[SOLVED] 2 of 5 Trojan Viruses Not Removed by McAfee

**spugmire** · 06-19-2009, 08:01 AM

I have been reading the thread to another post where [Chemical] was working with the gentleman who used the Virus Total program and determined that he may have a backdoor Trojan. I think I may have the same thing have happened to me and coincidentally I had Capital One Credit catch someone who had stolen my SSN, DOB, & Mother's Maiden Name as well as my user ID & password. They had tried to change my address on June 5 and were blocked by Capital One. I have since notified the three credit agencies and changed all of my login information for all financial institutions from this same computer.

I purchased this laptop in Mid May and did not put McAfee on it until a few days into usage. I also have Ad Aware (free version) which I have run. I have lately been getting uncontrollable pop ups whenever I open a new window. There is a scrolling message just above my taskbar that reads PremuimInternetAdvice. I actually found a program installed in my programs list and removed it, but it keeps coming back.

I have used Tech Support Forum in the past and decided today to go there when I found the message thread I referred to. I did perform a boot in Safe Mode then ran a full scan with McAfee. While it found 5 Trojans, it could only remove 3 of them. I have attached screen shots of those 5 as well as the Attach.zip and pasted the contents of my DDs.txt below. I really hope that I don't have some pro watching every keystroke I make right now. Can you help?

Scott Personal Information Removed

DDS.txt:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Scott Pugmire at 23:38:13.87 on Thu 06/18/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2456 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
X:\Applications\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Scott Pugmire\Local Settings\Temporary Internet Files\Content.IE5\45AVWLIN\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: userinit=c:\windows\system32\sdra64.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A5B67D12-8F93-B1F2-FB7A-C0A30649AF4E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\scott pugmire\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PSDiagnosticM] "c:\program files\linksys wireless-g print server\PSDiagnosticM.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [USBDetector] c:\usbstorage\USBDetector.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - x:\applications\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-29 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-29 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-29 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-29 144704]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-21 108160]
R3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [2009-5-28 11648]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2009-5-28 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2009-5-28 37248]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-29 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-29 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-29 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-29 40552]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-5-21 160256]
S2 yksvc;Marvell Yukon Service; [x]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-29 34216]

=============== Created Last 30 ================

2009-06-18 23:03 116,842 a------- c:\windows\hpqins00.dat
2009-06-18 16:25 <DIR> --d----- c:\program files\Trend Micro
2009-06-17 01:52 <DIR> --d----- c:\program files\VideoLAN
2009-06-16 04:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-16 04:21 <DIR> --d----- c:\docume~1\scottp~1\applic~1\AVS4YOU
2009-06-16 04:20 <DIR> --d----- c:\program files\common files\AVSMedia
2009-06-16 04:20 658,432 a------- c:\windows\system32\cc3270mt.dll
2009-06-16 04:20 487,424 a------- c:\windows\system32\msvcp70.dll
2009-06-16 04:20 <DIR> --d----- c:\program files\AVS4YOU
2009-06-14 19:13 <DIR> --d-h--- c:\windows\PIF
2009-06-14 19:13 <DIR> --d----- c:\program files\PlayMP3z
2009-06-12 19:56 <DIR> --d----- c:\docume~1\scottp~1\applic~1\Digital Support
2009-06-12 19:55 <DIR> --d----- c:\program files\Digital Support
2009-06-11 09:26 3,253 a------- c:\windows\system32\wbem\Outlook_01c9ea983a3babcc.mof
2009-06-10 17:47 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-10 17:42 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2009-06-10 17:42 <DIR> --d----- c:\program files\Microsoft IntelliPoint 5.5
2009-06-10 14:55 103,812 a------- c:\windows\hpqins07.dat
2009-06-10 14:23 988 a------- C:\UFantasy.ini
2009-06-10 14:21 5,183 a------- c:\windows\system32\drivers\usbu2a.sys
2009-06-10 14:21 <DIR> --d----- C:\USBStorage
2009-06-10 14:21 306,688 a------- c:\windows\IsUninst.exe
2009-06-10 13:48 118,272 a------- c:\windows\system32\hpz3l58a.dll
2009-06-10 13:47 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-06-10 13:47 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-06-10 13:25 892,928 a------- c:\windows\system32\hpwtiop2.dll
2009-06-10 13:25 675,840 a------- c:\windows\system32\hpwwiax2.dll
2009-06-10 13:25 364,544 a------- c:\windows\system32\hppldcoi.dll
2009-06-10 13:25 294,912 a------- c:\windows\system32\hpovst11.dll
2009-06-10 13:23 142,067 -------- c:\windows\hpwins05.dat.temp
2009-06-10 13:23 3,953 -------- c:\windows\hpwmdl05.dat.temp
2009-06-10 13:23 1,275,480 a------- c:\windows\hpzshl01.exe
2009-06-10 13:23 1,132,120 a------- c:\windows\hpzmsi01.exe
2009-06-10 13:22 16,050 a------- c:\windows\hpwscr05.dat
2009-06-10 13:22 4,785 a------- c:\windows\hpwmdl05.dat
2009-06-10 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-06-10 12:20 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-09 13:18 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-08 19:19 <DIR> --d----- c:\docume~1\scottp~1\applic~1\Blackberry Desktop
2009-06-08 13:08 256 a------- c:\windows\system32\pool.bin
2009-06-08 13:08 <DIR> --d----- c:\docume~1\scottp~1\applic~1\Research In Motion
2009-06-08 13:02 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-08 13:02 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-06-08 13:01 <DIR> --d----- c:\program files\common files\Research In Motion
2009-06-08 13:01 <DIR> --d----- c:\program files\Research In Motion
2009-06-08 11:52 <DIR> --dsh--- c:\windows\ftpcache
2009-06-05 02:42 12,380 a------- c:\windows\system32\drivers\Usb68.sys
2009-06-05 02:42 876 a------- c:\windows\$_hpcst$.hpc
2009-06-05 02:41 <DIR> --d----- c:\program files\HotcardSoft
2009-06-04 11:27 <DIR> --d----- c:\program files\iPod
2009-06-04 11:27 <DIR> --d----- c:\program files\iTunes
2009-06-04 11:23 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-04 11:23 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 15:15 <DIR> --d----- c:\program files\Microsoft Picture It! 7
2009-06-01 14:08 3,253 a------- c:\windows\system32\wbem\Outlook_01c9e2e3fcf1f05c.mof
2009-05-30 09:47 3,253 a------- c:\windows\system32\wbem\Outlook_01c9e12d3735add4.mof
2009-05-29 21:40 247 a------- C:\nphssb.xpt
2009-05-29 21:40 184,320 a------- c:\windows\system32\OESICore.dll
2009-05-29 21:40 45,056 a------- c:\windows\system32\HSSICore.dll
2009-05-29 21:40 40,960 a------- c:\windows\system32\HS_live.ocx
2009-05-29 21:40 36,864 a------- C:\nphssb.dll
2009-05-29 19:13 <DIR> --d----- c:\docume~1\scottp~1\applic~1\LimeWire
2009-05-29 19:12 <DIR> --d----- c:\program files\LimeWire
2009-05-29 18:15 15,269 a------- c:\windows\system32\Config.MPF
2009-05-29 18:12 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-29 18:12 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-05-29 18:12 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-29 18:12 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-05-29 18:11 <DIR> --d----- c:\program files\McAfee.com
2009-05-29 18:11 <DIR> --d----- c:\program files\common files\McAfee
2009-05-29 18:11 <DIR> --d----- c:\program files\McAfee
2009-05-29 18:07 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-05-29 17:20 98,136 a------- c:\windows\gzip.exe
2009-05-29 17:18 <DIR> --d----- c:\program files\Homestead
2009-05-29 14:30 <DIR> --d----- c:\program files\ToYcon Icon Maker
2009-05-29 14:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Icon Constructor 3
2009-05-29 14:00 <DIR> --d----- c:\program files\Icon Constructor 3
2009-05-29 11:42 <DIR> --d----- c:\program files\RegistryFix7
2009-05-29 11:06 <DIR> --d----- c:\program files\Lookout Software
2009-05-29 10:58 <DIR> --d----- c:\program files\Microsoft MapPoint
2009-05-29 10:54 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-29 10:54 208,744 a------- c:\windows\system32\muweb.dll
2009-05-29 10:54 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-29 10:27 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-29 00:45 <DIR> --d----- C:\_JSP
2009-05-28 20:43 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-05-28 20:42 <DIR> --d----- C:\Shared
2009-05-28 20:32 <DIR> --d----- c:\program files\Lavasoft
2009-05-28 20:31 <DIR> --d----- c:\windows\DA0BF7AB88EB46758FA1531EAD938821.TMP
2009-05-28 20:24 <DIR> --d----- c:\program files\Click'N Design 3D (V5)
2009-05-28 20:15 11,648 a------- c:\windows\system32\lknucmp.sys
2009-05-28 20:15 11,648 a------- c:\windows\system32\drivers\lknucmp.sys
2009-05-28 20:15 1,393 a------- c:\windows\system32\lknucmp.inf
2009-05-28 20:15 37,248 a------- c:\windows\system32\lknuhub.sys
2009-05-28 20:15 37,248 a------- c:\windows\system32\drivers\lknuhub.sys
2009-05-28 20:15 11,136 a------- c:\windows\system32\drivers\lknuhst.sys
2009-05-28 20:15 1,371 a------- c:\windows\system32\lknuhub.inf
2009-05-28 20:15 <DIR> --d----- c:\program files\Linksys Wireless-G Print Server
2009-05-28 20:15 813 a----r-- C:\setup.iss
2009-05-28 19:16 <DIR> --d----- c:\program files\common files\HP
2009-05-28 19:15 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-05-28 19:14 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-05-28 19:14 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-05-28 19:13 38,400 a------- c:\windows\system32\hpz3l4sa.dll
2009-05-28 19:13 258,048 a------- c:\windows\system32\hpzids01.dll
2009-05-28 19:13 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-05-28 19:11 123 a------- c:\windows\hpntwksetup.ini
2009-05-28 19:10 <DIR> --d----- C:\TEMP
2009-05-28 19:09 <DIR> --d----- c:\windows\carrier
2009-05-28 19:09 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-05-28 19:09 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-05-28 19:09 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-05-28 19:09 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-05-28 19:08 <DIR> --d----- c:\program files\HP
2009-05-28 19:07 150,277 a------- c:\windows\hpwins05.dat
2009-05-28 18:36 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-05-28 18:36 1,848,608 a------- c:\windows\system32\acXMLParser.dll
2009-05-28 18:36 3,523,872 a------- c:\windows\system32\cdintf300.dll
2009-05-28 18:36 <DIR> --d----- c:\docume~1\scottp~1\applic~1\Intuit
2009-05-28 18:36 <DIR> --d----- c:\program files\common files\Intuit
2009-05-28 18:35 <DIR> --d----- c:\program files\Quicken
2009-05-28 18:35 165 a------- c:\windows\QUICKEN.INI
2009-05-28 18:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-05-28 18:17 3,253 a------- c:\windows\system32\wbem\Outlook_01c9dfe2076e2352.mof
2009-05-28 18:07 <DIR> --d----- c:\program files\common files\L&H
2009-05-28 18:07 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-05-28 18:06 <DIR> --d----- c:\windows\SHELLNEW
2009-05-28 17:52 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-28 17:24 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-28 17:07 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-28 17:07 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-28 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-28 17:07 <DIR> --d----- c:\program files\Bonjour
2009-05-28 16:41 <DIR> --d----- c:\program files\Pure Networks
2009-05-28 16:41 <DIR> --d----- c:\program files\WebEx
2009-05-28 16:41 23,984 a------- c:\windows\system32\drivers\pnarp.sys
2009-05-28 16:41 25,264 a------- c:\windows\system32\drivers\purendis.sys
2009-05-28 16:41 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-05-28 16:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-05-28 15:42 <DIR> --ds---- c:\documents and settings\scott pugmire\UserData
2009-05-28 15:38 <DIR> --d----- c:\documents and settings\scott pugmire\Tracing
2009-05-28 14:54 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-05-28 14:54 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-05-28 14:35 3,253 a------- c:\windows\system32\wbem\Outlook_01c9dfc311c2ed69.mof
2009-05-28 13:38 <DIR> --d----- c:\docume~1\scottp~1\applic~1\Windows Search
2009-05-28 13:37 376 a------- c:\windows\ODBC.INI
2009-05-28 13:37 28,040 a------- c:\windows\system32\mdimon.dll
2009-05-28 13:36 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-05-28 13:36 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-05-28 13:36 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-28 13:36 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-05-28 13:36 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-05-28 13:36 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-05-28 13:36 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-05-28 13:36 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-05-28 13:36 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-05-28 13:36 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-05-28 13:32 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-28 13:32 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-05-28 13:30 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-28 13:28 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-05-28 13:26 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-28 13:26 <DIR> --d----- c:\docume~1\scottp~1\applic~1\Windows Desktop Search
2009-05-28 13:26 <DIR> --d----- c:\documents and settings\Scott Pugmire
2009-05-28 13:19 8,192 a------- c:\windows\REGLOCS.OLD
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-22 00:09 920,088 a------- c:\windows\system32\igxpun.exe
2009-05-22 00:09 <DIR> --d----- c:\windows\system32\x64
2009-05-22 00:09 <DIR> --d----- c:\windows\system32\Lang
2009-05-22 00:09 309,760 a------- c:\windows\system32\difxapi.dll
2009-05-22 00:07 <DIR> --d----- c:\program files\IDT
2009-05-22 00:07 <DIR> --d----- c:\program files\DellTPad
2009-05-22 00:06 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-05-22 00:06 52,480 ac------ c:\windows\system32\dllcache\i8042prt.sys
2009-05-22 00:06 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2009-05-22 00:06 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-05-22 00:06 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-05-22 00:06 13,952 a------- c:\windows\system32\drivers\CmBatt.sys
2009-05-22 00:06 1,179,933 a------- c:\windows\setupapi.log.0.old
2009-05-21 20:03 4,947 a---hr-- C:\dell.sdr
2009-05-21 20:01 6,912,054 a------- c:\windows\boombox_1920x1200.BMP
2009-05-21 20:01 1,391,104 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-05-21 20:01 <DIR> --d----- C:\drivers
2009-05-21 20:01 4,947 a------- c:\windows\system32\drivers\1028_Dell_INS_1545.mrk
2009-05-21 20:00 787,356 a------- c:\windows\system32\OEMBKGN1.BMP
2009-05-21 20:00 96,310 a------- c:\windows\system32\DELLWALL.BMP
2009-05-21 20:00 5,134 a------- c:\windows\system32\OEMLOGO.BMP
2009-05-21 20:00 1,155 a------- c:\windows\system32\OEMINFO.INI
2009-05-21 20:00 <DIR> --d----- C:\DELL
2009-05-21 17:30 61 a------- c:\windows\smscfg.ini
2009-05-21 17:30 333 a------- c:\windows\system32\$ncsp$.inf
2009-05-21 17:27 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-05-21 17:27 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-05-21 17:26 <DIR> --d----- c:\program files\Microsoft
2009-05-21 17:26 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-21 17:25 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-21 17:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCDr
2009-05-21 17:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC-Doctor
2009-05-21 17:23 <DIR> --d----- c:\program files\Dell Support Center
2009-05-21 17:23 <DIR> --d----- c:\program files\common files\supportsoft
2009-05-21 17:22 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-05-21 17:22 1,047,552 a------- c:\windows\system32\MFC71u.dll
2009-05-21 17:22 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-21 17:22 348,160 a------- c:\windows\system32\msvcr71.dll
2009-05-21 17:22 89,088 a------- c:\windows\system32\atl71.dll
2009-05-21 17:21 <DIR> --d----- c:\program files\Citrix
2009-05-21 17:21 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-05-21 17:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Uninstall
2009-05-21 17:21 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-05-21 17:20 <DIR> --d----- c:\program files\Roxio
2009-05-21 17:19 <DIR> --d----- c:\program files\Dell
2009-05-21 17:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-21 17:18 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-21 17:16 <DIR> --d----- c:\program files\Windows Desktop Search
2009-05-21 17:14 512,000 -c------ c:\windows\system32\dllcache\jscript.dll
2009-05-21 17:13 1,847,808 -c------ c:\windows\system32\dllcache\win32k.sys

==================== Find3M ====================

2009-05-29 17:21 155,995 a------- c:\windows\java\packages\137ZXZXN.ZIP
2009-05-29 17:21 2,232 a------- c:\windows\java\packages\data\5RBJZ331.DAT
2009-05-29 17:21 2,678 a------- c:\windows\java\packages\data\HJDZHVHN.DAT
2009-05-29 17:21 2,678 a------- c:\windows\java\packages\data\AT33NTFZ.DAT
2009-05-29 17:21 2,678 a------- c:\windows\java\packages\data\89FHZVL7.DAT
2009-05-29 17:21 2,678 a------- c:\windows\java\packages\data\5ZD3BZFV.DAT
2009-05-29 17:21 2,678 a------- c:\windows\java\packages\data\MAZFJXBX.DAT
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-22 00:07 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-22 00:07 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-05-21 17:13 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 00:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 06:50 1,847,808 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:41:55.51 ===============

**TheBruce1** · 06-21-2009, 04:03 PM

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

**spugmire** · 06-22-2009, 08:14 AM

Here is the result of the combofix run

Thanks

ComboFix 09-06-21.01 - Scott Pugmire 06/22/2009 9:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2905 [GMT -4:00]
Running from: c:\documents and settings\Scott Pugmire\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Scott Pugmire\Start Menu\Programs\PlayMP3z
c:\program files\PlayMP3z
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\documents and settings\Scott Pugmire\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\windows\system32\hpzids01.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-21 03:27 . 2009-06-21 03:28 -------- d-----w- C:\rei
2009-06-21 03:23 . 2009-06-21 03:26 -------- d-----w- c:\program files\Reimage
2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Live Writer
2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Windows Live Writer
2009-06-19 18:48 . 2009-06-19 18:48 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IECompatCache
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-sh--w- c:\documents and settings\Scott Pugmire\PrivacIE
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IETldCache
2009-06-19 18:27 . 2009-06-19 18:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-19 17:29 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 17:29 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-19 17:29 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-19 17:29 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 17:29 . 2009-06-19 17:29 -------- d-----w- c:\windows\ie8updates
2009-06-19 17:28 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 17:27 . 2009-06-19 17:28 -------- dc-h--w- c:\windows\ie8
2009-06-19 03:03 . 2009-06-19 03:07 116842 ----a-w- c:\windows\hpqins00.dat
2009-06-18 20:25 . 2009-06-18 20:25 -------- d-----w- c:\program files\Trend Micro
2009-06-17 05:55 . 2009-06-17 06:07 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\vlc
2009-06-17 05:52 . 2009-06-17 05:52 -------- d-----w- c:\program files\VideoLAN
2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AVS4YOU
2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\AVS4YOU
2009-06-16 08:20 . 2006-03-03 14:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-06-16 08:20 . 2002-01-05 19:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-14 23:13 . 2009-06-14 23:13 -------- d--h--w- c:\windows\PIF
2009-06-12 23:56 . 2009-06-13 00:00 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Digital Support
2009-06-12 23:55 . 2009-06-12 23:56 -------- d-----w- c:\program files\Digital Support
2009-06-12 15:16 . 2009-06-12 15:16 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Dell
2009-06-10 21:47 . 2009-06-12 23:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 21:42 . 2009-06-10 21:42 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-06-10 21:42 . 2009-06-10 21:42 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.5
2009-06-10 20:49 . 2009-06-10 20:50 7431368 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP55_32Eng.exe
2009-06-10 18:55 . 2009-06-10 18:59 103812 ----a-w- c:\windows\hpqins07.dat
2009-06-10 18:21 . 2009-06-10 20:42 -------- d-----w- C:\USBStorage
2009-06-10 18:21 . 2003-04-03 22:57 5183 ----a-w- c:\windows\system32\drivers\usbu2a.sys
2009-06-10 18:21 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-06-10 18:20 . 2009-06-10 20:41 918745 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\DX-ECDRW100_Drivers.exe
2009-06-10 17:53 . 2009-06-10 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-06-10 17:48 . 2009-06-10 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-10 17:48 . 2008-07-24 16:10 118272 ----a-w- c:\windows\system32\hpz3l58a.dll
2009-06-10 17:47 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-10 17:47 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-06-10 17:25 . 2007-07-05 02:49 294912 ----a-w- c:\windows\system32\hpovst11.dll
2009-06-10 17:25 . 2007-07-05 02:49 892928 ----a-w- c:\windows\system32\hpwtiop2.dll
2009-06-10 17:25 . 2007-07-05 02:49 675840 ----a-w- c:\windows\system32\hpwwiax2.dll
2009-06-10 17:25 . 2007-07-05 02:48 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2009-06-10 17:23 . 2007-07-05 03:42 1275480 ----a-w- c:\windows\hpzshl01.exe
2009-06-10 17:23 . 2007-07-05 03:42 1132120 ----a-w- c:\windows\hpzmsi01.exe
2009-06-10 17:22 . 2007-09-14 16:11 16050 ----a-w- c:\windows\hpwscr05.dat
2009-06-10 17:22 . 2007-09-14 16:10 4785 ----a-w- c:\windows\hpwmdl05.dat
2009-06-10 16:43 . 2009-06-10 18:47 326424832 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\OJProL7X00_Full_8_3.exe
2009-06-10 16:41 . 2009-06-10 16:41 15003136 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\HP_LJ_P4010_PCL6_64Bit.exe
2009-06-10 16:34 . 2009-06-10 16:35 14810696 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP32Eng6.20.182.0.exe
2009-06-10 16:32 . 2009-06-10 16:33 14663752 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\ITP32Eng6.20.182.0.exe
2009-06-10 16:21 . 2009-06-10 16:21 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\PC_Drivers_Headquarters
2009-06-10 16:20 . 2009-06-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-10 16:20 . 2009-06-10 16:20 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-06-10 00:59 . 2009-06-10 00:59 152576 ----a-w- c:\documents and settings\Scott Pugmire\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- c:\program files\MSXML 4.0
2009-06-08 23:19 . 2009-06-08 23:19 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Blackberry Desktop
2009-06-08 17:08 . 2009-06-22 14:01 256 ----a-w- c:\windows\system32\pool.bin
2009-06-08 17:08 . 2009-06-08 17:08 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Research In Motion
2009-06-08 17:03 . 2009-06-08 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-06-08 17:02 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-06-08 17:01 . 2009-06-12 17:39 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-08 17:01 . 2009-06-08 17:01 -------- d-----w- c:\program files\Research In Motion
2009-06-08 15:52 . 2009-06-08 15:52 -------- d-sh--w- c:\windows\ftpcache
2009-06-05 06:42 . 2003-04-16 13:46 12380 ----a-w- c:\windows\system32\drivers\Usb68.sys
2009-06-05 06:41 . 2009-06-05 06:41 -------- d-----w- c:\program files\HotcardSoft
2009-06-04 15:43 . 2009-06-04 15:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iPod
2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iTunes
2009-06-04 15:25 . 2009-06-04 15:25 -------- d-----w- c:\program files\QuickTime
2009-06-04 15:23 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 15:23 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 15:20 . 2009-06-04 15:20 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 14:20 . 2009-06-04 14:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
2009-06-04 12:27 . 2009-06-04 12:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-03 19:15 . 2009-06-03 19:16 -------- d-----w- c:\program files\Microsoft Picture It! 7
2009-05-30 22:20 . 2009-05-30 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-30 03:03 . 2009-05-30 03:03 -------- d-----w- c:\windows\Sun
2009-05-30 01:40 . 2009-05-29 21:20 36864 ----a-w- C:\nphssb.dll
2009-05-30 01:40 . 2009-05-29 21:20 45056 ----a-w- c:\windows\system32\HSSICore.dll
2009-05-30 01:40 . 2009-05-29 21:20 184320 ----a-w- c:\windows\system32\OESICore.dll
2009-05-30 01:11 . 2009-05-30 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-05-29 23:12 . 2009-06-17 06:16 -------- d-----w- c:\program files\LimeWire
2009-05-29 22:13 . 2009-05-29 22:13 136 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\fusioncache.dat
2009-05-29 22:12 . 2009-03-25 15:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-05-29 22:12 . 2009-03-25 15:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-05-29 22:12 . 2009-03-25 15:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-05-29 22:12 . 2008-10-23 17:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-05-29 22:11 . 2009-05-29 22:12 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-29 22:11 . 2009-05-29 22:11 -------- d-----w- c:\program files\McAfee.com
2009-05-29 22:11 . 2009-06-04 15:37 -------- d-----w- c:\program files\McAfee
2009-05-29 22:07 . 2009-03-25 15:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-05-29 21:52 . 2009-06-08 21:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-29 21:46 . 2009-05-29 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-29 21:38 . 2009-05-29 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-29 21:33 . 2009-05-29 21:33 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\AppUpdater
2009-05-29 21:32 . 2009-06-22 13:40 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Lookout Software
2009-05-29 21:20 . 2009-05-29 21:18 98136 ----a-w- c:\windows\gzip.exe
2009-05-29 21:18 . 2009-05-29 21:18 -------- d-----w- c:\program files\Homestead
2009-05-29 18:30 . 2009-05-29 18:31 -------- d-----w- c:\program files\ToYcon Icon Maker
2009-05-29 18:00 . 2009-05-29 18:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Icon Constructor 3
2009-05-29 18:00 . 2009-05-29 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Icon Constructor 3
2009-05-29 18:00 . 2009-05-29 18:59 -------- d-----w- c:\program files\Icon Constructor 3
2009-05-29 17:58 . 2009-05-29 17:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-29 15:42 . 2009-05-30 14:05 -------- d-----w- c:\program files\RegistryFix7
2009-05-29 15:06 . 2009-05-29 15:06 -------- d-----w- c:\program files\Lookout Software
2009-05-29 14:58 . 2009-05-29 15:01 -------- d-----w- c:\program files\Microsoft MapPoint
2009-05-29 14:54 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-29 14:54 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-29 14:27 . 2009-02-06 22:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-29 04:45 . 2009-06-16 08:33 -------- d-----w- C:\_JSP
2009-05-29 00:51 . 2009-06-11 17:18 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AdobeUM
2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-29 00:43 . 2009-05-29 00:51 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Adobe
2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-29 00:42 . 2009-06-16 22:46 -------- d-----w- C:\Shared
2009-05-29 00:40 . 2009-05-29 14:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-29 00:39 . 2009-05-29 00:39 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\IsolatedStorage
2009-05-29 00:37 . 2009-05-29 00:37 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Apteco
2009-05-29 00:32 . 2009-05-29 00:32 -------- d-----w- c:\program files\Lavasoft
2009-05-29 00:32 . 2009-05-29 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 18:06 . 2009-05-29 23:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\LimeWire
2009-06-18 06:13 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-11 07:11 . 2009-05-21 21:16 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-11 07:05 . 2009-05-21 21:20 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 01:00 . 2009-05-21 21:18 -------- d-----w- c:\program files\Java
2009-06-09 17:38 . 2009-05-21 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 17:08 . 2009-05-21 21:25 98752 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Roxio
2009-06-08 17:03 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-05-30 07:11 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-29 21:21 . 2009-05-29 21:21 2232 ----a-w- c:\windows\java\Packages\Data\5RBJZ331.DAT
2009-05-29 21:21 . 2009-05-29 21:21 155995 ----a-w- c:\windows\java\Packages\137ZXZXN.ZIP
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\HJDZHVHN.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\AT33NTFZ.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\89FHZVL7.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\5ZD3BZFV.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\MAZFJXBX.DAT
2009-05-29 14:27 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live
2009-05-28 19:25 . 2009-05-21 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-05-25 04:24 . 2008-05-27 03:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\IDT
2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\DellTPad
2009-05-22 00:01 . 2009-05-22 00:01 4947 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1545.mrk
2009-05-21 21:28 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-21 21:27 . 2009-05-21 21:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Microsoft
2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-21 21:25 . 2009-05-21 21:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 21:25 . 2009-05-28 17:26 33416 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 21:24 . 2009-05-21 21:24 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Dell Support Center
2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Common Files\supportsoft
2009-05-21 21:22 . 2009-05-21 21:22 -------- d-----w- c:\program files\CyberLink
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Citrix
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-05-21 21:20 . 2009-05-21 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Intel
2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Dell
2009-05-21 21:18 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\InstallShield
2009-05-21 21:18 . 2009-05-21 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-21 21:16 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Desktop Search
2009-05-21 21:16 . 2009-05-21 21:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-05-21 21:13 . 2008-04-25 21:28 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-21 15:33 . 2009-05-21 21:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-13 05:15 . 2008-04-25 16:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-25 16:16 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 10:50 . 2008-04-25 16:16 1847808 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-25 16:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 10:01 . 2009-04-03 10:01 36224 ----a-w- c:\windows\system32\drivers\ax88772.sys
2009-03-25 15:06 . 2009-03-25 15:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-28 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-09 466944]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-28 68592]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" [2009-06-15 83240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2009-5-28 25214]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-6-5 1545488]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - x:\applications\WinZip\WZQKPICK.EXE [2006-10-17 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-21 21:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/29/2009 10:27 AM 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/29/2009 6:14 PM 210216]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/21/2009 8:02 PM 108160]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [5/28/2009 8:15 PM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [5/28/2009 8:15 PM 37248]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/21/2009 8:02 PM 160256]
S2 yksvc;Marvell Yukon Service; [x]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [5/28/2009 8:15 PM 11648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717499061-2896550583-2833677910-1005.job
- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 19:43]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53]

2009-05-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A5B67D12-8F93-B1F2-FB7A-C0A30649AF4E} - (no file)
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 10:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1520)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Google\Quick Search Box\bin\1.1.1038.9122\qsb.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\drivers\audio\R203425\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\searchindexer.exe
c:\program files\TechSmith\SnagIt 8\TscHelp.exe
c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-22 10:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 14:06

Pre-Run: 252,238,073,856 bytes free
Post-Run: 252,641,902,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

419 --- E O F --- 2009-06-19 17:29

**TheBruce1** · 06-22-2009, 11:27 AM

Hello again Scott

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

======

P2P

P2P - I see you have P2P software (LimeWire PRO 5.1.3) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.

========

Click Start>Control Panel> Add/Remove> Uninstall the following:

Ad-Aware 2007<---Anniversary Edition is the current version(which you can install once we have concluded).
RegistryFix v7.1<---We do not recommend registry fixing applications, they can do more harm than good.
http://miekiemoes.blogspot.com/2008/...eaking_13.html

========

Please go to: VirusTotal

In the middle of the page you'll find a "Browse" button.

Click the "Browse" button and browse to this file in RED:

C:\nphssb.dll
Click "Open".
Then click the "Send File" button at the bottom of the VirusTotal page.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

Do the same with this file as well.

c:\windows\gzip.exe

Post the results in your reply.

**spugmire** · 06-22-2009, 12:26 PM

I understand the concerns about Limewire and I may get rid of it in the near future. That being said, I rarely ever run it, and ensure that it never starts up automatically.

Results from C:\nphssb.dll

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.22 -
AhnLab-V3 5.0.0.2 2009.06.22 -
AntiVir 7.9.0.193 2009.06.22 -
Antiy-AVL 2.0.3.1 2009.06.22 -
Authentium 5.1.2.4 2009.06.22 -
Avast 4.8.1335.0 2009.06.21 -
AVG 8.5.0.339 2009.06.22 -
BitDefender 7.2 2009.06.22 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.22 -
Comodo 1394 2009.06.22 -
DrWeb 5.0.0.12182 2009.06.22 -
eSafe 7.0.17.0 2009.06.22 -
eTrust-Vet 31.6.6573 2009.06.22 -
F-Prot 4.4.4.56 2009.06.22 -
F-Secure 8.0.14470.0 2009.06.22 -
Fortinet 3.117.0.0 2009.06.22 -
GData 19 2009.06.22 -
Ikarus T3.1.1.59.0 2009.06.22 -
Jiangmin 11.0.706 2009.06.22 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.22 -
McAfee 5654 2009.06.22 -
McAfee+Artemis 5654 2009.06.22 -
McAfee-GW-Edition 6.7.6 2009.06.22 -
Microsoft 1.4803 2009.06.22 -
NOD32 4179 2009.06.22 -
Norman 6.01.09 2009.06.22 -
nProtect 2009.1.8.0 2009.06.22 -
Panda 10.0.0.16 2009.06.22 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.22 -
Rising 21.35.04.00 2009.06.22 -
Sophos 4.42.0 2009.06.22 -
Sunbelt 3.2.1858.2 2009.06.22 -
Symantec 1.4.4.12 2009.06.22 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.22 -
VBA32 3.12.10.7 2009.06.22 -
ViRobot 2009.6.22.1798 2009.06.22 -
VirusBuster 4.6.5.0 2009.06.22 -
Additional information
File size: 36864 bytes
MD5...: 2a69dd4fb1a2380e3defb96e4f98b7aa
SHA1..: b752f15723e90516d74f7d30133ca79ff3dca294
SHA256: 2d6ffb7a066a6501fe695a14e359cbcac264837060044992c728c456aaca5913
ssdeep: 768:3Hdeds56imEL0GaEZ3WQ3xFF77vWFF7NPJR+aWh:Yc6imRdEZdhFF76FF7NP
JAaWh

PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3bed
timedatestamp.....: 0x4264273b (Mon Apr 18 21:31:39 2005)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x311e 0x4000 5.22 1bb49ff81fdce11f22a2760249c5d337
.rdata 0x5000 0xffd 0x1000 4.76 ca55a02eeae3613c80d4b8a773131c41
.data 0x6000 0x18cc 0x1000 2.91 491a1f4ae081fd4905537d385a2a64b1
.rsrc 0x8000 0x4d0 0x1000 1.24 57908358e56a90177267bd4542f54545
.reloc 0x9000 0x612 0x1000 2.76 fa4f8329f69e6e05ef794de0658e6cb0

( 9 imports )
> MSVCRT.dll: __CxxFrameHandler, _itoa, _adjust_fdiv, _mbsicmp, _purecall, malloc, atoi, _mbscmp, atol, __3@YAXPAX@Z, __2@YAPAXI@Z, free, _initterm, __1type_info@@UAE@XZ, _onexit, __dllonexit, sprintf, _ftol
> WININET.dll: InternetQueryOptionA, InternetOpenUrlA, InternetCloseHandle, InternetOpenA, HttpQueryInfoA, InternetReadFile
> VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: GetTempPathA, LocalAlloc, LocalFree, GetModuleHandleA, lstrlenW, WideCharToMultiByte, GetProcAddress, FreeLibrary, LoadLibraryA, GetSystemDirectoryA
> USER32.dll: FrameRect, DestroyWindow, SendMessageA, MessageBoxA, SetWindowLongA, DefWindowProcA, EndPaint, GetDC, GetClientRect, BeginPaint, UpdateWindow, ShowWindow, CreateWindowExA, RegisterClassExA, LoadIconA, LoadCursorA, DrawEdge, CopyRect, DrawTextA, FillRect, SetRect, MoveWindow, GetSystemMetrics, PostQuitMessage, GetWindowRect
> GDI32.dll: CreateSolidBrush, SetBkMode, SetTextColor, GetStockObject
> SHELL32.dll: ShellExecuteA
> OLEAUT32.dll: -

( 3 exports )
NP_GetEntryPoints, NP_Initialize, NP_Shutdown

PDFiD.: -
RDS...: NSRL Reference Data Set

Results from c:\windows\gzip.exe

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.22 -
AhnLab-V3 5.0.0.2 2009.06.22 -
AntiVir 7.9.0.193 2009.06.22 -
Antiy-AVL 2.0.3.1 2009.06.22 -
Authentium 5.1.2.4 2009.06.22 -
Avast 4.8.1335.0 2009.06.21 -
AVG 8.5.0.339 2009.06.22 -
BitDefender 7.2 2009.06.22 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.22 -
Comodo 1394 2009.06.22 -
DrWeb 5.0.0.12182 2009.06.22 -
eSafe 7.0.17.0 2009.06.22 -
eTrust-Vet 31.6.6573 2009.06.22 -
F-Prot 4.4.4.56 2009.06.22 -
F-Secure 8.0.14470.0 2009.06.22 -
Fortinet 3.117.0.0 2009.06.22 -
GData 19 2009.06.22 -
Ikarus T3.1.1.59.0 2009.06.22 -
Jiangmin 11.0.706 2009.06.22 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.22 -
McAfee 5654 2009.06.22 -
McAfee+Artemis 5654 2009.06.22 -
McAfee-GW-Edition 6.7.6 2009.06.22 -
Microsoft 1.4803 2009.06.22 -
NOD32 4179 2009.06.22 -
Norman 6.01.09 2009.06.22 -
nProtect 2009.1.8.0 2009.06.22 -
Panda 10.0.0.16 2009.06.22 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.22 -
Rising 21.35.04.00 2009.06.22 -
Sophos 4.42.0 2009.06.22 -
Sunbelt 3.2.1858.2 2009.06.22 -
Symantec 1.4.4.12 2009.06.22 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.22 -
VBA32 3.12.10.7 2009.06.22 -
ViRobot 2009.6.22.1798 2009.06.22 -
VirusBuster 4.6.5.0 2009.06.22 -
Additional information
File size: 98136 bytes
MD5...: 128626a5108c7dc8f7f49263cfa28bf8
SHA1..: e30038b029346278347a58987e8dc252ee539232
SHA256: 63fcea5572eb4c66bcab7c4cc5c88f7b09b31f44914f9b4c05a72d24945d1c24
ssdeep: 1536:2EtrFj8pr9lIYAbe68GcCK5x4ezt9yKNkN1GfWSx8tE/g9b96:2WrFjKpmY
uqGcCK4ezto2kNs+tE/g9o

PEiD..: InstallShield 2000
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (51.6%)
Windows Screen Saver (17.9%)
Win32 Executable Generic (11.6%)
Win32 Dynamic Link Library (generic) (10.3%)
Win16/32 Executable Delphi generic (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xa580
timedatestamp.....: 0x34844af3 (Tue Dec 02 17:52:51 1997)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10800 0x10800 6.61 0de95e4d5d869ea851a9a4fe027cf02a
.rdata 0x12000 0x75f 0x800 4.77 523446b1fe687681174eaa5384418e35
.data 0x13000 0x55ec4 0x4a00 3.19 d288c62c37de7a2bf5f73c9ee36b70f2
.idata 0x69000 0x6fc 0x800 4.92 7e96d26e4dd1c919c0f0963ecfe140d6
.rsrc 0x6a000 0x238 0x400 4.90 56bb3ad627b8021d22e3a9141e3f071e

( 1 imports )
> KERNEL32.dll: FreeEnvironmentStringsA, GetLastError, SetConsoleCtrlHandler, ExitProcess, TerminateProcess, GetCurrentProcess, FindFirstFileA, FindNextFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, HeapFree, HeapAlloc, GetCommandLineA, GetVersion, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, WideCharToMultiByte, UnhandledExceptionFilter, WriteFile, GetStringTypeA, GetStringTypeW, MultiByteToWideChar, FlushFileBuffers, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, SetFilePointer, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, RtlUnwind, LCMapStringA, LCMapStringW, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetTimeZoneInformation, ReadFile, SetStdHandle, GetProcAddress, LoadLibraryA, CloseHandle, HeapReAlloc, GetFileInformationByHandle, PeekNamedPipe, DeleteFileA, CreateFileA, GetDriveTypeA, SetFileAttributesA, GetFileAttributesA, SetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetEndOfFile, GetFullPathNameA, GetCurrentDirectoryA, GetSystemTime, GetLocalTime

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-

**TheBruce1** · 06-22-2009, 12:42 PM

Hello again

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

SkipFix::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000

DDS::
uInternet Settings,ProxyOverride = *.local

Save this as CFscript

Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

This animation will guide you through the process:

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

=========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report

An update on how your system is running.

**spugmire** · 06-23-2009, 07:27 AM

Wow that was a long scan (9 hours). It actually scanned an external drive that I have mapped a drive to "X" and that is what added so much time. Here are the results:

ComboFix

ComboFix 09-06-22.01 - Scott Pugmire 06/22/2009 16:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2645 [GMT -4:00]
Running from: c:\documents and settings\Scott Pugmire\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scott Pugmire\Desktop\CFscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 18:42 . 2009-06-22 18:43 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-06-22 18:41 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-06-22 18:41 . 2007-08-31 19:15 18856 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-06-22 18:41 . 2009-06-22 18:41 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-06-22 18:02 . 2009-06-22 18:43 -------- d-----w- c:\windows\LastGood
2009-06-22 18:02 . 2009-06-22 18:02 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\WinZip
2009-06-22 18:01 . 2009-06-22 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-22 17:47 . 2009-06-22 17:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\HP
2009-06-22 17:39 . 2009-06-22 17:39 -------- d-----w- C:\bin
2009-06-22 17:29 . 2009-06-22 17:42 142068 ----a-w- c:\windows\hpwins05.dat
2009-06-22 16:36 . 2007-07-05 03:42 258048 ----a-w- c:\windows\system32\hpzids01.dll
2009-06-21 03:23 . 2009-06-22 14:38 -------- d-----w- c:\program files\Reimage
2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Live Writer
2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Windows Live Writer
2009-06-19 18:48 . 2009-06-19 18:48 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IECompatCache
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-sh--w- c:\documents and settings\Scott Pugmire\PrivacIE
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IETldCache
2009-06-19 18:27 . 2009-06-19 18:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-19 17:29 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 17:29 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-19 17:29 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-19 17:29 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 17:29 . 2009-06-19 17:29 -------- d-----w- c:\windows\ie8updates
2009-06-19 17:28 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 17:27 . 2009-06-19 17:28 -------- dc-h--w- c:\windows\ie8
2009-06-19 03:03 . 2009-06-19 03:07 116842 ----a-w- c:\windows\hpqins00.dat
2009-06-18 20:25 . 2009-06-18 20:25 -------- d-----w- c:\program files\Trend Micro
2009-06-17 05:55 . 2009-06-17 06:07 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\vlc
2009-06-17 05:52 . 2009-06-17 05:52 -------- d-----w- c:\program files\VideoLAN
2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AVS4YOU
2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\AVS4YOU
2009-06-16 08:20 . 2006-03-03 14:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-06-16 08:20 . 2002-01-05 19:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-14 23:13 . 2009-06-14 23:13 -------- d--h--w- c:\windows\PIF
2009-06-14 00:08 . 2009-06-14 00:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-06-12 23:56 . 2009-06-13 00:00 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Digital Support
2009-06-12 23:55 . 2009-06-12 23:56 -------- d-----w- c:\program files\Digital Support
2009-06-12 15:16 . 2009-06-12 15:16 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Dell
2009-06-10 21:47 . 2009-06-12 23:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 21:42 . 2009-06-10 21:42 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.5
2009-06-10 20:49 . 2009-06-10 20:50 7431368 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP55_32Eng.exe
2009-06-10 18:55 . 2009-06-10 18:59 103812 ----a-w- c:\windows\hpqins07.dat
2009-06-10 18:21 . 2009-06-10 20:42 -------- d-----w- C:\USBStorage
2009-06-10 18:21 . 2003-04-03 22:57 5183 ----a-w- c:\windows\system32\drivers\usbu2a.sys
2009-06-10 18:21 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-06-10 18:20 . 2009-06-10 20:41 918745 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\DX-ECDRW100_Drivers.exe
2009-06-10 17:48 . 2009-06-10 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-10 17:48 . 2008-07-24 16:10 118272 ----a-w- c:\windows\system32\hpz3l58a.dll
2009-06-10 17:47 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-10 17:47 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-06-10 17:25 . 2007-07-05 02:49 294912 ----a-w- c:\windows\system32\hpovst11.dll
2009-06-10 17:25 . 2007-07-05 02:49 892928 ----a-w- c:\windows\system32\hpwtiop2.dll
2009-06-10 17:25 . 2007-07-05 02:49 675840 ----a-w- c:\windows\system32\hpwwiax2.dll
2009-06-10 17:25 . 2007-07-05 02:48 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2009-06-10 17:23 . 2007-07-05 03:42 1275480 ----a-w- c:\windows\hpzshl01.exe
2009-06-10 17:23 . 2007-07-05 03:42 1132120 ----a-w- c:\windows\hpzmsi01.exe
2009-06-10 17:22 . 2007-09-14 16:11 16050 ----a-w- c:\windows\hpwscr05.dat
2009-06-10 16:43 . 2009-06-10 18:47 326424832 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\OJProL7X00_Full_8_3.exe
2009-06-10 16:41 . 2009-06-10 16:41 15003136 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\HP_LJ_P4010_PCL6_64Bit.exe
2009-06-10 16:34 . 2009-06-10 16:35 14810696 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP32Eng6.20.182.0.exe
2009-06-10 16:32 . 2009-06-10 16:33 14663752 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\ITP32Eng6.20.182.0.exe
2009-06-10 16:20 . 2009-06-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-10 00:59 . 2009-06-10 00:59 152576 ----a-w- c:\documents and settings\Scott Pugmire\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- c:\program files\MSXML 4.0
2009-06-08 23:19 . 2009-06-08 23:19 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Blackberry Desktop
2009-06-08 17:08 . 2009-06-22 17:50 256 ----a-w- c:\windows\system32\pool.bin
2009-06-08 17:08 . 2009-06-08 17:08 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Research In Motion
2009-06-08 17:03 . 2009-06-08 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-06-08 17:02 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-06-08 17:01 . 2009-06-12 17:39 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-08 17:01 . 2009-06-08 17:01 -------- d-----w- c:\program files\Research In Motion
2009-06-08 15:52 . 2009-06-08 15:52 -------- d-sh--w- c:\windows\ftpcache
2009-06-05 06:42 . 2003-04-16 13:46 12380 ----a-w- c:\windows\system32\drivers\Usb68.sys
2009-06-05 06:41 . 2009-06-05 06:41 -------- d-----w- c:\program files\HotcardSoft
2009-06-04 15:43 . 2009-06-04 15:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iPod
2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iTunes
2009-06-04 15:25 . 2009-06-04 15:25 -------- d-----w- c:\program files\QuickTime
2009-06-04 15:23 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 15:23 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 15:20 . 2009-06-04 15:20 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 14:20 . 2009-06-04 14:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
2009-06-04 12:27 . 2009-06-04 12:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-03 19:15 . 2009-06-03 19:16 -------- d-----w- c:\program files\Microsoft Picture It! 7
2009-05-30 22:20 . 2009-05-30 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-30 03:03 . 2009-05-30 03:03 -------- d-----w- c:\windows\Sun
2009-05-30 01:40 . 2009-05-29 21:20 36864 ----a-w- C:\nphssb.dll
2009-05-30 01:40 . 2009-05-29 21:20 45056 ----a-w- c:\windows\system32\HSSICore.dll
2009-05-30 01:40 . 2009-05-29 21:20 184320 ----a-w- c:\windows\system32\OESICore.dll
2009-05-29 23:12 . 2009-06-17 06:16 -------- d-----w- c:\program files\LimeWire
2009-05-29 22:13 . 2009-05-29 22:13 136 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\fusioncache.dat
2009-05-29 22:12 . 2009-03-25 15:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-05-29 22:12 . 2009-03-25 15:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-05-29 22:12 . 2009-03-25 15:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-05-29 22:12 . 2008-10-23 17:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-05-29 22:11 . 2009-05-29 22:12 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-29 22:11 . 2009-05-29 22:11 -------- d-----w- c:\program files\McAfee.com
2009-05-29 22:11 . 2009-06-04 15:37 -------- d-----w- c:\program files\McAfee
2009-05-29 22:07 . 2009-03-25 15:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-05-29 21:52 . 2009-06-08 21:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-29 21:46 . 2009-05-29 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-29 21:38 . 2009-05-29 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-29 21:33 . 2009-05-29 21:33 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\AppUpdater
2009-05-29 21:32 . 2009-06-22 18:09 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Lookout Software
2009-05-29 21:20 . 2009-05-29 21:18 98136 ----a-w- c:\windows\gzip.exe
2009-05-29 21:18 . 2009-05-29 21:18 -------- d-----w- c:\program files\Homestead
2009-05-29 18:30 . 2009-05-29 18:31 -------- d-----w- c:\program files\ToYcon Icon Maker
2009-05-29 18:00 . 2009-05-29 18:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Icon Constructor 3
2009-05-29 18:00 . 2009-05-29 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Icon Constructor 3
2009-05-29 18:00 . 2009-05-29 18:59 -------- d-----w- c:\program files\Icon Constructor 3
2009-05-29 17:58 . 2009-05-29 17:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-29 15:42 . 2009-06-22 18:14 -------- d-----w- c:\program files\RegistryFix7
2009-05-29 15:06 . 2009-05-29 15:06 -------- d-----w- c:\program files\Lookout Software
2009-05-29 14:58 . 2009-05-29 15:01 -------- d-----w- c:\program files\Microsoft MapPoint
2009-05-29 14:54 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-29 14:54 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-29 14:27 . 2009-02-06 22:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-29 04:45 . 2009-06-16 08:33 -------- d-----w- C:\_JSP
2009-05-29 00:51 . 2009-06-11 17:18 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AdobeUM
2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-29 00:43 . 2009-05-29 00:51 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Adobe
2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-29 00:42 . 2009-06-16 22:46 -------- d-----w- C:\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 18:42 . 2009-06-22 18:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-06-22 17:42 . 2009-05-21 21:25 103456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-22 17:38 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-22 17:38 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-18 18:06 . 2009-05-29 23:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\LimeWire
2009-06-18 06:13 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-11 07:11 . 2009-05-21 21:16 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-11 07:05 . 2009-05-21 21:20 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 01:00 . 2009-05-21 21:18 -------- d-----w- c:\program files\Java
2009-06-09 17:38 . 2009-05-21 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Roxio
2009-05-30 07:11 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-29 21:21 . 2009-05-29 21:21 2232 ----a-w- c:\windows\java\Packages\Data\5RBJZ331.DAT
2009-05-29 21:21 . 2009-05-29 21:21 155995 ----a-w- c:\windows\java\Packages\137ZXZXN.ZIP
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\HJDZHVHN.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\AT33NTFZ.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\89FHZVL7.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\5ZD3BZFV.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\MAZFJXBX.DAT
2009-05-29 14:27 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live
2009-05-28 19:25 . 2009-05-21 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-05-25 04:24 . 2008-05-27 03:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\IDT
2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\DellTPad
2009-05-22 00:01 . 2009-05-22 00:01 4947 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1545.mrk
2009-05-21 21:28 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-21 21:27 . 2009-05-21 21:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Microsoft
2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-21 21:25 . 2009-05-21 21:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 21:25 . 2009-05-28 17:26 33416 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 21:24 . 2009-05-21 21:24 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Dell Support Center
2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Common Files\supportsoft
2009-05-21 21:22 . 2009-05-21 21:22 -------- d-----w- c:\program files\CyberLink
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Citrix
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-05-21 21:20 . 2009-05-21 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Intel
2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Dell
2009-05-21 21:18 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\InstallShield
2009-05-21 21:18 . 2009-05-21 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-21 21:16 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Desktop Search
2009-05-21 21:16 . 2009-05-21 21:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-05-21 21:13 . 2008-04-25 21:28 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-21 15:33 . 2009-05-21 21:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-13 05:15 . 2008-04-25 16:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-25 16:16 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 10:50 . 2008-04-25 16:16 1847808 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-25 16:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 10:01 . 2009-04-03 10:01 36224 ----a-w- c:\windows\system32\drivers\ax88772.sys
2009-03-25 15:06 . 2009-03-25 15:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-22_14.04.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-22 17:44 . 2009-06-22 17:44 16384 c:\windows\Temp\Perflib_Perfdata_638.dat
+ 2009-06-22 18:43 . 2007-08-31 19:15 18856 c:\windows\system32\ReinstallBackups\0026\DriverFiles\nuidfltr.sys
+ 2009-06-22 18:43 . 2008-04-14 09:41 21504 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\hidserv.dll
+ 2009-06-22 18:43 . 2007-08-31 19:15 18856 c:\windows\system32\ReinstallBackups\0024\DriverFiles\nuidfltr.sys
+ 2009-06-22 18:43 . 2008-04-14 09:41 21504 c:\windows\system32\ReinstallBackups\0024\DriverFiles\i386\hidserv.dll
+ 2009-06-22 18:41 . 2008-04-14 12:00 14592 c:\windows\system32\ReinstallBackups\0023\DriverFiles\i386\kbdhid.sys
+ 2009-06-22 18:41 . 2008-04-14 12:09 24576 c:\windows\system32\ReinstallBackups\0023\DriverFiles\i386\kbdclass.sys
- 2009-06-10 21:43 . 2008-04-14 12:00 12160 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouhid.sys
+ 2009-06-22 18:43 . 2001-08-17 17:48 12160 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouhid.sys
- 2009-06-10 21:43 . 2008-04-14 12:09 23040 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouclass.sys
+ 2009-06-22 18:43 . 2008-04-14 04:09 23040 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouclass.sys
+ 2009-06-22 18:43 . 2007-08-21 08:12 21760 c:\windows\system32\DRVSTORE\pnt32uw_760685142BE30506C264465948FA6BF3F83F6BA0\point32.sys
+ 2009-06-22 18:43 . 2007-08-21 08:13 24064 c:\windows\system32\DRVSTORE\pnt32uk_D8ABC581DD7826E63C34865005655841F42B07B3\point32k.sys
+ 2009-06-22 18:41 . 2007-08-31 19:15 18856 c:\windows\system32\DRVSTORE\nuidfltr_E8F8C714821A786671DE95508EA821EFC993B9E1\NuidFltr.sys
- 2005-12-01 19:57 . 2005-12-01 19:57 21760 c:\windows\system32\drivers\point32.sys
+ 2005-12-01 19:57 . 2007-08-21 08:12 21760 c:\windows\system32\drivers\point32.sys
- 2008-04-14 00:09 . 2008-04-14 12:00 14592 c:\windows\system32\drivers\kbdhid.sys
+ 2008-04-14 00:09 . 2008-04-14 04:09 14592 c:\windows\system32\drivers\kbdhid.sys
- 2008-04-14 00:09 . 2008-04-14 12:09 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2008-04-14 00:09 . 2008-04-14 04:09 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2008-04-14 00:09 . 2008-04-14 04:09 14592 c:\windows\system32\dllcache\kbdhid.sys
+ 2008-04-14 00:09 . 2008-04-14 04:09 24576 c:\windows\system32\dllcache\kbdclass.sys
- 2009-05-28 17:19 . 2009-06-22 13:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-28 17:19 . 2009-06-22 18:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-28 17:19 . 2009-06-22 18:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-28 17:19 . 2009-06-22 13:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-22 18:43 . 2005-12-01 19:57 21760 c:\windows\LastGood\system32\DRIVERS\point32.sys
+ 2009-06-22 18:42 . 2007-08-31 19:15 18856 c:\windows\LastGood\system32\DRIVERS\nuidfltr.sys
+ 2009-06-22 18:43 . 2001-08-17 17:48 12160 c:\windows\LastGood\system32\DRIVERS\mouhid.sys
+ 2009-06-22 18:43 . 2008-04-14 04:09 23040 c:\windows\LastGood\system32\DRIVERS\mouclass.sys
+ 2009-06-22 18:02 . 2006-10-18 22:32 11648 c:\windows\LastGood\system32\DRIVERS\lknucmp.sys
+ 2009-06-22 18:41 . 2008-04-14 12:00 14592 c:\windows\LastGood\system32\DRIVERS\kbdhid.sys
+ 2009-06-22 18:41 . 2008-04-14 12:09 24576 c:\windows\LastGood\system32\DRIVERS\kbdclass.sys
+ 2009-06-22 18:42 . 2008-04-14 09:41 21504 c:\windows\LastGood\system32\DRIVERS\hidserv.dll
+ 2009-06-22 17:35 . 2009-06-22 17:35 65536 c:\windows\Installer\{DBC20735-34E6-4E97-A9E5-2066B66B243D}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2009-06-22 18:00 . 2009-06-22 18:00 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F6617.exe
+ 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut27.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut27.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut25.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut25.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut15_1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut15_1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-06-22 18:43 . 2009-06-22 18:43 65536 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut3_4748AC220AD3439FA5EECE4BB6C12AAC.exe
+ 2009-06-22 18:43 . 2009-06-22 18:43 29926 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut2_6463554370E7436D8D6D4A721595029E.exe
+ 2009-06-22 18:43 . 2009-06-22 18:43 29926 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut1_6463554370E7436D8D6D4A721595029E.exe
+ 2009-06-22 18:43 . 2009-06-22 18:43 25214 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\HCG_SC.exe
+ 2009-06-22 18:43 . 2009-06-22 18:43 25214 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\CPL_SC.exe
+ 2009-06-22 18:43 . 2009-06-22 18:43 25214 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\CPL_DTSC.exe
+ 2009-06-22 18:43 . 2009-06-22 18:43 25214 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\ARPPRODUCTICON.exe
+ 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe
+ 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe
+ 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe
+ 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe
+ 2009-06-22 18:41 . 2009-06-22 18:41 25214 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\PGM_CPL.exe
+ 2009-06-22 18:41 . 2009-06-22 18:41 65536 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\NewShortcut3_31DD6897EF244CA395831874C052777A.exe
+ 2009-06-22 18:41 . 2009-06-22 18:41 29926 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\NewShortcut2_5D5B9E6A344C497695ABABBDC648E5DA.exe
+ 2009-06-22 18:41 . 2009-06-22 18:41 29926 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\NewShortcut1_5D5B9E6A344C497695ABABBDC648E5DA.exe
+ 2009-06-22 18:41 . 2009-06-22 18:41 25214 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\ITP_HCG.exe
+ 2009-06-22 18:41 . 2009-06-22 18:41 25214 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\DS_CPL.exe
+ 2009-06-22 18:41 . 2009-06-22 18:41 25214 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\ARPPRODUCTICON.exe
+ 2006-02-19 07:28 . 2006-02-19 07:28 12288 c:\windows\Fonts\RandFont.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 90112 c:\windows\assembly\GAC\LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\LTRASTERVIEWLib.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 40960 c:\windows\assembly\GAC\LTRASTERLib\1.0.0.0__a53cf5803f4c3827\LTRASTERLib.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 73728 c:\windows\assembly\GAC\LTRASTERIOLib\1.0.0.0__a53cf5803f4c3827\LTRASTERIOLib.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 77824 c:\windows\assembly\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\LEAD.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 40960 c:\windows\assembly\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\LEAD.Windows.Forms.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 69632 c:\windows\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 86016 c:\windows\assembly\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 90112 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 81920 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 18944 c:\windows\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\Interop.MsHtmHst.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 90112 c:\windows\assembly\GAC\Interop.LTANNLib\1.0.0.0__a53cf5803f4c3827\Interop.LTANNLib.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 14848 c:\windows\assembly\GAC\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\Interop.hpqvideo.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 12800 c:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 10240 c:\windows\assembly\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\Interop.hpqdstcp.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 15872 c:\windows\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\interop.hpodxmlutil.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 13312 c:\windows\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\interop.hpodvid.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 13312 c:\windows\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\interop.hpodtrk.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 12800 c:\windows\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv_md.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 15360 c:\windows\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\interop.hpodmmc.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 10240 c:\windows\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\Interop.hpodev08.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 94208 c:\windows\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\Interop.hpodeb08.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 12800 c:\windows\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\interop.hpodaud.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 53248 c:\windows\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\interop.hpodai.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\interop.hpodae.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 98304 c:\windows\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\Interop.hpocxi08.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\Interop.hpdarc.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 57344 c:\windows\assembly\GAC\hpqxpbrn\3.0.0.0__a53cf5803f4c3827\hpqxpbrn.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 94208 c:\windows\assembly\GAC\hpqunkwd\3.0.0.0__a53cf5803f4c3827\hpqunkwd.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 65536 c:\windows\assembly\GAC\hpqunkwd.resources\3.0.0.0_en_a53cf5803f4c3827\hpqunkwd.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 77824 c:\windows\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 77824 c:\windows\assembly\GAC\hpqszip\3.0.0.0__a53cf5803f4c3827\hpqszip.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 20480 c:\windows\assembly\GAC\hpqqca\3.0.0.0__a53cf5803f4c3827\hpqqca.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 61440 c:\windows\assembly\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\hpqptint.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 32768 c:\windows\assembly\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\hpqptint.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 57344 c:\windows\assembly\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 15360 c:\windows\assembly\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\hpqprrsc.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\hpqprogdlg\3.0.0.0__a53cf5803f4c3827\hpqprogdlg.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 15360 c:\windows\assembly\GAC\hpqprogdlg.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprogdlg.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 20480 c:\windows\assembly\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\hpqprif.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 19456 c:\windows\assembly\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\hpqpel10.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqpbgen\3.0.0.0__a53cf5803f4c3827\hpqpbgen.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 53248 c:\windows\assembly\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 69632 c:\windows\assembly\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 16384 c:\windows\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\hpqmyint.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\hpqmpvad.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 65536 c:\windows\assembly\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 20480 c:\windows\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\hpqltutl.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqlsutl\1.0.0.0__a53cf5803f4c3827\hpqlsutl.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 69632 c:\windows\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 77824 c:\windows\assembly\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\hpqislib.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 16384 c:\windows\assembly\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\hpqisdsp.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 61440 c:\windows\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\hpqimgrc.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 20480 c:\windows\assembly\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 94208 c:\windows\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgtpin.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 69632 c:\windows\assembly\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 40960 c:\windows\assembly\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\hpqglutl.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 13312 c:\windows\assembly\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\hpqedppi.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\hpqeal.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 98304 c:\windows\assembly\GAC\hpqdocvw.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdocvw.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 86016 c:\windows\assembly\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\hpqdocpt.resources.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 36864 c:\windows\assembly\GAC\hpqdcrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdcrsc.resources.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 57344 c:\windows\assembly\GAC\hpqdcprf\3.0.0.0__a53cf5803f4c3827\hpqdcprf.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 40960 c:\windows\assembly\GAC\hpqdcprf.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdcprf.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 53248 c:\windows\assembly\GAC\hpqcpolp\4.0.0.0__a53cf5803f4c3827\hpqcpolp.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqcpolp.resources\4.0.0.0_en_a53cf5803f4c3827\hpqcpolp.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 65536 c:\windows\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\hpqcpint.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 98304 c:\windows\assembly\GAC\hpqcddvd\3.0.0.0__a53cf5803f4c3827\hpqcddvd.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 86016 c:\windows\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcalp.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 32768 c:\windows\assembly\GAC\hpqbutil\3.0.0.0__a53cf5803f4c3827\hpqbutil.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\hpqbkloc\3.0.0.0__a53cf5803f4c3827\hpqbkloc.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 45056 c:\windows\assembly\GAC\hpqasmgt\3.0.0.0__a53cf5803f4c3827\hpqasmgt.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\hpqalb.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 45056 c:\windows\assembly\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\hpqactiv.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\HPODMmcLib.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 32256 c:\windows\assembly\GAC\hplMosaicNet\1.4.1.0__0d5444959b41355f\hplMosaicNet.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 45056 c:\windows\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\AxInterop.SHDocVw.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 77824 c:\windows\assembly\GAC\AxInterop.LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\AxInterop.LTRASTERVIEWLib.dll
+ 2005-08-19 07:00 . 2005-08-19 07:00 2560 c:\windows\system32\drivers\cdralw2k.sys
+ 2005-08-19 07:00 . 2005-08-19 07:00 2432 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-06-22 17:37 . 2009-06-22 17:37 4286 c:\windows\Installer\{B6286A44-7505-471A-A72B-04EC2DB2F442}\Shortcut_start.9FAB98ED_2143_4534_9750_7CD4ECEB9596.exe
+ 2009-06-22 18:43 . 2009-06-22 18:43 4846 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\MouseUG.exe
+ 2009-06-22 18:41 . 2009-06-22 18:41 4846 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\ITP_KeyboardUG.exe
+ 2006-09-07 19:41 . 2006-09-07 19:41 3953 c:\windows\hpwmdl05.dat
+ 2009-06-22 17:37 . 2009-06-22 17:37 3072 c:\windows\assembly\GAC\policy.13.0.LEAD\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Wrapper.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.DrawingContainer.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.CommonDialogs.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.Twain.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.Codecs.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 7680 c:\windows\assembly\GAC\Interop.LITTManagerLib\1.0.0.0__a53cf5803f4c3827\Interop.LITTManagerLib.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 4096 c:\windows\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\Interop.hprblog.dll
+ 2009-06-22 17:38 . 2009-06-22 17:38 9216 c:\windows\assembly\GAC\Interop.hpqSonWr\4.0.0.0__a53cf5803f4c3827\Interop.hpqSonWr.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 7680 c:\windows\assembly\GAC\Interop.hpqcrmcm\7.0.78.0__a53cf5803f4c3827\Interop.hpqcrmcm.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 5632 c:\windows\assembly\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\interop.hpqcldat.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 4608 c:\windows\assembly\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\interop.hpqcbcnv.dll
+ 2009-06-22 17:38 . 2009-06-22 17:38 6656 c:\windows\assembly\GAC\Interop.HpqCamUn\1.0.0.0__a53cf5803f4c3827\Interop.HpqCamUn.dll
+ 2009-06-22 17:38 . 2009-06-22 17:38 6656 c:\windows\assembly\GAC\Interop.hpqaiois\4.0.0.0__a53cf5803f4c3827\Interop.hpqaiois.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 4608 c:\windows\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\interop.hpodprint2.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 7680 c:\windows\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 6656 c:\windows\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\interop.hpodmp.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 8704 c:\windows\assembly\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\hpqmdmr.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 4096 c:\windows\assembly\GAC\hpqedppi.resources\3.0.0.0_en_a53cf5803f4c3827\hpqedppi.resources.dll
- 2009-06-10 17:48 . 2008-07-24 16:10 200192 c:\windows\system32\spool\drivers\w32x86\3\hpzpr58a.dll
+ 2009-06-11 16:13 . 2008-07-24 16:10 200192 c:\windows\system32\spool\drivers\w32x86\3\hpzpr58a.dll
- 2009-06-10 17:48 . 2008-07-24 16:10 437248 c:\windows\system32\spool\drivers\w32x86\3\hpzev58a.dll
+ 2009-06-11 16:13 . 2008-07-24 16:10 437248 c:\windows\system32\spool\drivers\w32x86\3\hpzev58a.dll
+ 2009-06-11 16:13 . 2008-07-24 16:13 977920 c:\windows\system32\spool\drivers\w32x86\3\hpz3c58a.dll
- 2009-06-10 17:48 . 2008-07-24 16:13 977920 c:\windows\system32\spool\drivers\w32x86\3\hpz3c58a.dll
+ 2009-06-11 16:13 . 2006-08-22 06:34 106496 c:\windows\system32\spool\drivers\w32x86\3\hpfrs58a.dll
- 2009-06-10 17:48 . 2006-08-22 06:34 106496 c:\windows\system32\spool\drivers\w32x86\3\hpfrs58a.dll
+ 2009-06-11 16:13 . 2006-08-22 06:32 314880 c:\windows\system32\spool\drivers\w32x86\3\hpfie58a.dll
- 2009-06-10 17:48 . 2006-08-22 06:32 314880 c:\windows\system32\spool\drivers\w32x86\3\hpfie58a.dll
+ 2009-05-28 23:13 . 2006-11-29 21:26 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
- 2009-05-28 23:13 . 2008-02-05 18:26 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2005-09-29 19:05 . 2005-09-29 19:05 151552 c:\windows\system32\pxwma.dll
+ 2002-01-05 08:36 . 2002-01-05 08:36 964608 c:\windows\system32\mfc70u.dll
+ 2002-01-05 08:48 . 2002-01-05 08:48 974848 c:\windows\system32\mfc70.dll
- 2001-12-17 12:15 . 2001-12-17 12:15 974848 c:\windows\system32\mfc70.dll
+ 2008-04-25 09:21 . 2009-06-22 17:44 356952 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-22 18:00 . 2009-06-22 18:00 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F66110.exe
+ 2009-06-22 17:36 . 2009-06-22 17:36 643072 c:\windows\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut9.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut9.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut8.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut8.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut7.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut7.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut6.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut6.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut24.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut24.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut23.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut23.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut22.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut22.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut21.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut21.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut20.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut20.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut2.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut2.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut19.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut19.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut18.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut18.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut17.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut17.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut16.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut16.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut14.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut14.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut13.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut13.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut12.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut12.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut11.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut11.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut10.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut10.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
- 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
+ 2009-06-22 17:37 . 2009-06-22 17:37 430080 c:\windows\assembly\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\LEAD.Wrapper.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 106496 c:\windows\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\LEAD.Windows.Forms.CommonDialogs.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 102400 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.Imaging.Twain.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 126976 c:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\Interop.SHDocVw.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 204800 c:\windows\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\Interop.hpodio08.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 163840 c:\windows\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 229376 c:\windows\assembly\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 385024 c:\windows\assembly\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 262144 c:\windows\assembly\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
+ 2009-06-22 17:38 . 2009-06-22 17:38 581632 c:\windows\assembly\GAC\hpqsshw\3.0.0.0__a53cf5803f4c3827\hpqsshw.dll
+ 2009-06-22 17:38 . 2009-06-22 17:38 364544 c:\windows\assembly\GAC\hpqsshw.resources\3.0.0.0_en_a53cf5803f4c3827\hpqsshw.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 983040 c:\windows\assembly\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\hpqptfx.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 380928 c:\windows\assembly\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\hpqptfx.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 479232 c:\windows\assembly\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\hpqprutl.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 237568 c:\windows\assembly\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\hpqprutl.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 401408 c:\windows\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\hpqprjfx.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 258048 c:\windows\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprjfx.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 176128 c:\windows\assembly\GAC\hpqprjcm\3.0.0.0__a53cf5803f4c3827\hpqprjcm.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 131072 c:\windows\assembly\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\hpqpel10.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 184320 c:\windows\assembly\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\hpqpdmdl.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 319488 c:\windows\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\hpqpanop.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 110592 c:\windows\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpanop.resources.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 475136 c:\windows\assembly\GAC\hpqmydoc\3.0.0.0__a53cf5803f4c3827\hpqmydoc.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 253952 c:\windows\assembly\GAC\hpqmydoc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqmydoc.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 323584 c:\windows\assembly\GAC\hpqlsprj\1.0.0.0__a53cf5803f4c3827\hpqlsprj.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 192512 c:\windows\assembly\GAC\hpqlsprj.resources\1.0.0.0_en_a53cf5803f4c3827\hpqlsprj.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 712704 c:\windows\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\hpqistab.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 516096 c:\windows\assembly\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 348160 c:\windows\assembly\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\hpqimvlt.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 192512 c:\windows\assembly\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 282624 c:\windows\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\hpqgtpin.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 737280 c:\windows\assembly\GAC\hpqedit.resources\3.0.0.0_en_a53cf5803f4c3827\hpqedit.resources.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 147456 c:\windows\assembly\GAC\hpqdocvw\3.0.0.0__a53cf5803f4c3827\hpqdocvw.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 139264 c:\windows\assembly\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\hpqdocpt.dll
+ 2009-06-22 17:39 . 2009-06-22 17:39 151552 c:\windows\assembly\GAC\hpqdcrsc\3.0.0.0__a53cf5803f4c3827\hpqdcrsc.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 425984 c:\windows\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 167936 c:\windows\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 262144 c:\windows\assembly\GAC\hpqcdcpy\3.0.0.0__a53cf5803f4c3827\hpqcdcpy.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 184320 c:\windows\assembly\GAC\hpqcdcpy.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcdcpy.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 593920 c:\windows\assembly\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 274432 c:\windows\assembly\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcc2.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 180224 c:\windows\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\hpqcalp.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 790528 c:\windows\assembly\GAC\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 532480 c:\windows\assembly\GAC\hpqbakup.resources\3.0.0.0_en_a53cf5803f4c3827\hpqbakup.resources.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 163840 c:\windows\assembly\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\hpqactiv.dll
+ 2009-05-22 00:02 . 2007-08-31 19:13 1421736 c:\windows\system32\wdfcoinstaller01005.dll
- 2009-06-10 17:48 . 2008-07-24 16:13 3333632 c:\windows\system32\spool\drivers\w32x86\3\hpzur58a.dll
+ 2009-06-11 16:13 . 2008-07-24 16:13 3333632 c:\windows\system32\spool\drivers\w32x86\3\hpzur58a.dll
- 2009-06-10 17:48 . 2008-07-24 16:10 3217920 c:\windows\system32\spool\drivers\w32x86\3\hpzui58a.dll
+ 2009-06-11 16:13 . 2008-07-24 16:10 3217920 c:\windows\system32\spool\drivers\w32x86\3\hpzui58a.dll
+ 2009-06-22 16:36 . 2006-07-03 15:54 4357632 c:\windows\system32\spool\drivers\w32x86\3\hpzui4sa.dll
- 2009-05-28 23:13 . 2006-07-03 15:54 4357632 c:\windows\system32\spool\drivers\w32x86\3\hpzui4sa.dll
- 2009-06-10 17:48 . 2008-07-24 16:13 5513216 c:\windows\system32\spool\drivers\w32x86\3\hpzst58a.dll
+ 2009-06-11 16:13 . 2008-07-24 16:13 5513216 c:\windows\system32\spool\drivers\w32x86\3\hpzst58a.dll
- 2009-06-10 17:48 . 2008-07-24 16:10 1737728 c:\windows\system32\spool\drivers\w32x86\3\hpz3r58a.dll
+ 2009-06-11 16:13 . 2008-07-24 16:10 1737728 c:\windows\system32\spool\drivers\w32x86\3\hpz3r58a.dll
- 2009-06-10 17:48 . 2006-08-22 06:33 7019008 c:\windows\system32\spool\drivers\w32x86\3\hpfig58a.dll
+ 2009-06-11 16:13 . 2006-08-22 06:33 7019008 c:\windows\system32\spool\drivers\w32x86\3\hpfig58a.dll
+ 2009-05-28 23:13 . 2007-03-07 19:16 2856960 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2009-06-22 18:43 . 2007-08-31 19:13 1421736 c:\windows\system32\ReinstallBackups\0026\DriverFiles\wdfcoinstaller01005.dll
+ 2009-06-22 18:43 . 2007-08-31 19:13 1421736 c:\windows\system32\ReinstallBackups\0024\DriverFiles\wdfcoinstaller01005.dll
+ 2009-06-22 18:41 . 2007-08-31 19:13 1421736 c:\windows\system32\DRVSTORE\nuidfltr_E8F8C714821A786671DE95508EA821EFC993B9E1\wdfcoinstaller01005.dll
+ 2009-06-22 18:42 . 2008-12-08 21:15 1419232 c:\windows\LastGood\system32\wdfcoinstaller01005.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2009-06-22 17:37 . 2009-06-22 17:37 1163264 c:\windows\assembly\GAC\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-28 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-09 466944]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-28 68592]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2009-5-28 25214]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-6-5 1545488]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-21 21:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/29/2009 10:27 AM 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/29/2009 6:14 PM 210216]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/21/2009 8:02 PM 108160]
R3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [5/28/2009 8:15 PM 11648]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [5/28/2009 8:15 PM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [5/28/2009 8:15 PM 37248]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/21/2009 8:02 PM 160256]
S2 yksvc;Marvell Yukon Service; [x]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717499061-2896550583-2833677910-1005.job
- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 19:43]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53]

2009-05-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A5B67D12-8F93-B1F2-FB7A-C0A30649AF4E} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1717499061-2896550583-2833677910-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1672)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(4348)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
Completion time: 2009-06-22 16:10
ComboFix-quarantined-files.txt 2009-06-22 20:10
ComboFix2.txt 2009-06-22 14:06

Pre-Run: 251,822,518,272 bytes free
Post-Run: 251,835,682,816 bytes free

667 --- E O F --- 2009-06-19 17:29

Kaspersky Scan.txt

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 22, 2009 22:57:55
Records in database: 2378674
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
V:\
X:\

Scan statistics:
Files scanned: 178901
Threat name: 5
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 09:01:14

File name / Threat name / Threats count
C:\Documents and Settings\Scott Pugmire\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000004.pst Infected: Trojan-Downloader.JS.Gumblar.a 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip Infected: Trojan-Spy.Win32.Zbot.gen 1
X:\_Sage Archive\Outlook\Archive_2006.pst Infected: Trojan-Spy.HTML.Amazofraud.m 1
X:\Nancy's PC Fix\Nancy's Documents\iPod Music\02 Track 2 (broken).wma Infected: Trojan-Downloader.WMA.Wimad.k 1
X:\Nancy's PC Fix\Nancy's Documents\iPod Music\05 Track 5 (girlshapedlovedrug).wma Infected: Trojan-Downloader.WMA.Wimad.o 1

The selected area was scanned.

**TheBruce1** · 06-23-2009, 11:32 AM

Hello again

Quote:

C:\Documents and Settings\Scott Pugmire\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000004.pst Infected: Trojan-Downloader.JS.Gumblar.a 2
X:\_Sage Archive\Outlook\Archive_2006.pst Infected: Trojan-Spy.HTML.Amazofraud.m 1

Kaspersky detected two e-mail`s which are infected, i am afraid we have no way of knowing exactly which ones, i would advise you to delete all e-mail`s contained within the pst and Archive 2006 folders of Outlook.

=======

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

SkipFix::

File::
X:\Nancy's PC Fix\Nancy's Documents\iPod Music\02 Track 2 (broken).wma
X:\Nancy's PC Fix\Nancy's Documents\iPod Music\05 Track 5 (girlshapedlovedrug).wma

Driver::
yksvc

Save this as CFscript

Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the C:\Combofix.txt in your reply for review.

**spugmire** · 06-23-2009, 02:01 PM

I deleted the two pst files that you indicated. Below is the result of the Combofix run:

ComboFix 09-06-22.0E - Scott Pugmire 06/23/2009 15:58.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2812 [GMT -4:00]
Running from: c:\documents and settings\Scott Pugmire\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scott Pugmire\Desktop\CFscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"x:\nancy's pc fix\Nancy's Documents\iPod Music\02 Track 2 (broken).wma"
"x:\nancy's pc fix\Nancy's Documents\iPod Music\05 Track 5 (girlshapedlovedrug).wma"
.

((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 19:48 . 2009-06-23 19:48 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-23 19:16 . 2009-06-23 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-22 18:42 . 2009-06-22 18:43 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-06-22 18:41 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-06-22 18:41 . 2007-08-31 19:15 18856 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-06-22 18:41 . 2009-06-22 18:41 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-06-22 18:02 . 2009-06-22 18:02 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\WinZip
2009-06-22 18:01 . 2009-06-22 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-22 17:47 . 2009-06-22 17:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\HP
2009-06-22 17:39 . 2009-06-22 17:39 -------- d-----w- C:\bin
2009-06-22 17:29 . 2009-06-22 17:42 142068 ----a-w- c:\windows\hpwins05.dat
2009-06-22 16:36 . 2007-07-05 03:42 258048 ----a-w- c:\windows\system32\hpzids01.dll
2009-06-21 03:23 . 2009-06-22 14:38 -------- d-----w- c:\program files\Reimage
2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Live Writer
2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Windows Live Writer
2009-06-19 18:48 . 2009-06-19 18:48 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IECompatCache
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-sh--w- c:\documents and settings\Scott Pugmire\PrivacIE
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IETldCache
2009-06-19 18:27 . 2009-06-19 18:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-19 17:29 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 17:29 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-19 17:29 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-19 17:29 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 17:29 . 2009-06-19 17:29 -------- d-----w- c:\windows\ie8updates
2009-06-19 17:28 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 17:27 . 2009-06-19 17:28 -------- dc-h--w- c:\windows\ie8
2009-06-19 03:03 . 2009-06-19 03:07 116842 ----a-w- c:\windows\hpqins00.dat
2009-06-18 20:25 . 2009-06-18 20:25 -------- d-----w- c:\program files\Trend Micro
2009-06-17 05:55 . 2009-06-17 06:07 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\vlc
2009-06-17 05:52 . 2009-06-17 05:52 -------- d-----w- c:\program files\VideoLAN
2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AVS4YOU
2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\AVS4YOU
2009-06-16 08:20 . 2006-03-03 14:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-06-16 08:20 . 2002-01-05 19:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-14 23:13 . 2009-06-14 23:13 -------- d--h--w- c:\windows\PIF
2009-06-14 00:08 . 2009-06-14 00:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-06-12 23:56 . 2009-06-13 00:00 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Digital Support
2009-06-12 23:55 . 2009-06-12 23:56 -------- d-----w- c:\program files\Digital Support
2009-06-12 15:16 . 2009-06-12 15:16 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Dell
2009-06-10 21:47 . 2009-06-12 23:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 21:42 . 2009-06-10 21:42 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.5
2009-06-10 20:49 . 2009-06-10 20:50 7431368 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP55_32Eng.exe
2009-06-10 18:55 . 2009-06-10 18:59 103812 ----a-w- c:\windows\hpqins07.dat
2009-06-10 18:21 . 2009-06-10 20:42 -------- d-----w- C:\USBStorage
2009-06-10 18:21 . 2003-04-03 22:57 5183 ----a-w- c:\windows\system32\drivers\usbu2a.sys
2009-06-10 18:21 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-06-10 18:20 . 2009-06-10 20:41 918745 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\DX-ECDRW100_Drivers.exe
2009-06-10 17:48 . 2009-06-10 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-10 17:48 . 2008-07-24 16:10 118272 ----a-w- c:\windows\system32\hpz3l58a.dll
2009-06-10 17:47 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-10 17:47 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-06-10 17:25 . 2007-07-05 02:49 294912 ----a-w- c:\windows\system32\hpovst11.dll
2009-06-10 17:25 . 2007-07-05 02:49 892928 ----a-w- c:\windows\system32\hpwtiop2.dll
2009-06-10 17:25 . 2007-07-05 02:49 675840 ----a-w- c:\windows\system32\hpwwiax2.dll
2009-06-10 17:25 . 2007-07-05 02:48 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2009-06-10 17:23 . 2007-07-05 03:42 1275480 ----a-w- c:\windows\hpzshl01.exe
2009-06-10 17:23 . 2007-07-05 03:42 1132120 ----a-w- c:\windows\hpzmsi01.exe
2009-06-10 17:22 . 2007-09-14 16:11 16050 ----a-w- c:\windows\hpwscr05.dat
2009-06-10 16:43 . 2009-06-10 18:47 326424832 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\OJProL7X00_Full_8_3.exe
2009-06-10 16:41 . 2009-06-10 16:41 15003136 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\HP_LJ_P4010_PCL6_64Bit.exe
2009-06-10 16:34 . 2009-06-10 16:35 14810696 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP32Eng6.20.182.0.exe
2009-06-10 16:32 . 2009-06-10 16:33 14663752 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\ITP32Eng6.20.182.0.exe
2009-06-10 16:20 . 2009-06-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-10 00:59 . 2009-06-10 00:59 152576 ----a-w- c:\documents and settings\Scott Pugmire\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- c:\program files\MSXML 4.0
2009-06-08 23:19 . 2009-06-08 23:19 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Blackberry Desktop
2009-06-08 17:08 . 2009-06-23 19:43 256 ----a-w- c:\windows\system32\pool.bin
2009-06-08 17:08 . 2009-06-08 17:08 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Research In Motion
2009-06-08 17:03 . 2009-06-08 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-06-08 17:02 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-06-08 17:01 . 2009-06-12 17:39 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-08 17:01 . 2009-06-08 17:01 -------- d-----w- c:\program files\Research In Motion
2009-06-08 15:52 . 2009-06-08 15:52 -------- d-sh--w- c:\windows\ftpcache
2009-06-05 06:42 . 2003-04-16 13:46 12380 ----a-w- c:\windows\system32\drivers\Usb68.sys
2009-06-05 06:41 . 2009-06-05 06:41 -------- d-----w- c:\program files\HotcardSoft
2009-06-04 15:43 . 2009-06-04 15:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iPod
2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iTunes
2009-06-04 15:25 . 2009-06-04 15:25 -------- d-----w- c:\program files\QuickTime
2009-06-04 15:23 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 15:23 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 15:20 . 2009-06-04 15:20 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 14:20 . 2009-06-04 14:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
2009-06-04 12:27 . 2009-06-04 12:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-03 19:15 . 2009-06-03 19:16 -------- d-----w- c:\program files\Microsoft Picture It! 7
2009-05-30 22:20 . 2009-05-30 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-30 03:03 . 2009-05-30 03:03 -------- d-----w- c:\windows\Sun
2009-05-30 01:40 . 2009-05-29 21:20 36864 ----a-w- C:\nphssb.dll
2009-05-30 01:40 . 2009-05-29 21:20 45056 ----a-w- c:\windows\system32\HSSICore.dll
2009-05-30 01:40 . 2009-05-29 21:20 184320 ----a-w- c:\windows\system32\OESICore.dll
2009-05-29 23:12 . 2009-06-17 06:16 -------- d-----w- c:\program files\LimeWire
2009-05-29 22:13 . 2009-05-29 22:13 136 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\fusioncache.dat
2009-05-29 22:12 . 2009-03-25 15:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-05-29 22:12 . 2009-03-25 15:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-05-29 22:12 . 2009-03-25 15:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-05-29 22:12 . 2008-10-23 17:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-05-29 22:11 . 2009-05-29 22:12 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-29 22:11 . 2009-05-29 22:11 -------- d-----w- c:\program files\McAfee.com
2009-05-29 22:11 . 2009-06-04 15:37 -------- d-----w- c:\program files\McAfee
2009-05-29 22:07 . 2009-03-25 15:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-05-29 21:52 . 2009-06-08 21:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-29 21:46 . 2009-05-29 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-29 21:38 . 2009-05-29 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-29 21:33 . 2009-05-29 21:33 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\AppUpdater
2009-05-29 21:32 . 2009-06-23 19:17 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Lookout Software
2009-05-29 21:20 . 2009-05-29 21:18 98136 ----a-w- c:\windows\gzip.exe
2009-05-29 21:18 . 2009-05-29 21:18 -------- d-----w- c:\program files\Homestead
2009-05-29 18:30 . 2009-05-29 18:31 -------- d-----w- c:\program files\ToYcon Icon Maker
2009-05-29 18:00 . 2009-05-29 18:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Icon Constructor 3
2009-05-29 18:00 . 2009-05-29 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Icon Constructor 3
2009-05-29 18:00 . 2009-05-29 18:59 -------- d-----w- c:\program files\Icon Constructor 3
2009-05-29 17:58 . 2009-05-29 17:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-29 15:42 . 2009-06-22 18:14 -------- d-----w- c:\program files\RegistryFix7
2009-05-29 15:06 . 2009-05-29 15:06 -------- d-----w- c:\program files\Lookout Software
2009-05-29 14:58 . 2009-05-29 15:01 -------- d-----w- c:\program files\Microsoft MapPoint
2009-05-29 14:54 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-29 14:54 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-29 14:27 . 2009-02-06 22:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-29 04:45 . 2009-06-16 08:33 -------- d-----w- C:\_JSP
2009-05-29 00:51 . 2009-06-11 17:18 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AdobeUM
2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-29 00:43 . 2009-05-29 00:51 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Adobe
2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 13:19 . 2009-05-21 21:25 103848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-22 18:42 . 2009-06-22 18:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-06-22 17:38 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-22 17:38 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-18 18:06 . 2009-05-29 23:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\LimeWire
2009-06-18 06:13 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-11 07:11 . 2009-05-21 21:16 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-11 07:05 . 2009-05-21 21:20 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 01:00 . 2009-05-21 21:18 -------- d-----w- c:\program files\Java
2009-06-09 17:38 . 2009-05-21 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Roxio
2009-05-30 07:11 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-29 21:21 . 2009-05-29 21:21 2232 ----a-w- c:\windows\java\Packages\Data\5RBJZ331.DAT
2009-05-29 21:21 . 2009-05-29 21:21 155995 ----a-w- c:\windows\java\Packages\137ZXZXN.ZIP
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\HJDZHVHN.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\AT33NTFZ.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\89FHZVL7.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\5ZD3BZFV.DAT
2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\MAZFJXBX.DAT
2009-05-29 14:27 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live
2009-05-28 19:25 . 2009-05-21 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-05-25 04:24 . 2008-05-27 03:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\IDT
2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\DellTPad
2009-05-22 00:01 . 2009-05-22 00:01 4947 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1545.mrk
2009-05-21 21:28 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-21 21:27 . 2009-05-21 21:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Microsoft
2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-21 21:25 . 2009-05-21 21:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 21:25 . 2009-05-28 17:26 33416 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 21:24 . 2009-05-21 21:24 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Dell Support Center
2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Common Files\supportsoft
2009-05-21 21:22 . 2009-05-21 21:22 -------- d-----w- c:\program files\CyberLink
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Citrix
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-05-21 21:20 . 2009-05-21 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Intel
2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Dell
2009-05-21 21:18 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\InstallShield
2009-05-21 21:18 . 2009-05-21 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-21 21:16 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Desktop Search
2009-05-21 21:16 . 2009-05-21 21:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-05-21 21:13 . 2008-04-25 21:28 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-21 15:33 . 2009-05-21 21:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-13 05:15 . 2008-04-25 16:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-25 16:16 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 10:50 . 2008-04-25 16:16 1847808 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-25 16:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 10:01 . 2009-04-03 10:01 36224 ----a-w- c:\windows\system32\drivers\ax88772.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-06-22_20.09.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 15:32 . 2009-06-23 15:32 16384 c:\windows\Temp\Perflib_Perfdata_3a8.dat
+ 2009-06-23 19:48 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-23 19:48 . 2008-04-14 12:00 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-23 19:48 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-23 19:48 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-23 19:48 . 2008-04-14 12:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-23 19:48 . 2008-04-14 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-23 19:48 . 2008-04-14 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-23 19:48 . 2008-04-14 04:09 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-23 19:48 . 2008-04-14 12:00 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-23 19:48 . 2008-04-14 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-22 22:19 . 2009-06-23 18:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-28 17:19 . 2009-06-22 18:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-28 17:19 . 2009-06-23 18:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-28 17:19 . 2009-06-22 18:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 17:19 . 2009-06-23 18:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-23 19:16 . 2009-06-23 19:16 10134 c:\windows\Installer\{36FDBE6E-6684-462B-AE98-9A39A1B200CC}\ARPPRODUCTICON.exe
+ 2008-04-25 09:21 . 2009-06-23 15:32 358544 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-23 19:48 . 2008-04-14 12:00 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-23 19:48 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-23 19:48 . 2008-04-14 12:00 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-23 19:48 . 2008-04-14 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-23 19:48 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-23 19:48 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-23 19:48 . 2008-04-14 12:00 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-23 19:48 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-23 19:48 . 2008-04-14 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-23 19:48 . 2008-04-14 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-23 19:16 . 2009-06-23 19:16 689456 c:\windows\Installer\{FE57DE70-95DE-4B64-9266-84DA811053DB}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
+ 2009-06-23 19:48 . 2008-04-14 12:00 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-23 19:48 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-23 19:48 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-23 19:48 . 2008-04-14 12:00 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-28 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-09 466944]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-28 68592]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2009-5-28 25214]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-6-5 1545488]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-21 21:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/29/2009 10:27 AM 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/29/2009 6:14 PM 210216]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/21/2009 8:02 PM 108160]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [5/28/2009 8:15 PM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [5/28/2009 8:15 PM 37248]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/21/2009 8:02 PM 160256]
S2 yksvc;Marvell Yukon Service; [x]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [5/28/2009 8:15 PM 11648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717499061-2896550583-2833677910-1005.job
- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 19:43]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53]

2009-05-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A5B67D12-8F93-B1F2-FB7A-C0A30649AF4E} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 15:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1717499061-2896550583-2833677910-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1556)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
Completion time: 2009-06-23 15:59
ComboFix-quarantined-files.txt 2009-06-23 19:59
ComboFix2.txt 2009-06-22 20:11
ComboFix3.txt 2009-06-22 14:06

Pre-Run: 251,577,454,592 bytes free
Post-Run: 251,559,661,568 bytes free

408 --- E O F --- 2009-06-19 17:29

**TheBruce1** · 06-23-2009, 03:55 PM

Hello again

If you have removed RegistryFix v7.1- delete this folder in blue

c:\program files\RegistryFix7

Also which version of Mcafee do you have installed? The version you currently have installed looks to be a few years old?

**spugmire** · 06-23-2009, 04:41 PM

Not sure why the RegistryFix folder was left behind, but I got rid of it. As for the McAfee, I selected the menu item [About] and it seemed to have multiple versions for each part of the application. I included a screenshot of those versions. Hope that works.

**TheBruce1** · 06-23-2009, 05:10 PM

Hello again

Your Mcafee versions are current and correct.

=======

If there are no further issues, continue below.

=======

Delete DDS from your desktop, you may keep ATF-Cleaner if you wish...otherwise delete from desktop.

========

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

=========

Clear IE6 cookies

*Open IE and click Tools
*Click on Internet Options
*Click on General Tab
*Click on Delte Temp Files & Cookies buttons.

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.

Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.

For Internet Explorer users:
WOT for IE

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.

Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Secunia PSI is a programme that will alert you to vulnerabilities and outdated programs you have installed, such as Java, Flash Player and many more.

It can also alert you if you have not installed the latest patches from Microsoft.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.

**spugmire** · 06-23-2009, 07:09 PM

Thank you for your help. I noticed you are a Scot. One of my family names is Mcleod which originates from the Isle of Skye. Nice to have help from that part of the world. In addition to giving you and the others there my thanks, I will be also providing a donation. Don't get too excited, I am recently unemployed, but feel the need to show my true gratitude for the donation of everyone's time.

**TheBruce1** · 06-24-2009, 04:50 AM

Isle of Skye is a lovely part of the world and if you have the opportunity you should visit it one day.

Little trivial for you, the Mc in the Mcleod name means son of, all Scottish names with Mc at the beginning mean son of.

Thank you for your donation it is much appreciated, take care

06-21-2009, 04:03 PM	#2 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: 2 of 5 Trojan Viruses Not Removed by McAfee Hello and welcome to TSF Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. ======== Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear. Please DO NOT Attach logs to your posts unless you are advised to do so. ======== Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating Last edited by TheBruce1; 06-21-2009 at 04:04 PM.

06-22-2009, 08:14 AM	#3 (permalink)
spugmire I helped the forums. Join Date: Jan 2009 Location: Metro Atlanta Posts: 11 OS: XP SP3	Re: 2 of 5 Trojan Viruses Not Removed by McAfee Here is the result of the combofix run Thanks ComboFix 09-06-21.01 - Scott Pugmire 06/22/2009 9:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2905 [GMT -4:00] Running from: c:\documents and settings\Scott Pugmire\Desktop\ComboFix.exe AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall disabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Scott Pugmire\Start Menu\Programs\PlayMP3z c:\program files\PlayMP3z c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\sdra64.exe c:\documents and settings\Scott Pugmire\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif c:\program files\PlayMP3z\PlayMP3.exe c:\program files\PlayMP3z\uninstall.exe c:\windows\system32\hpzids01.dll . ((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 ))))))))))))))))))))))))))))))) . 2009-06-21 03:27 . 2009-06-21 03:28 -------- d-----w- C:\rei 2009-06-21 03:23 . 2009-06-21 03:26 -------- d-----w- c:\program files\Reimage 2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Live Writer 2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Windows Live Writer 2009-06-19 18:48 . 2009-06-19 18:48 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IECompatCache 2009-06-19 18:46 . 2009-06-19 18:46 -------- d-sh--w- c:\documents and settings\Scott Pugmire\PrivacIE 2009-06-19 18:43 . 2009-06-19 18:43 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IETldCache 2009-06-19 18:27 . 2009-06-19 18:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-19 17:29 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-19 17:29 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-06-19 17:29 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-06-19 17:29 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-19 17:29 . 2009-06-19 17:29 -------- d-----w- c:\windows\ie8updates 2009-06-19 17:28 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-19 17:27 . 2009-06-19 17:28 -------- dc-h--w- c:\windows\ie8 2009-06-19 03:03 . 2009-06-19 03:07 116842 ----a-w- c:\windows\hpqins00.dat 2009-06-18 20:25 . 2009-06-18 20:25 -------- d-----w- c:\program files\Trend Micro 2009-06-17 05:55 . 2009-06-17 06:07 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\vlc 2009-06-17 05:52 . 2009-06-17 05:52 -------- d-----w- c:\program files\VideoLAN 2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AVS4YOU 2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\AVS4YOU 2009-06-16 08:20 . 2006-03-03 14:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll 2009-06-16 08:20 . 2002-01-05 19:40 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-06-14 23:13 . 2009-06-14 23:13 -------- d--h--w- c:\windows\PIF 2009-06-12 23:56 . 2009-06-13 00:00 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Digital Support 2009-06-12 23:55 . 2009-06-12 23:56 -------- d-----w- c:\program files\Digital Support 2009-06-12 15:16 . 2009-06-12 15:16 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Dell 2009-06-10 21:47 . 2009-06-12 23:41 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-10 21:42 . 2009-06-10 21:42 -------- d-----w- c:\program files\Microsoft IntelliPoint 2009-06-10 21:42 . 2009-06-10 21:42 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.5 2009-06-10 20:49 . 2009-06-10 20:50 7431368 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP55_32Eng.exe 2009-06-10 18:55 . 2009-06-10 18:59 103812 ----a-w- c:\windows\hpqins07.dat 2009-06-10 18:21 . 2009-06-10 20:42 -------- d-----w- C:\USBStorage 2009-06-10 18:21 . 2003-04-03 22:57 5183 ----a-w- c:\windows\system32\drivers\usbu2a.sys 2009-06-10 18:21 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-06-10 18:20 . 2009-06-10 20:41 918745 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\DX-ECDRW100_Drivers.exe 2009-06-10 17:53 . 2009-06-10 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY 2009-06-10 17:48 . 2009-06-10 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-06-10 17:48 . 2008-07-24 16:10 118272 ----a-w- c:\windows\system32\hpz3l58a.dll 2009-06-10 17:47 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2009-06-10 17:47 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys 2009-06-10 17:25 . 2007-07-05 02:49 294912 ----a-w- c:\windows\system32\hpovst11.dll 2009-06-10 17:25 . 2007-07-05 02:49 892928 ----a-w- c:\windows\system32\hpwtiop2.dll 2009-06-10 17:25 . 2007-07-05 02:49 675840 ----a-w- c:\windows\system32\hpwwiax2.dll 2009-06-10 17:25 . 2007-07-05 02:48 364544 ----a-w- c:\windows\system32\hppldcoi.dll 2009-06-10 17:23 . 2007-07-05 03:42 1275480 ----a-w- c:\windows\hpzshl01.exe 2009-06-10 17:23 . 2007-07-05 03:42 1132120 ----a-w- c:\windows\hpzmsi01.exe 2009-06-10 17:22 . 2007-09-14 16:11 16050 ----a-w- c:\windows\hpwscr05.dat 2009-06-10 17:22 . 2007-09-14 16:10 4785 ----a-w- c:\windows\hpwmdl05.dat 2009-06-10 16:43 . 2009-06-10 18:47 326424832 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\OJProL7X00_Full_8_3.exe 2009-06-10 16:41 . 2009-06-10 16:41 15003136 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\HP_LJ_P4010_PCL6_64Bit.exe 2009-06-10 16:34 . 2009-06-10 16:35 14810696 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP32Eng6.20.182.0.exe 2009-06-10 16:32 . 2009-06-10 16:33 14663752 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\ITP32Eng6.20.182.0.exe 2009-06-10 16:21 . 2009-06-10 16:21 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\PC_Drivers_Headquarters 2009-06-10 16:20 . 2009-06-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-06-10 16:20 . 2009-06-10 16:20 -------- d-----w- c:\program files\PC Drivers HeadQuarters 2009-06-10 00:59 . 2009-06-10 00:59 152576 ----a-w- c:\documents and settings\Scott Pugmire\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- c:\program files\MSXML 4.0 2009-06-08 23:19 . 2009-06-08 23:19 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Blackberry Desktop 2009-06-08 17:08 . 2009-06-22 14:01 256 ----a-w- c:\windows\system32\pool.bin 2009-06-08 17:08 . 2009-06-08 17:08 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Research In Motion 2009-06-08 17:03 . 2009-06-08 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio 2009-06-08 17:02 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-06-08 17:01 . 2009-06-12 17:39 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-06-08 17:01 . 2009-06-08 17:01 -------- d-----w- c:\program files\Research In Motion 2009-06-08 15:52 . 2009-06-08 15:52 -------- d-sh--w- c:\windows\ftpcache 2009-06-05 06:42 . 2003-04-16 13:46 12380 ----a-w- c:\windows\system32\drivers\Usb68.sys 2009-06-05 06:41 . 2009-06-05 06:41 -------- d-----w- c:\program files\HotcardSoft 2009-06-04 15:43 . 2009-06-04 15:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iPod 2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iTunes 2009-06-04 15:25 . 2009-06-04 15:25 -------- d-----w- c:\program files\QuickTime 2009-06-04 15:23 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-04 15:23 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-04 15:20 . 2009-06-04 15:20 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-04 14:20 . 2009-06-04 14:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft 2009-06-04 12:27 . 2009-06-04 12:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-06-03 19:15 . 2009-06-03 19:16 -------- d-----w- c:\program files\Microsoft Picture It! 7 2009-05-30 22:20 . 2009-05-30 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-30 03:03 . 2009-05-30 03:03 -------- d-----w- c:\windows\Sun 2009-05-30 01:40 . 2009-05-29 21:20 36864 ----a-w- C:\nphssb.dll 2009-05-30 01:40 . 2009-05-29 21:20 45056 ----a-w- c:\windows\system32\HSSICore.dll 2009-05-30 01:40 . 2009-05-29 21:20 184320 ----a-w- c:\windows\system32\OESICore.dll 2009-05-30 01:11 . 2009-05-30 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-05-29 23:12 . 2009-06-17 06:16 -------- d-----w- c:\program files\LimeWire 2009-05-29 22:13 . 2009-05-29 22:13 136 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\fusioncache.dat 2009-05-29 22:12 . 2009-03-25 15:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-05-29 22:12 . 2009-03-25 15:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-05-29 22:12 . 2009-03-25 15:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-05-29 22:12 . 2008-10-23 17:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-05-29 22:11 . 2009-05-29 22:12 -------- d-----w- c:\program files\Common Files\McAfee 2009-05-29 22:11 . 2009-05-29 22:11 -------- d-----w- c:\program files\McAfee.com 2009-05-29 22:11 . 2009-06-04 15:37 -------- d-----w- c:\program files\McAfee 2009-05-29 22:07 . 2009-03-25 15:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-05-29 21:52 . 2009-06-08 21:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-05-29 21:46 . 2009-05-29 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-05-29 21:38 . 2009-05-29 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-05-29 21:33 . 2009-05-29 21:33 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\AppUpdater 2009-05-29 21:32 . 2009-06-22 13:40 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Lookout Software 2009-05-29 21:20 . 2009-05-29 21:18 98136 ----a-w- c:\windows\gzip.exe 2009-05-29 21:18 . 2009-05-29 21:18 -------- d-----w- c:\program files\Homestead 2009-05-29 18:30 . 2009-05-29 18:31 -------- d-----w- c:\program files\ToYcon Icon Maker 2009-05-29 18:00 . 2009-05-29 18:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Icon Constructor 3 2009-05-29 18:00 . 2009-05-29 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Icon Constructor 3 2009-05-29 18:00 . 2009-05-29 18:59 -------- d-----w- c:\program files\Icon Constructor 3 2009-05-29 17:58 . 2009-05-29 17:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-05-29 15:42 . 2009-05-30 14:05 -------- d-----w- c:\program files\RegistryFix7 2009-05-29 15:06 . 2009-05-29 15:06 -------- d-----w- c:\program files\Lookout Software 2009-05-29 14:58 . 2009-05-29 15:01 -------- d-----w- c:\program files\Microsoft MapPoint 2009-05-29 14:54 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-05-29 14:54 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-05-29 14:27 . 2009-02-06 22:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-05-29 04:45 . 2009-06-16 08:33 -------- d-----w- C:\_JSP 2009-05-29 00:51 . 2009-06-11 17:18 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AdobeUM 2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-05-29 00:43 . 2009-05-29 00:51 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Adobe 2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2009-05-29 00:42 . 2009-06-16 22:46 -------- d-----w- C:\Shared 2009-05-29 00:40 . 2009-05-29 14:12 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-29 00:39 . 2009-05-29 00:39 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\IsolatedStorage 2009-05-29 00:37 . 2009-05-29 00:37 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Apteco 2009-05-29 00:32 . 2009-05-29 00:32 -------- d-----w- c:\program files\Lavasoft 2009-05-29 00:32 . 2009-05-29 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-18 18:06 . 2009-05-29 23:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\LimeWire 2009-06-18 06:13 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-11 07:11 . 2009-05-21 21:16 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-11 07:05 . 2009-05-21 21:20 -------- d-----w- c:\program files\Microsoft Works 2009-06-10 01:00 . 2009-05-21 21:18 -------- d-----w- c:\program files\Java 2009-06-09 17:38 . 2009-05-21 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-08 17:08 . 2009-05-21 21:25 98752 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Roxio 2009-06-08 17:03 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-05-30 07:11 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-05-29 21:21 . 2009-05-29 21:21 2232 ----a-w- c:\windows\java\Packages\Data\5RBJZ331.DAT 2009-05-29 21:21 . 2009-05-29 21:21 155995 ----a-w- c:\windows\java\Packages\137ZXZXN.ZIP 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\HJDZHVHN.DAT 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\AT33NTFZ.DAT 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\89FHZVL7.DAT 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\5ZD3BZFV.DAT 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\MAZFJXBX.DAT 2009-05-29 14:27 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live 2009-05-28 19:25 . 2009-05-21 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2009-05-25 04:24 . 2008-05-27 03:18 350208 ----a-w- c:\windows\system32\mssph.dll 2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\IDT 2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\DellTPad 2009-05-22 00:01 . 2009-05-22 00:01 4947 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1545.mrk 2009-05-21 21:28 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-05-21 21:27 . 2009-05-21 21:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Microsoft 2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-05-21 21:25 . 2009-05-21 21:25 -------- d-----w- c:\program files\Common Files\Windows Live 2009-05-21 21:25 . 2009-05-28 17:26 33416 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-21 21:24 . 2009-05-21 21:24 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE 2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft 2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr 2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor 2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Dell Support Center 2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Common Files\supportsoft 2009-05-21 21:22 . 2009-05-21 21:22 -------- d-----w- c:\program files\CyberLink 2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Citrix 2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall 2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic 2009-05-21 21:20 . 2009-05-21 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Intel 2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Dell 2009-05-21 21:18 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\InstallShield 2009-05-21 21:18 . 2009-05-21 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-05-21 21:16 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Desktop Search 2009-05-21 21:16 . 2009-05-21 21:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search 2009-05-21 21:13 . 2008-04-25 21:28 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-21 15:33 . 2009-05-21 21:18 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll 2009-05-13 05:15 . 2008-04-25 16:16 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2008-04-25 16:16 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 10:50 . 2008-04-25 16:16 1847808 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2008-04-25 16:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-03 10:01 . 2009-04-03 10:01 36224 ----a-w- c:\windows\system32\drivers\ax88772.sys 2009-03-25 15:06 . 2009-03-25 15:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Google Update"="c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-28 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-09 466944] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-28 68592] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696] "USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064] "Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" [2009-06-15 83240] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2009-5-28 25214] Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-6-5 1545488] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WinZip Quick Pick.lnk - x:\applications\WinZip\WZQKPICK.EXE [2006-10-17 106560] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-05-21 21:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/29/2009 10:27 AM 55152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/29/2009 6:14 PM 210216] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/21/2009 8:02 PM 108160] R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [5/28/2009 8:15 PM 11136] R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [5/28/2009 8:15 PM 37248] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/21/2009 8:02 PM 160256] S2 yksvc;Marvell Yukon Service; [x] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360] S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [5/28/2009 8:15 PM 11648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717499061-2896550583-2833677910-1005.job - c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 19:43] 2009-06-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53] 2009-05-29 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53] . - - - - ORPHANS REMOVED - - - - BHO-{A5B67D12-8F93-B1F2-FB7A-C0A30649AF4E} - (no file) SafeBoot-mfehidk SafeBoot-mferkdk SafeBoot-mfetdik SafeBoot-mfetdik.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-22 10:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1520) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3784) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\program files\Google\Quick Search Box\bin\1.1.1038.9122\qsb.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\drivers\audio\R203425\stacsv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\hidfind.exe c:\program files\DellTPad\ApntEx.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\searchindexer.exe c:\program files\TechSmith\SnagIt 8\TscHelp.exe c:\program files\TechSmith\SnagIt 8\SnagPriv.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe c:\program files\Windows Live\Contacts\wlcomm.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\msiexec.exe c:\windows\system32\msiexec.exe . ************************************************************************ . Completion time: 2009-06-22 10:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-22 14:06 Pre-Run: 252,238,073,856 bytes free Post-Run: 252,641,902,592 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 419 --- E O F --- 2009-06-19 17:29 __________________ Scott

06-22-2009, 11:27 AM	#4 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: 2 of 5 Trojan Viruses Not Removed by McAfee Hello again Scott Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear. ====== P2P P2P - I see you have P2P software (LimeWire PRO 5.1.3) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections. References for the risk of these programs are Here, Here and Here. ======== Click Start>Control Panel> Add/Remove> Uninstall the following: Ad-Aware 2007<---Anniversary Edition is the current version(which you can install once we have concluded). RegistryFix v7.1<---We do not recommend registry fixing applications, they can do more harm than good. http://miekiemoes.blogspot.com/2008/...eaking_13.html ======== Please go to: VirusTotal In the middle of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in RED: C:\nphssb.dll Click "Open". Then click the "Send File" button at the bottom of the VirusTotal page. This will scan the file. Please be patient. Once scanned, copy and paste the results in your next reply. Do the same with this file as well. c:\windows\gzip.exe Post the results in your reply. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating

06-22-2009, 12:26 PM	#5 (permalink)
spugmire I helped the forums. Join Date: Jan 2009 Location: Metro Atlanta Posts: 11 OS: XP SP3	Re: 2 of 5 Trojan Viruses Not Removed by McAfee I understand the concerns about Limewire and I may get rid of it in the near future. That being said, I rarely ever run it, and ensure that it never starts up automatically. Results from C:\nphssb.dll Antivirus Version Last Update Result a-squared 4.5.0.18 2009.06.22 - AhnLab-V3 5.0.0.2 2009.06.22 - AntiVir 7.9.0.193 2009.06.22 - Antiy-AVL 2.0.3.1 2009.06.22 - Authentium 5.1.2.4 2009.06.22 - Avast 4.8.1335.0 2009.06.21 - AVG 8.5.0.339 2009.06.22 - BitDefender 7.2 2009.06.22 - CAT-QuickHeal 10.00 2009.06.22 - ClamAV 0.94.1 2009.06.22 - Comodo 1394 2009.06.22 - DrWeb 5.0.0.12182 2009.06.22 - eSafe 7.0.17.0 2009.06.22 - eTrust-Vet 31.6.6573 2009.06.22 - F-Prot 4.4.4.56 2009.06.22 - F-Secure 8.0.14470.0 2009.06.22 - Fortinet 3.117.0.0 2009.06.22 - GData 19 2009.06.22 - Ikarus T3.1.1.59.0 2009.06.22 - Jiangmin 11.0.706 2009.06.22 - K7AntiVirus 7.10.768 2009.06.19 - Kaspersky 7.0.0.125 2009.06.22 - McAfee 5654 2009.06.22 - McAfee+Artemis 5654 2009.06.22 - McAfee-GW-Edition 6.7.6 2009.06.22 - Microsoft 1.4803 2009.06.22 - NOD32 4179 2009.06.22 - Norman 6.01.09 2009.06.22 - nProtect 2009.1.8.0 2009.06.22 - Panda 10.0.0.16 2009.06.22 - PCTools 4.4.2.0 2009.06.22 - Prevx 3.0 2009.06.22 - Rising 21.35.04.00 2009.06.22 - Sophos 4.42.0 2009.06.22 - Sunbelt 3.2.1858.2 2009.06.22 - Symantec 1.4.4.12 2009.06.22 - TheHacker 6.3.4.3.351 2009.06.22 - TrendMicro 8.950.0.1094 2009.06.22 - VBA32 3.12.10.7 2009.06.22 - ViRobot 2009.6.22.1798 2009.06.22 - VirusBuster 4.6.5.0 2009.06.22 - Additional information File size: 36864 bytes MD5...: 2a69dd4fb1a2380e3defb96e4f98b7aa SHA1..: b752f15723e90516d74f7d30133ca79ff3dca294 SHA256: 2d6ffb7a066a6501fe695a14e359cbcac264837060044992c728c456aaca5913 ssdeep: 768:3Hdeds56imEL0GaEZ3WQ3xFF77vWFF7NPJR+aWh:Yc6imRdEZdhFF76FF7NP JAaWh PEiD..: Armadillo v1.xx - v2.xx TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3bed timedatestamp.....: 0x4264273b (Mon Apr 18 21:31:39 2005) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x311e 0x4000 5.22 1bb49ff81fdce11f22a2760249c5d337 .rdata 0x5000 0xffd 0x1000 4.76 ca55a02eeae3613c80d4b8a773131c41 .data 0x6000 0x18cc 0x1000 2.91 491a1f4ae081fd4905537d385a2a64b1 .rsrc 0x8000 0x4d0 0x1000 1.24 57908358e56a90177267bd4542f54545 .reloc 0x9000 0x612 0x1000 2.76 fa4f8329f69e6e05ef794de0658e6cb0 ( 9 imports ) > MSVCRT.dll: __CxxFrameHandler, _itoa, _adjust_fdiv, _mbsicmp, _purecall, malloc, atoi, _mbscmp, atol, __3@YAXPAX@Z, __2@YAPAXI@Z, free, _initterm, __1type_info@@UAE@XZ, _onexit, __dllonexit, sprintf, _ftol > WININET.dll: InternetQueryOptionA, InternetOpenUrlA, InternetCloseHandle, InternetOpenA, HttpQueryInfoA, InternetReadFile > VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA > MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > KERNEL32.dll: GetTempPathA, LocalAlloc, LocalFree, GetModuleHandleA, lstrlenW, WideCharToMultiByte, GetProcAddress, FreeLibrary, LoadLibraryA, GetSystemDirectoryA > USER32.dll: FrameRect, DestroyWindow, SendMessageA, MessageBoxA, SetWindowLongA, DefWindowProcA, EndPaint, GetDC, GetClientRect, BeginPaint, UpdateWindow, ShowWindow, CreateWindowExA, RegisterClassExA, LoadIconA, LoadCursorA, DrawEdge, CopyRect, DrawTextA, FillRect, SetRect, MoveWindow, GetSystemMetrics, PostQuitMessage, GetWindowRect > GDI32.dll: CreateSolidBrush, SetBkMode, SetTextColor, GetStockObject > SHELL32.dll: ShellExecuteA > OLEAUT32.dll: - ( 3 exports ) NP_GetEntryPoints, NP_Initialize, NP_Shutdown PDFiD.: - RDS...: NSRL Reference Data Set Results from c:\windows\gzip.exe Antivirus Version Last Update Result a-squared 4.5.0.18 2009.06.22 - AhnLab-V3 5.0.0.2 2009.06.22 - AntiVir 7.9.0.193 2009.06.22 - Antiy-AVL 2.0.3.1 2009.06.22 - Authentium 5.1.2.4 2009.06.22 - Avast 4.8.1335.0 2009.06.21 - AVG 8.5.0.339 2009.06.22 - BitDefender 7.2 2009.06.22 - CAT-QuickHeal 10.00 2009.06.22 - ClamAV 0.94.1 2009.06.22 - Comodo 1394 2009.06.22 - DrWeb 5.0.0.12182 2009.06.22 - eSafe 7.0.17.0 2009.06.22 - eTrust-Vet 31.6.6573 2009.06.22 - F-Prot 4.4.4.56 2009.06.22 - F-Secure 8.0.14470.0 2009.06.22 - Fortinet 3.117.0.0 2009.06.22 - GData 19 2009.06.22 - Ikarus T3.1.1.59.0 2009.06.22 - Jiangmin 11.0.706 2009.06.22 - K7AntiVirus 7.10.768 2009.06.19 - Kaspersky 7.0.0.125 2009.06.22 - McAfee 5654 2009.06.22 - McAfee+Artemis 5654 2009.06.22 - McAfee-GW-Edition 6.7.6 2009.06.22 - Microsoft 1.4803 2009.06.22 - NOD32 4179 2009.06.22 - Norman 6.01.09 2009.06.22 - nProtect 2009.1.8.0 2009.06.22 - Panda 10.0.0.16 2009.06.22 - PCTools 4.4.2.0 2009.06.22 - Prevx 3.0 2009.06.22 - Rising 21.35.04.00 2009.06.22 - Sophos 4.42.0 2009.06.22 - Sunbelt 3.2.1858.2 2009.06.22 - Symantec 1.4.4.12 2009.06.22 - TheHacker 6.3.4.3.351 2009.06.22 - TrendMicro 8.950.0.1094 2009.06.22 - VBA32 3.12.10.7 2009.06.22 - ViRobot 2009.6.22.1798 2009.06.22 - VirusBuster 4.6.5.0 2009.06.22 - Additional information File size: 98136 bytes MD5...: 128626a5108c7dc8f7f49263cfa28bf8 SHA1..: e30038b029346278347a58987e8dc252ee539232 SHA256: 63fcea5572eb4c66bcab7c4cc5c88f7b09b31f44914f9b4c05a72d24945d1c24 ssdeep: 1536:2EtrFj8pr9lIYAbe68GcCK5x4ezt9yKNkN1GfWSx8tE/g9b96:2WrFjKpmY uqGcCK4ezto2kNs+tE/g9o PEiD..: InstallShield 2000 TrID..: File type identification Win32 Executable MS Visual C++ (generic) (51.6%) Windows Screen Saver (17.9%) Win32 Executable Generic (11.6%) Win32 Dynamic Link Library (generic) (10.3%) Win16/32 Executable Delphi generic (2.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xa580 timedatestamp.....: 0x34844af3 (Tue Dec 02 17:52:51 1997) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x10800 0x10800 6.61 0de95e4d5d869ea851a9a4fe027cf02a .rdata 0x12000 0x75f 0x800 4.77 523446b1fe687681174eaa5384418e35 .data 0x13000 0x55ec4 0x4a00 3.19 d288c62c37de7a2bf5f73c9ee36b70f2 .idata 0x69000 0x6fc 0x800 4.92 7e96d26e4dd1c919c0f0963ecfe140d6 .rsrc 0x6a000 0x238 0x400 4.90 56bb3ad627b8021d22e3a9141e3f071e ( 1 imports ) > KERNEL32.dll: FreeEnvironmentStringsA, GetLastError, SetConsoleCtrlHandler, ExitProcess, TerminateProcess, GetCurrentProcess, FindFirstFileA, FindNextFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, HeapFree, HeapAlloc, GetCommandLineA, GetVersion, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, WideCharToMultiByte, UnhandledExceptionFilter, WriteFile, GetStringTypeA, GetStringTypeW, MultiByteToWideChar, FlushFileBuffers, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, SetFilePointer, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, RtlUnwind, LCMapStringA, LCMapStringW, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetTimeZoneInformation, ReadFile, SetStdHandle, GetProcAddress, LoadLibraryA, CloseHandle, HeapReAlloc, GetFileInformationByHandle, PeekNamedPipe, DeleteFileA, CreateFileA, GetDriveTypeA, SetFileAttributesA, GetFileAttributesA, SetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetEndOfFile, GetFullPathNameA, GetCurrentDirectoryA, GetSystemTime, GetLocalTime ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - __________________ Scott

06-23-2009, 07:27 AM	#7 (permalink)
spugmire I helped the forums. Join Date: Jan 2009 Location: Metro Atlanta Posts: 11 OS: XP SP3	Re: 2 of 5 Trojan Viruses Not Removed by McAfee Wow that was a long scan (9 hours). It actually scanned an external drive that I have mapped a drive to "X" and that is what added so much time. Here are the results: ComboFix ComboFix 09-06-22.01 - Scott Pugmire 06/22/2009 16:08.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.2645 [GMT -4:00] Running from: c:\documents and settings\Scott Pugmire\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Scott Pugmire\Desktop\CFscript.txt AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 ))))))))))))))))))))))))))))))) . 2009-06-22 18:42 . 2009-06-22 18:43 -------- d-----w- c:\program files\Microsoft IntelliPoint 2009-06-22 18:41 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll 2009-06-22 18:41 . 2007-08-31 19:15 18856 ----a-w- c:\windows\system32\drivers\nuidfltr.sys 2009-06-22 18:41 . 2009-06-22 18:41 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2009-06-22 18:02 . 2009-06-22 18:43 -------- d-----w- c:\windows\LastGood 2009-06-22 18:02 . 2009-06-22 18:02 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\WinZip 2009-06-22 18:01 . 2009-06-22 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-06-22 17:47 . 2009-06-22 17:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\HP 2009-06-22 17:39 . 2009-06-22 17:39 -------- d-----w- C:\bin 2009-06-22 17:29 . 2009-06-22 17:42 142068 ----a-w- c:\windows\hpwins05.dat 2009-06-22 16:36 . 2007-07-05 03:42 258048 ----a-w- c:\windows\system32\hpzids01.dll 2009-06-21 03:23 . 2009-06-22 14:38 -------- d-----w- c:\program files\Reimage 2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Live Writer 2009-06-19 18:52 . 2009-06-19 18:52 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Windows Live Writer 2009-06-19 18:48 . 2009-06-19 18:48 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IECompatCache 2009-06-19 18:46 . 2009-06-19 18:46 -------- d-sh--w- c:\documents and settings\Scott Pugmire\PrivacIE 2009-06-19 18:43 . 2009-06-19 18:43 -------- d-sh--w- c:\documents and settings\Scott Pugmire\IETldCache 2009-06-19 18:27 . 2009-06-19 18:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-19 17:29 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-19 17:29 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-06-19 17:29 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-06-19 17:29 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-19 17:29 . 2009-06-19 17:29 -------- d-----w- c:\windows\ie8updates 2009-06-19 17:28 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-19 17:27 . 2009-06-19 17:28 -------- dc-h--w- c:\windows\ie8 2009-06-19 03:03 . 2009-06-19 03:07 116842 ----a-w- c:\windows\hpqins00.dat 2009-06-18 20:25 . 2009-06-18 20:25 -------- d-----w- c:\program files\Trend Micro 2009-06-17 05:55 . 2009-06-17 06:07 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\vlc 2009-06-17 05:52 . 2009-06-17 05:52 -------- d-----w- c:\program files\VideoLAN 2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-06-16 08:21 . 2009-06-16 08:21 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AVS4YOU 2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-06-16 08:20 . 2009-06-16 08:20 -------- d-----w- c:\program files\AVS4YOU 2009-06-16 08:20 . 2006-03-03 14:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll 2009-06-16 08:20 . 2002-01-05 19:40 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-06-14 23:13 . 2009-06-14 23:13 -------- d--h--w- c:\windows\PIF 2009-06-14 00:08 . 2009-06-14 00:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore 2009-06-12 23:56 . 2009-06-13 00:00 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Digital Support 2009-06-12 23:55 . 2009-06-12 23:56 -------- d-----w- c:\program files\Digital Support 2009-06-12 15:16 . 2009-06-12 15:16 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Dell 2009-06-10 21:47 . 2009-06-12 23:41 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-10 21:42 . 2009-06-10 21:42 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.5 2009-06-10 20:49 . 2009-06-10 20:50 7431368 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP55_32Eng.exe 2009-06-10 18:55 . 2009-06-10 18:59 103812 ----a-w- c:\windows\hpqins07.dat 2009-06-10 18:21 . 2009-06-10 20:42 -------- d-----w- C:\USBStorage 2009-06-10 18:21 . 2003-04-03 22:57 5183 ----a-w- c:\windows\system32\drivers\usbu2a.sys 2009-06-10 18:21 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-06-10 18:20 . 2009-06-10 20:41 918745 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\DX-ECDRW100_Drivers.exe 2009-06-10 17:48 . 2009-06-10 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-06-10 17:48 . 2008-07-24 16:10 118272 ----a-w- c:\windows\system32\hpz3l58a.dll 2009-06-10 17:47 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2009-06-10 17:47 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys 2009-06-10 17:25 . 2007-07-05 02:49 294912 ----a-w- c:\windows\system32\hpovst11.dll 2009-06-10 17:25 . 2007-07-05 02:49 892928 ----a-w- c:\windows\system32\hpwtiop2.dll 2009-06-10 17:25 . 2007-07-05 02:49 675840 ----a-w- c:\windows\system32\hpwwiax2.dll 2009-06-10 17:25 . 2007-07-05 02:48 364544 ----a-w- c:\windows\system32\hppldcoi.dll 2009-06-10 17:23 . 2007-07-05 03:42 1275480 ----a-w- c:\windows\hpzshl01.exe 2009-06-10 17:23 . 2007-07-05 03:42 1132120 ----a-w- c:\windows\hpzmsi01.exe 2009-06-10 17:22 . 2007-09-14 16:11 16050 ----a-w- c:\windows\hpwscr05.dat 2009-06-10 16:43 . 2009-06-10 18:47 326424832 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\OJProL7X00_Full_8_3.exe 2009-06-10 16:41 . 2009-06-10 16:41 15003136 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\HP_LJ_P4010_PCL6_64Bit.exe 2009-06-10 16:34 . 2009-06-10 16:35 14810696 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\IP32Eng6.20.182.0.exe 2009-06-10 16:32 . 2009-06-10 16:33 14663752 ----a-w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads\ITP32Eng6.20.182.0.exe 2009-06-10 16:20 . 2009-06-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-06-10 00:59 . 2009-06-10 00:59 152576 ----a-w- c:\documents and settings\Scott Pugmire\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- c:\program files\MSXML 4.0 2009-06-08 23:19 . 2009-06-08 23:19 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Blackberry Desktop 2009-06-08 17:08 . 2009-06-22 17:50 256 ----a-w- c:\windows\system32\pool.bin 2009-06-08 17:08 . 2009-06-08 17:08 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Research In Motion 2009-06-08 17:03 . 2009-06-08 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio 2009-06-08 17:02 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-06-08 17:01 . 2009-06-12 17:39 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-06-08 17:01 . 2009-06-08 17:01 -------- d-----w- c:\program files\Research In Motion 2009-06-08 15:52 . 2009-06-08 15:52 -------- d-sh--w- c:\windows\ftpcache 2009-06-05 06:42 . 2003-04-16 13:46 12380 ----a-w- c:\windows\system32\drivers\Usb68.sys 2009-06-05 06:41 . 2009-06-05 06:41 -------- d-----w- c:\program files\HotcardSoft 2009-06-04 15:43 . 2009-06-04 15:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iPod 2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\iTunes 2009-06-04 15:25 . 2009-06-04 15:25 -------- d-----w- c:\program files\QuickTime 2009-06-04 15:23 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-04 15:23 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-04 15:20 . 2009-06-04 15:20 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-04 14:20 . 2009-06-04 14:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft 2009-06-04 12:27 . 2009-06-04 12:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-06-03 19:15 . 2009-06-03 19:16 -------- d-----w- c:\program files\Microsoft Picture It! 7 2009-05-30 22:20 . 2009-05-30 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-30 03:03 . 2009-05-30 03:03 -------- d-----w- c:\windows\Sun 2009-05-30 01:40 . 2009-05-29 21:20 36864 ----a-w- C:\nphssb.dll 2009-05-30 01:40 . 2009-05-29 21:20 45056 ----a-w- c:\windows\system32\HSSICore.dll 2009-05-30 01:40 . 2009-05-29 21:20 184320 ----a-w- c:\windows\system32\OESICore.dll 2009-05-29 23:12 . 2009-06-17 06:16 -------- d-----w- c:\program files\LimeWire 2009-05-29 22:13 . 2009-05-29 22:13 136 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\fusioncache.dat 2009-05-29 22:12 . 2009-03-25 15:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-05-29 22:12 . 2009-03-25 15:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-05-29 22:12 . 2009-03-25 15:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-05-29 22:12 . 2008-10-23 17:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-05-29 22:11 . 2009-05-29 22:12 -------- d-----w- c:\program files\Common Files\McAfee 2009-05-29 22:11 . 2009-05-29 22:11 -------- d-----w- c:\program files\McAfee.com 2009-05-29 22:11 . 2009-06-04 15:37 -------- d-----w- c:\program files\McAfee 2009-05-29 22:07 . 2009-03-25 15:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-05-29 21:52 . 2009-06-08 21:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-05-29 21:46 . 2009-05-29 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-05-29 21:38 . 2009-05-29 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-05-29 21:33 . 2009-05-29 21:33 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\AppUpdater 2009-05-29 21:32 . 2009-06-22 18:09 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Lookout Software 2009-05-29 21:20 . 2009-05-29 21:18 98136 ----a-w- c:\windows\gzip.exe 2009-05-29 21:18 . 2009-05-29 21:18 -------- d-----w- c:\program files\Homestead 2009-05-29 18:30 . 2009-05-29 18:31 -------- d-----w- c:\program files\ToYcon Icon Maker 2009-05-29 18:00 . 2009-05-29 18:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Icon Constructor 3 2009-05-29 18:00 . 2009-05-29 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Icon Constructor 3 2009-05-29 18:00 . 2009-05-29 18:59 -------- d-----w- c:\program files\Icon Constructor 3 2009-05-29 17:58 . 2009-05-29 17:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-05-29 15:42 . 2009-06-22 18:14 -------- d-----w- c:\program files\RegistryFix7 2009-05-29 15:06 . 2009-05-29 15:06 -------- d-----w- c:\program files\Lookout Software 2009-05-29 14:58 . 2009-05-29 15:01 -------- d-----w- c:\program files\Microsoft MapPoint 2009-05-29 14:54 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-05-29 14:54 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-05-29 14:27 . 2009-02-06 22:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-05-29 04:45 . 2009-06-16 08:33 -------- d-----w- C:\_JSP 2009-05-29 00:51 . 2009-06-11 17:18 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\AdobeUM 2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-05-29 00:43 . 2009-05-29 00:51 -------- d-----w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Adobe 2009-05-29 00:43 . 2009-05-29 00:43 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2009-05-29 00:42 . 2009-06-16 22:46 -------- d-----w- C:\Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-22 18:42 . 2009-06-22 18:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-06-22 17:42 . 2009-05-21 21:25 103456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-22 17:38 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic 2009-06-22 17:38 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-06-18 18:06 . 2009-05-29 23:13 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\LimeWire 2009-06-18 06:13 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-11 07:11 . 2009-05-21 21:16 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-11 07:05 . 2009-05-21 21:20 -------- d-----w- c:\program files\Microsoft Works 2009-06-10 01:00 . 2009-05-21 21:18 -------- d-----w- c:\program files\Java 2009-06-09 17:38 . 2009-05-21 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-06-08 17:04 . 2009-05-21 21:20 -------- d-----w- c:\program files\Roxio 2009-05-30 07:11 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-05-29 21:21 . 2009-05-29 21:21 2232 ----a-w- c:\windows\java\Packages\Data\5RBJZ331.DAT 2009-05-29 21:21 . 2009-05-29 21:21 155995 ----a-w- c:\windows\java\Packages\137ZXZXN.ZIP 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\HJDZHVHN.DAT 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\AT33NTFZ.DAT 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\89FHZVL7.DAT 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\5ZD3BZFV.DAT 2009-05-29 21:21 . 2009-05-29 21:21 2678 ----a-w- c:\windows\java\Packages\Data\MAZFJXBX.DAT 2009-05-29 14:27 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live 2009-05-28 19:25 . 2009-05-21 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2009-05-25 04:24 . 2008-05-27 03:18 350208 ----a-w- c:\windows\system32\mssph.dll 2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\IDT 2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-05-22 04:07 . 2009-05-22 04:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2009-05-22 04:07 . 2009-05-22 04:07 -------- d-----w- c:\program files\DellTPad 2009-05-22 00:01 . 2009-05-22 00:01 4947 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1545.mrk 2009-05-21 21:28 . 2009-05-21 21:28 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-05-21 21:27 . 2009-05-21 21:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Microsoft 2009-05-21 21:26 . 2009-05-21 21:26 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-05-21 21:25 . 2009-05-21 21:25 -------- d-----w- c:\program files\Common Files\Windows Live 2009-05-21 21:25 . 2009-05-28 17:26 33416 ----a-w- c:\documents and settings\Scott Pugmire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-21 21:24 . 2009-05-21 21:24 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE 2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft 2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr 2009-05-21 21:24 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor 2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Dell Support Center 2009-05-21 21:23 . 2009-05-21 21:23 -------- d-----w- c:\program files\Common Files\supportsoft 2009-05-21 21:22 . 2009-05-21 21:22 -------- d-----w- c:\program files\CyberLink 2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Citrix 2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-05-21 21:21 . 2009-05-21 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall 2009-05-21 21:20 . 2009-05-21 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Intel 2009-05-21 21:19 . 2009-05-21 21:19 -------- d-----w- c:\program files\Dell 2009-05-21 21:18 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\InstallShield 2009-05-21 21:18 . 2009-05-21 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-05-21 21:16 . 2009-05-28 17:26 -------- d-----w- c:\documents and settings\Scott Pugmire\Application Data\Windows Desktop Search 2009-05-21 21:16 . 2009-05-21 21:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search 2009-05-21 21:13 . 2008-04-25 21:28 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-21 15:33 . 2009-05-21 21:18 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll 2009-05-13 05:15 . 2008-04-25 16:16 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2008-04-25 16:16 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 10:50 . 2008-04-25 16:16 1847808 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2008-04-25 16:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-03 10:01 . 2009-04-03 10:01 36224 ----a-w- c:\windows\system32\drivers\ax88772.sys 2009-03-25 15:06 . 2009-03-25 15:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-22_14.04.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-22 17:44 . 2009-06-22 17:44 16384 c:\windows\Temp\Perflib_Perfdata_638.dat + 2009-06-22 18:43 . 2007-08-31 19:15 18856 c:\windows\system32\ReinstallBackups\0026\DriverFiles\nuidfltr.sys + 2009-06-22 18:43 . 2008-04-14 09:41 21504 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\hidserv.dll + 2009-06-22 18:43 . 2007-08-31 19:15 18856 c:\windows\system32\ReinstallBackups\0024\DriverFiles\nuidfltr.sys + 2009-06-22 18:43 . 2008-04-14 09:41 21504 c:\windows\system32\ReinstallBackups\0024\DriverFiles\i386\hidserv.dll + 2009-06-22 18:41 . 2008-04-14 12:00 14592 c:\windows\system32\ReinstallBackups\0023\DriverFiles\i386\kbdhid.sys + 2009-06-22 18:41 . 2008-04-14 12:09 24576 c:\windows\system32\ReinstallBackups\0023\DriverFiles\i386\kbdclass.sys - 2009-06-10 21:43 . 2008-04-14 12:00 12160 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouhid.sys + 2009-06-22 18:43 . 2001-08-17 17:48 12160 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouhid.sys - 2009-06-10 21:43 . 2008-04-14 12:09 23040 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouclass.sys + 2009-06-22 18:43 . 2008-04-14 04:09 23040 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouclass.sys + 2009-06-22 18:43 . 2007-08-21 08:12 21760 c:\windows\system32\DRVSTORE\pnt32uw_760685142BE30506C264465948FA6BF3F83F6BA0\point32.sys + 2009-06-22 18:43 . 2007-08-21 08:13 24064 c:\windows\system32\DRVSTORE\pnt32uk_D8ABC581DD7826E63C34865005655841F42B07B3\point32k.sys + 2009-06-22 18:41 . 2007-08-31 19:15 18856 c:\windows\system32\DRVSTORE\nuidfltr_E8F8C714821A786671DE95508EA821EFC993B9E1\NuidFltr.sys - 2005-12-01 19:57 . 2005-12-01 19:57 21760 c:\windows\system32\drivers\point32.sys + 2005-12-01 19:57 . 2007-08-21 08:12 21760 c:\windows\system32\drivers\point32.sys - 2008-04-14 00:09 . 2008-04-14 12:00 14592 c:\windows\system32\drivers\kbdhid.sys + 2008-04-14 00:09 . 2008-04-14 04:09 14592 c:\windows\system32\drivers\kbdhid.sys - 2008-04-14 00:09 . 2008-04-14 12:09 24576 c:\windows\system32\drivers\kbdclass.sys + 2008-04-14 00:09 . 2008-04-14 04:09 24576 c:\windows\system32\drivers\kbdclass.sys + 2008-04-14 00:09 . 2008-04-14 04:09 14592 c:\windows\system32\dllcache\kbdhid.sys + 2008-04-14 00:09 . 2008-04-14 04:09 24576 c:\windows\system32\dllcache\kbdclass.sys - 2009-05-28 17:19 . 2009-06-22 13:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-05-28 17:19 . 2009-06-22 18:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-05-28 17:19 . 2009-06-22 18:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-05-28 17:19 . 2009-06-22 13:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-06-22 18:43 . 2005-12-01 19:57 21760 c:\windows\LastGood\system32\DRIVERS\point32.sys + 2009-06-22 18:42 . 2007-08-31 19:15 18856 c:\windows\LastGood\system32\DRIVERS\nuidfltr.sys + 2009-06-22 18:43 . 2001-08-17 17:48 12160 c:\windows\LastGood\system32\DRIVERS\mouhid.sys + 2009-06-22 18:43 . 2008-04-14 04:09 23040 c:\windows\LastGood\system32\DRIVERS\mouclass.sys + 2009-06-22 18:02 . 2006-10-18 22:32 11648 c:\windows\LastGood\system32\DRIVERS\lknucmp.sys + 2009-06-22 18:41 . 2008-04-14 12:00 14592 c:\windows\LastGood\system32\DRIVERS\kbdhid.sys + 2009-06-22 18:41 . 2008-04-14 12:09 24576 c:\windows\LastGood\system32\DRIVERS\kbdclass.sys + 2009-06-22 18:42 . 2008-04-14 09:41 21504 c:\windows\LastGood\system32\DRIVERS\hidserv.dll + 2009-06-22 17:35 . 2009-06-22 17:35 65536 c:\windows\Installer\{DBC20735-34E6-4E97-A9E5-2066B66B243D}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe + 2009-06-22 18:00 . 2009-06-22 18:00 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F6617.exe + 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe + 2009-05-28 23:15 . 2009-06-22 17:35 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut27.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut27.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut25.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut25.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut15_1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 65536 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut15_1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-06-22 18:43 . 2009-06-22 18:43 65536 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut3_4748AC220AD3439FA5EECE4BB6C12AAC.exe + 2009-06-22 18:43 . 2009-06-22 18:43 29926 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut2_6463554370E7436D8D6D4A721595029E.exe + 2009-06-22 18:43 . 2009-06-22 18:43 29926 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut1_6463554370E7436D8D6D4A721595029E.exe + 2009-06-22 18:43 . 2009-06-22 18:43 25214 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\HCG_SC.exe + 2009-06-22 18:43 . 2009-06-22 18:43 25214 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\CPL_SC.exe + 2009-06-22 18:43 . 2009-06-22 18:43 25214 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\CPL_DTSC.exe + 2009-06-22 18:43 . 2009-06-22 18:43 25214 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\ARPPRODUCTICON.exe + 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe + 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe + 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe + 2009-06-22 17:36 . 2009-06-22 17:36 65536 c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe + 2009-06-22 18:41 . 2009-06-22 18:41 25214 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\PGM_CPL.exe + 2009-06-22 18:41 . 2009-06-22 18:41 65536 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\NewShortcut3_31DD6897EF244CA395831874C052777A.exe + 2009-06-22 18:41 . 2009-06-22 18:41 29926 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\NewShortcut2_5D5B9E6A344C497695ABABBDC648E5DA.exe + 2009-06-22 18:41 . 2009-06-22 18:41 29926 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\NewShortcut1_5D5B9E6A344C497695ABABBDC648E5DA.exe + 2009-06-22 18:41 . 2009-06-22 18:41 25214 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\ITP_HCG.exe + 2009-06-22 18:41 . 2009-06-22 18:41 25214 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\DS_CPL.exe + 2009-06-22 18:41 . 2009-06-22 18:41 25214 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\ARPPRODUCTICON.exe + 2006-02-19 07:28 . 2006-02-19 07:28 12288 c:\windows\Fonts\RandFont.dll + 2009-06-22 17:39 . 2009-06-22 17:39 90112 c:\windows\assembly\GAC\LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\LTRASTERVIEWLib.dll + 2009-06-22 17:39 . 2009-06-22 17:39 40960 c:\windows\assembly\GAC\LTRASTERLib\1.0.0.0__a53cf5803f4c3827\LTRASTERLib.dll + 2009-06-22 17:39 . 2009-06-22 17:39 73728 c:\windows\assembly\GAC\LTRASTERIOLib\1.0.0.0__a53cf5803f4c3827\LTRASTERIOLib.dll + 2009-06-22 17:37 . 2009-06-22 17:37 77824 c:\windows\assembly\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\LEAD.dll + 2009-06-22 17:37 . 2009-06-22 17:37 40960 c:\windows\assembly\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\LEAD.Windows.Forms.dll + 2009-06-22 17:37 . 2009-06-22 17:37 69632 c:\windows\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll + 2009-06-22 17:37 . 2009-06-22 17:37 86016 c:\windows\assembly\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.dll + 2009-06-22 17:37 . 2009-06-22 17:37 90112 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll + 2009-06-22 17:37 . 2009-06-22 17:37 81920 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll + 2009-06-22 17:37 . 2009-06-22 17:37 18944 c:\windows\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\Interop.MsHtmHst.dll + 2009-06-22 17:39 . 2009-06-22 17:39 90112 c:\windows\assembly\GAC\Interop.LTANNLib\1.0.0.0__a53cf5803f4c3827\Interop.LTANNLib.dll + 2009-06-22 17:37 . 2009-06-22 17:37 14848 c:\windows\assembly\GAC\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\Interop.hpqvideo.dll + 2009-06-22 17:37 . 2009-06-22 17:37 12800 c:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll + 2009-06-22 17:37 . 2009-06-22 17:37 10240 c:\windows\assembly\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll + 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\Interop.hpqdstcp.dll + 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll + 2009-06-22 17:37 . 2009-06-22 17:37 15872 c:\windows\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\interop.hpodxmlutil.dll + 2009-06-22 17:37 . 2009-06-22 17:37 13312 c:\windows\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\interop.hpodvid.dll + 2009-06-22 17:37 . 2009-06-22 17:37 13312 c:\windows\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\interop.hpodtrk.dll + 2009-06-22 17:37 . 2009-06-22 17:37 12800 c:\windows\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv_md.dll + 2009-06-22 17:37 . 2009-06-22 17:37 15360 c:\windows\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\interop.hpodmmc.dll + 2009-06-22 17:37 . 2009-06-22 17:37 10240 c:\windows\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\Interop.hpodev08.dll + 2009-06-22 17:37 . 2009-06-22 17:37 94208 c:\windows\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\Interop.hpodeb08.dll + 2009-06-22 17:37 . 2009-06-22 17:37 12800 c:\windows\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\interop.hpodaud.dll + 2009-06-22 17:37 . 2009-06-22 17:37 53248 c:\windows\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\interop.hpodai.dll + 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\interop.hpodae.dll + 2009-06-22 17:37 . 2009-06-22 17:37 98304 c:\windows\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\Interop.hpocxi08.dll + 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\Interop.hpdarc.dll + 2009-06-22 17:37 . 2009-06-22 17:37 57344 c:\windows\assembly\GAC\hpqxpbrn\3.0.0.0__a53cf5803f4c3827\hpqxpbrn.dll + 2009-06-22 17:37 . 2009-06-22 17:37 94208 c:\windows\assembly\GAC\hpqunkwd\3.0.0.0__a53cf5803f4c3827\hpqunkwd.dll + 2009-06-22 17:37 . 2009-06-22 17:37 65536 c:\windows\assembly\GAC\hpqunkwd.resources\3.0.0.0_en_a53cf5803f4c3827\hpqunkwd.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 77824 c:\windows\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll + 2009-06-22 17:37 . 2009-06-22 17:37 77824 c:\windows\assembly\GAC\hpqszip\3.0.0.0__a53cf5803f4c3827\hpqszip.dll + 2009-06-22 17:37 . 2009-06-22 17:37 20480 c:\windows\assembly\GAC\hpqqca\3.0.0.0__a53cf5803f4c3827\hpqqca.dll + 2009-06-22 17:37 . 2009-06-22 17:37 61440 c:\windows\assembly\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\hpqptint.dll + 2009-06-22 17:37 . 2009-06-22 17:37 32768 c:\windows\assembly\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\hpqptint.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 57344 c:\windows\assembly\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll + 2009-06-22 17:37 . 2009-06-22 17:37 15360 c:\windows\assembly\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\hpqprrsc.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\hpqprogdlg\3.0.0.0__a53cf5803f4c3827\hpqprogdlg.dll + 2009-06-22 17:37 . 2009-06-22 17:37 15360 c:\windows\assembly\GAC\hpqprogdlg.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprogdlg.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 20480 c:\windows\assembly\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\hpqprif.dll + 2009-06-22 17:37 . 2009-06-22 17:37 19456 c:\windows\assembly\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\hpqpel10.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqpbgen\3.0.0.0__a53cf5803f4c3827\hpqpbgen.dll + 2009-06-22 17:37 . 2009-06-22 17:37 53248 c:\windows\assembly\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll + 2009-06-22 17:37 . 2009-06-22 17:37 69632 c:\windows\assembly\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll + 2009-06-22 17:37 . 2009-06-22 17:37 16384 c:\windows\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\hpqmyint.dll + 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\hpqmpvad.dll + 2009-06-22 17:37 . 2009-06-22 17:37 65536 c:\windows\assembly\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll + 2009-06-22 17:37 . 2009-06-22 17:37 20480 c:\windows\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\hpqltutl.dll + 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqlsutl\1.0.0.0__a53cf5803f4c3827\hpqlsutl.dll + 2009-06-22 17:37 . 2009-06-22 17:37 69632 c:\windows\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll + 2009-06-22 17:37 . 2009-06-22 17:37 77824 c:\windows\assembly\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\hpqislib.dll + 2009-06-22 17:37 . 2009-06-22 17:37 16384 c:\windows\assembly\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\hpqisdsp.dll + 2009-06-22 17:37 . 2009-06-22 17:37 61440 c:\windows\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll + 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\hpqimgrc.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 20480 c:\windows\assembly\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll + 2009-06-22 17:37 . 2009-06-22 17:37 94208 c:\windows\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgtpin.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 69632 c:\windows\assembly\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll + 2009-06-22 17:37 . 2009-06-22 17:37 40960 c:\windows\assembly\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\hpqglutl.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 36864 c:\windows\assembly\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll + 2009-06-22 17:37 . 2009-06-22 17:37 13312 c:\windows\assembly\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\hpqedppi.dll + 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\hpqeal.dll + 2009-06-22 17:39 . 2009-06-22 17:39 98304 c:\windows\assembly\GAC\hpqdocvw.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdocvw.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 86016 c:\windows\assembly\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\hpqdocpt.resources.dll + 2009-06-22 17:39 . 2009-06-22 17:39 36864 c:\windows\assembly\GAC\hpqdcrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdcrsc.resources.dll + 2009-06-22 17:39 . 2009-06-22 17:39 57344 c:\windows\assembly\GAC\hpqdcprf\3.0.0.0__a53cf5803f4c3827\hpqdcprf.dll + 2009-06-22 17:39 . 2009-06-22 17:39 40960 c:\windows\assembly\GAC\hpqdcprf.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdcprf.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 53248 c:\windows\assembly\GAC\hpqcpolp\4.0.0.0__a53cf5803f4c3827\hpqcpolp.dll + 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqcpolp.resources\4.0.0.0_en_a53cf5803f4c3827\hpqcpolp.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 65536 c:\windows\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\hpqcpint.dll + 2009-06-22 17:37 . 2009-06-22 17:37 98304 c:\windows\assembly\GAC\hpqcddvd\3.0.0.0__a53cf5803f4c3827\hpqcddvd.dll + 2009-06-22 17:37 . 2009-06-22 17:37 86016 c:\windows\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcalp.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 32768 c:\windows\assembly\GAC\hpqbutil\3.0.0.0__a53cf5803f4c3827\hpqbutil.dll + 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\hpqbkloc\3.0.0.0__a53cf5803f4c3827\hpqbkloc.dll + 2009-06-22 17:37 . 2009-06-22 17:37 24576 c:\windows\assembly\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll + 2009-06-22 17:37 . 2009-06-22 17:37 45056 c:\windows\assembly\GAC\hpqasmgt\3.0.0.0__a53cf5803f4c3827\hpqasmgt.dll + 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\hpqalb.dll + 2009-06-22 17:37 . 2009-06-22 17:37 45056 c:\windows\assembly\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\hpqactiv.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 28672 c:\windows\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\HPODMmcLib.dll + 2009-06-22 17:37 . 2009-06-22 17:37 32256 c:\windows\assembly\GAC\hplMosaicNet\1.4.1.0__0d5444959b41355f\hplMosaicNet.dll + 2009-06-22 17:37 . 2009-06-22 17:37 45056 c:\windows\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\AxInterop.SHDocVw.dll + 2009-06-22 17:39 . 2009-06-22 17:39 77824 c:\windows\assembly\GAC\AxInterop.LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\AxInterop.LTRASTERVIEWLib.dll + 2005-08-19 07:00 . 2005-08-19 07:00 2560 c:\windows\system32\drivers\cdralw2k.sys + 2005-08-19 07:00 . 2005-08-19 07:00 2432 c:\windows\system32\drivers\cdr4_xp.sys + 2009-06-22 17:37 . 2009-06-22 17:37 4286 c:\windows\Installer\{B6286A44-7505-471A-A72B-04EC2DB2F442}\Shortcut_start.9FAB98ED_2143_4534_9750_7CD4ECEB9596.exe + 2009-06-22 18:43 . 2009-06-22 18:43 4846 c:\windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\MouseUG.exe + 2009-06-22 18:41 . 2009-06-22 18:41 4846 c:\windows\Installer\{345112D9-0930-4A68-AB71-A831BA5DE7AA}\ITP_KeyboardUG.exe + 2006-09-07 19:41 . 2006-09-07 19:41 3953 c:\windows\hpwmdl05.dat + 2009-06-22 17:37 . 2009-06-22 17:37 3072 c:\windows\assembly\GAC\policy.13.0.LEAD\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.dll + 2009-06-22 17:37 . 2009-06-22 17:37 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Wrapper.dll + 2009-06-22 17:37 . 2009-06-22 17:37 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.dll + 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.DrawingContainer.dll + 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.CommonDialogs.dll + 2009-06-22 17:37 . 2009-06-22 17:37 3072 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.dll + 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.Twain.dll + 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing.dll + 2009-06-22 17:37 . 2009-06-22 17:37 3584 c:\windows\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.Codecs.dll + 2009-06-22 17:37 . 2009-06-22 17:37 7680 c:\windows\assembly\GAC\Interop.LITTManagerLib\1.0.0.0__a53cf5803f4c3827\Interop.LITTManagerLib.dll + 2009-06-22 17:37 . 2009-06-22 17:37 4096 c:\windows\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\Interop.hprblog.dll + 2009-06-22 17:38 . 2009-06-22 17:38 9216 c:\windows\assembly\GAC\Interop.hpqSonWr\4.0.0.0__a53cf5803f4c3827\Interop.hpqSonWr.dll + 2009-06-22 17:37 . 2009-06-22 17:37 7680 c:\windows\assembly\GAC\Interop.hpqcrmcm\7.0.78.0__a53cf5803f4c3827\Interop.hpqcrmcm.dll + 2009-06-22 17:37 . 2009-06-22 17:37 5632 c:\windows\assembly\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\interop.hpqcldat.dll + 2009-06-22 17:37 . 2009-06-22 17:37 4608 c:\windows\assembly\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\interop.hpqcbcnv.dll + 2009-06-22 17:38 . 2009-06-22 17:38 6656 c:\windows\assembly\GAC\Interop.HpqCamUn\1.0.0.0__a53cf5803f4c3827\Interop.HpqCamUn.dll + 2009-06-22 17:38 . 2009-06-22 17:38 6656 c:\windows\assembly\GAC\Interop.hpqaiois\4.0.0.0__a53cf5803f4c3827\Interop.hpqaiois.dll + 2009-06-22 17:37 . 2009-06-22 17:37 4608 c:\windows\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\interop.hpodprint2.dll + 2009-06-22 17:37 . 2009-06-22 17:37 7680 c:\windows\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv.dll + 2009-06-22 17:37 . 2009-06-22 17:37 6656 c:\windows\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\interop.hpodmp.dll + 2009-06-22 17:37 . 2009-06-22 17:37 8704 c:\windows\assembly\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\hpqmdmr.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 4096 c:\windows\assembly\GAC\hpqedppi.resources\3.0.0.0_en_a53cf5803f4c3827\hpqedppi.resources.dll - 2009-06-10 17:48 . 2008-07-24 16:10 200192 c:\windows\system32\spool\drivers\w32x86\3\hpzpr58a.dll + 2009-06-11 16:13 . 2008-07-24 16:10 200192 c:\windows\system32\spool\drivers\w32x86\3\hpzpr58a.dll - 2009-06-10 17:48 . 2008-07-24 16:10 437248 c:\windows\system32\spool\drivers\w32x86\3\hpzev58a.dll + 2009-06-11 16:13 . 2008-07-24 16:10 437248 c:\windows\system32\spool\drivers\w32x86\3\hpzev58a.dll + 2009-06-11 16:13 . 2008-07-24 16:13 977920 c:\windows\system32\spool\drivers\w32x86\3\hpz3c58a.dll - 2009-06-10 17:48 . 2008-07-24 16:13 977920 c:\windows\system32\spool\drivers\w32x86\3\hpz3c58a.dll + 2009-06-11 16:13 . 2006-08-22 06:34 106496 c:\windows\system32\spool\drivers\w32x86\3\hpfrs58a.dll - 2009-06-10 17:48 . 2006-08-22 06:34 106496 c:\windows\system32\spool\drivers\w32x86\3\hpfrs58a.dll + 2009-06-11 16:13 . 2006-08-22 06:32 314880 c:\windows\system32\spool\drivers\w32x86\3\hpfie58a.dll - 2009-06-10 17:48 . 2006-08-22 06:32 314880 c:\windows\system32\spool\drivers\w32x86\3\hpfie58a.dll + 2009-05-28 23:13 . 2006-11-29 21:26 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll - 2009-05-28 23:13 . 2008-02-05 18:26 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll + 2005-09-29 19:05 . 2005-09-29 19:05 151552 c:\windows\system32\pxwma.dll + 2002-01-05 08:36 . 2002-01-05 08:36 964608 c:\windows\system32\mfc70u.dll + 2002-01-05 08:48 . 2002-01-05 08:48 974848 c:\windows\system32\mfc70.dll - 2001-12-17 12:15 . 2001-12-17 12:15 974848 c:\windows\system32\mfc70.dll + 2008-04-25 09:21 . 2009-06-22 17:44 356952 c:\windows\system32\FNTCACHE.DAT + 2009-06-22 18:00 . 2009-06-22 18:00 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F66110.exe + 2009-06-22 17:36 . 2009-06-22 17:36 643072 c:\windows\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut9.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut9.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut8.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut8.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut7.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut7.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut6.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut6.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut24.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut24.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut23.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut23.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut22.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut22.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut21.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut21.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut20.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut20.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut2.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut2.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut19.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut19.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut18.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut18.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut17.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut17.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut16.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut16.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut14.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut14.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut13.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut13.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut12.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut12.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut11.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut11.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut10.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut10.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-05-28 23:15 . 2009-06-22 17:35 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe - 2009-05-28 23:15 . 2009-05-28 23:15 110592 c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe + 2009-06-22 17:37 . 2009-06-22 17:37 430080 c:\windows\assembly\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\LEAD.Wrapper.dll + 2009-06-22 17:37 . 2009-06-22 17:37 106496 c:\windows\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\LEAD.Windows.Forms.CommonDialogs.dll + 2009-06-22 17:37 . 2009-06-22 17:37 102400 c:\windows\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\LEAD.Drawing.Imaging.Twain.dll + 2009-06-22 17:37 . 2009-06-22 17:37 126976 c:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\Interop.SHDocVw.dll + 2009-06-22 17:37 . 2009-06-22 17:37 204800 c:\windows\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\Interop.hpodio08.dll + 2009-06-22 17:37 . 2009-06-22 17:37 163840 c:\windows\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll + 2009-06-22 17:37 . 2009-06-22 17:37 229376 c:\windows\assembly\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll + 2009-06-22 17:37 . 2009-06-22 17:37 385024 c:\windows\assembly\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll + 2009-06-22 17:37 . 2009-06-22 17:37 262144 c:\windows\assembly\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll + 2009-06-22 17:38 . 2009-06-22 17:38 581632 c:\windows\assembly\GAC\hpqsshw\3.0.0.0__a53cf5803f4c3827\hpqsshw.dll + 2009-06-22 17:38 . 2009-06-22 17:38 364544 c:\windows\assembly\GAC\hpqsshw.resources\3.0.0.0_en_a53cf5803f4c3827\hpqsshw.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 983040 c:\windows\assembly\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\hpqptfx.dll + 2009-06-22 17:37 . 2009-06-22 17:37 380928 c:\windows\assembly\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\hpqptfx.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 479232 c:\windows\assembly\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\hpqprutl.dll + 2009-06-22 17:37 . 2009-06-22 17:37 237568 c:\windows\assembly\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\hpqprutl.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 401408 c:\windows\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\hpqprjfx.dll + 2009-06-22 17:37 . 2009-06-22 17:37 258048 c:\windows\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprjfx.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 176128 c:\windows\assembly\GAC\hpqprjcm\3.0.0.0__a53cf5803f4c3827\hpqprjcm.dll + 2009-06-22 17:37 . 2009-06-22 17:37 131072 c:\windows\assembly\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\hpqpel10.dll + 2009-06-22 17:37 . 2009-06-22 17:37 184320 c:\windows\assembly\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\hpqpdmdl.dll + 2009-06-22 17:37 . 2009-06-22 17:37 319488 c:\windows\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\hpqpanop.dll + 2009-06-22 17:37 . 2009-06-22 17:37 110592 c:\windows\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpanop.resources.dll + 2009-06-22 17:39 . 2009-06-22 17:39 475136 c:\windows\assembly\GAC\hpqmydoc\3.0.0.0__a53cf5803f4c3827\hpqmydoc.dll + 2009-06-22 17:39 . 2009-06-22 17:39 253952 c:\windows\assembly\GAC\hpqmydoc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqmydoc.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 323584 c:\windows\assembly\GAC\hpqlsprj\1.0.0.0__a53cf5803f4c3827\hpqlsprj.dll + 2009-06-22 17:37 . 2009-06-22 17:37 192512 c:\windows\assembly\GAC\hpqlsprj.resources\1.0.0.0_en_a53cf5803f4c3827\hpqlsprj.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 712704 c:\windows\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\hpqistab.dll + 2009-06-22 17:37 . 2009-06-22 17:37 516096 c:\windows\assembly\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll + 2009-06-22 17:37 . 2009-06-22 17:37 348160 c:\windows\assembly\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\hpqimvlt.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 192512 c:\windows\assembly\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll + 2009-06-22 17:37 . 2009-06-22 17:37 282624 c:\windows\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\hpqgtpin.dll + 2009-06-22 17:37 . 2009-06-22 17:37 737280 c:\windows\assembly\GAC\hpqedit.resources\3.0.0.0_en_a53cf5803f4c3827\hpqedit.resources.dll + 2009-06-22 17:39 . 2009-06-22 17:39 147456 c:\windows\assembly\GAC\hpqdocvw\3.0.0.0__a53cf5803f4c3827\hpqdocvw.dll + 2009-06-22 17:37 . 2009-06-22 17:37 139264 c:\windows\assembly\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\hpqdocpt.dll + 2009-06-22 17:39 . 2009-06-22 17:39 151552 c:\windows\assembly\GAC\hpqdcrsc\3.0.0.0__a53cf5803f4c3827\hpqdcrsc.dll + 2009-06-22 17:37 . 2009-06-22 17:37 425984 c:\windows\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll + 2009-06-22 17:37 . 2009-06-22 17:37 167936 c:\windows\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 262144 c:\windows\assembly\GAC\hpqcdcpy\3.0.0.0__a53cf5803f4c3827\hpqcdcpy.dll + 2009-06-22 17:37 . 2009-06-22 17:37 184320 c:\windows\assembly\GAC\hpqcdcpy.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcdcpy.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 593920 c:\windows\assembly\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll + 2009-06-22 17:37 . 2009-06-22 17:37 274432 c:\windows\assembly\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcc2.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 180224 c:\windows\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\hpqcalp.dll + 2009-06-22 17:37 . 2009-06-22 17:37 790528 c:\windows\assembly\GAC\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll + 2009-06-22 17:37 . 2009-06-22 17:37 532480 c:\windows\assembly\GAC\hpqbakup.resources\3.0.0.0_en_a53cf5803f4c3827\hpqbakup.resources.dll + 2009-06-22 17:37 . 2009-06-22 17:37 163840 c:\windows\assembly\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\hpqactiv.dll + 2009-05-22 00:02 . 2007-08-31 19:13 1421736 c:\windows\system32\wdfcoinstaller01005.dll - 2009-06-10 17:48 . 2008-07-24 16:13 3333632 c:\windows\system32\spool\drivers\w32x86\3\hpzur58a.dll + 2009-06-11 16:13 . 2008-07-24 16:13 3333632 c:\windows\system32\spool\drivers\w32x86\3\hpzur58a.dll - 2009-06-10 17:48 . 2008-07-24 16:10 3217920 c:\windows\system32\spool\drivers\w32x86\3\hpzui58a.dll + 2009-06-11 16:13 . 2008-07-24 16:10 3217920 c:\windows\system32\spool\drivers\w32x86\3\hpzui58a.dll + 2009-06-22 16:36 . 2006-07-03 15:54 4357632 c:\windows\system32\spool\drivers\w32x86\3\hpzui4sa.dll - 2009-05-28 23:13 . 2006-07-03 15:54 4357632 c:\windows\system32\spool\drivers\w32x86\3\hpzui4sa.dll - 2009-06-10 17:48 . 2008-07-24 16:13 5513216 c:\windows\system32\spool\drivers\w32x86\3\hpzst58a.dll + 2009-06-11 16:13 . 2008-07-24 16:13 5513216 c:\windows\system32\spool\drivers\w32x86\3\hpzst58a.dll - 2009-06-10 17:48 . 2008-07-24 16:10 1737728 c:\windows\system32\spool\drivers\w32x86\3\hpz3r58a.dll + 2009-06-11 16:13 . 2008-07-24 16:10 1737728 c:\windows\system32\spool\drivers\w32x86\3\hpz3r58a.dll - 2009-06-10 17:48 . 2006-08-22 06:33 7019008 c:\windows\system32\spool\drivers\w32x86\3\hpfig58a.dll + 2009-06-11 16:13 . 2006-08-22 06:33 7019008 c:\windows\system32\spool\drivers\w32x86\3\hpfig58a.dll + 2009-05-28 23:13 . 2007-03-07 19:16 2856960 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll + 2009-06-22 18:43 . 2007-08-31 19:13 1421736 c:\windows\system32\ReinstallBackups\0026\DriverFiles\wdfcoinstaller01005.dll + 2009-06-22 18:43 . 2007-08-31 19:13 1421736 c:\windows\system32\ReinstallBackups\0024\DriverFiles\wdfcoinstaller01005.dll + 2009-06-22 18:41 . 2007-08-31 19:13 1421736 c:\windows\system32\DRVSTORE\nuidfltr_E8F8C714821A786671DE95508EA821EFC993B9E1\wdfcoinstaller01005.dll + 2009-06-22 18:42 . 2008-12-08 21:15 1419232 c:\windows\LastGood\system32\wdfcoinstaller01005.dll + 2009-06-22 17:37 . 2009-06-22 17:37 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll + 2009-06-22 17:37 . 2009-06-22 17:37 1163264 c:\windows\assembly\GAC\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Google Update"="c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-28 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-08 200704] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-09 442460] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-09 466944] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-28 68592] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240] "PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696] "USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2009-5-28 25214] Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-6-5 1545488] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-05-21 21:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/29/2009 10:27 AM 55152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/29/2009 6:14 PM 210216] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/21/2009 8:02 PM 108160] R3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [5/28/2009 8:15 PM 11648] R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [5/28/2009 8:15 PM 11136] R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [5/28/2009 8:15 PM 37248] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/21/2009 8:02 PM 160256] S2 yksvc;Marvell Yukon Service; [x] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717499061-2896550583-2833677910-1005.job - c:\documents and settings\Scott Pugmire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 19:43] 2009-06-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53] 2009-05-29 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 14:53] . - - - - ORPHANS REMOVED - - - - BHO-{A5B67D12-8F93-B1F2-FB7A-C0A30649AF4E} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-22 16:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1717499061-2896550583-2833677910-1005\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1672) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(4348) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL . Completion time: 2009-06-22 16:10 ComboFix-quarantined-files.txt 2009-06-22 20:10 ComboFix2.txt 2009-06-22 14:06 Pre-Run: 251,822,518,272 bytes free Post-Run: 251,835,682,816 bytes free 667 --- E O F --- 2009-06-19 17:29 Kaspersky Scan.txt* -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Tuesday, June 23, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Monday, June 22, 2009 22:57:55 Records in database: 2378674 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ V:\ X:\ Scan statistics: Files scanned: 178901 Threat name: 5 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 09:01:14 File name / Threat name / Threats count C:\Documents and Settings\Scott Pugmire\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000004.pst Infected: Trojan-Downloader.JS.Gumblar.a 2 C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip Infected: Trojan-Spy.Win32.Zbot.gen 1 X:\_Sage Archive\Outlook\Archive_2006.pst Infected: Trojan-Spy.HTML.Amazofraud.m 1 X:\Nancy's PC Fix\Nancy's Documents\iPod Music\02 Track 2 (broken).wma Infected: Trojan-Downloader.WMA.Wimad.k 1 X:\Nancy's PC Fix\Nancy's Documents\iPod Music\05 Track 5 (girlshapedlovedrug).wma Infected: Trojan-Downloader.WMA.Wimad.o 1 The selected area was scanned. __________________ Scott

06-23-2009, 03:55 PM	#10 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: 2 of 5 Trojan Viruses Not Removed by McAfee Hello again If you have removed RegistryFix v7.1- delete this folder in blue c:\program files\RegistryFix7 Also which version of Mcafee do you have installed? The version you currently have installed looks to be a few years old? __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating

06-23-2009, 05:10 PM	#12 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: 2 of 5 Trojan Viruses Not Removed by McAfee Hello again Your Mcafee versions are current and correct. ======= If there are no further issues, continue below. ======= Delete DDS from your desktop, you may keep ATF-Cleaner if you wish...otherwise delete from desktop. ======== Well done, your logs are clean. Click start>run>type(or copy/paste command into run box): ComboFix /u Click ok. ========= Clear IE6 cookies Open IE and click Tools* Click on Internet Options* Click on General Tab* Click on Delte Temp Files* & Cookies buttons. Clear IE7 cookies On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab. On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too]. Click OK, and then click OK again. Clear Firefox cookies/cache* • Select "Tools" • Select "Options". • Select "Privacy". • In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want. • Click OK. • In Private area click "Clear Now". ------------------------------------------------------------------------------------------- MICROSOFT UPDATES 1.Click Start,Run, type sysdm.cpl, and then press OK. 2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended). Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday". ------------------------------------------------------------------------------------------ Useful Information and Programs to keep you safe. WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites. WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites. For Internet Explorer users: WOT for IE -------------------------------------------------------------------------------------- Alternate Browsers Try the following free alternate browsers rather than Internet Explorer Avant Firefox Opera K-Meleon ------------------------------------------------------------------------------------------ Free Antispyware Products SuperAntiSpyware Malwarebytes ' Anti-Malware SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items ------------------------------------------------------------------ The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file. If your having trouble downloading & extracting,see link below for guidance: http://www.mvps.org/winhelp2002/hosts2.htm Once you have extracted the host file,double click on it and a new window will open. Double-click on mvps.batand follow the prompts --------------------------------------------------------------- Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer. ---------------------------------------- SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users. Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. ============================================== Secunia PSI is a programme that will alert you to vulnerabilities and outdated programs you have installed, such as Java, Flash Player and many more. It can also alert you if you have not installed the latest patches from Microsoft. ============================================== Also, please take a look at this well written article: PC Safety and Security--What Do I Need? Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Please reply to this thread once more, as we may mark this as resolved, thanks. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating**

06-23-2009, 07:09 PM	#13 (permalink)
spugmire I helped the forums. Join Date: Jan 2009 Location: Metro Atlanta Posts: 11 OS: XP SP3	Re: 2 of 5 Trojan Viruses Not Removed by McAfee Thank you for your help. I noticed you are a Scot. One of my family names is Mcleod which originates from the Isle of Skye. Nice to have help from that part of the world. In addition to giving you and the others there my thanks, I will be also providing a donation. Don't get too excited, I am recently unemployed, but feel the need to show my true gratitude for the donation of everyone's time. __________________ Scott

06-24-2009, 04:50 AM	#14 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: 2 of 5 Trojan Viruses Not Removed by McAfee Isle of Skye is a lovely part of the world and if you have the opportunity you should visit it one day. Little trivial for you, the Mc in the Mcleod name means son of, all Scottish names with Mc at the beginning mean son of. Thank you for your donation it is much appreciated, take care __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating