We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
help! IE error message & trojan
Comments
-
ComboFix 09-04-04.01 - Elaine Ellison 2009-04-08 14:10:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1263.619 [GMT 1:00]
Running from: c:\documents and settings\Elaine Ellison\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.
2384-12-20 05:07 . 2384-12-20 05:07 3,120 --a--c--- c:\windows\MF_C421.lfa
2384-12-20 05:07 . 2384-12-20 05:07 3,120 --a--c--- c:\windows\MF_C420.lfa
2009-04-08 08:24 . 2009-01-09 20:19 1,089,593
c--- c:\windows\system32\dllcache\ntprint.cat
2009-04-07 22:16 . 2009-04-06 15:32 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-07 22:16 . 2009-04-06 15:32 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-04-07 21:26 . 2009-04-07 21:26 <DIR> d
c:\windows\SxsCaPendDel
2009-04-07 21:26 . 2009-04-07 21:26 <DIR> d
C:\97ea6ab5fb461e1c08d7b1b7de09d7af
2009-04-07 20:49 . 2009-04-07 20:49 <DIR> d
c:\program files\Tall Emu
2009-04-07 20:49 . 2009-04-07 21:19 <DIR> d
c:\documents and settings\Elaine Ellison\Application Data\OnlineArmor
2009-04-07 20:48 . 2009-04-07 21:33 <DIR> d
c:\program files\a-squared Free
2009-04-07 19:33 . 2009-04-07 22:16 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2009-04-07 10:15 . 2009-04-07 21:25 <DIR> d
C:\1fb3f700cad73c801726d59b5f3cd81f
2009-04-07 10:14 . 2009-04-07 10:19 <DIR> d
C:\7152ffd9a40cc24ece4c
2009-04-04 22:11 . 2009-04-04 22:11 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-26 22:17 . 2009-03-26 22:17 <DIR> d--hs---- c:\documents and settings\Elaine Ellison\IECompatCache
2009-03-26 14:42 . 2009-03-26 14:42 <DIR> d--hs---- c:\documents and settings\Elaine Ellison\PrivacIE
2009-03-26 14:34 . 2009-03-26 14:34 <DIR> d--hs---- c:\documents and settings\Elaine Ellison\IETldCache
2009-03-26 14:30 . 2009-03-26 14:30 <DIR> d
c:\windows\ie8updates
2009-03-26 14:25 . 2009-03-26 14:27 <DIR> d--h-c--- c:\windows\ie8
2009-03-26 14:23 . 2009-02-28 05:55 105,984
c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-08 15:22 . 2009-03-08 15:22 49,152
c:\windows\system32\msrating.dll.mui
2009-03-08 15:22 . 2009-03-08 15:22 2,560
c:\windows\system32\mshta.exe.mui
2009-03-08 15:21 . 2009-03-08 15:21 4,096
c:\windows\system32\ie4uinit.exe.mui
2009-03-08 15:20 . 2009-03-08 15:20 81,920
c:\windows\system32\iedkcs32.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 11:42
d
w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-04 20:46
d
w c:\program files\Java
2009-03-26 13:42
d
w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-23 11:50
d
w c:\program files\Windows Live Safety Center
2009-03-09 04:19 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 04:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 04:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 04:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 04:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 04:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 04:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 19:08 266,240 ----a-w c:\windows\system32\CSHelper.exe
2009-03-03 19:08 225,280 ----a-w c:\windows\system32\CSInstru.DLL
2009-02-26 21:49
d
w c:\program files\Microsoft Silverlight
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 20:53 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2007-01-03 12:23 278,528 -c--a-w c:\program files\Common Files\FDEUnInstaller.exe
2005-08-08 23:00 0 -c--a-w c:\documents and settings\Elaine Ellison\Application Data\wklnhst.dat
2008-08-06 12:19 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat0 -
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-30 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 21:53 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
backup=c:\windows\pss\Snapfish PictureMover.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Elaine Ellison^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=c:\documents and settings\Elaine Ellison\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2004-03-19 11:33 118784 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-03-19 11:37 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2004-05-07 10:49 536576 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2004-05-07 10:49 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-01 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-01 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2004-11-08 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2004-11-08 6100]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
2009-04-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)0 -
.
Supplementary Scan
.
uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &AOL Toolbar search
IE: &MSN Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: hotmail.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\https://www.update
Trusted Zone: msn.com\uk
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Elaine Ellison\Application Data\Mozilla\Firefox\Profiles\6nvefm57.default\
FF - prefs.js: browser.startup.homepage - https://www.yahoo.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:12:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-2178658854-705953815-2266963916-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-04-08 14:15:14
ComboFix-quarantined-files.txt 2009-04-08 13:15:03
Pre-Run: 20,000,878,592 bytes free
Post-Run: 20,003,770,368 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
219 --- E O F --- 2009-04-08 08:23:480 -
When it asks for a file association you want to BROWSE your own programs and tell it to open with 'NOTEPAD'choccyface wrote: »ok, ive installed firefox. isnt it quicker than ie?!! when i open logs on malaware, i get a message "the file does not have a programme associated with it for performing this action. create an association for it in the folder options control panel". What do I do for this?
The problem is almost certainly IE8 yeschoccyface wrote: »I tried to open my tesco online using firefox, and it went thru to the log on page no problems - i didnt go any further tho ie keying in my details. does this mean that the problem is with internet explorer? thanks for your help so far, you're a star!!
For firefox ~
(You will also need the other addons like FLASH etc)
http://www.google.com/tools/firefox/toolbar/FT5/intl/en-GB/index.html
https://addons.mozilla.org/en-US/firefox/browse/type:7
Ill run through your combofix later:idea:0 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\MF_C421.lfa
c:\windows\MF_C420.lfa
Dirlook::
c:\windows\SxsCaPendDel
C:\97ea6ab5fb461e1c08d7b1b7de09d7af
C:\1fb3f700cad73c801726d59b5f3cd81f
C:\7152ffd9a40cc24ece4c
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
ComboFix 09-04-04.01 - Elaine Ellison 2009-04-08 20:22:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1263.662 [GMT 1:00]
Running from: c:\documents and settings\Elaine Ellison\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Elaine Ellison\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\MF_C420.lfa
c:\windows\MF_C421.lfa
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\MF_C420.lfa
c:\windows\MF_C421.lfa
.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-08 08:24 . 2009-01-09 20:19 1,089,593
c--- c:\windows\system32\dllcache\ntprint.cat
2009-04-07 22:16 . 2009-04-06 15:32 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-07 22:16 . 2009-04-06 15:32 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-04-07 21:26 . 2009-04-07 21:26 <DIR> d
c:\windows\SxsCaPendDel
2009-04-07 21:26 . 2009-04-07 21:26 <DIR> d
C:\97ea6ab5fb461e1c08d7b1b7de09d7af
2009-04-07 20:49 . 2009-04-07 20:49 <DIR> d
c:\program files\Tall Emu
2009-04-07 20:49 . 2009-04-07 21:19 <DIR> d
c:\documents and settings\Elaine Ellison\Application Data\OnlineArmor
2009-04-07 20:48 . 2009-04-07 21:33 <DIR> d
c:\program files\a-squared Free
2009-04-07 19:33 . 2009-04-07 22:16 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2009-04-07 10:15 . 2009-04-07 21:25 <DIR> d
C:\1fb3f700cad73c801726d59b5f3cd81f
2009-04-07 10:14 . 2009-04-07 10:19 <DIR> d
C:\7152ffd9a40cc24ece4c
2009-04-04 22:11 . 2009-04-04 22:11 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-26 22:17 . 2009-03-26 22:17 <DIR> d--hs---- c:\documents and settings\Elaine Ellison\IECompatCache
2009-03-26 14:42 . 2009-03-26 14:42 <DIR> d--hs---- c:\documents and settings\Elaine Ellison\PrivacIE
2009-03-26 14:34 . 2009-03-26 14:34 <DIR> d--hs---- c:\documents and settings\Elaine Ellison\IETldCache
2009-03-26 14:30 . 2009-03-26 14:30 <DIR> d
c:\windows\ie8updates
2009-03-26 14:25 . 2009-03-26 14:27 <DIR> d--h-c--- c:\windows\ie8
2009-03-26 14:23 . 2009-02-28 05:55 105,984
c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-08 15:22 . 2009-03-08 15:22 49,152
c:\windows\system32\msrating.dll.mui
2009-03-08 15:22 . 2009-03-08 15:22 2,560
c:\windows\system32\mshta.exe.mui
2009-03-08 15:21 . 2009-03-08 15:21 4,096
c:\windows\system32\ie4uinit.exe.mui
2009-03-08 15:20 . 2009-03-08 15:20 81,920
c:\windows\system32\iedkcs32.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 11:42
d
w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-04 20:46
d
w c:\program files\Java
2009-03-26 13:42
d
w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-23 11:50
d
w c:\program files\Windows Live Safety Center
2009-03-09 04:19 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 04:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 04:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 04:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 04:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 04:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 04:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 19:08 266,240 ----a-w c:\windows\system32\CSHelper.exe
2009-03-03 19:08 225,280 ----a-w c:\windows\system32\CSInstru.DLL
2009-02-26 21:49
d
w c:\program files\Microsoft Silverlight
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 20:53 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2007-01-03 12:23 278,528 -c--a-w c:\program files\Common Files\FDEUnInstaller.exe
2005-08-08 23:00 0 -c--a-w c:\documents and settings\Elaine Ellison\Application Data\wklnhst.dat
2008-08-06 12:19 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))0 -
---- Directory of C:\1fb3f700cad73c801726d59b5f3cd81f ----
2008-07-30 00:23 633848 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\DW20.EXE
2008-07-30 00:23 626688 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\vs_setup.MS_
2008-07-30 00:23 111616 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\DWINTL20.DLL
2008-07-29 23:15 796 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\deffactory.dat
2008-07-29 23:15 77913 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1037.rtf
2008-07-29 23:15 76356 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setup.sdb
2008-07-29 23:15 74626 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1049.rtf
2008-07-29 23:15 61595 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1041.rtf
2008-07-29 23:15 53977 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1032.rtf
2008-07-29 23:15 53519 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1028.rtf
2008-07-29 23:15 51680 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.2052.rtf
2008-07-29 23:15 46893 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1025.rtf
2008-07-29 23:15 46870 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1055.rtf
2008-07-29 23:15 45015 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1045.rtf
2008-07-29 23:15 44918 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1038.rtf
2008-07-29 23:15 43814 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1029.rtf
2008-07-29 23:15 43434 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.2070.rtf
2008-07-29 23:15 43216 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1035.rtf
2008-07-29 23:15 42457 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1036.rtf
2008-07-29 23:15 41822 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1030.rtf
2008-07-29 23:15 41798 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1031.rtf
2008-07-29 23:15 41708 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1040.rtf
2008-07-29 23:15 41495 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.3082.rtf
2008-07-29 23:15 41314 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1053.rtf
2008-07-29 23:15 40995 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1046.rtf
2008-07-29 23:15 40854 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1044.rtf
2008-07-29 23:15 40763 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1043.rtf
2008-07-29 23:15 225490 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\baseline.dat
2008-07-29 23:15 21744 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\vs_setup.pdi
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.3082.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.2070.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.2052.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1055.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1053.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1049.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1046.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1045.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1044.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1043.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1042.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1041.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1040.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1038.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1037.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1036.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1035.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1032.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1031.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1030.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1029.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1028.ini
2008-07-29 23:15 16978 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\locdata.1025.ini
2008-07-29 23:15 127418 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1042.rtf
2008-07-29 18:47 984056 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapUI.dll
2008-07-29 18:47 97792 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1041.dll
2008-07-29 18:47 97280 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\DeleteTemp.exe
2008-07-29 18:47 95224 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1041.dll
2008-07-29 18:47 94720 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1042.dll
2008-07-29 18:47 92664 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1042.dll
2008-07-29 18:47 89592 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1028.dll
2008-07-29 18:47 89080 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.2052.dll
2008-07-29 18:47 84992 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1028.dll
2008-07-29 18:47 84480 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.2052.dll
2008-07-29 18:47 689152 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\vsscenario.dll
2008-07-29 18:47 632320 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\vs70uimgr.dll
2008-07-29 18:47 413184 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\vsbasereqs.dll
2008-07-29 18:47 276984 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\dlmgr.dll
2008-07-29 18:47 269304 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setup.exe
2008-07-29 18:47 177152 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\HtmlLite.dll
2008-07-29 18:47 137728 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1032.dll
2008-07-29 18:47 1364992 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\SITSetup.dll
2008-07-29 18:47 133120 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1036.dll
2008-07-29 18:47 132096 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1038.dll
2008-07-29 18:47 131584 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.3082.dll
2008-07-29 18:47 131072 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.2070.dll
2008-07-29 18:47 130048 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1031.dll
2008-07-29 18:47 129024 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1043.dll
2008-07-29 18:47 128512 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1045.dll
2008-07-29 18:47 128512 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1040.dll
2008-07-29 18:47 126464 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1030.dll
2008-07-29 18:47 125440 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1029.dll
2008-07-29 18:47 123904 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1049.dll
2008-07-29 18:47 122880 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1046.dll
2008-07-29 18:47 122368 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1035.dll
2008-07-29 18:47 121856 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1044.dll
2008-07-29 18:47 121344 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1055.dll
2008-07-29 18:47 121344 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1053.dll
2008-07-29 18:47 113656 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1032.dll
2008-07-29 18:47 113152 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1025.dll
2008-07-29 18:47 112120 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1036.dll
2008-07-29 18:47 111608 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1031.dll
2008-07-29 18:47 111104 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.1037.dll
2008-07-29 18:47 111096 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.3082.dll
2008-07-29 18:47 111096 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1038.dll
2008-07-29 18:47 110080 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\setupres.dll
2008-07-29 18:47 110072 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.2070.dll
2008-07-29 18:47 110072 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1040.dll
2008-07-29 18:47 109048 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1045.dll
2008-07-29 18:47 108536 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1043.dll
2008-07-29 18:47 108536 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1030.dll
2008-07-29 18:47 108536 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1029.dll
2008-07-29 18:47 107512 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.dll
2008-07-29 18:47 107512 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1046.dll
2008-07-29 18:47 107000 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1049.dll
2008-07-29 18:47 106488 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1055.dll
2008-07-29 18:47 106488 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1044.dll
2008-07-29 18:47 106488 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1035.dll
2008-07-29 18:47 1064448 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\gencomp.dll
2008-07-29 18:47 105976 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1053.dll
2008-07-29 18:47 1054208 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\vs_setup.dll
2008-07-29 18:47 102904 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1025.dll
2008-07-29 18:47 101368 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\WapRes.1037.dll
2008-07-29 18:43 5208 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\logo.bmp
2008-07-29 16:03 110130 --a
c:\1fb3f700cad73c801726d59b5f3cd81f\eula.1033.rtf0 -
---- Directory of C:\7152ffd9a40cc24ece4c ----
2008-07-30 00:26 2959376 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFx35setup.exe
2008-07-30 00:11 13473288 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX35\ia64\netfx35_ia64.exe
2008-07-29 23:58 11396104 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX35\x64\netfx35_x64.exe
2008-07-29 23:47 8164360 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX35\x86\netfx35_x86.exe
2008-07-29 23:15 5574854 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\ia64\NetFX3.0-KB948610-v6001-ia64.msu
2008-07-29 23:15 433823 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\x64\NetFX3.0-KB936705-v6000-x64_RTM_en.msu
2008-07-29 23:15 429638 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\x86\NetFX3.0-KB936705-v6000-x86_RTM_en.msu
2008-07-29 23:15 32478298 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\ia64\NetFX2.0-KB948609-v6001-ia64.msu
2008-07-29 23:15 30479328 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\x64\NetFX2.0-KB948609-v6001-x64.msu
2008-07-29 23:15 19571330 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\x86\NetFX2.0-KB948609-v6001-x86.msu
2008-07-29 23:15 16139733 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\x64\NetFX3.0-KB948610-v6001-x64.msu
2008-07-29 23:15 143404 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\x86\NetFX2.0-KB936704-v6000-x86_RTM_en.msu
2008-07-29 23:15 142159 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\x64\NetFX2.0-KB936704-v6000-x64_RTM_en.msu
2008-07-29 23:15 11045073 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\x86\NetFX3.0-KB948610-v6001-x86.msu
2008-07-29 23:13 2678272 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\x64\msxml6.msi
2008-07-29 23:13 1527296 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\x86\msxml6.msi
2008-07-29 22:40 94720 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\RGB9RAST_x86.msi
2008-07-29 22:40 3685424 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\XPSEPSC-amd64-en-US.exe
2008-07-29 22:40 3049000 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\XPSEPSC-x86-en-US.exe
2008-07-29 22:40 1911592 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WIC_x64_enu.exe
2008-07-29 22:40 184832 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\RGB9RAST_x64.msi
2008-07-29 22:40 1227048 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WIC_x86_enu.exe
2008-07-29 22:40 110242 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\NetFx_30_SP1_ENU_License.rtf
2008-07-29 21:28 278016 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\XPS.msp
2008-07-29 21:23 250880 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WPF_Other_32.msp
2008-07-29 21:19 4541440 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WPF_Other_64.msp
2008-07-29 21:15 3697664 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WPF_Other.msp
2008-07-29 21:07 23040 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WPF2_32.msp
2008-07-29 21:04 2515968 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WPF2_64.msp
2008-07-29 20:37 2679808 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WPF2.msp
2008-07-29 20:28 4328960 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WPF1_64.msp
2008-07-29 20:22 4137984 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WPF1.msp
2008-07-29 19:40 291840 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WF_32.msp
2008-07-29 19:38 1372160 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WF_64.msp
2008-07-29 19:34 1448448 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WF.msp
2008-07-29 19:30 1307136 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WCS_64.msp
2008-07-29 19:26 1043456 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WCS.msp
2008-07-29 19:22 3207168 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WCF_64.msp
2008-07-29 19:18 3376640 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\WCF.msp
2008-07-29 19:14 153600 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\Netfx30a_x64.msi
2008-07-29 19:12 142336 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX30\Netfx30a_x86.msi
2008-07-29 18:43 295448 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\Tools\clwireg_ia64.exe
2008-07-29 18:43 131608 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\Tools\clwireg_x64.exe
2008-07-29 18:43 114200 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\Tools\clwireg.exe
2008-07-29 18:43 110141 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetMSP\NetFx_20_SP1_ENU_License.rtf
2008-07-29 18:07 2542592 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\winforms_64.msp
2008-07-29 18:05 6376448 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\NetFX_Other_64.msp
2008-07-29 18:03 3527680 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\NetFX_Core_64.msp
2008-07-29 18:01 1297920 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\dw_64.msp
2008-07-29 17:59 46592 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\crt_64.msp
2008-07-29 17:57 8585216 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\clr_64.msp
2008-07-29 17:54 3011584 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\ASPNET_64.msp
2008-07-29 17:52 99840 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\Netfx20a_x64.msi
2008-07-29 17:45 2543616 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\winforms.msp
2008-07-29 17:43 1013248 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\prexp.msp
2008-07-29 17:41 6487040 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\NetFX_Other.msp
2008-07-29 17:39 3403264 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\NetFX_Core.msp
2008-07-29 17:37 911360 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\NetFX_CA.msp
2008-07-29 17:35 553472 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\dw.msp
2008-07-29 17:33 506368 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\crt.msp
2008-07-29 17:31 6083072 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\clr.msp
2008-07-29 17:29 2926080 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\ASPNET.msp
2008-07-29 17:27 93184 --a
c:\7152ffd9a40cc24ece4c\wcu\dotNetFramework\dotNetFX20\Netfx20a_x86.msi
---- Directory of C:\97ea6ab5fb461e1c08d7b1b7de09d7af ----
2008-07-06 17:36 2936832
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\amd64\xpssvcs.dll
2008-07-06 13:06 89088
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\i386\filterpipelineprintproc.dll
2008-07-06 13:06 765440
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\i386\mxdwdrv.dll
2008-07-06 13:06 748032
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\amd64\mxdwdrv.dll
2008-07-06 13:06 1676288
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\i386\xpssvcs.dll
2008-07-06 13:06 147456
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\amd64\filterpipelineprintproc.dll
2008-07-06 13:06 10929
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\i386\msxpsdrv.cat
2008-07-06 13:06 10929
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\amd64\msxpsdrv.cat
2008-06-19 11:03 73
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\i386\msxpsinc.gpd
2008-06-19 11:03 73
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\amd64\msxpsinc.gpd
2008-06-19 06:33 72
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\i386\msxpsinc.ppd
2008-06-19 06:33 72
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\amd64\msxpsinc.ppd
2008-06-19 06:33 2204
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\i386\msxpsdrv.inf
2008-06-19 06:33 2204
c:\97ea6ab5fb461e1c08d7b1b7de09d7af\amd64\msxpsdrv.inf
---- Directory of c:\windows\SxsCaPendDel ----
((((((((((((((((((((((((((((( SnapShot@2009-04-08_14.13.17.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-04-08 13:31:10 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-08 19:05:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_104.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-30 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 21:53 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
backup=c:\windows\pss\Snapfish PictureMover.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Elaine Ellison^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=c:\documents and settings\Elaine Ellison\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2004-03-19 11:33 118784 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-03-19 11:37 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2004-05-07 10:49 536576 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2004-05-07 10:49 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:000000010 -
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-01 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-01 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2004-11-08 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2004-11-08 6100]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
2009-04-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
Supplementary Scan
.
uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &AOL Toolbar search
IE: &MSN Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: hotmail.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\https://www.update
Trusted Zone: msn.com\uk
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Elaine Ellison\Application Data\Mozilla\Firefox\Profiles\6nvefm57.default\
FF - prefs.js: browser.startup.homepage - https://www.yahoo.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 20:25:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-2178658854-705953815-2266963916-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-04-08 20:27:27
ComboFix-quarantined-files.txt 2009-04-08 19:27:19
ComboFix2.txt 2009-04-08 13:15:16
Pre-Run: 19,967,168,512 bytes free
Post-Run: 19,952,627,712 bytes free
421 --- E O F --- 2009-04-08 08:23:480 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:45, on 08/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/uk/internetexplorer/welcome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0270.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0270.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB7.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://uk.msn.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
--
End of file - 11552 bytes0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards