder emptied: 14291339 bytes Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. ->Temporary Internet Files folder emptied: 213788 bytes ->Java cache emptied: 1523987 bytes ->FireFox cache emptied: 89182583 bytes ->Flash cache emptied: 66085 bytes User: LocalService User: NetworkService User: soulsis %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Windows Temp folder emptied: 432160 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 101.00 mb OTL by OldTimer - Version 3.2.5.0 log created on 05302010_213823

I do want to first say that I appreciate your help, Thank you very much. This is my desktop but I have a sibling living with me that uses it more than I do as I have an old laptop that I use ...... during the little time that I spend on a computer due to my work schedule. I believe I gave you feedback in a timely manner that my schedule could allow except for the last post and I just explained that in the previous post ..... I believed everything was fine until I noticed otherwise last week or so. Again, I don't mean to frustrate you so I can attempt to at least drop in and let you know when I'll be available. Here are the logs for OTL and Hijack on the non-admin account. I will be unavailable for most of the today until about 8 pm, so I will address anything else you ask of me then. I have the same schedule tomorrow. ################## OTL #################### OTL logfile created on: 5/30/2010 2:09:32 PM - Run 3 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\All Users\Documents Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 50.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 22.24 Gb Free Space | 39.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SOULSISTAH Current User Name: Limited NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 360 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.com PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2010/02/18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2007/08/22 09:45:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/03/23 13:14:52 | 000,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2007/03/06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe PRC - [2007/03/02 16:56:52 | 000,077,824 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2005/02/05 22:40:35 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe PRC - [2002/04/10 16:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe ========== Modules (SafeList) ========== MOD - [2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.com MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004/08/04 01:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "http://localhost" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/22 10:28:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/22 05:41:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2006/08/15 21:18:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/05/22 05:41:53 | 000,000,000 | ---D | M] [2009/04/01 02:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\Mozilla\Extensions [2010/05/27 17:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\Mozilla\Firefox\Profiles\lwjwc26y.default\extensions [2009/09/02 09:05:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Limited\Application Data\Mozilla\Firefox\Profiles\lwjwc26y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/29 12:37:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll O1 HOSTS File: ([2010/05/04 14:31:04 | 000,607,013 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 ads.active.com O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 127.0.0.1 cms.ad2click.nl O1 - Hosts: 127.0.0.1 ads.ad2games.com O1 - Hosts: 127.0.0.1 content.ad20.net O1 - Hosts: 16040 more lines... O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518040942.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio) O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering) O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [heguhidew] c:\DOCUME~1\ALLUSE~1\APPLIC~1\sajuyaya\sajuyaya.DLL File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE (Ulead Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\Limited\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} http://download.mcafee.com/molbin/Shared/MGBrwFld.cab (BrowseFolderPopup Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} https://ehelp.nelnet.net/netagent/objects/custappx3.CAB (eAssist NetAgent Customer ActiveX Control version 3) O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen) O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab (McAfee.com Download+Installer Class) O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d.../WebCleaner.cab (Malicious Software Removal Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (McAfee.com Operating System Class) O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust.com/Support/PestScanner/pestscan.cab (PSFormX Control) O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab (McUpdatePortalFactory Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109 (WUWebControl Class) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1129601807465 (MUWebControl Class) O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab (ZoneAxRcMgr Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab (MSN Games - Installer) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://www.windowsecurity.com/trojanscan/axscan.cab (ASquaredScanForm Element) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (DwnldGroupMgr Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab (McFreeScan Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Limited\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Limited\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{52664c08-1db1-11dc-afd0-0007e9d3ac51}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 360 Days ========== [2010/05/30 13:54:10 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.com [2010/05/26 08:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Application Data\Kodak [2010/05/24 02:48:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Limited\PrivacIE [2010/05/23 14:55:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Limited\IETldCache [2010/05/23 07:24:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/05/23 07:20:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010/05/23 07:17:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/04/18 06:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Local Settings\Application Data\Apple Computer [2010/04/18 06:11:42 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\All Users\Documents\iTunesSetup.exe [2010/04/14 02:48:37 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys [2010/04/14 02:48:16 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys [2010/04/14 02:48:16 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys [2010/04/14 02:48:16 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys [2010/04/14 02:48:16 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/04/14 02:48:16 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys [2010/04/14 02:48:16 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys [2010/03/29 12:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Desktop\Unused Desktop Shortcuts [2010/03/22 07:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro [2010/03/20 13:07:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/03/20 11:39:07 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/03/20 11:37:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/03/20 11:37:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/03/20 11:37:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/03/20 11:37:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/03/20 11:37:21 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/03/20 11:14:13 | 000,000,000 | ---D | C] -- C:\_OTL [2010/03/20 10:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\My Documents\Downloads [2010/03/19 14:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2010/03/19 12:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/03/19 09:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW [2010/03/19 09:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR [2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK [2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA [2010/03/12 02:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/03/12 02:10:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/03/12 02:10:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/03/12 02:10:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/03/12 02:10:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/03/09 01:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real [2010/03/07 16:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/03/07 16:14:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/02/26 06:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Local Settings\Application Data\Temp [2010/01/28 16:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2010/01/28 15:59:04 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Documents and Settings\All Users\Documents\iview425_setup.exe [2009/12/23 16:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\My Documents\My PaperPort Documents [2009/12/23 16:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Application Data\ScanSoft [2009/12/20 04:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\.gnome2_private [2009/12/20 04:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\.gnome2 [2009/12/12 16:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Application Data\PC-FAX TX [2009/10/23 12:37:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limited\Application Data\Brother [2009/10/15 22:23:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU [2009/10/15 22:14:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU [2009/10/15 22:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2009/10/14 19:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Local Settings\Application Data\Scansoft [2009/10/14 10:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion [2009/10/14 10:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion [2009/10/14 09:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx [2009/10/14 09:39:41 | 000,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll [2009/10/14 09:39:23 | 000,094,208 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll [2009/10/14 09:39:23 | 000,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll [2009/10/14 09:39:23 | 000,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll [2009/10/14 09:39:20 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll [2009/10/14 09:39:09 | 000,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\WINDOWS\System32\Brnsplg.dll [2009/10/14 09:39:09 | 000,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\BrWiaNCp.dll [2009/10/14 09:39:08 | 000,061,952 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrNetSti.dll [2009/10/14 09:39:07 | 001,520,640 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07a.dll [2009/10/14 09:39:03 | 000,000,000 | ---D | C] -- C:\Brother [2009/10/14 09:39:01 | 000,126,976 | ---- | C] (Brother Industries,LTD) -- C:\WINDOWS\System32\BrfxD05a.dll [2009/10/14 09:39:00 | 000,163,840 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll [2009/10/14 09:39:00 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll [2009/10/14 09:39:00 | 000,061,440 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll [2009/10/14 09:38:59 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll [2009/10/14 09:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2009/10/14 09:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2009/10/14 09:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2009/10/14 09:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2009/10/14 09:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/10/14 09:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft [2009/10/14 09:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother [2009/10/02 23:17:14 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2009/09/25 10:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Local Settings\Application Data\Adobe [2009/09/25 09:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009/08/30 03:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\BodyMedia [2009/08/30 03:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2009/08/17 23:33:52 | 001,193,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FM20.DLL [2009/08/08 22:17:48 | 000,000,000 | ---D | C] -- C:\38b81e8a2079401ded [2009/08/08 21:24:33 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Limited\Desktop\ATF-Cleaner.exe [2009/08/08 20:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Application Data\Malwarebytes [2009/08/08 15:32:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/08/08 15:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/08/08 15:32:45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/08/08 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/08/08 14:46:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/08/06 13:15:39 | 000,000,000 | ---D | C] -- C:\$AVG8.VAULT$ [2009/08/05 23:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2009/08/05 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2009/08/05 23:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2009/08/05 22:42:11 | 000,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/08/05 22:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2009/08/05 22:20:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} [2009/08/04 09:07:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2009/08/03 15:07:42 | 000,322,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OGAAddin.dll [2009/07/15 11:13:00 | 000,202,048 | ---- | C] (FTDI Ltd) -- C:\WINDOWS\System32\ftd2xx.dll [2009/07/15 11:13:00 | 000,111,936 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftbusui.dll [2009/07/15 11:13:00 | 000,107,840 | ---- | C] (FTDI) -- C:\WINDOWS\System32\FTLang.dll [2009/07/15 11:13:00 | 000,071,488 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys [2009/07/15 11:13:00 | 000,053,184 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys [2009/07/15 11:13:00 | 000,047,432 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftserui2.dll [2009/07/15 11:10:30 | 001,721,024 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmusbgowear4.dll [2009/07/15 11:10:30 | 000,123,584 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmserialgowear25.dll [2009/07/15 11:10:30 | 000,119,488 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmserialgowear24.dll [2009/07/15 11:10:30 | 000,094,912 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmupgradegowear25.dll [2009/07/15 11:10:30 | 000,094,912 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmupgradegowear24.dll [2009/07/15 11:10:30 | 000,094,912 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmfirmwaregowear4.dll [2009/07/15 11:10:30 | 000,078,528 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmcommgowear4.dll [2009/07/10 17:15:22 | 000,086,720 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmversiongowear.dll [2009/07/05 14:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LeighPeele [2003/02/13 16:43:21 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [1 C:\Documents and Settings\Limited\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Limited\Local Settings\Application Data\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2010/05/30 14:10:07 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Limited\NTUSER.DAT [2010/05/30 13:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/05/30 12:16:19 | 000,134,630 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\screenshot_library.JPG [2010/05/30 09:58:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Limited\NTUSER.INI [2010/05/30 09:52:55 | 000,015,849 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pop-up_1.JPG [2010/05/30 01:55:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/05/29 20:48:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/05/29 15:22:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/29 12:33:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010/05/29 12:33:11 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/05/29 10:14:25 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2010/05/29 10:14:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/29 10:14:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/05/29 10:14:02 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys [2010/05/26 22:41:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/05/23 22:03:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/22 16:37:10 | 000,105,800 | ---- | M] () -- C:\Documents and Settings\Limited\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.com [2010/05/22 09:10:36 | 000,403,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/05/22 05:35:46 | 000,000,531 | ---- | M] () -- C:\WINDOWS\WIN.INI [2010/05/21 16:35:41 | 000,000,944 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini [2010/05/20 11:14:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brdfxspd.dat [2010/05/19 17:56:56 | 000,018,485 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\click.php [2010/05/17 08:03:33 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Limited\Local Settings\Application Data\d3d9caps.dat [2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/05/04 14:31:04 | 000,607,013 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS [2010/05/03 12:56:25 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Limited\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys [2010/04/18 06:12:38 | 097,525,032 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Documents\iTunesSetup.exe [2010/03/21 16:03:31 | 001,644,436 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SMR-manual.pdf [2010/03/20 11:53:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/03/20 11:39:23 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI [2010/03/17 15:03:13 | 000,483,160 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2010/03/17 15:03:12 | 000,086,608 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2010/03/17 15:03:09 | 000,580,614 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010/03/12 09:25:35 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010/03/10 08:19:43 | 000,027,797 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pop-up.JPG [2010/03/10 01:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll [2010/03/09 01:43:39 | 000,004,654 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI [2010/03/07 06:00:16 | 000,006,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\sugahono [2010/03/06 03:47:11 | 000,078,137 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rogue_site.JPG [2010/03/05 09:12:02 | 000,195,740 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\QuickStart-TurnUpTheHeat.pdf [2010/02/28 00:44:57 | 000,287,496 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\limited_bookmarks_022710.html [2010/02/28 00:44:33 | 000,190,131 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\bookmarks-2010-02-27.json [2010/02/26 01:12:16 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\danim.dll [2010/02/25 06:01:00 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll [2010/02/25 01:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010/02/25 01:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2010/02/25 01:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2010/02/25 01:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010/02/25 01:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2010/02/25 01:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010/02/25 01:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2010/02/24 04:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2010/02/16 08:19:55 | 002,181,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe [2010/02/16 07:39:04 | 002,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe [2010/02/11 07:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys [2010/02/07 07:56:24 | 000,180,479 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\bookmarks-2010-02-07.json [2010/02/07 07:56:01 | 000,274,405 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\limited_bookmarks_020710.html [2010/01/30 09:47:33 | 000,029,621 | ---- | M] () -- C:\Documents and Settings\Limited\My Documents\IMG_2326.jpg [2010/01/29 09:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm [2010/01/29 09:43:39 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax [2010/01/28 16:17:09 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk [2010/01/28 16:17:08 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk [2010/01/28 15:59:09 | 001,359,360 | ---- | M] (Irfan Skiljan) -- C:\Documents and Settings\All Users\Documents\iview425_setup.exe [2010/01/28 14:20:52 | 001,134,037 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\PSSD600IXUS60CUGba-EN.pdf [2010/01/28 14:20:39 | 002,725,137 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\PSSD600IXUS60CUGad-EN.pdf [2010/01/12 16:34:07 | 000,448,040 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\CouponActivator.exe [2010/01/09 14:21:38 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2010/01/09 14:21:38 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 17:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/23 17:08:54 | 006,497,675 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\UM_MFC_465cn_EN_1269.pdf [2009/12/17 18:14:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/12/17 18:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/12/17 18:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/12/17 18:14:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/12/17 16:02:47 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/12/16 07:58:04 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2009/12/14 02:35:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll [2009/12/12 16:39:39 | 000,000,030 | ---- | M] () -- C:\WINDOWS\iedit.INI [2009/12/12 16:03:35 | 000,000,180 | ---- | M] () -- C:\WINDOWS\brpcfx.ini [2009/12/12 03:46:55 | 169,235,610 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ubuntu-9.10-desktop-i386.iso [2009/12/09 00:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll [2009/11/27 12:33:35 | 001,291,264 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll [2009/11/27 11:37:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll [2009/11/25 23:06:42 | 002,004,262 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2009/10/25 06:11:34 | 000,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe [2009/10/21 01:00:55 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll [2009/10/21 01:00:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll [2009/10/15 23:51:48 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll [2009/10/15 12:21:47 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll [2009/10/14 09:42:06 | 000,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2009/10/14 09:42:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI [2009/10/14 09:41:23 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini [2009/10/14 09:41:22 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf07a.dat [2009/10/13 05:53:29 | 000,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll [2009/10/12 08:54:17 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll [2009/10/12 08:54:17 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll [2009/09/24 11:12:59 | 004,470,187 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\did-you-hear.pdf [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys [2009/09/12 09:26:23 | 000,171,391 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\7day_mealplan.pdf [2009/09/01 01:08:05 | 005,158,982 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\flts.zip [2009/08/30 02:55:44 | 015,984,024 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\jre-6u7-windows-i586-p-s.exe [2009/08/26 03:16:37 | 000,247,326 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmdll.dll [2009/08/17 23:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\FM20.DLL [2009/08/17 04:01:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2009/08/14 07:19:41 | 001,850,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2009/08/08 21:24:52 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Limited\Desktop\ATF-Cleaner.exe [2009/08/08 15:32:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/08 13:37:42 | 000,022,729 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\crap_3.JPG [2009/08/08 13:36:54 | 000,036,833 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\crap_2.JPG [2009/08/06 19:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2009/08/06 19:24:18 | 000,021,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2009/08/06 19:24:12 | 000,015,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui [2009/08/06 19:24:10 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2009/08/06 19:24:10 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll [2009/08/06 19:24:06 | 000,015,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2009/08/06 19:24:04 | 000,096,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll [2009/08/06 19:24:00 | 000,017,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui [2009/08/06 19:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2009/08/06 19:23:46 | 000,274,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2009/08/06 19:23:46 | 000,016,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2009/08/05 04:11:47 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | M] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,322,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\OGAAddin.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | M] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009/08/01 13:46:42 | 000,179,471 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\bookmarks_html_08-01-09.html [2009/08/01 13:45:01 | 000,117,836 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\Bookmarks 2009-08-01.json [2009/07/17 11:27:47 | 001,435,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\query.dll [2009/07/15 11:13:00 | 000,202,048 | ---- | M] (FTDI Ltd) -- C:\WINDOWS\System32\ftd2xx.dll [2009/07/15 11:13:00 | 000,111,936 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\ftbusui.dll [2009/07/15 11:13:00 | 000,107,840 | ---- | M] (FTDI) -- C:\WINDOWS\System32\FTLang.dll [2009/07/15 11:13:00 | 000,071,488 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys [2009/07/15 11:13:00 | 000,053,184 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys [2009/07/15 11:13:00 | 000,047,432 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\ftserui2.dll [2009/07/15 11:10:30 | 001,721,024 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmusbgowear4.dll [2009/07/15 11:10:30 | 000,123,584 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmserialgowear25.dll [2009/07/15 11:10:30 | 000,119,488 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmserialgowear24.dll [2009/07/15 11:10:30 | 000,094,912 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmupgradegowear25.dll [2009/07/15 11:10:30 | 000,094,912 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmupgradegowear24.dll [2009/07/15 11:10:30 | 000,094,912 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmfirmwaregowear4.dll [2009/07/15 11:10:30 | 000,078,528 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmcommgowear4.dll [2009/07/10 17:15:22 | 000,086,720 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmversiongowear.dll [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/06/28 08:38:54 | 000,823,782 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\marine_aqua.bmp [2009/06/27 11:28:55 | 000,005,359 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mom June 09 India Network Health Plan Application Confirmation.htm [2009/06/27 11:28:36 | 000,004,161 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mom's_insform1_htm.htm [2009/06/25 13:36:08 | 000,661,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqqm.dll [2009/06/25 13:36:08 | 000,517,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsnap.dll [2009/06/25 13:36:08 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqutil.dll [2009/06/25 13:36:08 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqoa.dll [2009/06/25 13:36:08 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtrig.dll [2009/06/25 13:36:08 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqrt.dll [2009/06/25 13:36:08 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqad.dll [2009/06/25 13:36:08 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqrtdep.dll [2009/06/25 13:36:08 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsec.dll [2009/06/25 13:36:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqupgrd.dll [2009/06/25 13:36:08 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqdscli.dll [2009/06/25 13:36:08 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqise.dll [2009/06/25 03:44:41 | 000,724,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll [2009/06/22 06:49:23 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqbkup.exe [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys [2009/06/12 06:50:54 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe [2009/06/12 06:50:53 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe [1 C:\Documents and Settings\Limited\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Limited\Local Settings\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/30 12:16:19 | 000,134,630 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\screenshot_library.JPG [2010/05/30 09:52:55 | 000,015,849 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pop-up_1.JPG [2010/05/29 10:14:02 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys [2010/05/22 08:22:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/19 17:56:39 | 000,018,485 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\click.php [2010/04/16 12:23:26 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2010/03/21 16:03:31 | 001,644,436 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SMR-manual.pdf [2010/03/20 11:39:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/03/20 11:39:17 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/03/20 11:37:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/03/20 11:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/03/20 11:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/03/20 11:37:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/03/20 11:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/03/13 15:03:35 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Limited\Local Settings\Application Data\d3d9caps.dat [2010/03/10 08:19:43 | 000,027,797 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pop-up.JPG [2010/03/06 03:47:11 | 000,078,137 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rogue_site.JPG [2010/03/05 09:12:02 | 000,195,740 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\QuickStart-TurnUpTheHeat.pdf [2010/02/28 00:44:57 | 000,287,496 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\limited_bookmarks_022710.html [2010/02/28 00:44:33 | 000,190,131 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\bookmarks-2010-02-27.json [2010/02/23 15:32:57 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/23 15:32:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/07 07:56:23 | 000,180,479 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\bookmarks-2010-02-07.json [2010/02/07 07:56:01 | 000,274,405 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\limited_bookmarks_020710.html [2010/01/30 09:47:33 | 000,029,621 | ---- | C] () -- C:\Documents and Settings\Limited\My Documents\IMG_2326.jpg [2010/01/28 16:16:01 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk [2010/01/28 16:16:00 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk [2010/01/28 14:20:52 | 001,134,037 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\PSSD600IXUS60CUGba-EN.pdf [2010/01/28 14:20:35 | 002,725,137 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\PSSD600IXUS60CUGad-EN.pdf [2010/01/12 16:34:02 | 000,448,040 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\CouponActivator.exe [2010/01/09 14:21:38 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2010/01/09 14:21:38 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2009/12/23 17:08:53 | 006,497,675 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\UM_MFC_465cn_EN_1269.pdf [2009/12/12 02:46:47 | 169,235,610 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ubuntu-9.10-desktop-i386.iso [2009/10/14 09:42:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009/10/14 09:42:06 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/10/14 09:41:22 | 000,000,944 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009/10/14 09:41:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009/10/14 09:41:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2009/10/14 09:39:03 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP [2009/10/14 09:39:03 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2009/10/14 09:39:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/10/14 09:39:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009/10/14 09:28:07 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/09/24 11:12:54 | 004,470,187 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\did-you-hear.pdf [2009/09/12 09:26:22 | 000,171,391 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\7day_mealplan.pdf [2009/09/01 01:06:55 | 005,158,982 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\flts.zip [2009/08/30 02:54:45 | 015,984,024 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\jre-6u7-windows-i586-p-s.exe [2009/08/08 15:32:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/08 13:44:13 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Limited\NTUSER.DAT [2009/08/08 13:37:42 | 000,022,729 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\crap_3.JPG [2009/08/08 13:36:54 | 000,036,833 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\crap_2.JPG [2009/08/05 22:42:25 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009/08/01 13:46:42 | 000,179,471 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\bookmarks_html_08-01-09.html [2009/08/01 13:45:01 | 000,117,836 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\Bookmarks 2009-08-01.json [2009/06/28 08:38:53 | 000,823,782 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\marine_aqua.bmp [2009/06/27 11:28:55 | 000,005,359 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mom June 09 India Network Health Plan Application Confirmation.htm [2009/06/27 11:28:36 | 000,004,161 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mom's_insform1_htm.htm [2008/07/04 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2008/07/04 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2007/09/15 17:00:01 | 000,001,486 | ---- | C] () -- C:\WINDOWS\NETG.INI [2007/08/12 14:28:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/05/13 18:15:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI [2007/02/06 16:02:00 | 000,123,939 | ---- | C] () -- C:\WINDOWS\System32\drivers\kqemu.sys [2006/01/02 16:18:43 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI [2005/12/01 01:48:27 | 000,004,654 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2004/01/27 17:30:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/01/27 17:29:59 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll [2003/06/07 21:51:37 | 000,000,536 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2003/05/28 12:15:07 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ctavp4.dll [2003/03/11 23:54:49 | 000,017,493 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2003/02/13 16:57:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/02/13 16:46:47 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2003/02/13 16:46:45 | 000,000,793 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/02/13 16:43:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2003/02/13 16:43:21 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll [2003/02/13 16:43:21 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini [2003/02/13 16:43:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2003/02/13 16:43:20 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI [2003/02/13 16:43:20 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI [2003/02/13 16:43:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini [2003/02/13 16:42:38 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2003/02/13 16:38:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/02/13 16:17:18 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll [2002/01/21 16:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll ========== LOP Check ========== [2003/02/13 16:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007/05/13 18:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA [2008/11/21 01:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation [2009/08/05 23:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2007/09/30 14:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2004/06/26 01:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm [2005/03/20 03:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2009/10/14 09:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2004/12/11 11:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/01/08 12:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/08/05 22:20:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} [2007/12/06 00:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\InfraRecorder [2007/03/06 06:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\Learn2.com [2009/06/27 11:19:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Limited\Application Data\lowsec [2009/12/12 16:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\PC-FAX TX [2009/12/23 16:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\ScanSoft [2007/01/31 01:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\Viewpoint [2010/05/26 22:41:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/05/30 01:55:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010/05/29 12:33:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== < End of report > ################## OTL END################## ################## HIJACK ################## Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 3:33:39 PM, on 5/30/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\TrendMicro\HiJackThis\BRAVO.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518040942.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [heguhidew] Rundll32.exe "c:\DOCUME~1\ALLUSE~1\APPLIC~1\sajuyaya\sajuyaya.dll",a O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://ehelp.nelnet.net/netagent/objects/custappx3.CAB O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129601807465 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 12279 bytes

It seems so which is why I didn't not respond for weeks....I thought all was well until I noticed that this pop up still shows up. I was unaware because it happens on the non-admin account that I don't use often and the user failed to mention that to me. It seems like there is still an attempt to run the rogue program, so that means that is still listed as a valid program in "startup program" list or something somewhere. How can I remove that? Screen-shot attached.

It seems my topic has been locked .. so here is the latest. Let me know if you want me to start a new post instead. As a side note, I mostly only have times during the weekend to run scans that will take > 2 hours (my computer is 7 years old so its slow). I did run the ESET multiple times during the week but since I only have a 2 hour period between getting back from work and going to bed, I had to stop the scan as I didn't want to leave the computer on overnight with my Anti-virus turned off. ################# ESET LOGS ############## ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=7fa819a03613904aadfa15df3f484b62 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-05-29 06:07:23 # local_time=2010-05-29 01:07:23 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 24651787 24651787 0 0 # compatibility_mode=4864 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777189 100 75 2744827 13298103 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=97384 # found=0 # cleaned=0 # scan_time=8293 ######################################################### DrWeb Cure-It : I get an error while the Express Scan is ongoing. I get an "858m9XP.exe" encountered a problem, so DrWeb gets terminated. I have a screen-shot.

I only have Firefox ... even though technically I have IE on my computer, its the old 6 version. I retired use of it many years ago. Is Firefox okay?

Hey Maurice, Its been a while. I'm still getting that pop-up, but since you mentioned it was harmless, I went ahead and started using the computer again. Anyway, here is the new OTL log ############################## OTL logfile created on: 5/22/2010 1:58:01 PM - Run 2 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\soulsis\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 485.00 Mb Available Physical Memory | 47.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 22.65 Gb Free Space | 40.56% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SOULSISTAH Current User Name: soulsis Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soulsis\Desktop\OTL.com PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2010/03/01 23:41:24 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/02/18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/04/04 15:56:18 | 001,123,608 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2007/08/22 09:45:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/03/23 13:14:52 | 000,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe PRC - [2007/03/06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe PRC - [2007/03/02 16:56:52 | 000,077,824 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2005/02/05 22:40:35 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe PRC - [2002/07/04 07:00:00 | 000,303,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Supreme Office Suite3.0\program\soffice.exe PRC - [2002/04/10 16:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2000/08/05 20:08:30 | 000,036,864 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE ========== Modules (SafeList) ========== MOD - [2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soulsis\Desktop\OTL.com MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll MOD - [2008/07/25 11:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll MOD - [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004/08/04 01:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx MOD - [2004/08/04 00:31:43 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rsaenh.dll ========== Win32 Services (SafeList) ========== SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/03/01 23:41:24 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/04/04 15:56:18 | 001,123,608 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2002/05/03 12:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel® ========== Driver Services (SafeList) ========== DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek) DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk) DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk) DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp) DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk) DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet) DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k) DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids) DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk) DRV - [2009/07/15 11:13:00 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K) DRV - [2009/07/15 11:13:00 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS) DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2007/02/06 16:02:00 | 000,123,939 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kqemu.sys -- (kqemu) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/07/26 22:41:18 | 000,059,440 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp) DRV - [2005/07/26 22:41:18 | 000,023,724 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k) DRV - [2004/12/20 19:58:18 | 000,110,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2004/08/04 01:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum) DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4) DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3) DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4) DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3) DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1) DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0) DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0) DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1) DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2) DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x) DRV - [2004/03/22 23:23:31 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -- (MxlW2k) DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv) DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem) DRV - [2002/08/30 17:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM) DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2002/05/03 12:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG) DRV - [2002/04/10 17:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K) DRV - [2002/04/10 17:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K) DRV - [2002/04/10 17:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k) DRV - [2002/04/10 16:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp) DRV - [2002/04/10 16:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp) DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA) DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC) DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/22 10:28:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/22 05:41:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2006/08/15 21:18:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/05/22 05:41:53 | 000,000,000 | ---D | M] [2009/03/31 23:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\Mozilla\Extensions [2010/05/22 10:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\Mozilla\Firefox\Profiles\vu693bl9.default\extensions [2009/09/05 11:56:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\soulsis\Application Data\Mozilla\Firefox\Profiles\vu693bl9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/22 10:39:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll O1 HOSTS File: ([2004/01/27 17:35:01 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518040942.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio) O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering) O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\RunOnce: [DelayShred] c:\program files\mcafee.com\shredder\SHRED32.EXE (McAfee, Inc.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE (Ulead Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\soulsis\Start Menu\Programs\Startup\Supreme Office Suite 3.0.lnk = C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} http://download.mcafee.com/molbin/Shared/MGBrwFld.cab (BrowseFolderPopup Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} https://ehelp.nelnet.net/netagent/objects/custappx3.CAB (eAssist NetAgent Customer ActiveX Control version 3) O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen) O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab (McAfee.com Download+Installer Class) O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d.../WebCleaner.cab (Malicious Software Removal Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (McAfee.com Operating System Class) O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust.com/Support/PestScanner/pestscan.cab (PSFormX Control) O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab (McUpdatePortalFactory Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109 (WUWebControl Class) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1129601807465 (MUWebControl Class) O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab (ZoneAxRcMgr Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab (MSN Games - Installer) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://www.windowsecurity.com/trojanscan/axscan.cab (ASquaredScanForm Element) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (DwnldGroupMgr Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab (McFreeScan Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\soulsis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\soulsis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/05/22 10:44:25 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\soulsis\Desktop\OTL.com [2010/05/22 10:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010/04/14 02:48:37 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys [2010/04/14 02:48:16 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys [2010/04/14 02:48:16 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys [2010/04/14 02:48:16 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys [2010/04/14 02:48:16 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/04/14 02:48:16 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys [2010/04/14 02:48:16 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys [2010/03/22 07:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro [2010/03/20 13:07:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/03/20 11:39:07 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/03/20 11:37:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/03/20 11:37:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/03/20 11:37:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/03/20 11:37:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/03/20 11:37:21 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/03/20 11:14:13 | 000,000,000 | ---D | C] -- C:\_OTL [2010/03/20 11:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soulsis\Desktop\FixPolicies [2010/03/19 22:09:00 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\soulsis\Desktop\TFC.exe [2010/03/19 14:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2010/03/19 12:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/03/19 11:51:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\soulsis\Desktop\erunt-setup.exe [2010/03/19 09:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW [2010/03/19 09:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO [2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES [2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR [2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK [2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA [2010/03/12 02:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/03/11 23:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soulsis\My Documents\Downloads [2010/03/09 01:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real [2010/03/07 16:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/03/07 16:14:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/02/23 15:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2003/02/13 16:43:21 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll ========== Files - Modified Within 90 Days ========== [2010/05/22 13:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/05/22 12:20:32 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\soulsis\.recently-used.xbel [2010/05/22 10:48:29 | 000,003,192 | ---- | M] () -- C:\Documents and Settings\soulsis\2010_YTD [2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soulsis\Desktop\OTL.com [2010/05/22 10:24:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010/05/22 10:24:09 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/05/22 10:24:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/05/22 09:15:11 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/05/22 09:11:02 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2010/05/22 09:10:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/22 09:10:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/05/22 09:10:36 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys [2010/05/22 09:10:36 | 000,403,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/05/22 09:09:08 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\soulsis\ntuser.dat [2010/05/22 09:09:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\soulsis\NTUSER.INI [2010/05/22 08:22:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/22 05:35:46 | 000,000,531 | ---- | M] () -- C:\WINDOWS\WIN.INI [2010/05/21 16:35:41 | 000,000,944 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini [2010/05/20 11:14:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brdfxspd.dat [2010/05/19 22:42:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys [2010/04/14 22:10:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/03/30 22:49:12 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\Shortcut to Shared Documents.lnk [2010/03/22 07:58:10 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\HiJackThis.lnk [2010/03/21 16:03:31 | 001,644,436 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SMR-manual.pdf [2010/03/20 14:28:36 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\HijackThis.msi [2010/03/20 14:26:56 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\RootRepeal.zip [2010/03/20 14:23:57 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\rkill.scr [2010/03/20 11:53:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/03/20 11:39:23 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI [2010/03/20 11:06:47 | 003,895,816 | R--- | M] () -- C:\Documents and Settings\soulsis\Desktop\ComboFix.exe [2010/03/20 10:55:55 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\FixPolicies.exe [2010/03/19 22:13:12 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\gmer.zip [2010/03/19 22:11:06 | 000,843,187 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\SecurityCheck.exe [2010/03/19 22:09:04 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soulsis\Desktop\TFC.exe [2010/03/19 11:52:11 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\soulsis\Desktop\erunt-setup.exe [2010/03/17 15:03:13 | 000,483,160 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2010/03/17 15:03:12 | 000,086,608 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2010/03/17 15:03:09 | 000,580,614 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010/03/12 09:25:35 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010/03/12 01:27:49 | 000,050,113 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\MS_windows_error.JPG [2010/03/11 23:02:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\soulsis\defogger_reenable [2010/03/11 23:01:37 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\soulsis\Desktop\Defogger.exe [2010/03/10 08:19:43 | 000,027,797 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pop-up.JPG [2010/03/09 01:43:39 | 000,004,654 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI [2010/03/07 06:00:16 | 000,006,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\sugahono [2010/03/06 03:47:11 | 000,078,137 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rogue_site.JPG ========== Files Created - No Company Name ========== [2010/05/22 12:20:32 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\soulsis\.recently-used.xbel [2010/05/22 10:48:29 | 000,003,192 | ---- | C] () -- C:\Documents and Settings\soulsis\2010_YTD [2010/05/22 10:48:29 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\soulsis\2010_YTD.20100522104829.log [2010/05/22 10:48:28 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\soulsis\2010_YTD.20100522104828.log [2010/05/22 10:41:18 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\soulsis\2009_YTD_pre_chk_exp_report_only.20100522104118.log [2010/05/22 08:22:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/16 12:23:26 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2010/03/22 07:58:10 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\HiJackThis.lnk [2010/03/21 16:03:31 | 001,644,436 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SMR-manual.pdf [2010/03/20 14:28:31 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\HijackThis.msi [2010/03/20 14:26:52 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\RootRepeal.zip [2010/03/20 14:23:49 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\rkill.scr [2010/03/20 11:39:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/03/20 11:39:17 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/03/20 11:37:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/03/20 11:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/03/20 11:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/03/20 11:37:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/03/20 11:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/03/20 11:06:24 | 003,895,816 | R--- | C] () -- C:\Documents and Settings\soulsis\Desktop\ComboFix.exe [2010/03/20 10:55:52 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\FixPolicies.exe [2010/03/19 22:13:08 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\gmer.zip [2010/03/19 22:11:03 | 000,843,187 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\SecurityCheck.exe [2010/03/12 01:27:49 | 000,050,113 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\MS_windows_error.JPG [2010/03/11 23:02:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\soulsis\defogger_reenable [2010/03/11 23:01:33 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\soulsis\Desktop\Defogger.exe [2010/03/10 08:19:43 | 000,027,797 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pop-up.JPG [2010/03/07 18:08:20 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys [2010/03/06 03:47:11 | 000,078,137 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rogue_site.JPG [2010/02/23 15:32:57 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/23 15:32:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/10/14 09:42:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009/10/14 09:42:06 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/10/14 09:41:22 | 000,000,944 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009/10/14 09:41:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009/10/14 09:39:03 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2009/10/14 09:39:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009/10/14 09:28:07 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2008/07/04 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2008/07/04 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2007/09/15 17:00:01 | 000,001,486 | ---- | C] () -- C:\WINDOWS\NETG.INI [2007/08/12 14:28:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/05/13 18:15:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI [2007/02/06 16:02:00 | 000,123,939 | ---- | C] () -- C:\WINDOWS\System32\drivers\kqemu.sys [2006/01/02 16:18:43 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI [2005/12/01 01:48:27 | 000,004,654 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2004/01/27 17:30:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/01/27 17:29:59 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll [2003/06/07 21:51:37 | 000,000,536 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2003/05/28 12:15:07 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ctavp4.dll [2003/03/11 23:54:49 | 000,017,493 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2003/02/13 16:57:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/02/13 16:46:47 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2003/02/13 16:46:45 | 000,000,793 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/02/13 16:43:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2003/02/13 16:43:21 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll [2003/02/13 16:43:21 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini [2003/02/13 16:43:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2003/02/13 16:43:20 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI [2003/02/13 16:43:20 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI [2003/02/13 16:43:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini [2003/02/13 16:42:38 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2003/02/13 16:38:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/02/13 16:17:18 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll [2002/01/21 16:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll ========== LOP Check ========== [2003/02/13 16:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007/05/13 18:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA [2008/11/21 01:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation [2009/08/05 23:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2007/09/30 14:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2004/06/26 01:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm [2005/03/20 03:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2009/10/14 09:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2004/12/11 11:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/01/08 12:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/08/05 22:20:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} [2010/01/03 01:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\GetRightToGo [2010/05/22 10:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\gtk-2.0 [2007/11/07 01:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\InfraRecorder [2003/02/20 01:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\InterTrust [2009/12/12 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\PC-FAX TX [2007/08/22 10:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\SecondLife [2007/04/14 00:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soulsis\Application Data\Viewpoint [2010/05/19 22:42:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/05/22 09:15:11 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010/05/22 10:24:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== < End of report > ##############################

bumping up ............ not sure if you saw my latest reply .

####################################### RootRepeal file scan log ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/03/22 07:56 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! ####################################### HijackThis log Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 8:01:32 AM, on 3/22/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\WINDOWS\system32\cidaemon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\TrendMicro\HiJackThis\BRAVO.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\SOULSIS\\APPLICATION DATA\\Mozilla\\Profiles\\default\\34yscgug.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\soulsis\\Desktop"); user_pref("browser.history.grouping", "none"); user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); user_pref("browser.startup.homepage_override.mston N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\SOULSIS\\APPLICATION DATA\\Mozilla\\Profiles\\default\\34yscgug.slt"); user_pref("browser.download.dir", "C:\\Documents and Settings\\soulsis\\Desktop"); user_pref("browser.history.grouping", "none"); user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); user_pref("browser.startup.homepage_override.mston O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee.com\shredder\SHRED32.EXE" /q C:\WINDOWS\SYSTEM32\ncompat.SH! C:\WINDOWS\SYSTEM32\nvctrl.SH! C:\DOCUME~1\soulsis\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\soulsis\LOCALS~1\TEMPOR~1\Content.IE5\index.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DFA39C.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DFF491.SH! C:\PROGRA~1\SECURI~1.SH! C:\WINDOWS\SYSTEM32\hp3918.SH! C:\WINDOWS\SYSTEM32\hpF6FF.SH! C:\WINDOWS\SYSTEM32\ld5C5A.SH! C:\WINDOWS\SYSTEM32\hp5E2E.SH! C:\WINDOWS\SYSTEM32\ldF76F.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DF46EC.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DF5A91.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DF4040.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DF39CF.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DF5EAF.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DFB7A.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DF237E.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DF16A3.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DFEC2A.SH! C:\DOCUME~1\soulsis\LOCALS~1\Temp\~DFA74C.SH! C:\DOCUME~1\soulsis\LOCALS~1\Te O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') O4 - Startup: Supreme Office Suite 3.0.lnk = C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://ehelp.nelnet.net/netagent/objects/custappx3.CAB O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129601807465 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 15179 bytes ####################################### Status of system : I am still getting the Run DLL pop up that states that "c:\DOCUME~1\ALLUSE~1\APPLIC~1\sajuyaya\sajuyaya.dll is not found", so while the malware can't locate its program files, its still present on the computer. This is only any issue on one user (non-admin) account. I just did a quick scan of Malwarebytes and its did not find anything .. odd.

Hey Maurice, I have to head to work and won't be able to run until ~8hrs from now.......... that's okay right? I won't have to re-run the steps from the previous posts? If so, I can request that my other user not touch the computer while I'm gone. Thanks again.

Nevermind, Ignore Previous Post. It worked without an re-install.