Backdoor.tidserv blocking access to task manager and Internet connection

Questions:
1.

I'm not sure what you did for this, but the Services shouldn't be listed under msconfig in the Registry. There is a way to set Services directly from within the MMC Services module> There are 89 Services being started from the registry.
2. Did you put everything in the system on Startup in msconfig? You are going to have to get the system pared back down to only starting up what is needed and you don't have everything running in the background.
3. Is there any change in the system at this point? What?
4. How is startup and shutdown speed? Slow?

I'd like you to update and run a new scan with Malwarebytes: You do check for removal in this, but I will see what is found:


Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware from from HERE
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  [o] Update Malwarebytes' Anti-Malware
  [o] and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick scan, then click Scan.
  * When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply
  [o] If you accidentally close it, the log file is saved here and will be named like this:
  [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

========================

Additional comments:

1. Look here for the list: C:\TDSSKiller_Quarantine
2. Do you need to have Boingo Wi-Fi start on boot and run in the background?
3. Why do you have the ZinioReader starting on boot and running in the background? It's used to read magazines in digital rather than paper format
4. The Hosts I asked you about in Luxenburg> are they involved in your work connections?
   Hosts: 212.117.178.25 www.google.com
   Hosts: 212.117.163.43 search.yahoo.com
   But the 2 IPs are for:
   netname: SERVER-NETWORK
   descr: root SA
   country: LU > Luxemburg.
5. Please submit these files to VirScan for identificcation. If you get message they have already been identified, request a repeat:

Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

• 
  [1]. Copy and paste the following file paths into the Suspicious files to scan box on the top of the page. Do one at a time and wait for each scan:
  
  
  
  [2]. At the upload site, click once inside the window next to Browse.
  [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
  [4]. Click on the Upload button.
  This will perform a scan across multiple different virus scanning engines.
  Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  Important: Wait for all of the scanning engines to complete.
  [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
  [6]. Paste the contents of the Clipboard in your next reply.

===================================
Java(TM) 6 Update 13 is very old. Please update t current version v6u21:
Check this site .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

I think a big problem for you may be lack of maintenance, not uninstalling programs you no longer use, Services set incorrectly and excess processes starting on boot and running in the background.

When I went to services.msc, all of the services were disabled. I went to the Windows help site, which lists the default setting for Microsoft services and I changed them accordingly. When I would restart the computer, all of the services would default to disabled again. That isn't happening anymore.

I am still running the selective startup on msconfig. I am only running what is necessary for startup.

The system is running much better and more quickly. I am still receiving some errors, but things are looking much better!

Startup and shut down are much quicker.

Hi Bobeye,

Here is my latest MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4826

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/15/2010 9:00:21 AM
mbam-log-2010-10-15 (09-00-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 210001
Time elapsed: 1 hour(s), 31 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Emily\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wupdate.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D93BFF2F-54EE-4543-8B33-39D9E81A57B4}\RP1\A0000021.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\10.10.2010_11.58.47\susp0000\svc0000\tsk0000.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\10102010_114759\C_WINDOWS\Jzigia.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\10102010_114759\C_WINDOWS\WMSvasri.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\10102010_114759\C_WINDOWS\system32\spool\prtprocs\w32x86\w31y93o79.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.


Thank you!!

There is one new infection plus the TDSS Quarantine: The 'new' entry is actually another files from the Trojan.Fake Alert which was removed in the First Mbam scan. So we still haven't found the source. Unfortunately there is no date to go by.

The entries for System Volume are for restore points and not active in the system. I will have you drop the old restore points and set a new, clean one when we're through. The Qoobox files are where the quarantined files found in Combofix are sent. they also aren't active and will be removed.

Please reboot the computer, then run the Eset scan again: You also need to submit the files I left to VirScan.

The file above, hotfix.exe is from Trojan.Fake Alert.

When we're finished, I'm going to refer you to a site for the Services. There are too many on Automatic. Microsoft tends to throw everything on startup at boot and it isn't necessary. Only a few need to be on Automatic startup- the rest can be set to Manual and some can even be set to Disabled.

1. 
   
   I don't see a list in that folder
   
   
   I'm not sure why either of those things were running. I thought I had selected Diagnostic Mode in the System Configuration options. I rebooted in Diagnostic Mode, so those programs shouldn't be running in the background anymore.
   
   
   I confirmed with an IT person at my work and those hosts do not have anything to do with my work connections.
   
   
   Sadly, it looks like I'm back to almost square one because all of my services are disabled and I cannot get online. When I rebooted my computer again, I was not able to view my network connections. When I opened services.msc, everything was disabled. I started from step one again. I ran Malwarebytes and it came back clean. I did the DNS flush, restarted the DNS client (and network connections and windows zero configuration), reset my router, and restarted my modem.
   
   At that point, I was able to view the network connections screen, but when I selected "View Available Wireless Networks," my computer didn't find any networks. I confirmed on my smartphone that there are at least 5 networks within range and that my router was functioning properly.
   
   I started in safe mode to see if that would help, because it had helped at one point in the past. It was strange because even though both my local and wireless connection icons had red Xs over them in the system tray, when I moused over the wireless connection, it said it was trying to connect to my home network. I selected view wireless networks, but it did not find anything.
   
   I'm sorry this is such a pain! If you could suggest next steps, I would be VERY appreciative!!
   
   Thank you!!

The system is still infected. Did you put the 3 files I left in Reply #22 through the VirScan?

FYI:

When you change startup entries using msconfig, you choose Selective Startup, then make the changes. After doing this, when you reboot the first time, you will get a nag message that you can ignore and close after checking 'don't show this message again.' You have to STAY in Selective Startup to keep the changes. My computers are put in Selective Startup on the 2nd day I use them and kept there.

Connecting to your home network and your wireless network are not the same, although you may have computers set up networked, if you have a wireless router, the connection is going to be through it. Make sure the machine that has the router hard wired to it is turned on. the network won't connect if it isn't.

If the Services are disabled, it's not going to connect. Let's try this please:

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

• 
  Select log to query, select
• Application
• System
  
  Under Select type to list, select:
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
• Type 20 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)

I didn't, because I'm not able to get online to run the program. I am only able to download programs from another computer onto a USB drive and transfer to my infected computer.

I restarted in Diagnostic Mode. I will restart in Selective Startup. Will you please tell me what changes I should make?

Sorry, that was my lack of technical knowledge speaking. I don't have a home network set up. I was referring just to my wireless network. Also, in case it's important, I don't have a machine that the router is hard wired to. I only have the cable running to a modem, which is connected to my wireless router. When I open network connections and select view wireless networks, it is unable to locate any networks.

The VEW report:

Vino's Event Viewer v01c run on windows XP in English
Report run at 18/10/2010 10:05:17 PM

Note: All dates below are in the format dd/mm/yyy
~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~


Thank you!

Whatever machine the cable/modem/router is connected to is the one it's 'hard wired' to> think of it as plugged in.(very untechnical)

Questions:
1. Did the VEW scan run? If it did, there should be a log with the Errors
2. Are the Services still getting disabled when you reboot?
3. Do you still have Combofix on the desktop?
4. Have we established what is telling you that you have the TDSSServer infection?

First, happy birthday!!

Got it. I thought you were referring to a desktop machine that was actually plugged into the modem. Sorry about that.

I guess not. I just tried it again, selecting the options you told me to select, and I received the same minimal log that I pasted in my last reply.

Yes. I just rebooted and all of my services except DCOM Server Process Launcher are disabled. Some still have "Started" in the status, but the startup type is back to disabled.

Yes

No. Ever since we had some success clearing infections, I haven't had any TDSSServer infections come up on my scans.

Thank you for the greeting! And your patience.

I'd like a new scan with Combofix (already downloaded to desktop) followed by scan with HijackThis.

If you have HJT and it's version 2.0.2, please remove it and download and run this current versionv2.0.4)

Download the HijackThis Installer and save to the desktop:

1. Double-click on HJTInstall.exe to run the program.
2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
3. Accept the license agreement by clicking the "I Accept" button.
4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
5. Click "Save log" to save the log file and then the log will open in notepad.
6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Thanks Bobbye! hope you had a nice b'day.

Here is the ComboFix log:

ComboFix 10-10-21.02 - Admin 10/21/2010 22:22:36.2.2 - x86
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-18 05:42 . 2010-10-18 05:42 -------- d-----w- c:\documents and settings\admin 2
2010-10-15 02:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 02:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 02:54 . 2010-10-15 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-10 16:00 . 2010-10-10 16:00 -------- dc----w- C:\TDSSKiller_Quarantine
2010-10-10 15:57 . 2010-10-10 15:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-10 15:47 . 2010-10-10 15:47 -------- dc----w- C:\_OTM
2010-10-10 02:28 . 2004-08-04 10:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-10 02:01 . 2010-10-10 02:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-10 00:36 . 2010-10-10 00:36 -------- d-----w- c:\program files\ESET
2010-10-09 17:38 . 2010-10-09 17:38 -------- d-----w- c:\program files\Intel
2010-10-09 17:35 . 2009-10-07 19:01 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2010-10-09 17:35 . 2009-10-07 19:01 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-10-09 17:35 . 2009-10-07 19:01 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
2010-10-09 16:35 . 2010-10-10 02:33 -------- d-----w- c:\documents and settings\Admin
2010-10-06 01:29 . 2010-10-06 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-05 17:48 . 2010-10-05 17:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\IsolatedStorage
2010-10-05 15:17 . 2010-10-05 15:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-10-05 02:20 . 2010-10-05 13:17 0 ----a-w- c:\windows\Mxaqup.bin
2010-10-05 02:17 . 2010-10-05 02:17 67072 --sha-r- c:\windows\system32\nlsfuncg.dll
2010-10-05 02:16 . 2010-10-05 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2010-10-12_02.15.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-18 04:46 . 2009-10-07 19:01 2649216 c:\windows\system32\ReinstallBackups\0018\DriverFiles\BCMWL5.SYS
- 2010-10-10 02:17 . 2009-10-07 19:01 2649216 c:\windows\system32\ReinstallBackups\0018\DriverFiles\BCMWL5.SYS
+ 2009-07-10 00:57 . 2010-10-15 13:05 35385288 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-04-11 03:38 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 05:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 12:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Fi]
2010-10-06 04:57 2179 -c--a-w- c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-10-07 19:01 2498560 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-07-20 00:26 52896 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-01-19 14:14 7401472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2006-01-19 14:14 73728 ----a-w- c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-01-19 14:14 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 22:30 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-01 04:05 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2006-09-28 01:33 125168 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
2009-07-21 18:02 2707526 ----a-w- c:\program files\Zinio\ZinioReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PlugPlay"=2 (0x2)
"Netman"=2 (0x2)
"CryptSvc"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)
"ADVService"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"ACDaemon"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"wltrysvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"SNDSrvc"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"odserv"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=2 (0x2)
"Netlogon"=3 (0x3)
"NetDDEdsdm"=3 (0x3)
"NetDDE"=3 (0x3)
"MSIServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"helpsvc"=2 (0x2)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"DefWatch"=2 (0x2)
"COMSysApp"=3 (0x3)
"ClipSrv"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"Alerter"=3 (0x3)
"TrkWks"=2 (0x2)
"SavRoam"=2 (0x2)
"MSDTC"=3 (0x3)
"HTTPFilter"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"CiSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 3:13 AM 64160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/1/2010 8:06 PM 102448]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [3/18/2009 12:19 PM 73368]
S0 FixTDSS;FixTDSS; [x]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S4 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [3/18/2009 12:19 PM 139264]
S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/11/2009 3:33 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:38]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} - hxxps://remote.bingham.com/epa/vista/nsepa.ocx
DPF: {3F777025-3835-4117-B9FA-5E5230669310} - hxxps://law.lexisnexis.com/resources/fyi/dataflight_fyi.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-10-21 22:29:37
ComboFix-quarantined-files.txt 2010-10-22 02:29
ComboFix2.txt 2010-10-12 02:17

Pre-Run: 26,011,332,608 bytes free
Post-Run: 26,013,143,040 bytes free

- - End Of File - - E272F922B86DC345D408CF3FF0993A35

Here is the HiJack log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:11 PM, on 10/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3F777025-3835-4117-B9FA-5E5230669310} (Dataflight FYI Reviewer Control) - https://law.lexisnexis.com/resources/fyi/dataflight_fyi.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {971127BB-259F-48C2-BD75-5F97A3331551} (Microsoft RDP Client Control (redist)) - http://connect.ontrackinview.com/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 3917 bytes


Thank you!

Please do the following in the order I have them listed:
1.Download and run LSP-Fix

• 
  [1][Download LSP-Fix and Save to its own directory on the desktop..
  [2] Double-click on the file to open.
  [3] In the left hand column, you should see the nwprovau.dll files listed.
  [o[Click on it to highlight
  [o] Click the arrow in the middle of the screen that points to the right
  [4]This will move the filename to the right-hand column labeled Remove
  [o]NOTE: If the arrow is greyed out and does not allow you to click it, you need to check the box above labeled "I know what I'm doing"
  [5] Once the file has been transferred to the Remove column, click Finish at the bottom of the screen.
  [6]You'll be presented with a results screen showing the file was removed from the Winsock layer entries in the registry.
  [7] Close the LSPFix .

=============================================
2. Run a new scan with HijackThis> uninstall the version 2.0.2 you ran and click on the link I left for the current version v2.0.4 in Reply #31. The LSP nwprovau.dll entries should be gone.
============================================
3. Please run this Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

Code:

File::
c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
c:\windows\Mxaqup.bin
Folder::
C:\TDSSKiller_Quarantine
Extra::
File::
c:\program files\viewpoint\common\ViewpointService.exe
Firefox::
Firefox-:- Profile - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\d1gk3n47.default\

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

DirLook::
c:\documents and settings\Admin
c:\documents and settings\admin 2
Driver::
FixTDSS
Viewpoint Manager Service

Save this as CFScript.txt, in the same location as ComboFix.exe


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Check this Seevice: Start> Run> type in services.msc> Double click on Cryptography Services> should be set to Automatic Startup Type and Started. If it is not, set it that way. Then check Remote Procedure Call> should also be set to Automatic/Start.

I am still concerned about the status of the Services and the way they are loading- having Broni take a look. Are they still being disabled?

I will follow your instructions and paste the logs as soon as I get home from work. In the meantime, I wanted to reply to your question. Yes, when I restart, everything is disabled except DCOM Server Process Launcher. I will test again when I get home to verify this is still happening but it was the case last time I restarted.

Also, when you get a chance, will you send me the link you were referring to that lists all of the proper services.msc settings?

Thank you!!

I printed out a list of the Service setting from the log. It looks like they aren't set right. Services have Dependencies. If a Service needs another Service to run and it isn't running, then that Service won't start. I'm going to try to reset them for you using script in Combofix but I'm not sure how to do that. You setting shows how many dependency the Service has but not what they are so I have to open each.

The best site I know of on the internet for settings is Black Viper- I'll get the right page for you. They shouldn't be listed out under msconfig in the Combofix log.

I removed the old HiJack and downloaded the new one. I ran a scan and the new log is below. (not sure if you need it, but thought I'd include it just in case.)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:49 PM, on 10/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3F777025-3835-4117-B9FA-5E5230669310} (Dataflight FYI Reviewer Control) - https://law.lexisnexis.com/resources/fyi/dataflight_fyi.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {971127BB-259F-48C2-BD75-5F97A3331551} (Microsoft RDP Client Control (redist)) - http://connect.ontrackinview.com/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 4511 bytes

ComboFix 10-10-21.02 - Admin 10/25/2010 23:49:57.3.2 - x86
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\program files\viewpoint\common\ViewpointService.exe"
"c:\program files\viewpoint\viewpoint media player\npViewpoint.dll"
"c:\windows\Mxaqup.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\viewpoint\common\ViewpointService.exe
c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\10.10.2010_11.58.47\susp0000\object.ini
c:\tdsskiller_quarantine\10.10.2010_11.58.47\susp0000\svc0000\object.ini
c:\tdsskiller_quarantine\10.10.2010_11.58.47\susp0000\svc0000\tsk0000.ini
c:\windows\Mxaqup.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FIXTDSS
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_FixTDSS
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2010-09-26 to 2010-10-26 )))))))))))))))))))))))))))))))
.

2010-10-22 02:36 . 2010-10-22 02:36 -------- d-----w- c:\program files\Trend Micro
2010-10-18 05:42 . 2010-10-18 05:42 -------- d-----w- c:\documents and settings\admin 2
2010-10-15 02:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 02:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 02:54 . 2010-10-15 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-10 15:57 . 2010-10-10 15:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-10 15:47 . 2010-10-10 15:47 -------- dc----w- C:\_OTM
2010-10-10 02:28 . 2004-08-04 10:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-10 02:01 . 2010-10-10 02:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-10 00:36 . 2010-10-10 00:36 -------- d-----w- c:\program files\ESET
2010-10-09 17:38 . 2010-10-09 17:38 -------- d-----w- c:\program files\Intel
2010-10-09 17:35 . 2009-10-07 19:01 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2010-10-09 17:35 . 2009-10-07 19:01 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-10-09 17:35 . 2009-10-07 19:01 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
2010-10-09 16:35 . 2010-10-10 02:33 -------- d-----w- c:\documents and settings\Admin
2010-10-06 01:29 . 2010-10-06 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-05 17:48 . 2010-10-05 17:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\IsolatedStorage
2010-10-05 15:17 . 2010-10-05 15:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-10-05 02:17 . 2010-10-05 02:17 67072 --sha-r- c:\windows\system32\nlsfuncg.dll
2010-10-05 02:16 . 2010-10-05 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\admin 2 ----

2010-10-18 05:45 . 2010-10-18 05:45 3764508 ---ha-w- c:\documents and settings\admin 2\Local Settings\Application Data\IconCache.db
2010-10-18 05:42 . 2010-10-18 05:42 144 ----a-w- c:\documents and settings\admin 2\Application Data\Microsoft\Office\Groove12.pip
2010-10-18 05:42 . 2010-10-18 05:42 7919 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak
2010-10-18 05:42 . 2010-10-18 05:42 0 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\8URA0DNA\fwlink[1]
2010-10-18 05:42 . 2010-10-18 05:42 28672 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
2010-10-18 05:42 . 2010-10-18 05:42 226 ----a-w- c:\documents and settings\admin 2\Favorites\Links\Web Slice Gallery.url
2010-10-18 05:42 . 2010-10-18 05:42 0 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\WB8Z825C\fwlink[1]
2010-10-18 05:42 . 2010-10-18 05:42 28672 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
2010-10-18 05:42 . 2010-10-18 05:42 0 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\7VWQ2FH3\fwlink[1]
2010-10-18 05:42 . 2010-10-18 05:42 6144 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms
2010-10-18 05:42 . 2010-10-18 05:42 28672 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
2010-10-18 05:42 . 2010-10-18 05:42 67 --sh--w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\79UIUAG5\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 67 --sh--w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\8URA0DNA\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 67 --sh--w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\WB8Z825C\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 67 --sh--w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\7VWQ2FH3\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 67 --sh--w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 32768 --sha-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2010-10-18 05:42 . 2010-10-18 05:42 84 --sha-w- c:\documents and settings\admin 2\Favorites\Links\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 133 ----a-w- c:\documents and settings\admin 2\Favorites\Microsoft Websites\Microsoft At Work.url
2010-10-18 05:42 . 2010-10-18 05:42 134 ----a-w- c:\documents and settings\admin 2\Favorites\Microsoft Websites\Microsoft Store.url
2010-10-18 05:42 . 2010-10-18 05:42 133 ----a-w- c:\documents and settings\admin 2\Favorites\Microsoft Websites\Microsoft At Home.url
2010-10-18 05:42 . 2010-10-18 05:42 133 ----a-w- c:\documents and settings\admin 2\Favorites\Microsoft Websites\IE Add-on site.url
2010-10-18 05:42 . 2010-10-18 05:42 133 ----a-w- c:\documents and settings\admin 2\Favorites\Microsoft Websites\IE site on Microsoft.com.url
2010-10-18 05:42 . 2010-10-18 05:42 7803 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt
2010-10-18 05:42 . 2010-10-18 05:42 815 ----a-w- c:\documents and settings\admin 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
2010-10-18 05:42 . 2010-10-18 05:42 803 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Internet Explorer.lnk
2010-10-18 05:42 . 2010-10-18 05:42 833 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
2010-10-18 05:42 . 2010-10-18 05:42 122 --sha-w- c:\documents and settings\admin 2\Favorites\Desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 60 --sh--w- c:\documents and settings\admin 2\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 150 --sha-w- c:\documents and settings\admin 2\Recent\Desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 79 ----a-w- c:\documents and settings\admin 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
2010-10-18 05:42 . 2010-10-18 05:42 774 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Address Book.lnk
2010-10-18 05:42 . 2010-10-18 05:42 738 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Outlook Express.lnk
2010-10-18 05:42 . 2010-10-18 05:42 2572 --sha-w- c:\documents and settings\admin 2\Application Data\Microsoft\Internet Explorer\Desktop.htt
2010-10-18 05:42 . 2010-10-18 05:42 0 ----a-w- c:\documents and settings\admin 2\SendTo\My Documents.mydocs
2010-10-18 05:42 . 2010-10-18 05:42 638 ----a-w- c:\documents and settings\admin 2\My Documents\My Music\Sample Music.lnk
2010-10-18 05:42 . 2010-10-18 05:42 183 --sha-w- c:\documents and settings\admin 2\My Documents\My Music\Desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 668 ----a-w- c:\documents and settings\admin 2\My Documents\My Pictures\Sample Pictures.lnk
2010-10-18 05:42 . 2010-10-18 05:42 185 --sha-w- c:\documents and settings\admin 2\My Documents\My Pictures\Desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 78 --sha-w- c:\documents and settings\admin 2\My Documents\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 245760 --sha-w- c:\documents and settings\admin 2\IETldCache\index.dat
2010-10-18 05:42 . 2010-10-18 05:42 16384 --sha-w- c:\documents and settings\admin 2\Cookies\index.dat
2010-10-18 05:42 . 2010-10-18 05:45 178 --sha-w- c:\documents and settings\admin 2\ntuser.ini
2010-10-18 05:42 . 2010-10-18 05:45 262144 ---ha-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
2010-10-18 05:42 . 2010-10-18 05:42 1024 ---ha-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
2010-10-18 05:42 . 2009-03-16 22:51 62 --sha-w- c:\documents and settings\admin 2\Application Data\desktop.ini
2010-10-18 05:42 . 2009-03-17 05:46 113 ----a-w- c:\documents and settings\admin 2\Application Data\Microsoft\Internet Explorer\brndlog.bak
2010-10-18 05:42 . 2009-03-17 05:46 141 ----a-w- c:\documents and settings\admin 2\Application Data\Microsoft\Internet Explorer\brndlog.txt
2010-10-18 05:42 . 2009-03-17 05:46 720896 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
2010-10-18 05:42 . 2009-03-17 05:46 498 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
2010-10-18 05:42 . 2009-03-17 05:46 12784 ----a-w- c:\documents and settings\admin 2\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
2010-10-18 05:42 . 2010-10-18 05:42 62 --sha-w- c:\documents and settings\admin 2\Local Settings\desktop.ini
2010-10-18 05:42 . 2009-03-17 05:50 113 --sha-w- c:\documents and settings\admin 2\Local Settings\History\desktop.ini
2010-10-18 05:42 . 2009-03-17 05:50 113 --sha-w- c:\documents and settings\admin 2\Local Settings\History\History.IE5\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 16384 ----a-w- c:\documents and settings\admin 2\Local Settings\History\History.IE5\index.dat
2010-10-18 05:42 . 2009-03-17 05:45 0 ----a-w- c:\documents and settings\admin 2\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2010-10-18 05:42 . 2009-03-17 05:45 0 ----a-w- c:\documents and settings\admin 2\SendTo\Desktop (create shortcut).DeskLink
2010-10-18 05:42 . 2009-03-17 05:45 181 --sha-w- c:\documents and settings\admin 2\SendTo\desktop.ini
2010-10-18 05:42 . 2009-03-17 05:45 0 ----a-w- c:\documents and settings\admin 2\SendTo\Mail Recipient.MAPIMail
2010-10-18 05:42 . 2009-03-16 22:51 62 --sha-w- c:\documents and settings\admin 2\Start Menu\desktop.ini
2010-10-18 05:42 . 2009-03-17 05:46 348 --sha-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Accessibility\desktop.ini
2010-10-18 05:42 . 2009-03-17 05:46 1525 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
2010-10-18 05:42 . 2009-03-17 05:46 1532 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2010-10-18 05:42 . 2009-03-17 05:46 1501 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2010-10-18 05:42 . 2009-03-17 05:46 1555 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Command Prompt.lnk
2010-10-18 05:42 . 2009-03-17 05:46 1539 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
2010-10-18 05:42 . 2010-10-18 05:42 542 --sha-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\desktop.ini
2010-10-18 05:42 . 2009-03-17 05:46 84 --sha-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Entertainment\desktop.ini
2010-10-18 05:42 . 2010-10-18 05:42 804 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
2010-10-18 05:42 . 2009-03-17 05:46 1519 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Notepad.lnk
2010-10-18 05:42 . 2009-03-17 05:46 386 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
2010-10-18 05:42 . 2009-03-17 05:46 1519 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Synchronize.lnk
2010-10-18 05:42 . 2009-03-17 05:46 1527 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Tour Windows XP.lnk
2010-10-18 05:42 . 2010-10-18 05:42 190 --sha-w- c:\documents and settings\admin 2\Start Menu\Programs\desktop.ini
2010-10-18 05:42 . 2009-03-17 05:46 1599 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Remote Assistance.lnk
2010-10-18 05:42 . 2009-03-17 05:45 1487 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Accessories\Windows Explorer.lnk
2010-10-18 05:42 . 2010-10-18 05:42 792 ----a-w- c:\documents and settings\admin 2\Start Menu\Programs\Windows Media Player.lnk
2010-10-18 05:42 . 2009-03-17 05:46 84 --sha-w- c:\documents and settings\admin 2\Start Menu\Programs\Startup\desktop.ini
2010-10-18 05:42 . 2004-08-04 10:00 4570 ----a-w- c:\documents and settings\admin 2\Templates\amipro.sam
2010-10-18 05:42 . 2004-08-04 10:00 5632 ----a-w- c:\documents and settings\admin 2\Templates\excel.xls
2010-10-18 05:42 . 2004-08-04 10:00 1518 ----a-w- c:\documents and settings\admin 2\Templates\excel4.xls
2010-10-18 05:42 . 2004-08-04 10:00 2448 ----a-w- c:\documents and settings\admin 2\Templates\lotus.wk4
2010-10-18 05:42 . 2004-08-04 10:00 12288 ----a-w- c:\documents and settings\admin 2\Templates\powerpnt.ppt
2010-10-18 05:42 . 2004-08-04 10:00 461 ----a-w- c:\documents and settings\admin 2\Templates\presenta.shw
2010-10-18 05:42 . 2004-08-04 10:00 4017 ----a-w- c:\documents and settings\admin 2\Templates\quattro.wb2
2010-10-18 05:42 . 2004-08-04 10:00 58 ----a-w- c:\documents and settings\admin 2\Templates\sndrec.wav
2010-10-18 05:42 . 2004-08-04 10:00 4608 ----a-w- c:\documents and settings\admin 2\Templates\winword.doc
2010-10-18 05:42 . 2004-08-04 10:00 1769 ----a-w- c:\documents and settings\admin 2\Templates\winword2.doc
2010-10-18 05:42 . 2004-08-04 10:00 30 ----a-r- c:\documents and settings\admin 2\Templates\wordpfct.wpd
2010-10-18 05:42 . 2004-08-04 10:00 57 ----a-r- c:\documents and settings\admin 2\Templates\wordpfct.wpg
2010-10-18 05:42 . 2010-10-26 03:23 1024 ---ha-w- c:\documents and settings\admin 2\Ntuser.dat.LOG
2010-10-18 05:42 . 2010-10-18 05:45 786432 ---ha-w- c:\documents and settings\admin 2\NTUSER.DAT

---- Directory of c:\documents and settings\Admin ----

2010-10-26 03:47 . 2010-10-26 03:47 387 ----a-w- c:\documents and settings\Admin\Recent\CFScript.txt.lnk
2010-10-26 03:44 . 2010-10-26 03:44 423 ----a-w- c:\documents and settings\Admin\Recent\hijackthis1025.log.lnk
2010-10-26 03:44 . 2010-10-26 03:44 4396 ----a-w- c:\documents and settings\Admin\Desktop\hijackthis1025.log
2010-10-26 03:43 . 2010-10-26 03:43 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 03:43 . 2010-10-26 03:43 2447 ----a-w- c:\documents and settings\Admin\Desktop\HiJackThis.lnk
2010-10-26 03:43 . 2010-10-26 03:43 1984 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\HiJackThis\HiJackThis.lnk
2010-10-26 03:42 . 2010-10-26 03:31 1402880 ----a-w- c:\documents and settings\Admin\Desktop\HiJackThis.msi
2010-10-26 03:39 . 2010-10-26 03:45 5482 ----a-w- c:\documents and settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LQM197H7\views[1]
2010-10-26 03:25 . 2006-07-05 20:12 186880 ----a-w- c:\documents and settings\Admin\Desktop\LSPFix.exe
2010-10-26 03:25 . 2010-10-26 03:24 32768 --sha-w- c:\documents and settings\Admin\Local Settings\History\History.IE5\MSHist012010102520101026\index.dat
2010-10-26 03:25 . 2010-10-26 03:24 32768 --sha-w- c:\documents and settings\Admin\Local Settings\History\History.IE5\MSHist012010101820101025\index.dat
2010-10-26 03:25 . 2010-10-26 03:45 503 ----a-w- c:\documents and settings\Admin\Recent\instructions.txt.lnk
2010-10-26 03:25 . 2010-10-25 15:10 201030 ----a-w- c:\documents and settings\Admin\Desktop\lspfix.zip
2010-10-26 03:25 . 2010-10-25 15:10 2677 ----a-w- c:\documents and settings\Admin\Desktop\instructions.txt
2010-10-22 02:38 . 2010-10-22 02:38 290 ----a-w- c:\documents and settings\Admin\Recent\hijackthis.log.lnk
2010-10-22 02:35 . 2010-10-22 02:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\PVJ3CBKC\desktop.ini
2010-10-22 02:35 . 2010-10-26 03:45 32768 --sha-w- c:\documents and settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2010-10-22 02:35 . 2010-10-22 02:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4UHF04O8\desktop.ini
2010-10-22 02:35 . 2010-10-22 02:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KUY7WT0H\desktop.ini
2010-10-22 02:35 . 2010-10-22 02:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\LQM197H7\desktop.ini
2010-10-22 02:35 . 2010-10-22 02:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
2010-10-22 02:35 . 2010-10-22 02:35 298 ----a-w- c:\documents and settings\Admin\Recent\ComboFix log.txt.lnk
2010-10-22 02:29 . 2010-10-18 05:02 1873 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\prefs.js.BAK
2010-10-22 02:20 . 2010-10-22 02:13 3882530 ----a-r- c:\documents and settings\Admin\Desktop\ComboFix.exe
2010-10-22 02:17 . 2010-10-22 02:36 288 ----a-w- c:\documents and settings\Admin\Recent\directions.txt.lnk
2010-10-22 02:17 . 2010-10-22 02:15 1865 ----a-w- c:\documents and settings\Admin\Desktop\directions.txt
2010-10-19 02:27 . 2010-10-19 02:27 896 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-18 (22-27-23).txt
2010-10-19 02:03 . 2010-10-19 02:02 61440 ----a-w- c:\documents and settings\Admin\Desktop\VEW.exe
2010-10-18 05:51 . 2010-10-18 05:51 67 --sh--w- c:\documents and settings\Admin\Local Settings\Temporary Internet Files\desktop.ini
2010-10-18 05:47 . 2010-10-18 05:47 488 ----a-w- c:\documents and settings\Admin\Recent\filepaths.lnk
2010-10-18 05:39 . 2010-10-18 05:39 5632 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{1D488944-DA7A-11DF-8842-0015C543FF13}.dat
2010-10-18 05:04 . 2010-10-18 05:04 620 ----a-w- c:\documents and settings\Admin\Recent\mbam-log-2010-10-18 (01-04-13)2.lnk
2010-10-18 05:04 . 2010-10-18 05:04 895 ----a-w- c:\documents and settings\Admin\Desktop\mbam-log-2010-10-18 (01-04-13)2.txt
2010-10-18 05:04 . 2010-10-18 05:04 895 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-18 (01-04-13).txt
2010-10-18 05:02 . 2010-10-18 05:02 1485 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\localstore.rdf
2010-10-18 05:02 . 2010-10-18 05:02 4220 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\bookmarkbackups\bookmarks-2010-10-18.json
2010-10-18 05:02 . 2010-10-22 02:29 1873 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\prefs.js
2010-10-18 04:18 . 2010-10-18 04:18 7530 ----a-w- c:\documents and settings\Admin\Desktop\DDS 10.17.10.txt
2010-10-18 04:18 . 2010-10-18 04:18 411 ----a-w- c:\documents and settings\Admin\Recent\DDS 10.17.10.lnk
2010-10-18 04:17 . 2010-10-18 04:17 9924 ----a-w- c:\documents and settings\Admin\Desktop\Attach 10.17.10.txt
2010-10-18 04:17 . 2010-10-18 04:17 428 ----a-w- c:\documents and settings\Admin\Recent\Attach 10.17.10.lnk
2010-10-18 04:16 . 2010-10-18 04:13 544768 ----a-w- c:\documents and settings\Admin\Desktop\dds.scr
2010-10-18 04:16 . 2010-10-18 04:13 543197 ----a-w- c:\documents and settings\Admin\Desktop\dds.zip
2010-10-18 04:14 . 2010-10-18 04:04 49152 --sha-w- c:\documents and settings\Admin\Local Settings\History\History.IE5\MSHist012010101120101018\index.dat
2010-10-18 04:14 . 2010-10-18 04:14 519 ----a-w- c:\documents and settings\Admin\Recent\mbam-log-2010-10-18 (00-14-13).lnk
2010-10-18 04:14 . 2010-10-18 04:14 908 ----a-w- c:\documents and settings\Admin\Desktop\mbam-log-2010-10-18 (00-14-13).txt
2010-10-18 04:14 . 2010-10-18 04:14 908 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-18 (00-14-13).txt
2010-10-18 03:47 . 2010-10-18 03:47 519 ----a-w- c:\documents and settings\Admin\Recent\mbam-log-2010-10-17 (23-47-33).lnk
2010-10-18 03:47 . 2010-10-18 03:47 896 ----a-w- c:\documents and settings\Admin\Desktop\mbam-log-2010-10-17 (23-47-33).txt
2010-10-18 03:47 . 2010-10-18 03:47 896 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-17 (23-47-33).txt
2010-10-15 13:03 . 2010-10-15 13:03 519 ----a-w- c:\documents and settings\Admin\Recent\mbam-log-2010-10-15 (09-00-21).lnk
2010-10-15 13:03 . 2010-10-15 13:03 1778 ----a-w- c:\documents and settings\Admin\Desktop\mbam-log-2010-10-15 (09-00-21).txt
2010-10-15 13:02 . 2010-10-15 13:02 368 ----a-w- c:\documents and settings\Admin\Cookies\admin@addthis[2].txt
2010-10-15 13:02 . 2010-10-15 13:02 284 ----a-w- c:\documents and settings\Admin\Cookies\admin@crosspixel.demdex[1].txt
2010-10-15 13:02 . 2010-10-15 13:02 1084 ----a-w- c:\documents and settings\Admin\Cookies\admin@www.techspot[2].txt
2010-10-15 13:02 . 2010-10-15 13:02 92 ----a-w- c:\documents and settings\Admin\Cookies\admin@crowdscience[2].txt
2010-10-15 13:02 . 2010-10-15 13:02 112 ----a-w- c:\documents and settings\Admin\Cookies\admin@scorecardresearch[1].txt
2010-10-15 13:02 . 2010-10-15 13:02 447 ----a-w- c:\documents and settings\Admin\Cookies\admin@techspot[2].txt
2010-10-15 13:00 . 2010-10-15 13:03 1778 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-15 (09-00-21).txt
2010-10-15 13:00 . 2010-10-15 13:00 138 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.57171
2010-10-15 13:00 . 2010-10-15 13:00 122368 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.57171
2010-10-15 13:00 . 2010-10-15 13:00 111 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.89575
2010-10-15 13:00 . 2010-10-15 13:00 81920 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.89575
2010-10-15 13:00 . 2010-10-15 13:00 104 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.16695
2010-10-15 13:00 . 2010-10-15 13:00 194560 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16695
2010-10-15 13:00 . 2010-10-15 13:00 123 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.49953
2010-10-15 13:00 . 2010-10-15 13:00 843264 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.49953
2010-10-15 13:00 . 2010-10-15 13:00 141 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.36496
2010-10-15 13:00 . 2010-10-15 13:00 41984 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.36496
2010-10-15 13:00 . 2010-10-15 13:00 104 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.54735
2010-10-15 13:00 . 2010-10-15 13:00 41984 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.54735
2010-10-15 12:59 . 2010-10-15 12:59 762 ----a-w- c:\documents and settings\Admin\Cookies\admin@rad.msn[1].txt
2010-10-15 12:59 . 2010-10-15 12:59 241 ----a-w- c:\documents and settings\Admin\Cookies\admin@mail.live[2].txt
2010-10-15 12:59 . 2010-10-15 13:04 867 ----a-w- c:\documents and settings\Admin\Cookies\admin@live[2].txt
2010-10-15 03:18 . 2010-10-15 03:18 85 ----a-w- c:\documents and settings\Admin\Cookies\admin@eyewonder[1].txt
2010-10-15 03:18 . 2010-10-15 03:18 556 ----a-w- c:\documents and settings\Admin\Cookies\admin@voicefive[2].txt
2010-10-15 03:18 . 2010-10-15 03:18 159 ----a-w- c:\documents and settings\Admin\Cookies\admin@adecn[1].txt
2010-10-15 03:18 . 2010-10-15 03:18 68 ----a-w- c:\documents and settings\Admin\Cookies\admin@h.live[1].txt
2010-10-15 03:18 . 2010-10-15 13:04 575 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\LCYFVYQZ\secure.shared.live[1].xml
2010-10-15 03:18 . 2010-10-15 03:18 13 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C9HPB4SJ\sn143w.snt143.mail.live[1].xml
2010-10-15 03:18 . 2010-10-15 03:18 290 ----a-w- c:\documents and settings\Admin\Cookies\admin@login.live[1].txt
2010-10-15 02:55 . 2010-10-15 02:55 284 ----a-w- c:\documents and settings\Admin\Cookies\admin@legolas-media[2].txt
2010-10-15 02:54 . 2010-10-15 02:54 32734 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4
2010-10-15 02:54 . 2010-10-15 02:54 132 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4
2010-10-15 02:54 . 2010-10-15 02:54 6153352 ----a-w- c:\documents and settings\Admin\Desktop\mbam-setup-1.46.exe
2010-10-15 02:53 . 2010-10-15 02:53 286 ----a-w- c:\documents and settings\Admin\Cookies\admin@www.bleepingcomputer[1].txt
2010-10-15 02:53 . 2010-10-15 02:53 500 ----a-w- c:\documents and settings\Admin\Cookies\admin@bleepingcomputer[1].txt
2010-10-15 02:53 . 2010-10-15 02:53 177 ----a-w- c:\documents and settings\Admin\Cookies\admin@store.malwarebytes[2].txt
2010-10-15 02:53 . 2010-10-15 02:53 223003 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\119EFCC56A568F53AA7025356F876799
2010-10-15 02:53 . 2010-10-15 02:53 130 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\119EFCC56A568F53AA7025356F876799
2010-10-15 02:53 . 2010-10-15 02:53 494 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\FCEA474F228C13CD0DAD678431D0ACFC
2010-10-15 02:53 . 2010-10-15 02:53 130 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\FCEA474F228C13CD0DAD678431D0ACFC
2010-10-15 02:53 . 2010-10-15 02:53 381 ----a-w- c:\documents and settings\Admin\Cookies\admin@malwarebytes[2].txt
2010-10-15 02:53 . 2010-10-15 02:53 87 ----a-w- c:\documents and settings\Admin\Cookies\admin@yahoo[1].txt
2010-10-15 02:52 . 2010-10-15 02:52 7318 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat
2010-10-15 02:51 . 2010-10-15 02:51 475 ----a-w- c:\documents and settings\Admin\Cookies\admin@media6degrees[2].txt
2010-10-15 02:49 . 2010-10-15 02:49 13 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EXE4RKG1\www.google[1].xml
2010-10-15 02:49 . 2010-10-15 03:50 32768 --sha-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
2010-10-15 02:49 . 2010-10-15 02:49 350 ----a-w- c:\documents and settings\Admin\Cookies\admin@google[3].txt
2010-10-15 02:47 . 2010-10-15 02:47 1728 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\MSOut12.pip
2010-10-15 02:47 . 2010-10-15 02:47 2367 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Outlook\Outlook.xml
2010-10-15 02:47 . 2010-10-15 02:47 660 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Outlook\outcmd.dat
2010-10-15 02:47 . 2010-10-15 02:47 2560 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Outlook\Outlook.srs
2010-10-15 02:46 . 2010-10-15 02:47 3552 ----a-w- c:\documents and settings\Admin\Application Data\Apple Computer\Logs\asl.224653_14Oct10.log
2010-10-15 02:46 . 2010-10-15 02:46 792 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
2010-10-15 02:46 . 2010-10-15 02:46 793 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Outlook\extend.dat
2010-10-15 02:46 . 2010-10-15 02:47 1297 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi
2010-10-15 02:46 . 2010-10-15 02:47 271360 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
2010-10-15 02:46 . 2010-10-15 02:46 245980 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\FORMS\FRMCACHE.DAT
2010-10-15 02:43 . 2010-10-15 02:43 171 ----a-w- c:\documents and settings\Admin\Cookies\admin@mediaplex[2].txt
2010-10-15 02:43 . 2010-10-15 02:43 98 ----a-w- c:\documents and settings\Admin\Cookies\admin@apmebf[1].txt
2010-10-15 02:40 . 2010-10-15 02:40 141492 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\930D1D196EE05A60D0FD6680AB99D0D5
2010-10-15 02:40 . 2010-10-15 02:40 120 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\930D1D196EE05A60D0FD6680AB99D0D5
2010-10-15 02:40 . 2010-10-15 02:40 45213 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\B171751C11ECDD4C0C4BC4BBF7B99FBF
2010-10-15 02:40 . 2010-10-15 02:40 128 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\B171751C11ECDD4C0C4BC4BBF7B99FBF
2010-10-15 02:40 . 2010-10-15 02:40 533 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\5C45AD19E3530EC4218F560AFC04C3F7
2010-10-15 02:40 . 2010-10-15 02:40 118 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C45AD19E3530EC4218F560AFC04C3F7
2010-10-15 02:39 . 2010-10-15 02:39 179 ----a-w- c:\documents and settings\Admin\Cookies\admin@quantserve[2].txt
2010-10-15 02:37 . 2010-10-15 02:37 395 ----a-w- c:\documents and settings\Admin\Cookies\admin@aggregateknowledge[2].txt
2010-10-15 02:32 . 2010-10-15 02:32 212 ----a-w- c:\documents and settings\Admin\Cookies\admin@imrworldwide[2].txt
2010-10-15 02:30 . 2010-10-15 02:30 91 ----a-w- c:\documents and settings\Admin\Cookies\admin@youtube[1].txt
2010-10-15 02:30 . 2010-10-15 02:30 126 ----a-w- c:\documents and settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt
2010-10-15 02:30 . 2010-10-15 02:30 584 ----a-w- c:\documents and settings\Admin\Cookies\admin@msn[1].txt
2010-10-15 02:29 . 2010-10-15 02:29 377 ----a-w- c:\documents and settings\Admin\Cookies\admin@google[1].txt
2010-10-15 02:29 . 2010-10-15 02:29 374 ----a-w- c:\documents and settings\Admin\Cookies\admin@google[2].txt
2010-10-15 02:29 . 2010-10-15 02:29 1396 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\D0F063B6B88A2B8BFE21C3993A613447
2010-10-15 02:29 . 2010-10-15 02:29 178 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\D0F063B6B88A2B8BFE21C3993A613447
2010-10-15 02:29 . 2010-10-15 02:29 2484 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D
2010-10-15 02:29 . 2010-10-15 02:29 112 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D
2010-10-15 02:29 . 2010-10-15 02:29 46159 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\5F74056C561F814B7771CB2993A44DEB
2010-10-15 02:29 . 2010-10-15 02:29 104 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\5F74056C561F814B7771CB2993A44DEB
2010-10-15 02:28 . 2010-10-15 02:54 257 ----a-w- c:\documents and settings\Admin\Cookies\admin@ad.wsod[2].txt
2010-10-15 02:28 . 2010-10-15 02:28 67 ----a-w- c:\documents and settings\Admin\Cookies\admin@c.msn[1].txt
2010-10-15 02:28 . 2010-10-15 02:28 137 ----a-w- c:\documents and settings\Admin\Cookies\admin@exp.www.msn[1].txt

2010-10-12 02:15 . 2010-10-12 02:15 552 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2010-10-12 02:15 . 2010-10-12 02:15 132 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2010-10-12 02:15 . 2010-10-12 02:15 528 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A
2010-10-12 02:15 . 2010-10-12 02:15 140 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A
2010-10-12 00:07 . 2010-10-12 00:07 518 ----a-w- c:\documents and settings\Admin\Recent\10102010_114759 (3).lnk
2010-10-12 00:02 . 2010-10-12 00:02 415 ----a-w- c:\documents and settings\Admin\Recent\aaw7boot.lnk
2010-10-11 23:43 . 2010-10-11 23:43 518 ----a-w- c:\documents and settings\Admin\Recent\10102010_114759 (2).lnk
2010-10-11 23:40 . 2010-10-11 23:40 518 ----a-w- c:\documents and settings\Admin\Recent\10102010_114759.lnk
2010-10-11 23:39 . 2010-10-11 23:34 32768 --sha-w- c:\documents and settings\Admin\Local Settings\History\History.IE5\MSHist012010100420101011\index.dat
2010-10-10 16:03 . 2010-10-12 01:53 293 ----a-w- c:\documents and settings\Admin\Recent\Local Disk (C).lnk
2010-10-10 16:02 . 2010-10-10 16:02 269 ----a-w- c:\documents and settings\Admin\Recent\error.lnk
2010-10-10 15:51 . 2010-10-10 15:51 4108 ----a-w- c:\documents and settings\Admin\Desktop\10102010_114759.log
2010-10-10 15:46 . 2010-10-10 15:43 253 ----a-w- c:\documents and settings\Admin\Desktop\filepaths.txt
2010-10-10 15:46 . 2010-10-22 02:38 186 ----a-w- c:\documents and settings\Admin\Recent\TOSHIBA (E).lnk
2010-10-10 15:46 . 2010-10-10 15:44 1211285 ----a-w- c:\documents and settings\Admin\Desktop\tdsskiller.zip
2010-10-10 15:46 . 2010-10-10 15:43 519680 ----a-w- c:\documents and settings\Admin\Desktop\OTM.exe
2010-10-10 02:43 . 2010-10-10 02:43 399 ----a-w- c:\documents and settings\Admin\Recent\services 4.lnk
2010-10-10 02:43 . 2010-10-10 02:43 181140 ----a-w- c:\documents and settings\Admin\Desktop\services 4.JPG
2010-10-10 02:43 . 2010-10-10 02:43 168479 ----a-w- c:\documents and settings\Admin\Desktop\services 3.JPG
2010-10-10 02:43 . 2010-10-10 02:43 399 ----a-w- c:\documents and settings\Admin\Recent\services 3.lnk
2010-10-10 02:43 . 2010-10-10 02:43 399 ----a-w- c:\documents and settings\Admin\Recent\services 2.lnk
2010-10-10 02:43 . 2010-10-10 02:43 157192 ----a-w- c:\documents and settings\Admin\Desktop\services 2.JPG
2010-10-10 02:42 . 2010-10-10 02:42 387 ----a-w- c:\documents and settings\Admin\Recent\services.lnk
2010-10-10 02:42 . 2010-10-10 02:42 152360 ----a-w- c:\documents and settings\Admin\Desktop\services.JPG
2010-10-10 02:33 . 2010-10-10 02:33 15 ----a-w- c:\documents and settings\Admin\resetlog.txt
2010-10-10 02:19 . 2010-10-10 02:19 602 ----a-w- c:\documents and settings\Admin\Recent\DW WLAN Card.lnk
2010-10-10 02:19 . 2010-10-10 02:19 620 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\Recent\DW WLAN Card.LNK
2010-10-10 02:19 . 2010-10-10 02:19 723 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\Recent\Readme.LNK
2010-10-10 02:19 . 2010-10-10 02:19 775 ----a-w- c:\documents and settings\Admin\Recent\Readme.lnk
2010-10-10 02:15 . 2010-10-09 17:22 24750424 ----a-w- c:\documents and settings\Admin\Desktop\R138226.EXE
2010-10-10 02:15 . 2010-10-09 17:27 119415640 ----a-w- c:\documents and settings\Admin\Desktop\R242906.exe
2010-10-10 02:15 . 2010-10-09 17:23 5002248 ----a-w- c:\documents and settings\Admin\Desktop\R116101.EXE
2010-10-10 02:12 . 2010-10-12 02:18 261 ----a-w- c:\documents and settings\Admin\Recent\log.lnk
2010-10-10 02:07 . 2010-10-10 02:10 14373 ----a-w- c:\documents and settings\Admin\Desktop\Attach.txt
2010-10-10 02:07 . 2010-10-10 02:09 7134 ----a-w- c:\documents and settings\Admin\Desktop\DDS.txt
2010-10-10 01:30 . 2010-10-10 01:30 893 ----a-w- c:\documents and settings\Admin\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-09 (21-30-19).txt
2010-10-10 01:30 . 2010-10-10 01:30 1684 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\Word12.pip
2010-10-10 01:30 . 2010-10-10 01:30 15403 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Templates\Normal.dotm
2010-10-10 01:30 . 2010-10-10 01:30 766 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\Recent\Templates.LNK
2010-10-10 01:30 . 2010-10-10 02:19 119 ---h--w- c:\documents and settings\Admin\Application Data\Microsoft\Office\Recent\index.dat
2010-10-10 01:30 . 2010-10-10 01:30 731 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\Recent\changes.LNK
2010-10-10 01:30 . 2010-10-10 01:30 623 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\Recent\Malwarebytes' Anti-Malware.LNK
2010-10-10 01:29 . 2006-10-27 13:32 322380 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Document Building Blocks\1033\Building Blocks.dotx
2010-10-10 01:29 . 2010-10-10 01:29 37814 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\MSO1033.acl
2010-10-10 01:29 . 2010-10-10 01:30 605 ----a-w- c:\documents and settings\Admin\Recent\Malwarebytes' Anti-Malware.lnk
2010-10-10 01:29 . 2010-10-10 01:30 801 ----a-w- c:\documents and settings\Admin\Recent\changes.lnk
2010-10-10 01:23 . 2010-10-10 01:23 3446 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\extensions.rdf
2010-10-10 01:23 . 2010-10-10 01:23 430 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\extensions.ini
2010-10-10 01:23 . 2010-10-10 01:23 582 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\extensions.cache
2010-10-10 01:23 . 2009-03-18 18:40 2005 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest
2010-10-10 01:23 . 2009-03-18 18:40 1271 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\install.rdf
2010-10-10 01:23 . 2009-03-18 18:40 27394 -c--a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome\chrome_user.jar
2010-10-10 01:23 . 2009-03-18 18:40 424 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences\defaults.js
2010-10-10 01:22 . 2010-10-10 01:22 7226 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat
2010-10-10 01:21 . 2010-10-18 05:39 3584 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{C0808B3E-D40C-11DF-8839-0015C543FF13}.dat
2010-10-10 01:21 . 2010-10-15 02:56 171 ----a-w- c:\documents and settings\Admin\Cookies\admin@kontera[2].txt
2010-10-10 01:21 . 2010-10-10 01:21 177 ----a-w- c:\documents and settings\Admin\Cookies\admin@demdex[1].txt
2010-10-10 01:21 . 2010-10-15 03:18 444 ----a-w- c:\documents and settings\Admin\Cookies\admin@atdmt[1].txt
2010-10-10 01:21 . 2010-10-10 01:21 108 ----a-w- c:\documents and settings\Admin\Cookies\admin@imageshack[1].txt
2010-10-10 01:21 . 2010-10-10 01:21 202 ----a-w- c:\documents and settings\Admin\Cookies\admin@abmr[2].txt
2010-10-10 01:21 . 2010-10-10 01:21 78 ----a-w- c:\documents and settings\Admin\Cookies\admin@apture[1].txt
2010-10-10 01:21 . 2010-10-10 01:21 123 ----a-w- c:\documents and settings\Admin\Cookies\admin@doubleclick[1].txt
2010-10-10 01:21 . 2010-10-10 01:21 394 ----a-w- c:\documents and settings\Admin\Cookies\admin@collective-media[1].txt
2010-10-10 01:20 . 2010-10-10 01:20 868352 --sha-w- c:\documents and settings\Admin\IECompatCache\index.dat
2010-10-10 01:17 . 2010-10-10 01:17 4220 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\bookmarkbackups\bookmarks-2010-10-09.json
2010-10-10 00:59 . 2010-10-10 02:09 452 ----a-w- c:\documents and settings\Admin\Recent\msg.lnk
2010-10-10 00:36 . 2010-10-10 01:16 1111 ----a-w- c:\documents and settings\Admin\Desktop\log.txt
2010-10-10 00:36 . 2010-10-10 00:36 898 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
2010-10-10 00:36 . 2010-10-10 00:36 94 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
2010-10-10 00:35 . 2010-10-10 00:35 95984 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
2010-10-10 00:35 . 2010-10-10 00:35 124 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
2010-10-10 00:35 . 2010-10-10 00:35 32042 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2010-10-10 00:35 . 2010-10-10 00:35 216 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2010-10-10 00:35 . 2010-10-10 00:35 18 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
2010-10-10 00:35 . 2010-10-10 00:35 216 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
2010-10-10 00:33 . 2010-10-10 00:33 549 ----a-w- c:\documents and settings\Admin\Cookies\admin@microsoft[1].txt
2010-10-10 00:32 . 2010-10-10 00:34 585 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10092010.Log
2010-10-10 00:30 . 2010-10-10 02:12 471 ----a-w- c:\documents and settings\Admin\Recent\Attach.lnk
2010-10-10 00:30 . 2010-10-11 23:40 452 ----a-w- c:\documents and settings\Admin\Recent\DDS.lnk
2010-10-10 00:26 . 2010-10-15 02:29 8590 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\HTML Help\hh.dat
2010-10-10 00:24 . 2010-10-10 00:24 75312 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-10-09 17:58 . 2010-10-10 01:24 2048 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\downloads.sqlite
2010-10-09 17:57 . 2010-10-18 05:02 154 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\urlclassifierkey3.txt
2010-10-09 17:57 . 2010-10-09 17:57 11264 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\signons.sqlite
2010-10-09 17:57 . 2010-10-09 17:57 7168 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\content-prefs.sqlite
2010-10-09 17:57 . 2010-10-18 05:02 16384 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\key3.db
2010-10-09 17:57 . 2010-10-18 05:02 65536 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\cert8.db
2010-10-09 17:57 . 2010-10-09 17:57 16384 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\secmod.db
2010-10-09 17:57 . 2010-10-18 05:02 8192 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\cookies.sqlite
2010-10-09 17:57 . 2010-10-10 01:25 4096 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\formhistory.sqlite
2010-10-09 17:57 . 2010-10-09 17:57 11719 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\search.json
2010-10-09 17:57 . 2010-10-10 01:25 2048 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\search.sqlite
2010-10-09 17:57 . 2010-10-18 05:02 9681 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\pluginreg.dat
2010-10-09 17:57 . 2010-10-09 17:57 3406 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\mimeTypes.rdf
2010-10-09 17:57 . 2010-10-10 01:29 188416 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\places.sqlite
2010-10-09 17:57 . 2010-10-18 05:02 0 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\places.sqlite-journal
2010-10-09 17:57 . 2010-10-09 17:57 2048 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\permissions.sqlite
2010-10-09 17:57 . 2010-10-10 01:23 147032 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\compreg.dat
2010-10-09 17:57 . 2010-10-10 01:23 101604 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\xpti.dat
2010-10-09 17:57 . 2010-10-09 17:57 187 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\compatibility.ini
2010-10-09 17:57 . 2010-04-01 15:56 663 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\chrome\userContent-example.css
2010-10-09 17:57 . 2010-04-01 15:56 959 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\chrome\userChrome-example.css
2010-10-09 17:57 . 2010-04-01 15:56 6284 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\bookmarks.html
2010-10-09 17:57 . 2010-10-09 17:57 111 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\profiles.ini
2010-10-09 17:57 . 2010-10-09 17:57 10 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20100401080539
2010-10-09 17:39 . 2010-10-09 17:39 1150 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
2010-10-09 17:39 . 2010-10-09 17:39 289 ----a-w- c:\documents and settings\Admin\Cookies\admin@www.microsoft[2].txt
2010-10-09 17:39 . 2010-10-09 17:39 15654 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\D725F3459E2275E9EA5871B92AD896D0
2010-10-09 17:39 . 2010-10-09 17:39 110 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\D725F3459E2275E9EA5871B92AD896D0
2010-10-09 17:39 . 2010-10-09 17:39 840 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601
2010-10-09 17:39 . 2010-10-09 17:39 134 --s-a-w- c:\documents and settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601
2010-10-09 17:39 . 2010-10-09 17:39 0 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\L4XUX3F5\ieonline.microsoft[1]
2010-10-09 17:39 . 2010-10-10 01:22 32768 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
2010-10-09 17:39 . 2010-10-09 17:39 302 ----a-w- c:\documents and settings\Admin\Favorites\Links\Suggested Sites.url
2010-10-09 17:38 . 2010-10-09 17:38 16384 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
2010-10-09 17:38 . 2010-10-18 05:36 180224 --sha-w- c:\documents and settings\Admin\PrivacIE\index.dat
2010-10-09 17:34 . 2010-10-09 17:34 3584 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-09 17:34 . 2010-10-09 17:34 24 --sha-w- c:\documents and settings\Admin\Application Data\Microsoft\Protect\S-1-5-21-839522115-688789844-725345543-1004\Preferred
2010-10-09 17:34 . 2010-10-09 17:34 388 --sha-w- c:\documents and settings\Admin\Application Data\Microsoft\Protect\S-1-5-21-839522115-688789844-725345543-1004\94815c83-27ce-411d-b4c9-4538c9fbb8a5
2010-10-09 17:34 . 2010-10-09 17:34 24 --sha-w- c:\documents and settings\Admin\Application Data\Microsoft\Protect\CREDHIST
2010-10-09 16:54 . 2010-10-22 02:45 3767034 ---ha-w- c:\documents and settings\Admin\Local Settings\Application Data\IconCache.db
2010-10-09 16:53 . 2010-10-18 04:00 6141 ----a-w- c:\documents and settings\Admin\reset.log
2010-10-09 16:36 . 2010-10-26 03:24 144 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Office\Groove12.pip
2010-10-09 16:35 . 2010-10-09 16:35 7917 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak
2010-10-09 16:35 . 2010-10-09 16:35 0 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\HHC01VB0\fwlink[1]
2010-10-09 16:35 . 2010-10-09 16:35 28672 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
2010-10-09 16:35 . 2010-10-09 16:35 226 ----a-w- c:\documents and settings\Admin\Favorites\Links\Web Slice Gallery.url
2010-10-09 16:35 . 2010-10-09 16:35 0 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\P36MHRD2\fwlink[1]
2010-10-09 16:35 . 2010-10-09 16:35 28672 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
2010-10-09 16:35 . 2010-10-09 16:35 0 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\0IBNNJ8D\fwlink[1]
2010-10-09 16:35 . 2010-10-10 01:22 5632 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms
2010-10-09 16:35 . 2010-10-09 16:35 28672 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
2010-10-09 16:35 . 2010-10-09 16:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\L4XUX3F5\desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\0IBNNJ8D\desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\HHC01VB0\desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\P36MHRD2\desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 67 --sh--w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini
2010-10-09 16:35 . 2010-10-18 05:36 32768 --sha-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2010-10-09 16:35 . 2010-10-09 16:35 84 --sha-w- c:\documents and settings\Admin\Favorites\Links\desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 134 ----a-w- c:\documents and settings\Admin\Favorites\Microsoft Websites\Microsoft Store.url
2010-10-09 16:35 . 2010-10-09 16:35 133 ----a-w- c:\documents and settings\Admin\Favorites\Microsoft Websites\Microsoft At Work.url
2010-10-09 16:35 . 2010-10-09 16:35 133 ----a-w- c:\documents and settings\Admin\Favorites\Microsoft Websites\Microsoft At Home.url
2010-10-09 16:35 . 2010-10-09 16:35 133 ----a-w- c:\documents and settings\Admin\Favorites\Microsoft Websites\IE Add-on site.url
2010-10-09 16:35 . 2010-10-09 16:35 133 ----a-w- c:\documents and settings\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
2010-10-09 16:35 . 2010-10-09 16:35 7801 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt
2010-10-09 16:35 . 2010-10-09 16:35 815 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
2010-10-09 16:35 . 2010-10-09 16:35 803 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Internet Explorer.lnk
2010-10-09 16:35 . 2010-10-09 16:35 833 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
2010-10-09 16:35 . 2010-10-09 16:35 122 --sha-w- c:\documents and settings\Admin\Favorites\Desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 60 --sh--w- c:\documents and settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 150 --sha-w- c:\documents and settings\Admin\Recent\Desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 79 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
2010-10-09 16:35 . 2010-10-09 16:35 774 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Address Book.lnk
2010-10-09 16:35 . 2010-10-09 16:35 738 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Outlook Express.lnk
2010-10-09 16:35 . 2010-10-09 16:35 2572 --sha-w- c:\documents and settings\Admin\Application Data\Microsoft\Internet Explorer\Desktop.htt
2010-10-09 16:35 . 2010-10-09 16:35 0 ----a-w- c:\documents and settings\Admin\SendTo\My Documents.mydocs
2010-10-09 16:35 . 2010-10-09 16:35 638 ----a-w- c:\documents and settings\Admin\My Documents\My Music\Sample Music.lnk
2010-10-09 16:35 . 2010-10-09 16:35 181 --sha-w- c:\documents and settings\Admin\My Documents\My Music\Desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 668 ----a-w- c:\documents and settings\Admin\My Documents\My Pictures\Sample Pictures.lnk
2010-10-09 16:35 . 2010-10-09 16:35 183 --sha-w- c:\documents and settings\Admin\My Documents\My Pictures\Desktop.ini
2010-10-09 16:35 . 2010-10-09 16:35 76 --sha-w- c:\documents and settings\Admin\My Documents\desktop.ini
2010-10-09 16:35 . 2010-10-15 03:50 245760 --sha-w- c:\documents and settings\Admin\IETldCache\index.dat
2010-10-09 16:35 . 2010-10-22 02:45 178 --sh--w- c:\documents and settings\Admin\ntuser.ini
2010-10-09 16:35 . 2010-10-18 05:40 262144 ---ha-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
2010-10-09 16:35 . 2010-10-26 03:24 1024 ---ha-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
2010-10-09 16:35 . 2009-03-16 22:51 62 --sha-w- c:\documents and settings\Admin\Application Data\desktop.ini
2010-10-09 16:35 . 2009-03-17 05:46 113 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Internet Explorer\brndlog.bak
2010-10-09 16:35 . 2009-03-17 05:46 141 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\Internet Explorer\brndlog.txt
2010-10-09 16:35 . 2009-03-17 05:46 498 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
2010-10-09 16:35 . 2010-10-26 03:45 32768 ----a-w- c:\documents and settings\Admin\Cookies\index.dat
2010-10-09 16:35 . 2009-03-17 05:46 720896 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
2010-10-09 16:35 . 2009-03-17 05:46 12784 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
2010-10-09 16:35 . 2010-10-10 01:20 67 --sh--w- c:\documents and settings\Admin\Local Settings\History\History.IE5\desktop.ini
2010-10-09 16:35 . 2010-10-26 03:24 62 --sha-w- c:\documents and settings\Admin\Local Settings\desktop.ini
2010-10-09 16:35 . 2009-03-17 05:50 113 --sha-w- c:\documents and settings\Admin\Local Settings\History\desktop.ini
2010-10-09 16:35 . 2010-10-26 03:45 65536 ----a-w- c:\documents and settings\Admin\Local Settings\History\History.IE5\index.dat
2010-10-09 16:35 . 2009-03-17 05:45 0 ----a-w- c:\documents and settings\Admin\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2010-10-09 16:35 . 2009-03-17 05:45 0 ----a-w- c:\documents and settings\Admin\SendTo\Desktop (create shortcut).DeskLink
2010-10-09 16:35 . 2009-03-17 05:45 181 --sha-w- c:\documents and settings\Admin\SendTo\desktop.ini
2010-10-09 16:35 . 2009-03-17 05:45 0 ----a-w- c:\documents and settings\Admin\SendTo\Mail Recipient.MAPIMail
2010-10-09 16:35 . 2009-03-16 22:51 62 --sha-w- c:\documents and settings\Admin\Start Menu\desktop.ini
2010-10-09 16:35 . 2009-03-17 05:46 348 --sha-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Accessibility\desktop.ini
2010-10-09 16:35 . 2009-03-17 05:46 1525 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
2010-10-09 16:35 . 2009-03-17 05:46 1532 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2010-10-09 16:35 . 2009-03-17 05:46 1501 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2010-10-09 16:35 . 2009-03-17 05:46 1555 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Command Prompt.lnk
2010-10-09 16:35 . 2010-10-09 16:35 542 --sha-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\desktop.ini
2010-10-09 16:35 . 2009-03-17 05:46 1539 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
2010-10-09 16:35 . 2010-10-10 00:58 1519 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Notepad.lnk
2010-10-09 16:35 . 2009-03-17 05:46 386 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
2010-10-09 16:35 . 2009-03-17 05:46 84 --sha-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Entertainment\desktop.ini
2010-10-09 16:35 . 2009-03-17 05:46 1519 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Synchronize.lnk
2010-10-09 16:35 . 2010-10-09 16:35 804 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
2010-10-09 16:35 . 2009-03-17 05:46 1527 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Tour Windows XP.lnk
2010-10-09 16:35 . 2010-10-09 16:35 190 --sha-w- c:\documents and settings\Admin\Start Menu\Programs\desktop.ini
2010-10-09 16:35 . 2009-03-17 05:45 1487 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Accessories\Windows Explorer.lnk
2010-10-09 16:35 . 2009-03-17 05:46 1599 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Remote Assistance.lnk
2010-10-09 16:35 . 2010-10-09 16:35 792 ----a-w- c:\documents and settings\Admin\Start Menu\Programs\Windows Media Player.lnk
2010-10-09 16:35 . 2004-08-04 10:00 4570 ----a-w- c:\documents and settings\Admin\Templates\amipro.sam
2010-10-09 16:35 . 2004-08-04 10:00 5632 ----a-w- c:\documents and settings\Admin\Templates\excel.xls
2010-10-09 16:35 . 2004-08-04 10:00 1518 ----a-w- c:\documents and settings\Admin\Templates\excel4.xls
2010-10-09 16:35 . 2009-03-17 05:46 84 --sha-w- c:\documents and settings\Admin\Start Menu\Programs\Startup\desktop.ini
2010-10-09 16:35 . 2004-08-04 10:00 2448 ----a-w- c:\documents and settings\Admin\Templates\lotus.wk4
2010-10-09 16:35 . 2004-08-04 10:00 12288 ----a-w- c:\documents and settings\Admin\Templates\powerpnt.ppt
2010-10-09 16:35 . 2004-08-04 10:00 461 ----a-w- c:\documents and settings\Admin\Templates\presenta.shw
2010-10-09 16:35 . 2004-08-04 10:00 4017 ----a-w- c:\documents and settings\Admin\Templates\quattro.wb2
2010-10-09 16:35 . 2004-08-04 10:00 58 ----a-w- c:\documents and settings\Admin\Templates\sndrec.wav
2010-10-09 16:35 . 2004-08-04 10:00 4608 ----a-w- c:\documents and settings\Admin\Templates\winword.doc
2010-10-09 16:35 . 2004-08-04 10:00 1769 ----a-w- c:\documents and settings\Admin\Templates\winword2.doc
2010-10-09 16:35 . 2004-08-04 10:00 30 ----a-r- c:\documents and settings\Admin\Templates\wordpfct.wpd
2010-10-09 16:35 . 2004-08-04 10:00 57 ----a-r- c:\documents and settings\Admin\Templates\wordpfct.wpg
2010-10-09 16:35 . 2010-10-26 03:49 1024 ---ha-w- c:\documents and settings\Admin\Ntuser.dat.LOG
2010-10-09 16:35 . 2010-10-26 03:47 1572864 ---ha-w- c:\documents and settings\Admin\NTUSER.DAT
2010-10-04 13:08 . 2010-10-04 13:08 1325656 ----a-w- c:\documents and settings\Admin\Desktop\TDSSKiller.exe
2010-05-17 20:15 . 2010-05-17 20:15 2258 ----a-w- c:\documents and settings\Admin\Desktop\tdsskiller\eula.txt


((((((((((((((((((((((((((((( SnapShot@2010-10-12_02.15.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-18 04:46 . 2009-10-07 19:01 2649216 c:\windows\system32\ReinstallBackups\0018\DriverFiles\BCMWL5.SYS
- 2010-10-10 02:17 . 2009-10-07 19:01 2649216 c:\windows\system32\ReinstallBackups\0018\DriverFiles\BCMWL5.SYS
+ 2010-10-26 03:43 . 2010-10-26 03:43 1094656 c:\windows\Installer\11ebc8.msi
+ 2009-07-10 00:57 . 2010-10-15 13:05 35385288 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-04-11 03:38 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 05:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 12:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Fi]
2010-10-06 04:57 2179 -c--a-w- c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-10-07 19:01 2498560 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-07-20 00:26 52896 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-01-19 14:14 7401472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2006-01-19 14:14 73728 ----a-w- c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-01-19 14:14 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 22:30 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-01 04:05 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2006-09-28 01:33 125168 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
2009-07-21 18:02 2707526 ----a-w- c:\program files\Zinio\ZinioReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PlugPlay"=2 (0x2)
"Netman"=2 (0x2)
"CryptSvc"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)
"ADVService"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"ACDaemon"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"wltrysvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"SNDSrvc"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"odserv"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=2 (0x2)
"Netlogon"=3 (0x3)
"NetDDEdsdm"=3 (0x3)
"NetDDE"=3 (0x3)
"MSIServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"helpsvc"=2 (0x2)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"DefWatch"=2 (0x2)
"COMSysApp"=3 (0x3)
"ClipSrv"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"Alerter"=3 (0x3)
"TrkWks"=2 (0x2)
"SavRoam"=2 (0x2)
"MSDTC"=3 (0x3)
"HTTPFilter"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 3:13 AM 64160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/1/2010 8:06 PM 102448]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [3/18/2009 12:19 PM 73368]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S4 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [3/18/2009 12:19 PM 139264]
S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:38]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3F777025-3835-4117-B9FA-5E5230669310} - hxxps://law.lexisnexis.com/resources/fyi/dataflight_fyi.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\d1gk3n47.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msiexec.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
.
**************************************************************************
.
Completion time: 2010-10-26 00:01:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-26 04:01
ComboFix2.txt 2010-10-22 02:29
ComboFix3.txt 2010-10-12 02:17

Pre-Run: 25,956,585,472 bytes free
Post-Run: 25,909,669,888 bytes free

- - End Of File - - 53E477F1CE40061D5BF09247E25218EA

I changed the settings on those two services. Would it be helpful for me to take a screenshot of all my services/settings in services.msc and post it?

Also, just to be sure, I am still using (and will continue to use) the Selective Startup in the System Config Utility. The only item that is checked under the startup tab is "WLTRAY". Everything else is disabled. Is this the correct setting?

Thanks again for your help. Sorry this is such a pain!!

Funny thing about asking for information in a log! Sometime you get more than you bargained for! I requested seeing the contents of 2 directories you had set up> admin and admin2. It's kind of like a body scan at the airport though- it looks like you have set up 2 Administrative accounts which could be a big part of your problem.
Directory of c:\documents and settings\Admin
Directory of c:\documents and settings\admin2

Instead of this, looking in Windows explorer should give you the tree with:
My Computer> Local Drive (C)> Documents & Settings> All Users listed, then the Administrator account or account in your name.

This is not my area though> somehow you are going to have to get down to only 1 Administrator. I'm going to ask someone to look at this directory and see if there is some way to resolve it and get the Services set. Don't send me a print- I already have a print of the services.

Just bear with me while I ask for help.

Hi Bobbye,

I think I may have made things more confusing for you! I used to only have two Windows user accounts on my computer - Emily and Guest. When I started having all of these issues, I created a new Windows user account and named it "Admin" and gave it administrator (rather than restricted) privileges. This seemed to help because the virus windows weren't popping up like mad and I could get online in the new account. When the new account seemed to be having more issues and I wasn't able to access the internet, I created a new user account and called it Admin 2. I can delete both accounts without issue, if that makes it easier.

Sorry if I created any confusion!