Michael,
Got it to work Mcafee may have been running turned it off and restarted
Here is Combofix report.......
ComboFix 09-04-17.05 - Green 04/17/2009 9:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.159 [GMT -5:00]
Running from: c:\documents and settings\Green\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Green\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
FILE ::
c:\documents and settings\Green\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\windows\system32\arclib.dll
c:\windows\system32\drivers\vet-filt.sys
c:\windows\system32\drivers\vet-rec.sys
c:\windows\system32\drivers\vetfddnt.sys
c:\windows\system32\drivers\vetmonnt.sys
c:\windows\system32\isafe.exe
c:\windows\system32\isafeif.dll
c:\windows\system32\isafinst.exe
c:\windows\system32\isafserv.dll
c:\windows\system32\sezerabo.exe
c:\windows\system32\vetredir.dll
c:\windows\system32\wezisuve.exe
c:\windows\system32\zepulabe.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\CA
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\OnDemandScannerLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\RealTimeScannerLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\arc2B9.tmp
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6372.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6373.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6374.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6375.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6376.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6377.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6378.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6379.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6380.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6381.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6382.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6383.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6384.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6385.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6386.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6387.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6388.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6389.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6390.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6391.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6392.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6393.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6394.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6395.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6396.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6397.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6398.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6399.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6400.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6401.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6402.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6403.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6404.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6405.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6406.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6407.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6408.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6409.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6410.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6411.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6412.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6413.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6414.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6415.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6416.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6417.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6418.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6419.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6420.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6421.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6422.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6423.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6424.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6425.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6426.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\vet.dat
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdatcauLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\aveng\vete.dll
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\aveng\veteboot.sys
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\aveng\vetefile.sys
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avengcauLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avinstcauLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avproduct\setupLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vet2B8.tmp
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\ccTrayLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\ccupdateLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\ccupdatevLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\ccproduct\setupLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\ccupdate\setupLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\feedLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\FIREWALL_FAQ
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\FIREWALL_PRODUCT_ALERT
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPAM_FAQ
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPAM_PRODUCT_ALERT
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_HELP_1
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_HELP_2
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_NEWLY_DISC
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_PRODUCT_ALERT
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_TOP_5
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_HELP_1
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_HELP_2
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_NEWLY_DISC
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_PRODUCT_ALERT
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_TOP_5
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\tmp\issproduct\setupLog.txt
c:\documents and settings\Green\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\program files\CA
c:\program files\CA\CA Internet Security Suite\caavissplugin.dll
c:\program files\CA\CA Internet Security Suite\caissaspam.dll
c:\program files\CA\CA Internet Security Suite\caissaspy.dll
c:\program files\CA\CA Internet Security Suite\caissav.dll
c:\program files\CA\CA Internet Security Suite\caissdm.dll
c:\program files\CA\CA Internet Security Suite\caissfw.dll
c:\program files\CA\CA Internet Security Suite\caissimages.dll
c:\program files\CA\CA Internet Security Suite\caisspc.dll
c:\program files\CA\CA Internet Security Suite\caissproduct.dll
c:\program files\CA\CA Internet Security Suite\caissresource.dll
c:\program files\CA\CA Internet Security Suite\caisssafelinks.dll
c:\program files\CA\CA Internet Security Suite\caisstutorial.exe
c:\program files\CA\CA Internet Security Suite\calic.dll
c:\program files\CA\CA Internet Security Suite\casecuritycenter.exe
c:\program files\CA\CA Internet Security Suite\catutor.exe
c:\program files\CA\CA Internet Security Suite\caunst.exe
c:\program files\CA\CA Internet Security Suite\ccdynamiccontent.dll
c:\program files\CA\CA Internet Security Suite\ccguifrm.dll
c:\program files\CA\CA Internet Security Suite\ccguifrmres.dll
c:\program files\CA\CA Internet Security Suite\ccissimg.dll
c:\program files\CA\CA Internet Security Suite\ccissprd.dll
c:\program files\CA\CA Internet Security Suite\ccissres.dll
c:\program files\CA\CA Internet Security Suite\ccpriv.dll
c:\program files\CA\CA Internet Security Suite\ccprovep.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
c:\program files\CA\CA Internet Security Suite\cctray\cctrayavplugin.dll
c:\program files\CA\CA Internet Security Suite\cctray\cctrayissplugin.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\cauconfig.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\CAUConnect.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\CAUConnect.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\caumessage.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\caupackage.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\CAUpdate.dat
c:\program files\CA\CA Internet Security Suite\ccupdate\caupdate.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupgrade.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccUpgradeRes.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\install\CaAvInstallCCI.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\msvcp71.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\msvcr71.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvArcLibCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvArcLibCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvDatCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvDatCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvEngCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvEngCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvISafeCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvISafeCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvProductCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvProductCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvResourceCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvResourceCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvRtDrvCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvRtDrvCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCProductCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCProductCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCResourceCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCResourceCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCUpdateCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCUpdateCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCUSdkCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCUSdkCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaIssProductCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaIssProductCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaIssResourceCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaIssResourceCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\xerces-c_2_6.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\xsec_1_1_0.dll
c:\program files\CA\CA Internet Security Suite\ccupdif.dll
c:\program files\CA\CA Internet Security Suite\eiss.dll
c:\program files\CA\CA Internet Security Suite\ezavlic.dll
c:\program files\CA\CA Internet Security Suite\help\195677.html
c:\program files\CA\CA Internet Security Suite\help\199049.html
c:\program files\CA\CA Internet Security Suite\help\199050.html
c:\program files\CA\CA Internet Security Suite\help\3558.html
c:\program files\CA\CA Internet Security Suite\help\362395.png
c:\program files\CA\CA Internet Security Suite\help\362410.png
c:\program files\CA\CA Internet Security Suite\help\362439.html
c:\program files\CA\CA Internet Security Suite\help\3911.png
c:\program files\CA\CA Internet Security Suite\help\4081.html
c:\program files\CA\CA Internet Security Suite\help\4104.html
c:\program files\CA\CA Internet Security Suite\help\4106.html
c:\program files\CA\CA Internet Security Suite\help\4114.png
c:\program files\CA\CA Internet Security Suite\help\573.png
c:\program files\CA\CA Internet Security Suite\help\574.png
c:\program files\CA\CA Internet Security Suite\help\636.gif
c:\program files\CA\CA Internet Security Suite\help\access_antispam_toolbar.html
c:\program files\CA\CA Internet Security Suite\help\automatic_update_options.html
c:\program files\CA\CA Internet Security Suite\help\back_up_your_data.html
c:\program files\CA\CA Internet Security Suite\help\block.gif
c:\program files\CA\CA Internet Security Suite\help\caiss_secure_now_spam.html
c:\program files\CA\CA Internet Security Suite\help\castyles.css
c:\program files\CA\CA Internet Security Suite\help\cbook.gif
c:\program files\CA\CA Internet Security Suite\help\change_administrator_credentials.html
c:\program files\CA\CA Internet Security Suite\help\collapse_all.png
c:\program files\CA\CA Internet Security Suite\help\configure_proxy_settings_automatically.html
c:\program files\CA\CA Internet Security Suite\help\contact_online_consumer_technical_support.html
c:\program files\CA\CA Internet Security Suite\help\contact_technical_support.html
c:\program files\CA\CA Internet Security Suite\help\dhtml_search.htm
c:\program files\CA\CA Internet Security Suite\help\dhtml_search.js
c:\program files\CA\CA Internet Security Suite\help\dhtml_toc.css
c:\program files\CA\CA Internet Security Suite\help\dhtml_toc.js
c:\program files\CA\CA Internet Security Suite\help\diamond.gif
c:\program files\CA\CA Internet Security Suite\help\dna_secure_now.html
c:\program files\CA\CA Internet Security Suite\help\do_not_update_automatically.html
c:\program files\CA\CA Internet Security Suite\help\docsstylesheet.css
c:\program files\CA\CA Internet Security Suite\help\EnableorDisableCAAnti-Spam.html
c:\program files\CA\CA Internet Security Suite\help\EnableorDisableWebsiteInspector.html
c:\program files\CA\CA Internet Security Suite\help\enter_proxy_server_information_manually.html
c:\program files\CA\CA Internet Security Suite\help\expand_all.png
c:\program files\CA\CA Internet Security Suite\help\f_secure_now.html
c:\program files\CA\CA Internet Security Suite\help\help.png
c:\program files\CA\CA Internet Security Suite\help\help_menu.html
c:\program files\CA\CA Internet Security Suite\help\help_open.png
c:\program files\CA\CA Internet Security Suite\help\horz1.gif
c:\program files\CA\CA Internet Security Suite\help\horz2.gif
c:\program files\CA\CA Internet Security Suite\help\hyphen.gif
c:\program files\CA\CA Internet Security Suite\help\index.htm
c:\program files\CA\CA Internet Security Suite\help\indexpage.htm
c:\program files\CA\CA Internet Security Suite\help\install_component_products.html
c:\program files\CA\CA Internet Security Suite\help\install_updates_automatically.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_antispam.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_antispyware.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_antivirus.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_parental_controls.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_personal_firewall.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_security_center.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_DNA.html
c:\program files\CA\CA Internet Security Suite\help\IntroductiontoCAWebsiteInspector.html
c:\program files\CA\CA Internet Security Suite\help\legal_notice.html
c:\program files\CA\CA Internet Security Suite\help\log_in_as_a_different_user.html
c:\program files\CA\CA Internet Security Suite\help\minus.gif
c:\program files\CA\CA Internet Security Suite\help\obook.gif
c:\program files\CA\CA Internet Security Suite\help\open_Advanced_Settings_for_anti_virus.html
c:\program files\CA\CA Internet Security Suite\help\open_advanced_settings_for_antispyware.html
c:\program files\CA\CA Internet Security Suite\help\open_advanced_settings_for_personal_firewall.html
c:\program files\CA\CA Internet Security Suite\help\open_advanced_settings_pc.html
c:\program files\CA\CA Internet Security Suite\help\open_parent.js
c:\program files\CA\CA Internet Security Suite\help\plus.gif
c:\program files\CA\CA Internet Security Suite\help\portal_tab_selected_center.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_selected_left.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_selected_right.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_unselected_center.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_unselected_left.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_unselected_right.png
c:\program files\CA\CA Internet Security Suite\help\proxy_settings_configuration2.html
c:\program files\CA\CA Internet Security Suite\help\renew_product_licenses.html
c:\program files\CA\CA Internet Security Suite\help\require_proxy_authentication.html
c:\program files\CA\CA Internet Security Suite\help\reset_administrator_password.html
c:\program files\CA\CA Internet Security Suite\help\restore_files_settings.html
c:\program files\CA\CA Internet Security Suite\help\s_secure_now.html
c:\program files\CA\CA Internet Security Suite\help\scan_my_computer_for_spyware.html
c:\program files\CA\CA Internet Security Suite\help\scan_my_computer_for_viruses.html
c:\program files\CA\CA Internet Security Suite\help\schedule_automatic_updates.html
c:\program files\CA\CA Internet Security Suite\help\secure_now.html
c:\program files\CA\CA Internet Security Suite\help\secure_now_pc.html
c:\program files\CA\CA Internet Security Suite\help\SecureNowwi.html
c:\program files\CA\CA Internet Security Suite\help\snooze_antivirus_protection.html
c:\program files\CA\CA Internet Security Suite\help\space.gif
c:\program files\CA\CA Internet Security Suite\help\space1x1.png
c:\program files\CA\CA Internet Security Suite\help\specify_not_to_connect_through_a_proxy_server.html
c:\program files\CA\CA Internet Security Suite\help\stop_internet_access.html
c:\program files\CA\CA Internet Security Suite\help\stylesheet.css
c:\program files\CA\CA Internet Security Suite\help\system_tray_icon_tasks.html
c:\program files\CA\CA Internet Security Suite\help\tab_index.htm
c:\program files\CA\CA Internet Security Suite\help\tab_search.htm
c:\program files\CA\CA Internet Security Suite\help\tab_toc.htm
c:\program files\CA\CA Internet Security Suite\help\toc.htm
c:\program files\CA\CA Internet Security Suite\help\topic.gif
c:\program files\CA\CA Internet Security Suite\help\update_menu2.html
c:\program files\CA\CA Internet Security Suite\help\UpdateYourCASecuritySoftwareManually.html
c:\program files\CA\CA Internet Security Suite\help\view_statistics.html
c:\program files\CA\CA Internet Security Suite\help\view_the_tutorial.html
c:\program files\CA\CA Internet Security Suite\help\view_the_tutorial_help.html
c:\program files\CA\CA Internet Security Suite\license.dll
c:\program files\CA\CA Internet Security Suite\license.txt
c:\program files\CA\CA Internet Security Suite\licreg.exe
c:\program files\CA\CA Internet Security Suite\tutorial\1_1_Intro.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_2_SC.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_3_AV.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_4_PP.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_5_FW.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_6_ASp.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_7_PC.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_8_WI.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_9_DNA.txt
c:\program files\CA\CA Internet Security Suite\tutorial\ASp01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\ASp02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\ASp03.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\AV01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\AV02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\DNA01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW03.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW04.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW05.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW06.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\noImage.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\PC01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\PC02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\PP01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\PP02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\SC01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\SC02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\WI01.jpg
c:\windows\system32\arclib.dll
c:\windows\system32\drivers\vet-filt.sys
c:\windows\system32\drivers\vet-rec.sys
c:\windows\system32\drivers\vetfddnt.sys
c:\windows\system32\drivers\vetmonnt.sys
c:\windows\system32\isafe.exe
c:\windows\system32\isafeif.dll
c:\windows\system32\isafinst.exe
c:\windows\system32\isafserv.dll
c:\windows\system32\sezerabo.exe
c:\windows\system32\vetredir.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CACCPROVSP
-------\Service_CaCCProvSP
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.
2009-04-17 14:37 . 2009-04-17 14:37 -------- d-----w C:\32788R22FWJFW
2009-04-15 12:00 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:00 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 12:00 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:00 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 12:00 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:00 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:00 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:00 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:00 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:00 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:56 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 11:56 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 11:56 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 15:40 . 2009-04-17 12:31 -------- d-----w c:\documents and settings\Green\Application Data\WinPatrol
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\scripting
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\l2schemas
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\en
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\bits
2009-04-02 12:24 . 2009-04-02 12:29 -------- d-----w c:\windows\ServicePackFiles
2009-03-27 18:28 . 2009-03-27 18:28 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-03-27 14:41 . 2009-03-27 14:41 -------- d-sh--w c:\documents and settings\Green\IECompatCache
2009-03-27 14:39 . 2009-03-27 14:39 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-03-27 14:39 . 2009-04-09 14:31 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-27 14:28 . 2009-04-17 14:43 10027 ----a-w c:\windows\system32\Config.MPF
2009-03-27 14:27 . 2009-03-27 14:27 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-03-27 14:20 . 2007-11-22 11:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-27 14:20 . 2007-12-02 17:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-27 14:20 . 2007-11-22 11:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-27 14:20 . 2007-11-22 11:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-27 14:20 . 2007-11-22 11:44 201320 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-27 14:20 . 2007-07-13 11:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-03-27 13:49 . 2009-03-27 14:28 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-27 13:36 . 2009-03-27 13:36 -------- d-sh--w c:\documents and settings\Green\PrivacIE
2009-03-27 13:01 . 2009-03-27 13:01 -------- d-sh--w c:\documents and settings\Green\IETldCache
2009-03-27 12:53 . 2009-03-27 12:53 -------- d-----w c:\windows\ie8updates
2009-03-27 12:49 . 2009-03-27 12:50 -------- dc-h--w c:\windows\ie8
2009-03-26 20:17 . 2008-10-16 19:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-26 20:17 . 2008-10-16 19:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-26 18:39 . 2008-10-16 19:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-26 12:13 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 14:37 . 2009-04-17 14:37 1095 ----a-w C:\Bug.txt
2009-04-17 13:12 . 2009-03-27 14:18 -------- d-----w c:\program files\McAfee
2009-04-16 14:19 . 2009-04-16 14:19 25870 ----a-w C:\HijackPatrol.log
2009-04-15 20:36 . 2008-12-17 13:52 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-14 12:08 . 2008-10-06 17:33 871952 ----a-w C:\caisslog.txt
2009-04-13 12:29 . 2008-06-30 14:23 -------- d-----w c:\program files\TomTom HOME 2
2009-04-10 15:39 . 2009-04-10 15:39 -------- d-----w c:\program files\BillP Studios
2009-04-02 12:35 . 2004-08-11 22:14 87263 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 12:20 . 2004-08-11 22:00 250048 --sha-r C:\ntldr
2009-03-31 12:31 . 2009-03-31 12:31 -------- d-----w c:\program files\Windows Defender
2009-03-30 18:39 . 2008-12-04 15:23 -------- d-----w c:\documents and settings\Green\Application Data\U3
2009-03-27 16:26 . 2006-07-06 14:44 -------- d-----w c:\documents and settings\All Users\Application Data\Retrospect
2009-03-27 14:20 . 2009-03-27 14:19 -------- d-----w c:\program files\Common Files\McAfee
2009-03-27 14:19 . 2009-03-27 14:19 -------- d-----w c:\program files\McAfee.com
2009-03-27 14:00 . 2006-09-01 17:17 -------- d-----w c:\program files\Yahoo!
2009-03-27 12:08 . 2009-03-27 12:08 -------- d-----w c:\program files\Photo Story 3 for Windows
2009-03-26 19:52 . 2009-02-16 18:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-26 19:35 . 2009-03-26 19:35 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-15 17:01 . 2009-03-15 16:46 -------- d-----w c:\documents and settings\Guest\Application Data\CallingID
2009-03-15 16:46 . 2009-03-15 16:46 -------- d-----w c:\documents and settings\Guest\Application Data\Yahoo!
2009-03-13 14:46 . 2009-03-13 14:46 -------- d-----w c:\program files\Trend Micro
2009-03-13 14:22 . 2009-03-13 14:22 -------- d-----w c:\program files\Enigma Software Group
2009-03-11 03:18 . 2006-04-10 18:00 934792 ----a-w c:\windows\system32\dllcache\WgaTray.exe
2009-03-11 03:18 . 2006-04-10 18:00 239496 ------w c:\windows\system32\dllcache\wgaLogon.dll
2009-03-08 19:09 . 2009-03-08 19:09 638816 ------w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 19:09 . 2009-03-08 19:09 391536 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 09:41 . 2006-05-19 15:08 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 09:34 . 2006-05-10 05:23 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 09:34 . 2004-08-11 22:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2006-05-10 05:23 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 09:34 . 2009-03-08 09:34 236544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 09:34 . 2009-03-08 09:34 43008 ------w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 09:34 . 2004-08-11 22:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:34 . 2009-03-08 09:34 105984 ------w c:\windows\system32\dllcache\url.dll
2009-03-08 09:34 . 2009-03-08 09:34 109568 ------w c:\windows\system32\dllcache\occache.dll
2009-03-08 09:34 . 2006-05-10 05:23 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 09:33 . 2006-09-18 14:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 09:33 . 2009-03-08 09:33 18944 ------w c:\windows\system32\dllcache\corpol.dll
2009-03-08 09:33 . 2004-08-11 22:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2006-05-10 05:22 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 09:33 . 2006-05-18 05:24 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 09:33 . 2009-03-08 09:33 229376 ------w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 09:33 . 2007-12-18 14:40 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 09:33 . 2004-08-11 22:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:33 . 2009-03-08 09:33 125952 ------w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 09:32 . 2009-03-08 09:32 72704 ------w c:\windows\system32\dllcache\admparse.dll
2009-03-08 09:32 . 2004-08-11 22:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2009-03-08 09:32 173056 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 09:32 . 2009-03-08 09:32 163840 ------w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 09:32 . 2009-03-08 09:32 71680 ------w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 09:32 . 2009-03-08 09:32 55808 ------w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 09:32 . 2004-08-11 22:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:32 . 2009-03-08 09:32 128512 ------w c:\windows\system32\dllcache\advpack.dll
2009-03-08 09:32 . 2006-05-10 05:22 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 09:32 . 2006-05-10 05:23 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 09:31 . 2006-05-10 05:22 183808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-03-08 09:31 . 2006-05-10 05:22 348160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 09:31 . 2009-03-08 09:31 34816 ------w c:\windows\system32\dllcache\imgutil.dll
2009-03-08 09:31 . 2006-05-10 05:22 216064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 09:31 . 2004-08-11 22:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2006-05-10 05:23 46592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 09:31 . 2006-05-10 05:23 66560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 09:31 . 2009-03-08 09:31 48128 ------w c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 09:31 . 2004-08-11 22:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2009-03-08 09:31 45568 ------w c:\windows\system32\dllcache\mshta.exe
2009-03-08 09:31 . 2004-08-11 22:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:24 . 2009-03-08 09:24 68608 ------w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 09:22 . 2009-03-08 09:22 156160 ------w c:\windows\system32\dllcache\msls31.dll
2009-03-08 09:22 . 2004-08-11 22:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-11 22:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-02 17:15 . 2008-08-15 12:37 -------- d-----w c:\program files\Mozilla Thunderbird
2009-02-09 12:10 . 2004-08-11 22:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 22:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 22:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 22:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 15:33 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-11 22:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 00:02 . 2008-10-15 15:33 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 22:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 15:33 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 15:33 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-08-11 22:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 22:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-15 15:33 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-04 03:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-11 22:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-01-23 22:49 . 2008-01-23 22:49 128 ----a-w c:\documents and settings\Green\Local Settings\Application Data\fusioncache.dat
2006-10-11 08:2008-04-18 18:57 04:58 . c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:2008-04-18 18:57 04:59 . c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:2008-04-18 18:57 05:03 . c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:2008-04-18 18:57 05:03 . c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:2008-04-18 18:57 04:58 . c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-14_ 6.53.25.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 22:00 . 2009-04-02 13:47 55046 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2009-04-16 11:55 55046 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-11 22:11 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 22:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 22:11 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2007-10-16 18:35 . 2009-04-17 14:19 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-04-14 11:55 . 2009-04-17 12:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-10-25 15:14 . 2009-04-17 12:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-10-25 15:14 . 2009-04-13 19:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-10-25 15:14 . 2009-04-13 19:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-10-25 15:14 . 2009-04-17 12:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-17 14:02 . 2009-04-15 20:36 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-11 22:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-11 22:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2004-08-11 22:11 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 22:11 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 22:11 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-11 22:00 . 2009-04-16 11:55 386148 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2009-04-02 13:47 386148 c:\windows\system32\perfh009.dat
- 2004-08-11 22:11 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-11 22:11 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2004-08-11 22:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-11 22:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-12-17 14:02 . 2009-03-26 20:12 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
- 2004-08-11 22:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2004-08-11 22:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-12-17 14:02 . 2009-03-26 20:12 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-15 15:33 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 15:33 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 15:33 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 15:33 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 15:33 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 15:33 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-15 15:33 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-02-02 23:07 . 2009-02-02 23:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-04-15 20:37 . 2009-04-06 12:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-09 286720]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-07 337216]
c:\documents and settings\Green\Start Menu\Programs\Startup\
FreeClip.lnk - c:\program files\FreeClip\FreeClip.exe [2007-11-27 695808]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-6-29 25214]
Free WebSite Tools.lnk - c:\program files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2006-6-7 372224]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\pvsw\\bin\\w3dbsmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]
S2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2006-05-10 8192]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 MvUsbA;Micro-Vu USB Driver;c:\windows\system32\DRIVERS\MvUsbA.sys [2005-09-12 26880]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{056c916a-c2d1-11dd-8ff4-0014222ed610}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f507f455-c139-11dd-8ff2-0014222ed610}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uSearchMigratedDefaultUrl =
hxxp://www.mywebsearch.com/jsp/cfg_redi ... com/web&q={searchTerms}&l=zu&o=sb
mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Connection Wizard,ShellNext =
hxxp://www.dell.com/uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-17 09:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3684)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\pvsw\bin\w3dbsmgr.exe
c:\program files\Dantz\Retrospect 7.0\retrorun.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-17 9:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 14:48
ComboFix2.txt 2009-04-14 11:54
Pre-Run: 50,195,398,656 bytes free
Post-Run: 50,212,319,232 bytes free
678 --- E O F --- 2009-04-15 20:38