WiredWX Hobby Weather ToolsLog in

 


Removed Thinkpoint but still having problem

2 posters

descriptionSolvedRemoved Thinkpoint but still having problem

more_horiz
I used your instructions to clean Thinkpoint off of my wife's computer. However, she is still having pop-ups and I.E. (7) is opening random pages, mainly google analytics.
Can you help?

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
Belahzur wrote:
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


OTL.TXT
OTL logfile created on: 10/27/2010 8:53:25 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Rick-Temp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 169.33 Gb Free Space | 72.74% Space Free | Partition Type: NTFS

Computer Name: KATHY-1 | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kathy\Local Settings\Temp\jkos-Kathy\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Rick-Temp\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Program Files\Dell V305\dldtmsdmon.exe ()
PRC - C:\Program Files\Dell V305\dldtmon.exe ()
PRC - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dldtcoms.exe ( )
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Rick-Temp\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (dldtCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe ()
SRV - (dldt_device) -- C:\WINDOWS\System32\dldtcoms.exe ( )
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (ZDPSp50) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys File not found
DRV - (rt2870) -- C:\WINDOWS\System32\DRIVERS\rt2870.sys File not found
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101025.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101025.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (ZD1211BU(Linksys A Division of Cisco Systems Inc.)) Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {38832FF3-F082-49AD-993F-AACE97E306DD} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www5.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\geBtRhIy: DllName - geBtRhIy.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\wvUljKaB) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/23 21:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{53e591f0-41ab-11dd-afe5-001ec961e06b}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{7f0fa1be-b101-11df-b705-001ec961e06b}\Shell - "" = AutoRun
O33 - MountPoints2\{7f0fa1be-b101-11df-b705-001ec961e06b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf0593f3-226a-11df-b5ae-001ec961e06b}\Shell\AutoRun\command - "" = wscript.exe Deploy\Scripts\BDD_AutoRun.wsf
O33 - MountPoints2\{f10742c6-a94d-11dd-b0e9-001ee5dbdecb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 19:13:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/27 19:13:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/27 19:13:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 19:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 19:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 19:13:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/27 19:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/27 19:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Sun
[2010/10/27 18:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/27 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/25 21:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Malwarebytes
[2010/10/25 21:19:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/25 21:19:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/25 21:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/25 21:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/25 18:56:03 | 000,000,000 | ---D | C] -- C:\Rick-Temp
[2010/10/14 19:17:16 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 19:17:16 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 19:17:09 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2009/08/19 17:05:52 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2009/08/19 17:05:52 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDThcp.dll
[2009/08/19 17:05:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2009/08/19 17:05:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2009/08/19 17:05:51 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2009/08/19 17:05:51 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2009/08/19 17:05:51 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2009/08/19 17:05:51 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[2009/08/19 17:05:50 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2009/08/19 17:05:48 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2009/08/19 17:05:48 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/27 20:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/27 20:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/27 20:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/27 19:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/27 19:13:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/27 19:13:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 19:13:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 19:13:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 19:13:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/27 19:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/27 18:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/27 18:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/27 17:52:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2010/10/27 17:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/27 17:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/27 16:47:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/27 16:13:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/27 15:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/27 15:13:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/10/27 15:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/27 14:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/27 14:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/27 13:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/27 13:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/10/27 12:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/27 12:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/27 12:05:04 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Microsoft Word.lnk
[2010/10/27 11:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/27 11:13:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/10/27 10:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/27 10:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/27 09:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/27 09:14:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/27 09:14:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/10/27 09:14:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/10/27 09:14:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/10/27 09:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/10/27 08:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/27 08:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/10/27 07:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/27 07:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/27 06:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/27 06:28:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/27 06:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/10/27 05:59:53 | 053,101,568 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/10/27 05:59:50 | 024,529,920 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/10/27 05:57:01 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/27 05:49:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/27 05:49:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/26 17:50:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/26 12:13:21 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\completescan
[2010/10/26 11:53:23 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\install
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/26 11:52:36 | 000,554,496 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\hotfix.exe
[2010/10/26 05:49:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 11:38:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 05:35:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010/10/23 17:46:55 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\October 23.doc
[2010/10/23 08:29:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/10/19 11:39:36 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\How to Raise Good Parents.DOC
[2010/10/15 03:57:20 | 000,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 21:02:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 11:21:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\makepeac.doc
[2010/10/12 20:26:39 | 000,004,672 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\grand canyon.jpg
[2010/10/11 09:40:08 | 003,828,736 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\Backing up Kat.doc
[2010/10/07 07:23:38 | 000,010,611 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\school bus.jpg
[2010/10/07 07:00:02 | 000,062,972 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\catherine 2.jpg
[2010/10/07 06:59:51 | 000,070,942 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\catherine bowers.jpg
[2010/10/05 19:11:06 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/05 19:11:06 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/05 17:54:14 | 000,004,287 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\money.jpg
[2010/10/05 17:36:23 | 000,003,901 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\cats on wall.jpg
[2010/10/05 17:35:51 | 000,002,138 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\kittens1.jpg
[2010/10/05 17:35:27 | 000,003,326 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\broken heart.jpg
[2010/10/05 17:34:39 | 000,002,418 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\storm clouds.jpg
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 17:52:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/10/26 16:32:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/26 12:13:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\completescan
[2010/10/26 11:53:23 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\install
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/10/26 11:52:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/10/26 11:52:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/10/26 11:52:36 | 000,554,496 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\hotfix.exe
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/23 17:19:22 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\October 23.doc
[2010/10/13 11:21:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\makepeac.doc
[2010/10/12 20:26:53 | 000,004,672 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\grand canyon.jpg
[2010/10/11 09:40:08 | 003,828,736 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\Backing up Kat.doc
[2010/10/07 07:23:50 | 000,010,611 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\school bus.jpg
[2010/10/07 07:02:04 | 000,062,972 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\catherine 2.jpg
[2010/10/07 07:01:50 | 000,070,942 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\catherine bowers.jpg
[2010/10/05 17:54:27 | 000,004,287 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\money.jpg
[2010/10/05 17:36:34 | 000,003,901 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\cats on wall.jpg
[2010/10/05 17:36:07 | 000,002,138 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\kittens1.jpg
[2010/10/05 17:35:41 | 000,003,326 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\broken heart.jpg
[2010/10/05 17:35:21 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\storm clouds.jpg
[2010/08/23 19:38:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/18 06:03:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/09/02 20:09:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\fusioncache.dat
[2009/08/19 17:08:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2009/08/19 17:08:03 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2009/08/19 17:07:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2009/08/19 17:07:27 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2009/08/19 17:07:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2009/08/19 17:06:09 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dldtwupd.dll
[2009/08/19 17:05:53 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\DLDTinst.dll
[2009/08/19 17:05:52 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2009/08/19 17:05:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2009/08/19 17:05:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2009/08/19 17:05:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2009/08/19 17:05:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2009/08/19 17:05:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2009/08/19 17:05:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2009/08/19 17:05:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2009/08/19 17:05:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2009/08/19 17:05:47 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDTcfg.dll
[2009/08/01 11:31:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\PTfile1.dll
[2008/12/28 13:41:45 | 000,676,743 | -HS- | C] () -- C:\WINDOWS\System32\BaKjlUvw.ini2
[2008/12/28 13:41:45 | 000,676,743 | -HS- | C] () -- C:\WINDOWS\System32\BaKjlUvw.ini
[2008/11/13 20:54:09 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/08/14 17:27:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/08 06:14:53 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\FASTWiz.html
[2008/07/08 06:01:59 | 000,105,930 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\FASTWiz.log
[2008/07/07 20:07:18 | 000,150,016 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/07 18:42:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/06 16:27:36 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/06 16:27:36 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7BF60F020B.sys
[2008/07/06 13:26:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/07/06 13:26:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/06/23 23:36:38 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/06/23 23:36:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/23 23:11:50 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/06/23 23:11:50 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/06/23 23:11:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/06/23 23:11:47 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/06/23 23:11:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/23 22:55:45 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2008/06/23 22:55:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2008/06/23 22:53:31 | 000,008,134 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2008/06/23 22:53:09 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/06/23 22:52:42 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/23 22:52:38 | 000,001,005 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/06/23 22:52:33 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2008/06/23 14:37:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:38 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2003/09/26 07:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2002/05/03 16:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\hppcap.ini
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Women of the Bible devotions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character teen 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character Preteen version:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\WEB_PAGE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\TYLER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Tidewater Cats:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Teen Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Strength for the Day:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Stockings Were Hung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Single Step:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\SEMINARS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Rock Your World:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Roadsigns for Teens:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\RECIPES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Quiz Book for Girls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\PUZZLES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Print Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Pine Grove Explorer's Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Parenting Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Organizational:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\On the Homefront:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Moving Day Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Manners:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\LABELS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Junior Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jr High Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\JESSICA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jasmine:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M The Bible:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Family:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Especially Special Me:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\IDEAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Home Alone Handbook:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Guy's Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Grieving Families:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gotta Have God 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Geo Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gather My Children:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FOYC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FICTION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Emerald Coast series:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\emerald 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Christmas through the Year:Roxio EMC Stream

< End of report >

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
STILL having MAJOR problems. Can ANYONE help?

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Removed Thinkpoint but still having problem CF_download_FF

    Removed Thinkpoint but still having problem CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Removed Thinkpoint but still having problem Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Removed Thinkpoint but still having problem Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
From Malwarebytes Anti-Malware:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/28/2010 8:10:11 PM
mbam-log-2010-10-28 (20-10-11).txt

Scan type: Quick scan
Objects scanned: 141568
Time elapsed: 12 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
Ran OTL again. Here is OTL.TXT
No Extras.txt

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
OTL logfile created on: 10/28/2010 8:33:17 PM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Rick-Temp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 169.06 Gb Free Space | 72.63% Space Free | Partition Type: NTFS

Computer Name: KATHY-1 | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 05:45:52 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/28 05:45:50 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/26 18:16:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Rick-Temp\OTL.exe
PRC - [2008/08/15 11:57:58 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/06/23 22:56:25 | 000,098,304 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
PRC - [2008/06/23 22:54:59 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldtcoms.exe
PRC - [2007/03/14 19:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 17:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/06/02 04:29:26 | 000,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/12/05 15:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/10/03 12:52:50 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 18:16:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Rick-Temp\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/28 05:45:50 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/02/25 11:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldtcoms.exe -- (dldt_device)
SRV - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2003/10/22 11:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - [2010/10/18 03:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101025.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 03:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101025.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/23 02:46:08 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/28 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/17 20:38:32 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/04 19:47:00 | 006,811,904 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/30 11:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/07/30 11:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/12 17:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 17:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/10/28 11:38:20 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(Linksys A Division of Cisco Systems Inc.)) Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {38832FF3-F082-49AD-993F-AACE97E306DD} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www5.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\geBtRhIy: DllName - geBtRhIy.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\wvUljKaB) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/23 21:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{53e591f0-41ab-11dd-afe5-001ec961e06b}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{7f0fa1be-b101-11df-b705-001ec961e06b}\Shell - "" = AutoRun
O33 - MountPoints2\{7f0fa1be-b101-11df-b705-001ec961e06b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf0593f3-226a-11df-b5ae-001ec961e06b}\Shell\AutoRun\command - "" = wscript.exe Deploy\Scripts\BDD_AutoRun.wsf
O33 - MountPoints2\{f10742c6-a94d-11dd-b0e9-001ee5dbdecb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 05:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Local Settings\Application Data\Sunbelt Software
[2010/10/28 05:36:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/27 19:13:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/27 19:13:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/27 19:13:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 19:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 19:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 19:13:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/27 19:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/27 19:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Sun
[2010/10/27 18:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/27 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/25 21:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Malwarebytes
[2010/10/25 21:19:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/25 21:19:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/25 21:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/25 21:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/25 18:56:03 | 000,000,000 | ---D | C] -- C:\Rick-Temp
[2010/10/14 19:17:16 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 19:17:16 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 19:17:09 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2009/08/19 17:05:52 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2009/08/19 17:05:52 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDThcp.dll
[2009/08/19 17:05:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2009/08/19 17:05:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2009/08/19 17:05:51 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2009/08/19 17:05:51 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2009/08/19 17:05:51 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2009/08/19 17:05:51 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[2009/08/19 17:05:50 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2009/08/19 17:05:48 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2009/08/19 17:05:48 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 20:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/28 20:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/28 19:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/28 19:27:13 | 053,179,392 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/10/28 19:27:10 | 024,574,976 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/10/28 19:26:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/28 19:24:02 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 19:24:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/28 19:23:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 16:28:41 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Microsoft Word.lnk
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/28 08:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/10/28 07:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/28 07:13:05 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/28 06:47:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/28 06:13:12 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/10/28 05:46:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/28 05:36:03 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/28 05:36:03 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/27 21:13:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/27 20:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/27 19:13:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/27 19:13:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 19:13:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 19:13:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 19:13:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/27 19:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/27 18:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/27 17:52:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2010/10/27 10:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/26 17:50:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/26 12:13:21 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\completescan
[2010/10/26 11:53:23 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\install
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/26 05:49:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 11:38:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 05:35:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010/10/23 17:46:55 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\October 23.doc
[2010/10/19 11:39:36 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\How to Raise Good Parents.DOC
[2010/10/15 03:57:20 | 000,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 21:02:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 11:21:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\makepeac.doc
[2010/10/12 20:26:39 | 000,004,672 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\grand canyon.jpg
[2010/10/11 09:40:08 | 003,828,736 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\Backing up Kat.doc
[2010/10/07 07:23:38 | 000,010,611 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\school bus.jpg
[2010/10/07 07:00:02 | 000,062,972 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\catherine 2.jpg
[2010/10/07 06:59:51 | 000,070,942 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\catherine bowers.jpg
[2010/10/05 19:11:06 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/05 19:11:06 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/05 17:54:14 | 000,004,287 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\money.jpg
[2010/10/05 17:36:23 | 000,003,901 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\cats on wall.jpg
[2010/10/05 17:35:51 | 000,002,138 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\kittens1.jpg
[2010/10/05 17:35:27 | 000,003,326 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\broken heart.jpg
[2010/10/05 17:34:39 | 000,002,418 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\storm clouds.jpg
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 05:36:03 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/28 05:36:03 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/10/27 17:52:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/10/26 16:32:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/26 12:13:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\completescan
[2010/10/26 11:53:23 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\install
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/10/26 11:52:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/10/26 11:52:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/23 17:19:22 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\October 23.doc
[2010/10/13 11:21:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\makepeac.doc
[2010/10/12 20:26:53 | 000,004,672 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\grand canyon.jpg
[2010/10/11 09:40:08 | 003,828,736 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\Backing up Kat.doc
[2010/10/07 07:23:50 | 000,010,611 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\school bus.jpg
[2010/10/07 07:02:04 | 000,062,972 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\catherine 2.jpg
[2010/10/07 07:01:50 | 000,070,942 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\catherine bowers.jpg
[2010/10/05 17:54:27 | 000,004,287 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\money.jpg
[2010/10/05 17:36:34 | 000,003,901 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\cats on wall.jpg
[2010/10/05 17:36:07 | 000,002,138 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\kittens1.jpg
[2010/10/05 17:35:41 | 000,003,326 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\broken heart.jpg
[2010/10/05 17:35:21 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\storm clouds.jpg
[2010/08/23 19:38:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/18 06:03:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/09/02 20:09:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\fusioncache.dat
[2009/08/19 17:08:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2009/08/19 17:08:03 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2009/08/19 17:07:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2009/08/19 17:07:27 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2009/08/19 17:07:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2009/08/19 17:06:09 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dldtwupd.dll
[2009/08/19 17:05:53 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\DLDTinst.dll
[2009/08/19 17:05:52 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2009/08/19 17:05:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2009/08/19 17:05:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2009/08/19 17:05:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2009/08/19 17:05:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2009/08/19 17:05:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2009/08/19 17:05:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2009/08/19 17:05:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2009/08/19 17:05:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2009/08/19 17:05:47 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDTcfg.dll
[2009/08/01 11:31:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\PTfile1.dll
[2008/12/28 13:41:45 | 000,676,743 | -HS- | C] () -- C:\WINDOWS\System32\BaKjlUvw.ini2
[2008/12/28 13:41:45 | 000,676,743 | -HS- | C] () -- C:\WINDOWS\System32\BaKjlUvw.ini
[2008/11/13 20:54:09 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/08/14 17:27:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/08 06:14:53 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\FASTWiz.html
[2008/07/08 06:01:59 | 000,105,930 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\FASTWiz.log
[2008/07/07 20:07:18 | 000,150,016 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/07 18:42:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/06 16:27:36 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/06 16:27:36 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7BF60F020B.sys
[2008/07/06 13:26:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/07/06 13:26:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/06/23 23:36:38 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/06/23 23:36:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/23 23:11:50 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/06/23 23:11:50 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/06/23 23:11:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/06/23 23:11:47 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/06/23 23:11:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/23 22:55:45 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2008/06/23 22:55:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2008/06/23 22:53:31 | 000,008,134 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2008/06/23 22:53:09 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/06/23 22:52:42 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/23 22:52:38 | 000,001,005 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/06/23 22:52:33 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2008/06/23 14:37:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:38 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2003/09/26 07:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2002/05/03 16:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\hppcap.ini
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/08/24 16:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/08/24 16:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager - Walmart Edition
[2010/10/28 05:36:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/03/08 08:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\Facebook
[2009/08/01 12:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\PictureTrail
[2008/07/20 10:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\Snapfish
[2010/10/28 19:26:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/27 18:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/27 20:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/28 19:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/26 05:49:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/25 11:38:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/10/28 06:13:12 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/10/28 08:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/10/27 10:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/27 19:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/10/28 07:13:05 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/10/27 21:13:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/10/28 20:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/28 06:47:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/28 07:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/25 05:35:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Women of the Bible devotions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character teen 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character Preteen version:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\WEB_PAGE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\TYLER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Tidewater Cats:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Teen Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Strength for the Day:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Stockings Were Hung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Single Step:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\SEMINARS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Rock Your World:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Roadsigns for Teens:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\RECIPES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Quiz Book for Girls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\PUZZLES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Print Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Pine Grove Explorer's Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Parenting Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Organizational:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\On the Homefront:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Moving Day Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Manners:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\LABELS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Junior Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jr High Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\JESSICA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jasmine:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M The Bible:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Family:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Especially Special Me:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\IDEAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Home Alone Handbook:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Guy's Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Grieving Families:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gotta Have God 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Geo Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gather My Children:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FOYC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FICTION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Emerald Coast series:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\emerald 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Christmas through the Year:Roxio EMC Stream

< End of report >

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
From Combofix:

ComboFix 10-10-27.A3 - Kathy 10/28/2010 20:54:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3518.2484 [GMT -5:00]
Running from: c:\rick-temp\Combo-Fix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\windows\system32\BaKjlUvw.ini
c:\windows\system32\BaKjlUvw.ini2
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-28 10:42 . 2010-10-28 10:42 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\Sunbelt Software
2010-10-28 10:36 . 2010-10-28 10:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\windows\Sun
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\program files\Common Files\Java
2010-10-28 00:13 . 2010-10-28 00:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-28 00:13 . 2010-10-28 00:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\program files\Java
2010-10-27 23:55 . 2010-10-27 23:55 -------- d-----w- c:\program files\CCleaner
2010-10-26 02:20 . 2010-10-26 02:20 -------- d-----w- c:\documents and settings\Kathy\Application Data\Malwarebytes
2010-10-26 02:19 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 02:19 . 2010-10-26 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 02:19 . 2010-10-26 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 02:19 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 23:56 . 2010-10-29 01:45 -------- d-----w- C:\Rick-Temp
2010-10-15 00:17 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:17 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:17 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 10:46 . 2009-10-28 14:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-23 07:46 . 2009-01-26 12:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-23 07:46 . 2009-01-26 12:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 11:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 184320]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2008-06-24 98304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-05 8466432]
"nwiz"="nwiz.exe" [2007-09-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-05 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-10-28 864624]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-2 180224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell V305\\dldtamon.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\dldtcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 7:05 AM 64288]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 2:46 AM 1357464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 10:54 PM 102448]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [9/23/2010 2:46 AM 15008]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [8/19/2009 5:08 PM 99568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2010 6:03 PM 135664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
S3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);c:\windows\system32\drivers\ZD1211BU.sys [6/23/2008 10:12 PM 402432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 10:45]

2009-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 23:03]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 23:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?rs=1
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{38832FF3-F082-49AD-993F-AACE97E306DD} - (no file)
Notify-geBtRhIy - geBtRhIy.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 21:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1260)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\dldtcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\Dell V305\dldtMsdMon.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-28 21:08:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-29 02:08

Pre-Run: 182,000,250,880 bytes free
Post-Run: 196,978,823,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7A10DB27B95E551FE43B248D13BF377C

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
Done and Done.

From ESET:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e5d5d3d67ae32a4b84e9b9151c88be5f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-29 11:52:41
# local_time=2010-10-29 06:52:41 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=77270
# found=0
# cleaned=0
# scan_time=1787

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
How is the machine running now?

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
Different problems. Pop-ups EVERYWHERE. Checked P/U blocker settings and changed them. Getting google-analytics constantly.

Any suggestions?

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
Please re-run Combofix and post the new Combofix log.

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
I will try that tomorrow if there are still problems.
I saw your posts to Squidly about the redirect trojan he is getting. I followed those instructions (making small changes in the fix.bat file). It APPEARS that it has worked. I am ASSUMING the problem is solved. Dangerous I know.

Thank you for your assistance. Thank You! Honored

descriptionSolvedRe: Removed Thinkpoint but still having problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum