here it is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:39 PM, on 7/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1151815491625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1151891836312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -
http://utilities.pcp.../pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D1F4144-BCC0-4090-8BBD-D7B6A70794EA}: NameServer = 4.2.2.2,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{83844D86-ECA4-4C69-A3FF-57419C2A604A}: NameServer = 4.2.2.2,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8AE25C-790C-4410-BABD-8AB1AB341096}: NameServer = 4.2.2.3,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB090EA3-FFD7-42C6-A64C-62F52327B561}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D1F4144-BCC0-4090-8BBD-D7B6A70794EA}: NameServer = 4.2.2.2,4.2.2.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11616 bytes
ComboFix 09-07-21.05 - DAD 07/22/2009 12:17.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1492 [GMT -4:00]
Running from: c:\documents and settings\DAD\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\freebl3.dll
c:\program files\Mozilla Firefox\MOZCRT19.dll
c:\program files\Mozilla Firefox\nspr4.dll
c:\program files\Mozilla Firefox\nssutil3.dll
c:\program files\Mozilla Firefox\plc4.dll
c:\program files\Mozilla Firefox\plds4.dll
c:\windows\Installer\13f632.msp
c:\windows\Installer\13f654.msp
c:\windows\Installer\16daa1.msi
c:\windows\Installer\16daa2.msp
c:\windows\Installer\16daa3.msp
c:\windows\Installer\16daa4.msp
c:\windows\Installer\16daa5.msp
c:\windows\Installer\16daa6.msp
c:\windows\Installer\16daa7.msp
c:\windows\Installer\16daa8.msp
c:\windows\Installer\16daa9.msp
c:\windows\Installer\16daaa.msp
c:\windows\Installer\1a4e5f.msi
c:\windows\Installer\1a4e60.msp
c:\windows\Installer\1a4e61.msp
c:\windows\Installer\1a4e62.msp
c:\windows\Installer\1a4e63.msp
c:\windows\Installer\1a4e64.msp
c:\windows\Installer\1a4e65.msp
c:\windows\Installer\1a4e66.msp
c:\windows\Installer\1a4e67.msp
c:\windows\Installer\1a4e68.msp
c:\windows\Installer\1a4e69.msp
c:\windows\Installer\1b5f3a.msi
c:\windows\Installer\1b5f49.msp
c:\windows\Installer\1b5f54.msp
c:\windows\Installer\1b5f60.msp
c:\windows\Installer\20cc425.msi
c:\windows\Installer\24982b2.msi
c:\windows\Installer\3549530.msi
c:\windows\Installer\3631fa9.msi
c:\windows\Installer\5b69ea0.msi
c:\windows\Installer\5f68487.msp
c:\windows\Installer\5f68491.msp
c:\windows\Installer\5f684a6.msp
c:\windows\Installer\5f684b1.msp
c:\windows\Installer\5f684c7.msp
c:\windows\Installer\5f684d1.msp
c:\windows\Installer\8cd12.msp
c:\windows\Installer\8cd1f.msi
c:\windows\Installer\8cd34.msi
c:\windows\Installer\8cd3e.msp
c:\windows\Installer\c4ce5.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 15:33 . 2009-07-22 15:33 -------- d-----w- c:\documents and settings\DAD\Application Data\Trillian
2009-07-22 14:41 . 2009-07-22 14:41 -------- d-----w- c:\program files\Ask.com
2009-07-22 01:45 . 2009-07-22 01:45 -------- d-----w- c:\program files\JavaFX
2009-07-22 01:42 . 2009-07-22 01:42 -------- d-----w- c:\program files\Sun
2009-07-22 01:42 . 2009-07-22 01:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 01:17 . 2009-07-22 01:28 -------- d-----w- c:\documents and settings\DAD\.SunDownloadManager
2009-07-22 00:18 . 2009-07-22 00:18 -------- d-----w- c:\program files\Secunia
2009-07-21 01:06 . 2009-07-21 01:06 -------- d-----w- c:\documents and settings\DAD\Application Data\Malwarebytes
2009-07-21 01:06 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 01:06 . 2009-07-21 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 01:06 . 2009-07-21 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 01:06 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 03:08 . 2009-07-20 03:08 -------- d-----w- c:\program files\Trend Micro
2009-07-20 02:55 . 2009-07-20 02:55 -------- d-----w- c:\program files\ERUNT
2009-07-20 02:19 . 2009-07-20 03:16 -------- d-----w- c:\program files\UltimateBet
2009-07-20 01:34 . 2007-11-18 15:42 461952 ----a-w- c:\windows\system32\drivers\MRVW245.sys
2009-07-15 22:22 . 2009-07-15 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 18:04 . 2009-07-15 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-15 01:55 . 2009-07-15 01:55 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-15 01:28 . 2009-07-15 01:28 -------- d-----w- c:\documents and settings\DAD\Application Data\Lavasoft
2009-07-14 01:55 . 2009-07-14 01:55 -------- d-----w- c:\documents and settings\DAVID\Application Data\Windows Search
2009-07-13 05:21 . 2009-07-13 05:29 -------- d-----w- c:\program files\CPU Thermometer
2009-07-10 00:25 . 2009-07-10 00:25 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-10 00:25 . 2009-07-10 00:25 -------- d-----w- c:\program files\MSBuild
2009-07-10 00:25 . 2009-07-10 00:25 -------- d-----w- c:\program files\Reference Assemblies
2009-07-10 00:24 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-10 00:24 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-10 00:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-10 00:24 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-10 00:24 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-10 00:24 . 2009-07-10 00:25 -------- d-----w- C:\89edb96d60ea8c31c772
2009-07-10 00:24 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-10 00:24 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-10 00:19 . 2009-07-10 00:20 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\ApplicationHistory
2009-07-09 23:46 . 2009-07-09 23:46 -------- d-----w- c:\windows\system32\URTTEMP
2009-07-09 23:37 . 2009-07-09 23:37 -------- d-----w- c:\documents and settings\DAD\Application Data\Windows Search
2009-07-09 23:00 . 2009-07-09 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-09 04:34 . 2009-07-10 01:47 -------- d-----w- c:\program files\PCPitstop
2009-07-09 02:50 . 2009-07-09 02:50 -------- d-----w- c:\windows\CPU & Ram Meter
2009-07-09 02:50 . 2009-07-09 02:50 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\Stardock
2009-07-08 16:11 . 2006-10-22 16:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-08 16:11 . 2006-10-22 19:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 16:11 . 2009-07-08 16:11 -------- d-----w- C:\NVIDIA
2009-07-02 00:25 . 2009-07-02 00:25 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\Temp
2009-07-01 00:21 . 2009-07-01 00:21 -------- d-----w- c:\documents and settings\DAVID\Application Data\Ulead Systems
2009-06-23 01:35 . 2009-06-23 01:35 -------- d-----w- c:\documents and settings\DAVID\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 15:33 . 2006-07-02 04:51 -------- d-----w- c:\program files\Trillian
2009-07-22 13:46 . 2009-05-31 23:53 -------- d-----w- c:\program files\Common Files\AOL
2009-07-22 11:30 . 2009-04-10 04:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-07-22 11:25 . 2009-01-02 12:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 01:41 . 2007-08-08 11:26 -------- d-----w- c:\program files\Java
2009-07-20 01:34 . 2006-07-03 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 18:28 . 2007-08-04 04:20 -------- d-----w- c:\program files\MySpace
2009-07-18 18:25 . 2007-12-26 01:30 -------- d-----w- c:\program files\BYOND
2009-07-17 02:28 . 2007-07-05 03:05 84704 -c--a-w- c:\documents and settings\DAVID\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 23:31 . 2009-06-16 20:28 -------- d-----w- c:\documents and settings\DAD\Application Data\DiskAid
2009-07-15 23:08 . 2007-07-05 00:01 84704 -c--a-w- c:\documents and settings\DAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 05:24 . 2009-02-18 07:35 117760 ----a-w- c:\documents and settings\DAD\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-15 05:21 . 2009-04-10 01:39 -------- d-----w- c:\program files\McAfee
2009-07-14 01:57 . 2006-01-02 00:20 -------- d-----w- c:\documents and settings\DAVID\Application Data\Skype
2009-07-14 01:56 . 2006-01-02 00:22 -------- d-----w- c:\documents and settings\DAVID\Application Data\skypePM
2009-07-09 23:39 . 2006-07-02 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-09 23:24 . 2009-02-14 17:40 -------- d-----w- c:\documents and settings\DAD\Application Data\LimeWire
2009-07-09 23:20 . 2008-03-27 02:43 -------- d-----w- c:\program files\LimeWire
2009-07-09 05:38 . 2009-06-16 20:19 -------- d-----w- c:\documents and settings\DAVID\Application Data\DiskAid
2009-07-09 05:38 . 2008-04-15 01:32 -------- d-----w- c:\documents and settings\DAVID\Application Data\Canon
2009-07-09 05:38 . 2007-08-08 11:31 -------- d-----w- c:\documents and settings\DAVID\Application Data\LimeWire
2009-07-09 04:34 . 2008-10-26 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-07-09 00:05 . 2007-07-08 15:18 -------- d-----w- c:\program files\Canon
2009-07-09 00:04 . 2007-08-11 08:33 -------- d-----w- c:\program files\Bonjour
2009-07-09 00:02 . 2008-09-27 08:00 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-09 00:01 . 2009-07-09 00:01 -------- d-----w- c:\documents and settings\DAD\Application Data\ArcSoft
2009-07-03 00:12 . 2009-02-18 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HDD Thermometer
2009-07-01 22:22 . 2008-04-14 05:02 68752 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-06-23 01:49 . 2008-04-11 06:14 -------- d-----w- c:\documents and settings\DAVID\Application Data\U3
2009-06-22 04:58 . 2009-06-16 20:40 -------- d-----w- c:\program files\iPhoneBrowser
2009-06-20 18:59 . 2009-06-20 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-16 21:10 . 2009-06-16 21:10 -------- d-----w- c:\program files\ImTOO
2009-06-16 20:32 . 2006-01-05 00:27 -------- d-----w- c:\documents and settings\DAD\Application Data\Apple Computer
2009-06-16 20:23 . 2009-06-16 20:16 -------- d-----w- c:\program files\DiskAid
2009-06-16 14:36 . 2002-09-03 17:06 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-09-03 16:33 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 07:15 . 2009-01-14 11:56 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-11 04:31 . 2009-06-11 04:31 -------- d-----w- c:\documents and settings\DAVID\Application Data\acccore
2009-06-03 19:09 . 2005-08-30 13:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 23:57 . 2009-05-31 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-31 23:17 . 2009-05-31 23:17 -------- d-----w- c:\program files\Native Instruments
2009-05-28 00:53 . 2009-05-28 00:53 -------- d-----w- c:\program files\Common Files\Lenovo
2009-05-28 00:53 . 2007-07-05 01:16 -------- d-----w- c:\program files\Lenovo
2009-05-25 04:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-24 23:53 . 2008-11-13 05:18 -------- d-----w- c:\program files\Windows Live
2009-05-24 23:09 . 2009-05-24 23:09 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-05-19 05:36 . 2009-06-20 18:59 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-20 18:59 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-20 18:59 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-20 18:59 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-20 18:59 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-20 18:59 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-20 18:59 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-20 18:59 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-13 05:15 . 2006-06-23 15:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2002-09-03 16:39 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-20 01:51 . 2008-08-30 05:52 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2008-10-21 16:13 741768 ----a-w- c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll" [2008-10-21 741768]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-10 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-10 137752]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\DAD\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe [2009-7-19 14020608]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^DAVID^Start Menu^Programs^Startup^Alarm Master Plus.lnk]
backup=c:\windows\pss\Alarm Master Plus.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/2/2009 8:41 AM 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/9/2009 9:42 PM 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [1/10/2006 1:09 AM 19504]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [1/10/2006 1:09 AM 83160]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-18 20:35]
2009-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-606747145-725345543-1004Core.job
- c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-21 16:17]
2009-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-606747145-725345543-1004UA.job
- c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-21 16:17]
2009-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-606747145-725345543-1005Core.job
- c:\documents and settings\DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-19 14:35]
2009-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-606747145-725345543-1005UA.job
- c:\documents and settings\DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-19 14:35]
2009-06-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-10 14:53]
2009-07-20 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-10 14:53]
2009-07-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-07-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\Supertoolbar\UpdateTask.exe [2008-10-21 16:13]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {1D1F4144-BCC0-4090-8BBD-D7B6A70794EA} = 4.2.2.2,4.2.2.1
TCP: {83844D86-ECA4-4C69-A3FF-57419C2A604A} = 4.2.2.2,4.2.2.1
TCP: {8F8AE25C-790C-4410-BABD-8AB1AB341096} = 4.2.2.3,4.2.2.2
TCP: {AB090EA3-FFD7-42C6-A64C-62F52327B561} = 4.2.2.1,4.2.2.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DAD\Application Data\Mozilla\Firefox\Profiles\1pl597qg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?client=firefox-a&rls=org.mozilla:en-US:official&oe=UTF-8&channel=s&tab=wn&ned=us
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-22 14:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1844237615-606747145-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3f,fa,7e,90,27,64,19,7d,b2,fb,78,9e,14,e8,3c,d2,8c,d1,97,60,b7,00,ab,
de,ca,9b,4e,9f,ec,85,71,93,80,20,10,a1,30,c0,5e,ee,5f,eb,68,92,7f,19,40,db,\
"??"=hex:51,26,68,11,bc,f8,f9,83,2f,7f,08,b5,c7,73,36,4c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-07-22 14:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-22 18:58
Pre-Run: 102,852,382,720 bytes free
Post-Run: 104,393,551,872 bytes free
412 --- E O F --- 2009-07-22 02:16