Advertising Pop Ups, Atremis!, Vundo Trojan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:07 PM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {3cb31b9d-8756-42c7-bc40-183bd5ad67df} - kameyofi.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vunagogawa] Rundll32.exe "juyimuri.dll",s
O4 - HKLM\..\Run: [mabazulut] Rundll32.exe "c:\windows\system32\rifubuko.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167505897703
O21 - SSODL: nevorikay - {4481df0a-2da9-4a37-a24a-b07d1bf8ead3} - c:\windows\system32\hiravopi.dll (file missing)
O21 - SSODL: lovepedal - {0346c5f6-f110-46da-9a4c-323679350067} - c:\windows\system32\rifubuko.dll
O22 - SharedTaskScheduler: mujuzedij - {4481df0a-2da9-4a37-a24a-b07d1bf8ead3} - c:\windows\system32\hiravopi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {0346c5f6-f110-46da-9a4c-323679350067} - c:\windows\system32\rifubuko.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device -   - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14669 bytes

How's that?

Thank you!!

ComboFix 09-10-30.01 - Allena Hail 11/01/2009 20:21.3.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2039.1391 [GMT -8:00]
Running from: c:\documents and settings\Allena Hail\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\desktop
c:\windows\kb913800.exe
c:\windows\system32\basezafa.dll
c:\windows\system32\bavuyene.dll
c:\windows\system32\bunuwuru.dll
c:\windows\system32\defekeme.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\feyiyitu.dll
c:\windows\system32\fuzufuya.dll.tmp
c:\windows\system32\guwetuji.dll
c:\windows\system32\hoziroki.dll
c:\windows\system32\kajepajo.dll
c:\windows\system32\kebehawi.dll
c:\windows\system32\lihovavo.dll
c:\windows\system32\nomepeya.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\puhelero.dll
c:\windows\system32\rifojufi.dll
c:\windows\system32\rifubuko.dll
c:\windows\system32\salayose.dll
c:\windows\system32\sowesuno.dll
c:\windows\system32\tamihifu.dll.tmp
c:\windows\system32\tamisopo.dll
c:\windows\system32\tayufazu.dll
c:\windows\system32\viluwito.dll.tmp
c:\windows\system32\vimupejo.dll
c:\windows\system32\vuwilamu.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\zibipudo.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


(((((((((((((((((((((((((   Files Created from 2009-10-02 to 2009-11-02  )))))))))))))))))))))))))))))))
.

2009-10-23 06:15 . 2009-10-23 06:15    22210    --sh--w-    c:\windows\system32\kemomupi.exe
2009-10-23 06:15 . 2009-10-23 06:15    --------    d-sh--w-    c:\windows\system32\config\systemprofile\PrivacIE
2009-10-18 06:00 . 2009-10-18 06:00    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\SiteAdvisor
2009-10-15 02:45 . 2009-10-15 02:45    --------    d-----w-    C:\VundoFix Backups
2009-10-12 01:57 . 2009-09-10 21:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 01:57 . 2009-10-12 01:57    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-10-12 01:57 . 2009-09-10 21:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 04:35 . 2005-12-27 21:40    17158    ----a-w-    c:\windows\system32\tablet.dat
2009-11-02 03:07 . 2007-12-03 03:50    --------    d-----w-    c:\documents and settings\Allena Hail\Application Data\SiteAdvisor
2009-10-28 05:04 . 2009-09-13 23:35    --------    d-----w-    c:\program files\dl_Cats
2009-10-16 14:34 . 2005-11-28 03:41    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-05 00:42 . 2007-03-08 21:50    --------    d-----w-    c:\documents and settings\Allena Hail\Application Data\dvdcss
2009-10-04 20:56 . 2008-03-04 00:01    --------    d-----w-    c:\documents and settings\Allena Hail\Application Data\uTorrent
2009-10-01 17:29 . 2009-10-02 08:13    195440    ------w-    c:\windows\system32\MpSigStub.exe
2009-09-27 15:47 . 2009-08-17 18:31    --------    d-----w-    c:\program files\iTunes
2009-09-27 15:46 . 2009-09-27 15:46    --------    d-----w-    c:\program files\iPod
2009-09-27 15:46 . 2007-07-23 17:48    --------    d-----w-    c:\program files\Common Files\Apple
2009-09-16 17:22 . 2007-02-14 18:13    40552    ----a-w-    c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 17:22 . 2007-02-14 18:13    35272    ----a-w-    c:\windows\system32\drivers\mfebopk.sys
2009-09-16 17:22 . 2007-02-14 18:13    214664    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2009-09-16 17:22 . 2007-02-14 18:13    79816    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 17:22 . 2007-02-14 18:13    34248    ----a-w-    c:\windows\system32\drivers\mferkdk.sys
2009-09-11 15:27 . 2006-12-30 18:30    --------    d-----w-    c:\documents and settings\Allena Hail\Application Data\Apple Computer
2009-09-10 19:23 . 2009-09-10 19:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 19:06 . 2009-08-17 18:27    --------    d-----w-    c:\program files\QuickTime
2009-08-05 09:01 . 2005-08-16 10:18    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-01-01 21:50 . 2009-01-01 21:50    1390118    ----a-w-    c:\program files\ypops-win-0.9.5.14.exe
2008-04-26 18:59 . 2008-04-26 18:59    13934776    ----a-w-    c:\program files\Install_AIM.exe
2007-10-15 01:23 . 2007-10-15 01:22    51422520    ----a-w-    c:\program files\iTunes743Setup.exe
2007-03-10 21:36 . 2007-03-10 21:36    37844544    ----a-w-    c:\program files\iTunesSetup.exe
1999-07-07 00:00 . 1999-07-07 00:00    6    --sh--r-    c:\windows\@@desktop.dat
2007-03-06 17:49 . 2005-11-20 22:14    56    --sh--r-    c:\windows\system32\CFB1E89BFF.sys
2009-07-30 14:53 . 2009-07-30 14:53    90112    --sha-w-    c:\windows\system32\farakive.dll
2009-07-29 17:53 . 2009-07-29 17:53    89600    --sha-w-    c:\windows\system32\jurisesa.dll
2007-03-06 17:49 . 2005-11-20 22:14    3766    --sha-w-    c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"mabazulut"="c:\windows\system32\farakive.dll" [2009-07-30 90112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Allena Hail\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-11-8 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-8 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-19 805392]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2005-12-27 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{e8a081f6-6944-46c8-994d-5c280f460018}"= "c:\windows\system32\farakive.dll" [2009-07-30 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sekugubed"= {e8a081f6-6944-46c8-994d-5c280f460018} - c:\windows\system32\farakive.dll [2009-07-30 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08    110592    ----a-w-    c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42    72208    ----a-w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133152976\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133152976\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wscript.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 19:22]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 19:22]

2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{78158E46-A829-4524-8549-F3E1CC50C101}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Allena Hail\Application Data\Mozilla\Firefox\Profiles\nkmk3qm3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\SiteAdvisor\6253\FF\components\FFHook.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{3cb31b9d-8756-42c7-bc40-183bd5ad67df} - kameyofi.dll
HKLM-Run-vunagogawa - juyimuri.dll
SharedTaskScheduler-{4481df0a-2da9-4a37-a24a-b07d1bf8ead3} - c:\windows\system32\hiravopi.dll
SharedTaskScheduler-{05e5a79a-faa8-4a73-b703-de54ff6077b3} - c:\windows\system32\vuwilamu.dll
SSODL-nevorikay-{4481df0a-2da9-4a37-a24a-b07d1bf8ead3} - c:\windows\system32\hiravopi.dll
SSODL-ponomavin-{e7119a36-a62b-461c-b5ac-567f593dac73} - (no file)
SSODL-rukipojuk-{05e5a79a-faa8-4a73-b703-de54ff6077b3} - c:\windows\system32\vuwilamu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 20:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ... 


c:\windows\KB975467.log 3678 bytes
c:\windows\LastGood

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(5048)
c:\windows\system32\WININET.dll
c:\program files\SiteAdvisor\6172\saHook.dll
c:\windows\system32\tabhook.dll
c:\windows\system32\farakive.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\Tablet.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-02 20:48 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-02 04:48
ComboFix2.txt  2009-03-30 00:53
ComboFix3.txt  2009-03-29 17:02

Pre-Run: 902,881,280 bytes free
Post-Run: 1,293,365,248 bytes free

- - End Of File - - AF2319554C762FBA1E5D1529FB0F3CF9

ComboFix 09-10-30.01 - Allena Hail 11/03/2009 20:29.4.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2039.1496 [GMT -8:00]
Running from: c:\documents and settings\Allena Hail\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Allena Hail\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\farakive.dll"
"c:\windows\system32\jurisesa.dll"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jurisesa.dll

.
(((((((((((((((((((((((((   Files Created from 2009-10-04 to 2009-11-04  )))))))))))))))))))))))))))))))
.

2009-11-04 03:44 . 2009-11-04 03:44    --------    d-----w-    c:\windows\LastGood
2009-10-23 06:15 . 2009-10-23 06:15    22210    --sh--w-    c:\windows\system32\kemomupi.exe
2009-10-23 06:15 . 2009-10-23 06:15    --------    d-sh--w-    c:\windows\system32\config\systemprofile\PrivacIE
2009-10-18 06:00 . 2009-10-18 06:00    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\SiteAdvisor
2009-10-15 02:45 . 2009-10-15 02:45    --------    d-----w-    C:\VundoFix Backups
2009-10-12 01:57 . 2009-09-10 21:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 01:57 . 2009-10-12 01:57    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-10-12 01:57 . 2009-09-10 21:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 07:43 . 2005-12-27 21:40    17158    ----a-w-    c:\windows\system32\tablet.dat
2009-11-02 03:07 . 2007-12-03 03:50    --------    d-----w-    c:\documents and settings\Allena Hail\Application Data\SiteAdvisor
2009-10-28 05:04 . 2009-09-13 23:35    --------    d-----w-    c:\program files\dl_Cats
2009-10-16 14:34 . 2005-11-28 03:41    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-05 00:42 . 2007-03-08 21:50    --------    d-----w-    c:\documents and settings\Allena Hail\Application Data\dvdcss
2009-10-04 20:56 . 2008-03-04 00:01    --------    d-----w-    c:\documents and settings\Allena Hail\Application Data\uTorrent
2009-10-01 17:29 . 2009-10-02 08:13    195440    ------w-    c:\windows\system32\MpSigStub.exe
2009-09-27 15:47 . 2009-08-17 18:31    --------    d-----w-    c:\program files\iTunes
2009-09-27 15:46 . 2009-09-27 15:46    --------    d-----w-    c:\program files\iPod
2009-09-27 15:46 . 2007-07-23 17:48    --------    d-----w-    c:\program files\Common Files\Apple
2009-09-16 17:22 . 2007-02-14 18:13    40552    ----a-w-    c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 17:22 . 2007-02-14 18:13    35272    ----a-w-    c:\windows\system32\drivers\mfebopk.sys
2009-09-16 17:22 . 2007-02-14 18:13    214664    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2009-09-16 17:22 . 2007-02-14 18:13    79816    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 17:22 . 2007-02-14 18:13    34248    ----a-w-    c:\windows\system32\drivers\mferkdk.sys
2009-09-11 15:27 . 2006-12-30 18:30    --------    d-----w-    c:\documents and settings\Allena Hail\Application Data\Apple Computer
2009-09-11 14:18 . 2005-08-16 10:18    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-09-10 19:23 . 2009-09-10 19:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 19:06 . 2009-08-17 18:27    --------    d-----w-    c:\program files\QuickTime
2009-09-04 21:03 . 2005-08-16 10:18    58880    ----a-w-    c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-08-16 10:18    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2005-08-16 10:19    247326    ----a-w-    c:\windows\system32\strmdll.dll
2009-08-07 03:24 . 2005-08-16 10:40    327896    ----a-w-    c:\windows\system32\wucltui.dll
2009-08-07 03:24 . 2005-08-16 10:40    209632    ----a-w-    c:\windows\system32\wuweb.dll
2009-08-07 03:24 . 2005-08-16 10:40    53472    ----a-w-    c:\windows\system32\wuauclt.exe
2009-08-07 03:24 . 2005-08-16 10:18    96480    ----a-w-    c:\windows\system32\cdm.dll
2009-08-07 03:23 . 2005-08-16 10:40    575704    ----a-w-    c:\windows\system32\wuapi.dll
2009-08-07 03:23 . 2005-08-16 10:40    1929952    ----a-w-    c:\windows\system32\wuaueng.dll
2009-01-01 21:50 . 2009-01-01 21:50    1390118    ----a-w-    c:\program files\ypops-win-0.9.5.14.exe
2008-04-26 18:59 . 2008-04-26 18:59    13934776    ----a-w-    c:\program files\Install_AIM.exe
2007-10-15 01:23 . 2007-10-15 01:22    51422520    ----a-w-    c:\program files\iTunes743Setup.exe
2007-03-10 21:36 . 2007-03-10 21:36    37844544    ----a-w-    c:\program files\iTunesSetup.exe
1999-07-07 00:00 . 1999-07-07 00:00    6    --sh--r-    c:\windows\@@desktop.dat
2007-03-06 17:49 . 2005-11-20 22:14    56    --sh--r-    c:\windows\system32\CFB1E89BFF.sys
2007-03-06 17:49 . 2005-11-20 22:14    3766    --sha-w-    c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   SnapShot@2009-11-02_04.42.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-04 03:44 . 2009-08-07 03:24    44768              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-04 03:44 . 2009-08-07 03:24    35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2006-10-27 23:09 . 2009-08-29 08:08    55296              c:\windows\system32\msfeedsbs.dll
- 2006-10-27 23:09 . 2009-07-03 17:09    55296              c:\windows\system32\msfeedsbs.dll
+ 2005-08-16 10:18 . 2009-08-29 08:08    25600              c:\windows\system32\jsproxy.dll
- 2005-08-16 10:18 . 2009-07-03 17:09    25600              c:\windows\system32\jsproxy.dll
+ 2009-06-12 05:28 . 2009-08-29 08:08    12800              c:\windows\system32\dllcache\xpshims.dll
- 2009-06-12 05:28 . 2009-07-03 17:09    12800              c:\windows\system32\dllcache\xpshims.dll
+ 2005-08-16 10:40 . 2009-08-07 03:24    53472              c:\windows\system32\dllcache\wuauclt.exe
+ 2007-05-09 20:48 . 2009-08-29 08:08    55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 20:48 . 2009-07-03 17:09    55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03    58880              c:\windows\system32\dllcache\msasn1.dll
- 2006-05-10 05:25 . 2009-07-03 17:09    25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2009-08-29 08:08    25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2005-08-16 10:18 . 2009-08-07 03:24    96480              c:\windows\system32\dllcache\cdm.dll
+ 2005-11-17 04:16 . 2009-11-04 03:02    32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-17 04:16 . 2009-11-02 03:10    32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-17 04:16 . 2009-11-02 03:10    32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-02 07:44 . 2009-11-04 03:02    32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-25 03:56 . 2009-06-25 03:56    73728              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 08:49 . 2008-05-28 08:49    77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 03:58 . 2007-04-14 03:58    77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 03:57 . 2007-04-14 03:57    86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49    86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49    81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 03:57 . 2007-04-14 03:57    81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 09:30 . 2008-05-28 09:30    32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 04:30 . 2007-04-14 04:30    32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-09-30 00:11 . 2009-06-24 20:56    86016              c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-07 23:36 . 2009-06-24 20:56    73728              c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
- 2005-08-16 10:38 . 2007-01-02 23:29    86016              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2005-08-16 10:38 . 2009-06-24 06:01    86016              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2005-08-16 10:38 . 2007-01-02 23:29    73728              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2005-08-16 10:38 . 2009-06-24 06:01    73728              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2005-08-16 10:38 . 2008-04-13 16:10    32768              c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2005-08-16 10:38 . 2009-06-24 06:12    32768              c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2005-08-16 10:38 . 2008-04-13 16:10    32768              c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2005-08-16 10:38 . 2009-06-24 06:12    32768              c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-11-04 03:44 . 2008-10-16 22:09    43544              c:\windows\LastGood\system32\wups2.dll
+ 2009-11-04 03:44 . 2008-10-16 22:08    34328              c:\windows\LastGood\system32\wups.dll
+ 2009-11-04 03:44 . 2008-10-16 22:09    51224              c:\windows\LastGood\system32\wuauclt.exe
+ 2009-11-04 03:44 . 2008-10-16 22:09    92696              c:\windows\LastGood\system32\cdm.dll
+ 2006-12-11 22:43 . 2009-11-02 08:01    57344              c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
- 2006-12-11 22:43 . 2008-11-12 01:23    57344              c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\joticon.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    23040              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    23040              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    27136              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    27136              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    11264              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    11264              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    12288              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    12288              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-06-14 20:48 . 2009-06-14 20:48    38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-11-02 08:02 . 2009-11-02 08:02    38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-11-02 08:06 . 2009-07-03 17:09    12800              c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-11-02 08:06 . 2009-07-03 17:09    55296              c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-11-02 08:06 . 2009-07-03 17:09    25600              c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-11-02 07:59 . 2009-11-02 07:59    90112              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_dac8ae36\System.Drawing.Design.dll
+ 2009-11-02 07:59 . 2009-11-02 07:59    61440              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_1f391a1a\CustomMarshalers.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    90112              c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_312707ec\System.Drawing.Design.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    61440              c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_e4678d4c\CustomMarshalers.dll
- 2005-08-16 10:38 . 2007-01-02 23:29    8192              c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2005-08-16 10:38 . 2009-06-29 19:57    8192              c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2006-12-11 22:43 . 2008-11-12 01:23    4096              c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-12-11 22:43 . 2009-11-02 08:01    4096              c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    4096              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    4096              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-08-16 10:19 . 2009-04-02 07:02    604160              c:\windows\system32\wmspdmod.dll
- 2005-08-16 10:18 . 2009-07-03 17:09    206848              c:\windows\system32\occache.dll
+ 2005-08-16 10:18 . 2009-08-29 08:08    206848              c:\windows\system32\occache.dll
- 2006-10-27 23:09 . 2009-07-03 17:09    594432              c:\windows\system32\msfeeds.dll
+ 2006-10-27 23:09 . 2009-08-29 08:08    594432              c:\windows\system32\msfeeds.dll
+ 2005-08-16 10:18 . 2009-08-29 08:08    184320              c:\windows\system32\iepeers.dll
- 2005-08-16 10:18 . 2009-07-03 17:09    184320              c:\windows\system32\iepeers.dll
+ 2005-08-16 10:18 . 2009-08-29 08:08    387584              c:\windows\system32\iedkcs32.dll
- 2005-08-16 10:18 . 2009-07-03 11:01    173056              c:\windows\system32\ie4uinit.exe
+ 2005-08-16 10:18 . 2009-08-28 10:35    173056              c:\windows\system32\ie4uinit.exe
+ 2005-08-16 10:40 . 2009-08-07 03:24    209632              c:\windows\system32\dllcache\wuweb.dll
+ 2005-08-16 10:40 . 2009-08-07 03:24    327896              c:\windows\system32\dllcache\wucltui.dll
+ 2005-08-16 10:40 . 2009-08-07 03:23    575704              c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-02 07:02 . 2009-04-02 07:02    604160              c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-05-10 05:25 . 2009-08-29 08:08    916480              c:\windows\system32\dllcache\wininet.dll
- 2006-08-21 17:52 . 2008-10-03 10:02    247326              c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 17:52 . 2009-08-26 08:00    247326              c:\windows\system32\dllcache\strmdll.dll
- 2006-10-17 21:04 . 2009-07-03 17:09    206848              c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 21:04 . 2009-08-29 08:08    206848              c:\windows\system32\dllcache\occache.dll
- 2009-06-25 08:25 . 2009-06-25 08:25    136192              c:\windows\system32\dllcache\msv1_0.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18    136192              c:\windows\system32\dllcache\msv1_0.dll
+ 2007-05-09 20:48 . 2009-08-29 08:08    594432              c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 20:48 . 2009-07-03 17:09    594432              c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-12 05:28 . 2009-07-03 17:09    246272              c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-12 05:28 . 2009-08-29 08:08    246272              c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:25 . 2009-07-03 17:09    184320              c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:25 . 2009-08-29 08:08    184320              c:\windows\system32\dllcache\iepeers.dll
+ 2006-10-27 10:44 . 2009-08-29 08:08    387584              c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-10-27 10:44 . 2009-08-28 10:35    173056              c:\windows\system32\dllcache\ie4uinit.exe
- 2006-10-27 10:44 . 2009-07-03 11:01    173056              c:\windows\system32\dllcache\ie4uinit.exe
- 2007-04-14 03:58 . 2007-04-14 03:58    102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49    102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48    315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 03:56 . 2007-04-14 03:56    315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 04:30 . 2007-04-14 04:30    258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 09:30 . 2008-05-28 09:30    258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2005-08-16 10:38 . 2004-07-20 00:54    303104              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2005-08-16 10:38 . 2009-06-24 05:59    303104              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2005-08-16 10:38 . 2008-04-13 16:09    200704              c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2005-08-16 10:38 . 2009-06-24 06:12    200704              c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2009-11-04 03:44 . 2008-10-16 22:13    202776              c:\windows\LastGood\system32\wuweb.dll
+ 2009-11-04 03:44 . 2008-10-16 22:12    323608              c:\windows\LastGood\system32\wucltui.dll
+ 2009-11-04 03:44 . 2008-10-16 22:12    561688              c:\windows\LastGood\system32\wuapi.dll
+ 2006-12-11 22:43 . 2009-11-02 08:01    135168              c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-12-11 22:43 . 2008-11-12 01:23    135168              c:\windows\Installer\{91A10409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    409600              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    409600              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    286720              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    286720              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    794624              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    794624              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-11-08 22:30 . 2009-11-02 08:06    135168              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-11-08 22:30 . 2009-09-11 14:49    135168              c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-04-19 21:53 . 2007-04-19 21:53    109408              c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2006-10-27 03:49 . 2006-10-27 03:49    509200              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
+ 2009-11-03 07:02 . 2008-07-08 13:02    382840              c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-03 07:02 . 2008-07-08 13:02    231288              c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2009-11-02 08:06 . 2009-07-03 17:09    915456              c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-11-02 08:06 . 2009-05-26 11:40    382840              c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-11-02 08:06 . 2008-07-08 13:02    231288              c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-11-02 08:06 . 2009-07-03 17:09    206848              c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-11-02 08:06 . 2009-07-03 17:09    594432              c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-11-02 08:06 . 2009-07-03 17:09    246272              c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-11-02 08:06 . 2009-07-03 17:09    184320              c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-11-02 08:06 . 2009-07-03 17:09    386048              c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-11-02 08:06 . 2009-07-03 11:01    173056              c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-11-02 08:00 . 2009-11-02 08:00    835584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fed30257\System.Drawing.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    192512              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ac30a593\System.Drawing.Design.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    118784              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_dd4a41e9\CustomMarshalers.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    847872              c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_64bc9cfb\System.Drawing.dll
+ 2009-11-02 04:54 . 2009-08-13 13:55    1748992              c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2005-08-16 10:18 . 2009-08-29 08:08    1208832              c:\windows\system32\urlmon.dll
- 2005-08-16 10:18 . 2009-07-03 17:09    1208832              c:\windows\system32\urlmon.dll
- 2005-08-16 10:18 . 2008-04-14 00:12    1435648              c:\windows\system32\query.dll
+ 2005-08-16 10:18 . 2009-07-17 16:22    1435648              c:\windows\system32\query.dll
+ 2005-08-16 10:18 . 2009-08-05 04:44    2189184              c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 04:59 . 2009-08-04 14:20    2066048              c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 04:59 . 2009-02-08 02:02    2066048              c:\windows\system32\ntkrnlpa.exe
+ 2005-08-16 10:18 . 2009-10-22 09:19    5939712              c:\windows\system32\mshtml.dll
+ 2006-10-17 20:57 . 2009-08-29 08:08    1985536              c:\windows\system32\iertutil.dll
- 2006-10-17 20:57 . 2009-07-03 17:09    1985536              c:\windows\system32\iertutil.dll
+ 2009-08-05 03:52 . 2009-08-05 03:52    1193832              c:\windows\system32\FM20.DLL
+ 2005-08-16 10:40 . 2009-08-07 03:23    1929952              c:\windows\system32\dllcache\wuaueng.dll
+ 2006-05-10 05:25 . 2009-08-29 08:08    1208832              c:\windows\system32\dllcache\urlmon.dll
- 2006-05-10 05:25 . 2009-07-03 17:09    1208832              c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22    1435648              c:\windows\system32\dllcache\query.dll
+ 2008-10-14 20:54 . 2009-08-05 04:44    2189184              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-14 20:54 . 2009-08-04 14:20    2023936              c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-14 20:54 . 2009-02-06 10:32    2023936              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 20:54 . 2009-08-04 14:20    2066048              c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-14 20:54 . 2009-02-08 02:02    2066048              c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-14 20:54 . 2009-02-06 11:06    2145280              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-14 20:54 . 2009-08-04 15:13    2145280              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:06 . 2009-10-22 09:19    5939712              c:\windows\system32\dllcache\mshtml.dll
- 2007-05-09 20:48 . 2009-07-03 17:09    1985536              c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-09 20:48 . 2009-08-29 08:08    1985536              c:\windows\system32\dllcache\iertutil.dll
+ 2008-05-28 09:35 . 2008-05-28 09:35    1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 04:35 . 2007-04-14 04:35    1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2008-05-28 09:35    1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 04:35 . 2007-04-14 04:35    1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48    2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 03:57 . 2007-04-14 03:57    2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 03:57 . 2007-04-14 03:57    2523136              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48    2523136              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 08:43 . 2008-05-28 08:43    2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 03:50 . 2007-04-14 03:50    2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2005-08-16 10:38 . 2009-06-29 19:58    1200128              c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2005-08-16 10:38 . 2007-01-02 23:40    1200128              c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2005-08-16 10:38 . 2009-06-24 06:00    2281472              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2005-08-16 10:38 . 2007-12-17 11:59    2281472              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2005-08-16 10:38 . 2007-12-17 11:58    2273280              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2005-08-16 10:38 . 2009-06-24 06:00    2273280              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2005-08-16 10:38 . 2009-06-29 19:58    1998848              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2005-08-16 10:38 . 2007-01-02 23:21    1998848              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-11-04 03:44 . 2008-10-16 22:13    1809944              c:\windows\LastGood\system32\wuaueng.dll
+ 2009-08-21 18:14 . 2009-08-21 18:14    8363008              c:\windows\Installer\b8b93d.msp
+ 2009-08-20 13:02 . 2009-08-20 13:02    5204992              c:\windows\Installer\b8b926.msp
+ 2009-07-27 12:31 . 2009-07-27 12:31    3738624              c:\windows\Installer\b8b8f7.msp
+ 2009-09-29 17:08 . 2009-09-29 17:08    6747648              c:\windows\Installer\b8b8e8.msp
+ 2009-09-22 00:53 . 2009-09-22 00:53    5518848              c:\windows\Installer\b8b8c1.msp
+ 2007-06-06 18:53 . 2007-06-06 18:53    1195888              c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2009-11-03 07:02 . 2009-08-29 08:08    5940224              c:\windows\ie8updates\KB976749-IE8\mshtml.dll
+ 2009-11-02 08:06 . 2009-07-03 17:09    1208832              c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-11-02 08:06 . 2009-07-19 13:18    5937152              c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-11-02 08:06 . 2009-07-03 17:09    1985536              c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2008-10-14 20:54 . 2009-08-05 04:44    2189184              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-14 20:54 . 2009-08-04 14:20    2023936              c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 20:54 . 2009-02-06 10:32    2023936              c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 20:54 . 2009-02-08 02:02    2066048              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 20:54 . 2009-08-04 14:20    2066048              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 20:54 . 2009-08-04 15:13    2145280              c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-14 20:54 . 2009-02-06 11:06    2145280              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-07-11 07:23 . 2007-07-11 07:23    2088960              c:\windows\assembly\temp\S08FMT18FN\System.Xml.dll
+ 2007-07-11 07:24 . 2007-07-11 07:24    3391488              c:\windows\assembly\temp\OW3AHOV2AH\mscorlib.dll
+ 2007-07-11 07:23 . 2007-07-11 07:23    1966080              c:\windows\assembly\temp\IRY5CKRY6D\System.dll
+ 2007-07-11 07:23 . 2007-07-11 07:23    1232896              c:\windows\assembly\temp\5DKRY6DLSZ\System.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    4792320              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_69b9c040\System.dll
+ 2009-11-02 07:59 . 2009-11-02 07:59    1966080              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_27df0b6d\System.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    5513216              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_edbcbdbf\System.Xml.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    2088960              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a3270b02\System.Xml.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    7884800              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_10839732\System.Windows.Forms.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    3018752              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0700a263\System.Windows.Forms.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    2244608              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_96a44ea5\System.Drawing.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    1470464              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e2950f56\System.Design.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    3395584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b25c00d8\System.Design.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    8908800              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c4657681\mscorlib.dll
+ 2009-11-02 08:00 . 2009-11-02 08:00    3391488              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a6e12aff\mscorlib.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    1855488              c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_93a7a11e\System.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    2027520              c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_c56bcf86\System.Xml.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    2953216              c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_8b1619d5\System.Windows.Forms.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    1454080              c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_5c40e090\System.Design.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    3301376              c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_4d6b89d2\mscorlib.dll
- 2007-07-11 07:23 . 2007-07-11 07:23    1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-11-02 07:59 . 2009-11-02 07:59    1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-11-02 07:59 . 2009-11-02 07:59    1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 07:23 . 2007-07-11 07:23    1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-08-29 20:30 . 2008-08-29 20:30    1200128              c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-02 07:56 . 2009-11-02 07:56    1200128              c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-02 08:03 . 2009-10-02 19:01    25198016              c:\windows\system32\MRT.exe
+ 2006-10-27 23:09 . 2009-08-29 08:08    11069440              c:\windows\system32\ieframe.dll
+ 2007-05-09 20:48 . 2009-08-29 08:08    11069440              c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 05:08 . 2009-08-11 05:08    11315712              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-04-04 15:35 . 2009-04-04 15:35    38325760              c:\windows\Installer\b8b915.msp
+ 2009-08-10 22:09 . 2009-08-10 22:09    17254912              c:\windows\Installer\b8b8d8.msp
+ 2009-11-02 08:06 . 2009-07-20 01:48    11067392              c:\windows\ie8updates\KB974455-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Allena Hail\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-11-8 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-8 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-19 805392]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2005-12-27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08    110592    ----a-w-    c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42    72208    ----a-w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133152976\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133152976\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wscript.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 19:22]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 19:22]

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{78158E46-A829-4524-8549-F3E1CC50C101}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Allena Hail\Application Data\Mozilla\Firefox\Profiles\nkmk3qm3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\SiteAdvisor\6253\FF\components\FFHook.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-mabazulut - c:\windows\system32\farakive.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 20:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-11-04 20:44
ComboFix-quarantined-files.txt  2009-11-04 04:43
ComboFix2.txt  2009-11-02 04:48
ComboFix3.txt  2009-03-30 00:53
ComboFix4.txt  2009-03-29 17:02

Pre-Run: 10,928,168,960 bytes free
Post-Run: 10,883,227,648 bytes free

- - End Of File - - A0C7AB5530663DEF0F6F4315AF38D0BB

lenaguinn

How's your PC running now.

Much better; I haven't had any pop ups since then.

Also, some room was cleared up on my C drive, which had gotten mysteriously fuller.

Thank you so much for helping me out! Sorry for all the troubles downloading and running things properly.

You're a lifesaver! Thank you!