((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.
2010-11-02 01:14 . 2010-11-02 01:18 -------- d-----w- c:\users\Em\AppData\Local\temp
2010-11-02 01:14 . 2010-11-02 01:14 -------- d-----w- c:\users\Wilma\AppData\Local\temp
2010-11-02 01:14 . 2010-11-02 01:14 -------- d-----w- c:\users\Josh\AppData\Local\temp
2010-11-02 01:14 . 2010-11-02 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-01 23:11 . 2010-11-01 23:11 507392 --sh--w- c:\windows\KBDBHCwow.exe
2010-11-01 23:11 . 2010-11-01 23:11 507392 --sh--w- c:\windows\idndlwow.exe
2010-11-01 22:15 . 2009-11-03 18:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-11-01 22:15 . 2009-11-03 18:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-11-01 22:15 . 2010-11-02 00:03 -------- d-----w- c:\program files\Cheat Engine
2010-11-01 17:57 . 2010-11-01 18:01 -------- d-----w- c:\users\Em\AppData\Local\NPE
2010-11-01 17:44 . 2010-11-01 17:44 507392 --sh--w- c:\windows\wecapiwow.exe
2010-11-01 17:44 . 2010-11-01 23:11 -------- d-sh--w- c:\programdata\50B43286A7CA21218D7A537512AC3896
2010-11-01 17:44 . 2010-11-01 17:44 507392 --sh--w- c:\windows\xolehlpwow.exe
2010-11-01 17:43 . 2010-11-01 17:43 249856 ----a-w- c:\programdata\ieapfltr32.dll
2010-11-01 15:52 . 2010-10-27 06:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-01 15:52 . 2010-10-27 06:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-01 15:52 . 2010-10-27 06:10 912344 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2010-11-01 15:52 . 2010-10-27 06:09 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2010-11-01 15:52 . 2010-10-27 06:09 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2010-11-01 12:59 . 2010-11-01 12:59 -------- d-----w- c:\windows\Sun
2010-11-01 01:03 . 2010-11-01 01:03 -------- d-----w- C:\_OTL
2010-10-28 19:31 . 2010-10-28 19:31 -------- d-----w- c:\users\Em\AppData\Roaming\Tific
2010-10-28 19:31 . 2010-10-28 19:31 -------- d-----w- c:\users\Em\AppData\Local\Symantec
2010-10-27 19:23 . 2010-10-27 20:34 -------- d-----w- c:\users\Em\AppData\Roaming\Charles
2010-10-27 18:48 . 2010-10-27 18:48 -------- d-----w- c:\program files\Charles
2010-10-27 15:20 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 15:20 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 15:20 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-23 02:52 . 2010-10-23 02:52 -------- d-----w- c:\users\Em\AppData\Roaming\Adobe Mini Bridge CS5
2010-10-23 02:52 . 2010-10-23 02:52 -------- d-----w- c:\users\Em\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-10-21 04:57 . 2010-10-21 04:57 -------- d-----w- c:\users\Josh\AppData\Roaming\vlc
2010-10-21 04:49 . 2010-10-21 04:49 -------- d-----w- c:\users\Josh\AppData\Local\Adobe
2010-10-20 12:03 . 2010-10-25 13:35 -------- d-----w- c:\windows\system32\drivers\NAV\1201000.025
2010-10-18 23:40 . 2010-10-18 23:40 -------- d-----w- c:\users\Em\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-18 22:49 . 2010-10-18 22:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-10-18 22:41 . 2010-10-18 22:41 -------- d-----w- c:\program files\Adobe Media Player
2010-10-18 22:39 . 2010-10-18 22:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-18 21:57 . 2010-10-18 22:20 1228400 ----a-w- c:\users\Em\Photoshop_12_LS1.exe
2010-10-18 21:57 . 2010-11-02 01:15 -------- d-----w- c:\program files\Common Files\Akamai
2010-10-17 02:33 . 2010-10-31 01:54 -------- d-----w- c:\users\Em\AppData\Local\CrashDumps
2010-10-16 22:03 . 2010-10-16 22:03 -------- d-----w- c:\program files\Conduit
2010-10-16 22:03 . 2010-10-16 22:03 -------- d-----w- c:\program files\Zynga
2010-10-16 19:27 . 2010-10-19 19:26 -------- d-----w- c:\program files\OpinionSquare
2010-10-15 01:40 . 2010-10-31 02:49 -------- d-----w- c:\users\Em\AppData\Roaming\vlc
2010-10-15 01:39 . 2010-10-15 01:39 -------- d-----w- c:\program files\VideoLAN
2010-10-12 20:11 . 2010-10-17 15:58 -------- d-----w- c:\users\Em\AppData\Roaming\WhiteSmoke
2010-10-12 20:10 . 2010-10-17 15:58 -------- d-----w- c:\program files\WhiteSmoke
2010-10-12 04:00 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-10-12 04:00 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-10-12 04:00 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-10-12 04:00 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-12 04:00 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-10-12 04:00 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-10-12 04:00 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-10-12 04:00 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-10-12 04:00 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-10-12 04:00 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-10-12 04:00 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-10-12 04:00 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-10-12 03:59 . 2010-10-12 03:59 -------- d-----w- c:\program files\Feedback Tool
2010-10-09 18:28 . 2010-09-02 19:02 2382848 ----a-w- c:\program files\Mozilla Firefox\extensions\{a28e5448-d479-47a3-288d-4a7ec0bd62ee}\components\85dd2fdd-499e-8eb3-cf91-48692b9df793.dll
2010-10-09 03:40 . 2010-10-31 02:52 -------- d-----w- c:\program files\Xvid
2010-10-09 03:40 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-10-09 03:40 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-09 03:40 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 12:04 . 2010-03-14 05:32 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-26 16:33 . 2010-10-27 15:20 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 15:20 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 15:20 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 15:20 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 17:35 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-05 12:11 . 2010-01-20 00:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-06-13 23:10 2734688 ----a-w- c:\program files\Zynga\tbZyng.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-07-01 02:51 1390984 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-07-01 1390984]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-07-01 1390984]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-03 39408]
"wecapiwow.exe"="c:\windows\wecapiwow.exe" [2010-11-01 507392]
"xolehlpwow.exe"="c:\windows\xolehlpwow.exe" [2010-11-01 507392]
"idndlwow.exe"="c:\windows\idndlwow.exe" [2010-11-01 507392]
"KBDBHCwow.exe"="c:\windows\KBDBHCwow.exe" [2010-11-01 507392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-05 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"idndlwow.exe"="c:\windows\idndlwow.exe" [2010-11-01 507392]
"KBDBHCwow.exe"="c:\windows\KBDBHCwow.exe" [2010-11-01 507392]
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-2-10 114688]
c:\users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
c:\users\Em\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-3 50688]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2009-9-21 1708032]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-03 10:11 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-05-05 671736]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-05 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SYMDS.SYS [2010-06-13 339504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201000.025\SYMEFA.SYS [2010-07-29 666672]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSvix86.sys [2010-10-19 353840]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-10-01 20384]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Ironx86.SYS [2010-06-27 134704]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1201000.025\SYMTDIV.SYS [2010-07-13 331312]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-08 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:54]
2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:54]
2010-11-02 c:\windows\Tasks\Norton Security Scan for Em.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-22 04:51]
2010-11-01 c:\windows\Tasks\Norton Security Scan for Josh.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-22 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Em\AppData\Roaming\Mozilla\Firefox\Profiles\0ilxd03h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Em\AppData\Roaming\Mozilla\Firefox\Profiles\0ilxd03h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Em\AppData\Roaming\Mozilla\Firefox\Profiles\0ilxd03h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{35FED371-BD5A-D090-D2B7-BC44D1E9D526} - c:\programdata\atl7132.dll
HKCU-Run-RTHDBPL - c:\windows\lsass.exe
AddRemove-{11745B8A-E942-4674-B729-39110F5962AA}_is1 - c:\farmvillebot_2.1\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RTHDBPL = c:\windows\lsass.exe?????_?????_???????????_?_???a???_???_?a???????_?_?_???????????????????_?????a?_????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"=""c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe" /s "NAV" /m "c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-11-01 21:24:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-02 01:24
ComboFix2.txt 2010-11-01 03:18
Pre-Run: 59,254,304,768 bytes free
Post-Run: 57,011,122,176 bytes free
- - End Of File - - 324E0F3023EA698E68E3B2B52FD2A88C