Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Software Freeze, Laptop Extremely Slow


  • Please log in to reply
22 replies to this topic

#1 dreamhouse

dreamhouse

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 06 October 2007 - 01:57 AM

Helo there,

It all started with my laptop being extremely SLOW to do every and anything at all! Eventually some opened windows wouls dissapear in the blue, touchpad mouse would do funny things. I scanned with Spy Bot, just some tracking cookies found....the computer continued the same....scanned with Nod....nothing found...opened Combofix and it froze and there came a blue screen....entered safe mode and ran it again....almost couldnt finish, since the safe mode initial window popped up and I had to close it. But Combofix seemed to have gotten something. Tried to run Stinger, it froze...went online for Housecall, it also froze. Well, I really do need a generous expert on reading HijakThis and maybe Combofix logs to help through this war. Please get back to me soon!!!!

Thanks a lot.

PS. I live in Brazil but am actually in India with my laptop, so our schedules are many hours apart.

My two logs. First HijackThis and then Combofix:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:59, on 06/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RssBho Class - {9BC6ABD4-63C4-41E0-9C96-77D7F0AF78CE} - C:\Program Files\RSSClient\rsstoolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: RSS-Client - {63837897-A6BB-424F-ACB8-F25C93F87890} - C:\Program Files\RSSClient\rsstoolbar.dll
O3 - Toolbar: &Groowe 2 - {D52EE69D-ADC2-4AE7-BC19-4AEEC1890C76} - C:\PROGRA~1\Groowe\Toolbar2\GrooweToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - blank
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165866613328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146321687786
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd. - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TQFTAUVG - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TQFTAUVG.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11379 bytes




ComboFix 07-10-04.2 - Clarita Maia 2007-10-06 10:30:27.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.256 [GMT 5.5:30]
Running from: E:\Downloads\Spyware Trojan Hunt\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\gbplugin\Bb.gpc
C:\Program Files\gbplugin\Bb.gpc . . . . failed to delete
C:\Program Files\gbplugin\gbieh.gmd

.
((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))

2007-10-06 09:21	  2123048	--a------	C:\Qoobox\Quarantine\C\Program Files\GbPlugin\gbieh.gmd.vir
2007-10-06 09:21	  43066	--a------	C:\Qoobox\Quarantine\C\Program Files\GbPlugin\Bb.gpc.vir
2007-10-06 10:32	  4056586	--a------	C:\Qoobox\Quarantine\catchme2007-10-06_103725.39.zip
2007-10-06 10:32	  614	--a------	C:\Qoobox\Quarantine\catchme.log


Folder PATH listing for volume SISTEMA
Volume serial number is 0FC1-36F9
C:\QOOBOX\QUARANTINE
|   catchme.log
|   catchme2007-10-06_103725.39.zip
|   
+---C
|   \---Program Files
|	   \---GbPlugin
|			   Bb.gpc.vir
|			   gbieh.gmd.vir
|			   
\---Registry_backups

.

2007-10-06 10:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 11:24 <DIR> d-------- C:\Documents and Settings\Clarita Maia\DoctorWeb
2007-10-04 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-04 09:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-04 09:45 <DIR> d-------- C:\Documents and Settings\Clarita Maia\Application Data\SUPERAntiSpyware.com
2007-10-04 09:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 07:20 <DIR> d-------- C:\VundoFix Backups
2007-10-03 06:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-01 12:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-01 12:37 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-01 12:37 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-01 12:37 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-10-01 12:37 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-10-01 12:37 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-10-01 12:37 <DIR> d-------- C:\Program Files\Webroot
2007-10-01 12:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-01 12:37 <DIR> d-------- C:\Documents and Settings\Clarita Maia\Application Data\Webroot
2007-10-01 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-09-28 22:56 592,384 --a--c--- C:\WINDOWS\system32\dllcache\ssomani.scr
2007-09-21 22:13 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-21 22:13 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-09-21 22:13 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-17 11:37 <DIR> d-------- C:\Program Files\Unit Converter Pro
2007-09-17 11:29 <DIR> d-------- C:\Program Files\MailNavigator
2007-09-17 11:16 592,384 --a------ C:\WINDOWS\system32\ssomani.scr
2007-09-17 11:16 215,552 --a------ C:\WINDOWS\system32\ssdalai.scr
2007-09-17 11:16 203,776 --a------ C:\WINDOWS\system32\sstchenrezig.scr
2007-09-14 15:12 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-13 15:39 88,560 -ra------ C:\WINDOWS\system32\drivers\K320mgmt.sys
2007-09-13 15:38 97,056 -ra------ C:\WINDOWS\system32\drivers\K320mdm.sys
2007-09-13 15:38 9,328 -ra------ C:\WINDOWS\system32\drivers\K320mdfl.sys
2007-09-13 15:38 86,368 -ra------ C:\WINDOWS\system32\drivers\K320obex.sys
2007-09-13 15:38 61,504 -ra------ C:\WINDOWS\system32\drivers\K320bus.sys
2007-09-13 15:38 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cmnt.sys
2007-09-13 15:38 6,208 -ra------ C:\WINDOWS\system32\drivers\K320cm.sys
2007-09-13 15:38 5,840 -ra------ C:\WINDOWS\system32\drivers\K320whnt.sys
2007-09-13 15:38 5,840 -ra------ C:\WINDOWS\system32\drivers\K320wh.sys
2007-09-13 15:15 <DIR> d-------- C:\Documents and Settings\Clarita Maia\Application Data\Teleca
2007-09-13 15:15 <DIR> d-------- C:\Documents and Settings\Clarita Maia\Application Data\Sony Ericsson
2007-09-13 15:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-13 15:11 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-09-13 15:11 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-09-13 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2007-09-13 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 10:34 --------- d-------- C:\Program Files\GbPlugin
2007-10-06 10:21 --------- d-------- C:\Documents and Settings\Clarita Maia\Application Data\Skype
2007-10-06 09:44 --------- d-------- C:\Program Files\GetRight
2007-10-05 17:20 --------- d-------- C:\Program Files\FlashGet
2007-10-01 12:35 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-12 21:43 --------- d-------- C:\Documents and Settings\All Users\Application Data\GbPlugin
2007-09-07 20:31 --------- d-------- C:\Program Files\EmC
2007-09-04 09:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-04 09:52 --------- d-------- C:\Program Files\QuickTime
2007-09-03 14:31 --------- d-------- C:\Documents and Settings\Clarita Maia\Application Data\oald7
2007-09-03 14:30 --------- dr-h----- C:\Documents and Settings\Clarita Maia\Application Data\SecuROM
2007-09-03 14:29 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-15 22:43 --------- d-------- C:\Program Files\VoipCheapCom
2007-08-15 19:34 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-11 23:30 --------- d-------- C:\Documents and Settings\Clarita Maia\Application Data\VoipCheapCom
2007-08-07 10:55 --------- d-------- C:\Program Files\allTunes
2007-08-07 10:55 --------- d-------- C:\Documents and Settings\All Users\Application Data\allTunes
2007-07-31 03:49 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-31 03:49 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-31 03:49 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-31 03:49 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-31 03:49 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-31 03:49 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-31 03:49 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-31 03:49 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-31 03:49 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-31 03:48 33624 --a------ C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 08:32]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-21 22:12]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-08-25 21:47]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-28 23:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 02:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Program Files\Scpad\scpLIB.dll [2007-03-27 09:59 128512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2007-08-08 14:29 209224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll [2007-03-27 09:59 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P-Install]
F:\Install\installerp1.exe e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QveCtl2Tray]
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]
rundll32 srclient.dll,CreateFirstRunRp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
"C:\program files\voipcheapcom\voipcheapcom.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PDFCreatorClient"=C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 GbpSv;Gbp Service;C:\Program Files\GbPlugin\GbpSv.exe
R2 UacFlt;Philips Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uacbflt.sys
R3 psa500;Sound Agent 2 for Audio Set (WDM);C:\WINDOWS\system32\drivers\psa500.sys
R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;C:\WINDOWS\system32\DRIVERS\QsndEnum.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 ICDUSB2;Sony IC Recorder (ST);C:\WINDOWS\system32\Drivers\ICDUSB2.sys
S3 K320bus;Sony Ericsson K320 driver (WDM);C:\WINDOWS\system32\DRIVERS\K320bus.sys
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\K320mdfl.sys
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\K320mdm.sys
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\K320mgmt.sys
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\K320obex.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 TQFTAUVG;TQFTAUVG;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TQFTAUVG.exe
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys
S4 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 16:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 10:37:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 10:45:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-06 10:43
.
--- E O F ---

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:27 AM

Posted 15 October 2007 - 03:06 PM

Hi dreamhouse, :blink:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :thumbsup:

#3 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 16 October 2007 - 05:45 AM

Hi Falu,

Actually I had given up getting an answer from you. But GOOD, you answered....so, many things changed since then, but I am still facing ONE problem. Everytime I start the computer, windows loads, desktop opens, and then it takes ages before I can register any commands; if I try, everything freezes and after the fan runs like wild and some time after, every command I registered pops up at once...and then I can resume "normal"activity.

So here goes my actual HijackThis log, after many changes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:53, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Groowe 2 - {D52EE69D-ADC2-4AE7-BC19-4AEEC1890C76} - C:\PROGRA~1\Groowe\Toolbar2\GrooweToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165866613328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146321687786
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8545 bytes

Hope I can hear from you soon. Thanks,
Dreamhouse

#4 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 October 2007 - 03:36 AM

IN TIME:

I uninstalled Webroot's Spy Sweeper this morning. I had it disabled already, but I ran a scan with it some minutes ago and it was behaving really strange, so...I unistalled it.

Where are you?????

#5 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:27 AM

Posted 17 October 2007 - 11:08 AM

Hi dreamhouse, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1. Please disable SuperAntispyware since it may interfere with the fixes we are going to make.

Right-click on the shortcut from the
system tray, choose View Control Center (preferences/options), on the General and Startup tab, uncheck, Start SUPERAntispyware when Windows starts, click Close to exit.

You may enable it again once you're clean; I will let you know. disable SpySweeper, as it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean, I'll let you know.

2.

I uninstalled Webroot's Spy Sweeper this morning. I had it disabled already, but I ran a scan with it some minutes ago and it was behaving really strange, so...I unistalled it.


Please be sure Spysweeper has been disabled as well:

Open SpySweeper, click > Options over to the left then > Program Options > Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

3. Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

4. Download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

5. Download ATF Cleaner by Atribune. Do not run it yet.

6. Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

7. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

8. Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
9. Run HijackThis, click Scan and checkmark the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

Please reboot again and post the Dr. Web-log along with a fresh HijackThis log.

#6 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 19 October 2007 - 07:05 AM

Hi Falu,

Sorry for the delay in answering...I'm travelling around!
I found your demand to disable Spysweeper strange since you yourself quoted my note on me having uninstalled it, so how could I disable an uninstalled application? So maybe my communication was a bit unclear?
I did everything you asked. Also did not understanmd why you had me delete the blank opening page of IE7 since that was the choice I made to overwrite microsoft's default page. But, anyway, I did that to.

Dr.Web did not find any viruses or other malware, so it did not offer the possibility of generating a report.

The computer is even slower now. Do you think Zone Alarm has anything to do with this, since always when Windows opens it downloads anti-spyware definitions and freezes the laptop?

Here goes my actual HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:50, on 18/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 170.66.1.60 www14.bancobrasil.com.br # GbPlugin
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Groowe 2 - {D52EE69D-ADC2-4AE7-BC19-4AEEC1890C76} - C:\PROGRA~1\Groowe\Toolbar2\GrooweToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165866613328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146321687786
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7999 bytes

Waiting for your feedback, I thank you very much,
Dreanhouse

#7 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:27 AM

Posted 20 October 2007 - 03:29 PM

Hi dreamhouse, :thumbsup:

Sorry for the delay in answering...I'm travelling around!


No problem, post whenever it suits you.

Waiting for your feedback, I thank you very much,


You're very welcome.

I found your demand to disable Spysweeper strange since you yourself quoted my note on me having uninstalled it, so how could I disable an uninstalled application?


I wrote: "Please be sure Spysweeper has been disabled" because I cann't tell from here what you really have done.

Also did not understanmd why you had me delete the blank opening page of IE7 since that was the choice I made to overwrite microsoft's default page. But, anyway, I did that to.


You may reset that if you want. To be honest most of the helpers have that entry fixed by routine since it may be related to malware.

The computer is even slower now. Do you think Zone Alarm has anything to do with this, since always when Windows opens it downloads anti-spyware definitions and freezes the laptop?


May be, firewalls do that sometimes. I use ZoneAlarm myself and must say: works like a charm here.

If a slow computer is the main problem, look at: Help! My computer is slow!

Let me know if this helps.

#8 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 20 October 2007 - 10:00 PM

Hello again,

Thanks for sending me the link to the slow computer checklist, but I had gone through that already before posting my first answer to you! My problem is the not really a slow computer but the problem related in my first posting to you, I copy the complaint here again:

but I am still facing ONE problem. Everytime I start the computer, windows loads, desktop opens, and then it takes ages before I can register any commands; if I try, everything freezes and after the fan runs like wild and some time after, every command I registered pops up at once...and then I can resume "normal"activity.

That's it: only change is that the fan is not runnung like wild anymore.

Can you guess what could be causing that?

Thanks again,
Dreamhouse

#9 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:27 AM

Posted 22 October 2007 - 11:22 AM

HI dreamhouse, :thumbsup:

Thanks for sending me the link to the slow computer checklist, but I had gone through that already before posting my first answer to you!


I assume that means you also followed the guidelines given??!!!

but I am still facing ONE problem. Everytime I start the computer, windows loads, desktop opens, and then it takes ages before I can register any commands; if I try, everything freezes and after the fan runs like wild and some time after, every command I registered pops up at once...and then I can resume "normal"activity.


Okay let's dig some deeper to be sure it's not malware that's causing the problems you have.

Download Deckard's System Scanner and save it to your Desktop.

* Double click dss.exe and follow the prompts.
* When finished, it will produce a log for you.
* Post the contents of that log in your next reply.
* Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Deckard\System Scanner folder. You will find two logs in the folder, main.txt and extra.txt.
* Open the main.txt log in Notepad
* Also Copy and Paste its contents in a reply.

#10 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 October 2007 - 11:08 PM

Hi Falu,

Yes I did follow the guidelines given.
So, I ran SDD...but on the first try, the fan (which is running like wild again) started up and the computer froze, so I restarted the computer and got the following log (after another long fan run and freezing):


Deckard's System Scanner v20071014.68
Run by Clarita Maia on 2007-10-23 09:09:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
8: 2007-10-23 03:25:35 UTC - RP28 - Deckard's System Scanner Restore Point
7: 2007-10-22 11:57:05 UTC - RP27 - System Checkpoint
6: 2007-10-16 16:56:15 UTC - RP26 - System Checkpoint
5: 2007-10-14 05:00:38 UTC - RP25 - Installed Java™ 6 Update 3
4: 2007-10-14 04:41:00 UTC - RP24 - Removed J2SE Runtime Environment 5.0 Update 6


-- First Restore Point --
1: 2007-10-11 15:25:27 UTC - RP21 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Clarita Maia.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:12:07, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Downloads\Anti-Spyware and Anti-Virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Clarita Maia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Groowe 2 - {D52EE69D-ADC2-4AE7-BC19-4AEEC1890C76} - C:\PROGRA~1\Groowe\Toolbar2\GrooweToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165866613328
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146321687786
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7949 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071007-091456-519 O23 - Service: TQFTAUVG - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TQFTAUVG.exe (file missing)
backup-20071011-191820-569 O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (file missing)
backup-20071013-204954-278 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
backup-20071013-205000-981 O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
backup-20071013-205001-206 O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
backup-20071013-205001-847 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
backup-20071013-205002-887 O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
backup-20071013-205002-897 O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
backup-20071013-205003-752 O17 - HKLM\System\CS2\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
backup-20071013-205003-758 O17 - HKLM\System\CS1\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
backup-20071013-205003-828 O17 - HKLM\System\CCS\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
backup-20071013-205003-836 O17 - HKLM\System\CS3\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
backup-20071018-160728-594 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071018-160728-690 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071018-160728-773 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (B.H.A Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R0 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing)
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 UacFlt (Philips Composite Class Filter Driver) - c:\windows\system32\drivers\uacbflt.sys <Not Verified; Micronas GmbH; UAC355x>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\clarit~1\locals~1\temp\catchme.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 psa500 (Sound Agent 2 for Audio Set (WDM)) - c:\windows\system32\drivers\psa500.sys <Not Verified; QSound Labs, Inc.; QSound Virtual Engine>
S3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>
S4 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S4 Ndisicuvm -
S4 PDFCreatorMessages - c:\windows\system32\pdfcreatormessages.exe <Not Verified; Global Graphics Software Ltd.; PDFCreatorMessages Module>
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S4 TQFTAUVG - c:\docume~1\admini~1\locals~1\temp\tqftauvg.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3080103C&REV_10\4&16793A72&0&00F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3080103C&REV_10\4&16793A72&0&00F0
Service: RTL8023xp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11b/g WLAN
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12F8103C&REV_03\4&16793A72&0&30F0
Manufacturer: Broadcom
Name: Broadcom 802.11b/g WLAN
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12F8103C&REV_03\4&16793A72&0&30F0
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3DB481C09F00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3DB481C09F00
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-10-13 22:27:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-09-23 and 2007-10-23 -----------------------------

2007-10-22 09:57:48 0 d-------- C:\Program Files\HP
2007-10-14 17:36:29 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\Skype
2007-10-14 10:31:38 0 d-------- C:\Program Files\Java
2007-10-14 10:31:32 0 d-------- C:\Program Files\Common Files\Java
2007-10-12 14:56:01 122880 --a------ C:\WINDOWS\system32\trc.dll
2007-10-10 09:41:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-08 23:31:06 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-10-08 23:31:04 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-10-08 23:31:03 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-10-08 23:31:03 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-10-08 23:31:01 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-10-08 23:28:46 0 d-------- C:\Program Files\Cucusoft
2007-10-08 22:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-08 18:48:16 0 d-------- C:\Program Files\Skype
2007-10-08 18:48:16 0 d-------- C:\Program Files\Common Files\Skype
2007-10-07 15:52:33 8126464 --a------ C:\Documents and Settings\Clarita Maia\ntuser.dat
2007-10-07 15:52:32 1310720 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-10-07 15:51:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 21:09:06 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-06 10:58:42 0 d-------- C:\Documents and Settings\Clarita Maia\.housecall6.6
2007-10-05 06:54:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-04 11:24:15 0 d-------- C:\Documents and Settings\Clarita Maia\DoctorWeb
2007-10-04 09:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-04 09:45:50 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\SUPERAntiSpyware.com
2007-10-03 06:39:55 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2007-10-23 08:19:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-14 10:31:32 0 d-------- C:\Program Files\Common Files
2007-10-13 18:48:46 0 d-------- C:\Program Files\FlashGet
2007-10-13 16:01:04 0 d-------- C:\Program Files\GetRight
2007-10-12 14:56:12 0 d-------- C:\Program Files\SONY
2007-10-07 10:44:02 0 d-------- C:\Program Files\PC-Linq
2007-10-07 10:44:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 22:36:52 0 d-------- C:\Program Files\Google
2007-10-06 22:29:09 0 d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-10-06 18:44:20 0 d-------- C:\Program Files\GbPlugin
2007-09-30 08:39:55 2241 --a------ C:\WINDOWS\panose.bin
2007-09-21 22:12:34 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-09-17 11:38:30 0 d-------- C:\Program Files\Unit Converter Pro
2007-09-17 11:34:38 0 d-------- C:\Program Files\MailNavigator
2007-09-13 15:16:32 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\Teleca
2007-09-13 15:15:16 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\Sony Ericsson
2007-09-13 15:11:56 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-09-13 15:11:04 0 d-------- C:\Program Files\Sony Ericsson
2007-09-07 20:31:37 0 d-------- C:\Program Files\EmC
2007-09-04 09:52:18 0 d-------- C:\Program Files\QuickTime
2007-09-03 14:31:25 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\oald7
2007-09-03 14:30:01 0 dr-h----- C:\Documents and Settings\Clarita Maia\Application Data\SecuROM
2007-09-03 14:29:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [21/09/2007 22:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 00:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [25/08/2006 21:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 17:30]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [17/07/2007 02:48]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/10/2006 03:35]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [25/06/2007 22:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [08/08/2007 14:29 209224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P-Install]
F:\Install\installerp1.exe e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QveCtl2Tray]
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]
rundll32 srclient.dll,CreateFirstRunRp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
"C:\program files\voipcheapcom\voipcheapcom.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PDFCreatorClient"=C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7686208e-41f8-11dc-92ba-00904ba43937}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe




-- Hosts -----------------------------------------------------------------------

.de
it


-- End of Deckard's System Scanner: finished at 2007-10-23 09:12:41 ------------



So, as for the other log you asked (actually I found 3 logs in the folder and not 2, they were: main, extra and moved), here it is:


Deckard's System Scanner v20071014.68
Run by Clarita Maia on 2007-10-23 09:09:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
8: 2007-10-23 03:25:35 UTC - RP28 - Deckard's System Scanner Restore Point
7: 2007-10-22 11:57:05 UTC - RP27 - System Checkpoint
6: 2007-10-16 16:56:15 UTC - RP26 - System Checkpoint
5: 2007-10-14 05:00:38 UTC - RP25 - Installed Java™ 6 Update 3
4: 2007-10-14 04:41:00 UTC - RP24 - Removed J2SE Runtime Environment 5.0 Update 6


-- First Restore Point --
1: 2007-10-11 15:25:27 UTC - RP21 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Clarita Maia.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:12:07, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Downloads\Anti-Spyware and Anti-Virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Clarita Maia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Groowe 2 - {D52EE69D-ADC2-4AE7-BC19-4AEEC1890C76} - C:\PROGRA~1\Groowe\Toolbar2\GrooweToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165866613328
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146321687786
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7949 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071007-091456-519 O23 - Service: TQFTAUVG - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TQFTAUVG.exe (file missing)
backup-20071011-191820-569 O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (file missing)
backup-20071013-204954-278 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
backup-20071013-205000-981 O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
backup-20071013-205001-206 O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
backup-20071013-205001-847 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
backup-20071013-205002-887 O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
backup-20071013-205002-897 O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
backup-20071013-205003-752 O17 - HKLM\System\CS2\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
backup-20071013-205003-758 O17 - HKLM\System\CS1\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
backup-20071013-205003-828 O17 - HKLM\System\CCS\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
backup-20071013-205003-836 O17 - HKLM\System\CS3\Services\Tcpip\..\{1D9EDBEA-92A3-41CE-94CF-B0DB44F29D86}: NameServer = 200.248.106.7,200.248.106.8
backup-20071018-160728-594 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071018-160728-690 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071018-160728-773 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (B.H.A Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R0 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing)
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 UacFlt (Philips Composite Class Filter Driver) - c:\windows\system32\drivers\uacbflt.sys <Not Verified; Micronas GmbH; UAC355x>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\clarit~1\locals~1\temp\catchme.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 psa500 (Sound Agent 2 for Audio Set (WDM)) - c:\windows\system32\drivers\psa500.sys <Not Verified; QSound Labs, Inc.; QSound Virtual Engine>
S3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>
S4 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S4 Ndisicuvm -
S4 PDFCreatorMessages - c:\windows\system32\pdfcreatormessages.exe <Not Verified; Global Graphics Software Ltd.; PDFCreatorMessages Module>
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S4 TQFTAUVG - c:\docume~1\admini~1\locals~1\temp\tqftauvg.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3080103C&REV_10\4&16793A72&0&00F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3080103C&REV_10\4&16793A72&0&00F0
Service: RTL8023xp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11b/g WLAN
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12F8103C&REV_03\4&16793A72&0&30F0
Manufacturer: Broadcom
Name: Broadcom 802.11b/g WLAN
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12F8103C&REV_03\4&16793A72&0&30F0
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3DB481C09F00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3DB481C09F00
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-10-13 22:27:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-09-23 and 2007-10-23 -----------------------------

2007-10-22 09:57:48 0 d-------- C:\Program Files\HP
2007-10-14 17:36:29 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\Skype
2007-10-14 10:31:38 0 d-------- C:\Program Files\Java
2007-10-14 10:31:32 0 d-------- C:\Program Files\Common Files\Java
2007-10-12 14:56:01 122880 --a------ C:\WINDOWS\system32\trc.dll
2007-10-10 09:41:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-08 23:31:06 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-10-08 23:31:04 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-10-08 23:31:03 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-10-08 23:31:03 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-10-08 23:31:01 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-10-08 23:28:46 0 d-------- C:\Program Files\Cucusoft
2007-10-08 22:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-08 18:48:16 0 d-------- C:\Program Files\Skype
2007-10-08 18:48:16 0 d-------- C:\Program Files\Common Files\Skype
2007-10-07 15:52:33 8126464 --a------ C:\Documents and Settings\Clarita Maia\ntuser.dat
2007-10-07 15:52:32 1310720 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-10-07 15:51:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 21:09:06 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-06 10:58:42 0 d-------- C:\Documents and Settings\Clarita Maia\.housecall6.6
2007-10-05 06:54:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-04 11:24:15 0 d-------- C:\Documents and Settings\Clarita Maia\DoctorWeb
2007-10-04 09:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-04 09:45:50 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\SUPERAntiSpyware.com
2007-10-03 06:39:55 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2007-10-23 08:19:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-14 10:31:32 0 d-------- C:\Program Files\Common Files
2007-10-13 18:48:46 0 d-------- C:\Program Files\FlashGet
2007-10-13 16:01:04 0 d-------- C:\Program Files\GetRight
2007-10-12 14:56:12 0 d-------- C:\Program Files\SONY
2007-10-07 10:44:02 0 d-------- C:\Program Files\PC-Linq
2007-10-07 10:44:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 22:36:52 0 d-------- C:\Program Files\Google
2007-10-06 22:29:09 0 d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-10-06 18:44:20 0 d-------- C:\Program Files\GbPlugin
2007-09-30 08:39:55 2241 --a------ C:\WINDOWS\panose.bin
2007-09-21 22:12:34 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-09-17 11:38:30 0 d-------- C:\Program Files\Unit Converter Pro
2007-09-17 11:34:38 0 d-------- C:\Program Files\MailNavigator
2007-09-13 15:16:32 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\Teleca
2007-09-13 15:15:16 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\Sony Ericsson
2007-09-13 15:11:56 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-09-13 15:11:04 0 d-------- C:\Program Files\Sony Ericsson
2007-09-07 20:31:37 0 d-------- C:\Program Files\EmC
2007-09-04 09:52:18 0 d-------- C:\Program Files\QuickTime
2007-09-03 14:31:25 0 d-------- C:\Documents and Settings\Clarita Maia\Application Data\oald7
2007-09-03 14:30:01 0 dr-h----- C:\Documents and Settings\Clarita Maia\Application Data\SecuROM
2007-09-03 14:29:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [21/09/2007 22:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 00:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [25/08/2006 21:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 17:30]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [17/07/2007 02:48]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/10/2006 03:35]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [25/06/2007 22:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [08/08/2007 14:29 209224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P-Install]
F:\Install\installerp1.exe e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QveCtl2Tray]
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]
rundll32 srclient.dll,CreateFirstRunRp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
"C:\program files\voipcheapcom\voipcheapcom.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PDFCreatorClient"=C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7686208e-41f8-11dc-92ba-00904ba43937}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe




-- Hosts -----------------------------------------------------------------------

.de
it


-- End of Deckard's System Scanner: finished at 2007-10-23 09:12:41 ------------


Thank you again Falu,
D.


#11 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:27 AM

Posted 24 October 2007 - 03:32 AM

Hi dreamhouse, :thumbsup:

Thank you again Falu,


You're very welcome.

1. You already have ATF-Cleaner on your computer.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2. You have the latest version of Java installed but also an older version: jre1.5.0_06 which you need to remove.

Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall:

jre1.5.0_06 It should have next icon next to it: Posted Image

3. In the attachment you see a fixd.reg; right-click it to download it to your desktop. Next doubleclick the file to run it.

4. Remove Combofix from your desktop, since there's a new version. Next download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply.

Please post combofix.txt along with a fresh HijackThis log.

Attached Files

  • Attached File  fixd.reg   217bytes   4 downloads


#12 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 24 October 2007 - 10:10 AM

Hello Falu,

So, did everything you advised, except uninstalling jre 1.5.0_06, simply because I had already uninstalled it, before installing the latest Java version. Are there traces of it I have to get rid of? If yes, where to go?

Also, when running Combofix, when it tried to delete the false positive two files that belong to my internet banking plugin (G-Buster), the computer first started the fan thing and froze and after some time of inactivity it popped a blue screen and shut down. When I restarted the laptop I had a catchme.zip with the two (not) deleted files (bb.gpc and gbieh.gmd)plus an IE icon in my desktop.

So, this is the catchme.txt log from Combofix:


file zipped: C:\Program Files\gbplugin\Bb.gpc -> catchme.zip -> Bb.gpc ( 43066 bytes )
error: C:\Program Files\gbplugin\Bb.gpc is not a PE file
file zipped: C:\Program Files\gbplugin\gbieh.gmd -> catchme.zip -> gbieh.gmd ( 2123048 bytes )
error: C:\Program Files\gbplugin\gbieh.gmd is not a PE file
file zipped: C:\Program Files\gbplugin\Bb.gpc -> catchme.zip -> Bb.gpc.1 ( 43066 bytes )
error: C:\Program Files\gbplugin\Bb.gpc is not a PE file
file zipped: C:\Program Files\gbplugin\gbieh.gmd -> catchme.zip -> gbieh.gmd.1 ( 2123048 bytes )
error: C:\Program Files\gbplugin\gbieh.gmd is not a PE file
file zipped: C:\Program Files\gbplugin\Bb.gpc -> catchme.zip -> Bb.gpc ( 38276 bytes )
error: C:\Program Files\gbplugin\Bb.gpc is not a PE file
file zipped: C:\Program Files\gbplugin\gbieh.gmd -> catchme.zip -> gbieh.gmd ( 1038708 bytes )
error: C:\Program Files\gbplugin\gbieh.gmd is not a PE file


And here's the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36, on 2007-10-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Groowe 2 - {D52EE69D-ADC2-4AE7-BC19-4AEEC1890C76} - C:\PROGRA~1\Groowe\Toolbar2\GrooweToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165866613328
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146321687786
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F07AFC1-30EF-486D-A4C3-809D62BF6639}: NameServer = 202.56.250.5 202.56.250.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8040 bytes

Is there a way I can get Combofix to run and not delete my banking files????
Thanks again Falu,
D.


#13 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:27 AM

Posted 26 October 2007 - 10:31 AM

Hi dreamhouse, :thumbsup:

Let's see if another tool will do the job:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

#14 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 26 October 2007 - 10:56 AM

Hi Falu,

OK! Here it goes:



WinPFind3 logfile created on: 26/10/2007 21:11:04
WinPFind3U by OldTimer - Version 1.0.42 Folder = E:\Downloads\Anti-Spyware and Anti-Virus\Winpfind3u\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

478.42 Mb Total Physical Memory | 163.55 Mb Available Physical Memory | 34.18% Memory free
1.09 Gb Paging File | 0.73 Gb Available in Paging File | 67.14% Paging File free
Paging file location(s): c:\pagefile.sys 720 720;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 7.14 Gb Free Space | 29.23% Space Free
Drive D: | 19.53 Gb Total Space | 8.18 Gb Free Space | 41.87% Space Free
Drive E: | 11.74 Gb Total Space | 6.48 Gb Free Space | 55.20% Space Free
F: Drive not present or media not loaded

Computer Name: DREAMHOUSELAPTO
Current User Name: Clarita Maia
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
gbpsv.exe -> %ProgramFiles%\GbPlugin\gbpsv.exe -> [Ver = 2,1,3,0 | Size = 44872 bytes | Modified Date = 08/08/2007 14:29:16 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 17/07/2007 02:48:34 | Attr = ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 21/09/2007 22:12:32 | Attr = ]
nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 21/09/2007 22:12:32 | Attr = ]
robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-7-8 | Size = 144448 bytes | Modified Date = 25/08/2006 21:47:54 | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 476702 bytes | Modified Date = 25/06/2007 22:52:42 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 00:01:58 | Attr = ]
winpfind3u.exe -> E:\Downloads\Anti-Spyware and Anti-Virus\Winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 00:02:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 26/02/2003 15:40:02 | Attr = ]
(ATMsrvc) ATM Service [Win32_Own | Disabled | Stopped] -> %System32%\ATMsrvc.exe -> Adobe Systems Incorporated [Ver = 4.1 Build 243 | Size = 15360 bytes | Modified Date = 24/05/2000 23:50:36 | Attr = ]
(combofix) combofix [Win32_Own | On_Demand | Stopped] -> -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 17:30:00 | Attr = ]
(GbpSv) Gbp Service [Win32_Own | Auto | Running] -> %ProgramFiles%\GbPlugin\gbpsv.exe -> [Ver = 2,1,3,0 | Size = 44872 bytes | Modified Date = 08/08/2007 14:29:16 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 04/03/2007 18:05:50 | Attr = ]
(hpqwmi) HP WMI Interface [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 2 | Size = 98304 bytes | Modified Date = 18/11/2004 09:02:56 | Attr = ]
(ICDSPTSV) Sony SPTI Service for DVE [Win32_Own | Disabled | Stopped] -> %System32%\IcdSptSv.exe -> Sony Corporation [Ver = 3.0.03.04010 | Size = 69632 bytes | Modified Date = 02/04/2003 15:38:30 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 09:11:10 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 17:06:32 | Attr = ]
(Ndisicuvm) Ndisicuvm [Win32_Own | Disabled | Stopped] -> -> File not found
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 21/09/2007 22:12:32 | Attr = ]
(PDFCreatorMessages) PDFCreatorMessages [Win32_Own | Disabled | Stopped] -> %System32%\PDFCreatorMessages.exe -> Global Graphics Software Ltd. [Ver = 3, 61, 0, 2302 | Size = 143360 bytes | Modified Date = 21/03/2005 16:39:40 | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 08/08/2005 21:24:00 | Attr = ]
(TQFTAUVG) TQFTAUVG [Win32_Own | Disabled | Stopped] -> %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TQFTAUVG.exe -> File not found
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 00:01:58 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 21/09/2007 22:12:32 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 98394 bytes | Modified Date = 05/11/2004 03:10:08 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 00:02:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-7-8 | Size = 144448 bytes | Modified Date = 25/08/2006 21:47:54 | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 476702 bytes | Modified Date = 25/06/2007 22:52:42 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 17/07/2007 02:48:34 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ]
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> %ProgramFiles%\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 09/10/2004 15:18:02 | Attr = ]
{E37CB5F0-51F5-4395-A808-5FA49E399F83} [HKLM] -> %ProgramFiles%\GbPlugin\gbieh.dll [GbPlugin ShlObj] -> Banco do Brasil [Ver = 3.6.3.8 | Size = 209224 bytes | Modified Date = 08/08/2007 14:29:16 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3856 | Size = 344064 bytes | Modified Date = 18/06/2004 05:13:36 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (179421 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKLM: Search Bar -> ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: CustomizeSearch -> ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 12:46:42 | Attr = ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 117 | Size = 1312040 bytes | Modified Date = 13/09/2007 13:31:40 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 17/07/2007 02:48:34 | Attr = ]
{C41A1C0E-EA6C-11D4-B1B8-444553540000} [HKLM] -> %ProgramFiles%\GbPlugin\gbieh.dll [GbIehObj Class] -> Banco do Brasil [Ver = 3.6.3.8 | Size = 209224 bytes | Modified Date = 08/08/2007 14:29:16 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 07/07/2007 17:52:54 | Attr = R ]
{D52EE69D-ADC2-4AE7-BC19-4AEEC1890C76} [HKLM] -> %ProgramFiles%\Groowe\Toolbar2\GrooweToolbar2.dll [&Groowe 2] -> [Ver = | Size = 804864 bytes | Modified Date = 12/04/2005 13:21:06 | Attr = ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\fgiebar.dll [FlashGet Bar] -> Amaze Soft [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Modified Date = 07/06/2005 19:36:10 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 07/07/2007 17:52:54 | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 07/07/2007 17:52:54 | Attr = R ]
WebBrowser\\{63837897-A6BB-424F-ACB8-F25C93F87890} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm [ButtonText: Fill Forms] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm [ButtonText: Save] -> File not found
{724d43aa-0d85-11d4-9908-00400523e39a} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm [ButtonText: RoboForm] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07} -> Reg Data - Value does not exist [ButtonText: Skype] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Pesquisar] -> File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> %ProgramFiles%\FlashGet\flashget.exe [ButtonText: FlashGet] -> FlashGet.com [Ver = 1, 7, 2, 0 | Size = 492544 bytes | Modified Date = 23/05/2006 04:52:20 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download All by FlashGet -> %ProgramFiles%\FlashGet\jc_all.htm -> [Ver = | Size = 575 bytes | Modified Date = 06/02/2000 19:36:06 | Attr = ]
Download using FlashGet -> %ProgramFiles%\FlashGet\jc_link.htm -> [Ver = | Size = 1898 bytes | Modified Date = 06/02/2000 19:36:34 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{8488E842-7017-41DA-A011-A0070168DFA4} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{9609EFDC-924E-4604-B948-98A956E83A3D} -> (Broadcom 802.11b/g WLAN) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 13/09/2007 13:31:38 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D44720-58E3-49E6-BDF6-D00330E511D3} -> StagingUI Object - CodeBase = http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/9/b...heckControl.cab ->
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -> VerifyGMN Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1165866613328 ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D} -> HpProductDetection Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1146321687786 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{9D190AE6-C81E-4039-8061-978EBAD10073} -> F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx ->
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.0 - CodeBase = http://java.sun.com/update/1.4.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} -> GbpDistObj Class - CodeBase = https://www14.bancobrasil.com.br/plugin/GbpDist.cab ->
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} -> CTAdjust Class - CodeBase = http://download.microsoft.com/download/7/E...04/clearadj.cab ->
{E9348280-2D74-4933-BE25-73D946926795} -> DeviceEnum Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 24/10/2007 19:57:13 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 23/10/2007 08:54:37 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 06/10/2007 10:16:24 | Attr = ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/10/2007 09:22:44 | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/10/2007 09:24:37 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 06/10/2007 10:14:38 | Attr = ]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 101 bytes | Created Date = 25/10/2007 16:44:53 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 06/10/2007 10:15:33 | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 06/10/2007 10:14:39 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 26/10/2007 10:40:18 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 26/10/2007 10:40:18 | Attr = H ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 24/10/2007 20:06:32 | Attr = ]
ffdshow.ax -> %System32%\ffdshow.ax -> [Ver = 1, 0, 0, 1 | Size = 1761280 bytes | Created Date = 08/10/2007 23:31:05 | Attr = ]
ffdshow.reg -> %System32%\ffdshow.reg -> [Ver = | Size = 34820 bytes | Created Date = 08/10/2007 23:31:06 | Attr = ]
IcdAfs.ax -> %System32%\IcdAfs.ax -> Sony Corporation [Ver = 1.0.01.01310 | Size = 113824 bytes | Created Date = 12/10/2007 14:56:03 | Attr = ]
icdcomm3.dll -> %System32%\icdcomm3.dll -> Sony Corporation [Ver = 1.0.00.10030 | Size = 118784 bytes | Created Date = 12/10/2007 14:56:02 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 14/10/2007 10:33:09 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 14/10/2007 10:33:09 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 14/10/2007 10:33:09 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 14/10/2007 10:33:09 | Attr = ]
libavcodec.dll -> %System32%\libavcodec.dll -> [Ver = | Size = 2255360 bytes | Created Date = 08/10/2007 23:31:01 | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 06/10/2007 21:09:26 | Attr = ]
libmpeg2_ff.dll -> %System32%\libmpeg2_ff.dll -> [Ver = | Size = 112640 bytes | Created Date = 08/10/2007 23:31:03 | Attr = ]
libmplayer.dll -> %System32%\libmplayer.dll -> [Ver = | Size = 395776 bytes | Created Date = 08/10/2007 23:31:03 | Attr = ]
PowerToysLicense.rtf -> %System32%\PowerToysLicense.rtf -> [Ver = | Size = 160217 bytes | Created Date = 26/10/2007 14:59:55 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Created Date = 06/10/2007 10:14:38 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 06/10/2007 10:14:38 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 06/10/2007 10:14:38 | Attr = ]
TomsMoComp_ff.dll -> %System32%\TomsMoComp_ff.dll -> [Ver = | Size = 262144 bytes | Created Date = 08/10/2007 23:31:04 | Attr = ]
trc.dll -> %System32%\trc.dll -> [Ver = | Size = 122880 bytes | Created Date = 12/10/2007 14:56:01 | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 06/10/2007 10:14:38 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 47198 bytes | Created Date = 06/10/2007 21:08:59 | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 06/10/2007 21:08:14 | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Created Date = 06/10/2007 21:08:59 | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 157424 bytes | Created Date = 06/10/2007 21:08:14 | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 104176 bytes | Created Date = 06/10/2007 21:09:06 | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 276208 bytes | Created Date = 06/10/2007 21:09:06 | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 06/10/2007 21:09:25 | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 472816 bytes | Created Date = 06/10/2007 21:08:14 | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 06/10/2007 21:09:08 | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 100080 bytes | Created Date = 06/10/2007 21:09:07 | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 372736 bytes | Created Date = 08/10/2007 23:31:00 | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 83696 bytes | Created Date = 06/10/2007 21:09:20 | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 71408 bytes | Created Date = 06/10/2007 21:09:20 | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 06/10/2007 21:09:06 | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 06/10/2007 21:09:07 | Attr = ]
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 762780 bytes | Created Date = 06/10/2007 13:03:54 | Attr = ]
3dfxvs.dll -> %System32%\dllcache\3dfxvs.dll -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 689216 bytes | Created Date = 06/10/2007 13:03:56 | Attr = ]
3dfxvsm.sys -> %System32%\dllcache\3dfxvsm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 148352 bytes | Created Date = 06/10/2007 13:03:56 | Attr = ]
a3d.dll -> %System32%\dllcache\a3d.dll -> Aureal Semiconductor [Ver = 2.09 | Size = 98304 bytes | Created Date = 06/10/2007 13:04:00 | Attr = ]
a3dapi.dll -> %System32%\dllcache\a3dapi.dll -> Aureal Inc. [Ver = 3.02 | Size = 462848 bytes | Created Date = 06/10/2007 13:04:01 | Attr = ]
ac97ali.sys -> %System32%\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 06/10/2007 13:04:04 | Attr = ]
ac97intc.sys -> %System32%\dllcache\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Created Date = 06/10/2007 13:04:07 | Attr = ]
ac97sis.sys -> %System32%\dllcache\ac97sis.sys -> Silicon Integrated Systems Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 297728 bytes | Created Date = 06/10/2007 13:04:08 | Attr = ]
ac97via.sys -> %System32%\dllcache\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Created Date = 06/10/2007 13:04:09 | Attr = ]
acerscad.dll -> %System32%\dllcache\acerscad.dll -> Color Flatbed Scanner [Ver = 1, 0, 0, 0 | Size = 61440 bytes | Created Date = 06/10/2007 13:04:13 | Attr = ]
adm8511.sys -> %System32%\dllcache\adm8511.sys -> ADMtek Incorporated [Ver = 2.04.2001.0719 built by: WinDDK | Size = 20160 bytes | Created Date = 06/10/2007 13:04:21 | Attr = ]
adm8810.sys -> %System32%\dllcache\adm8810.sys -> Aureal, Inc. [Ver = 5.12.01.3500 | Size = 584448 bytes | Created Date = 06/10/2007 13:04:22 | Attr = ]
adm8820.sys -> %System32%\dllcache\adm8820.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 553984 bytes | Created Date = 06/10/2007 13:04:24 | Attr = ]
adm8830.sys -> %System32%\dllcache\adm8830.sys -> Aureal, Inc. [Ver = 5.12.01.2500 | Size = 747392 bytes | Created Date = 06/10/2007 13:04:25 | Attr = ]
admjoy.sys -> %System32%\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 06/10/2007 13:04:27 | Attr = ]
adptsf50.sys -> %System32%\dllcache\adptsf50.sys -> Adaptec, Inc [Ver = V5.10.22 | Size = 46112 bytes | Created Date = 06/10/2007 13:04:29 | Attr = ]
adv01nt5.dll -> %System32%\dllcache\adv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 06/10/2007 13:04:34 | Attr = ]
adv02nt5.dll -> %System32%\dllcache\adv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 06/10/2007 13:04:35 | Attr = ]
adv05nt5.dll -> %System32%\dllcache\adv05nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 06/10/2007 13:04:36 | Attr = ]
adv07nt5.dll -> %System32%\dllcache\adv07nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 06/10/2007 13:04:38 | Attr = ]
adv08nt5.dll -> %System32%\dllcache\adv08nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 06/10/2007 13:04:39 | Attr = ]
adv09nt5.dll -> %System32%\dllcache\adv09nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 06/10/2007 13:04:40 | Attr = ]
adv11nt5.dll -> %System32%\dllcache\adv11nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 06/10/2007 13:04:40 | Attr = ]
ali5261.sys -> %System32%\dllcache\ali5261.sys -> Acer Laboratories Inc. [Ver = 5.01.2462.0102 | Size = 27678 bytes | Created Date = 06/10/2007 13:04:55 | Attr = ]
alifir.sys -> %System32%\dllcache\alifir.sys -> Acer Laboratories Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26624 bytes | Created Date = 06/10/2007 13:04:56 | Attr = ]
amb8002.sys -> %System32%\dllcache\amb8002.sys -> AmbiCom, Inc. [Ver = v3.03 | Size = 16969 bytes | Created Date = 06/10/2007 13:04:57 | Attr = ]
an983.sys -> %System32%\dllcache\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Created Date = 06/10/2007 13:04:58 | Attr = ]
asc.sys -> %System32%\dllcache\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Created Date = 06/10/2007 13:05:04 | Attr = ]
asc3550.sys -> %System32%\dllcache\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Created Date = 06/10/2007 13:05:05 | Attr = ]
aspndis3.sys -> %System32%\dllcache\aspndis3.sys -> Bay Networks, Inc. [Ver = 3.23.11 | Size = 97354 bytes | Created Date = 06/10/2007 13:05:06 | Attr = ]
ati.sys -> %System32%\dllcache\ati.sys -> ATI Technologies, Inc. [Ver = 3.0.62 (XPClient.010817-1148) | Size = 77568 bytes | Created Date = 06/10/2007 13:05:09 | Attr = ]
ati1btxx.sys -> %System32%\dllcache\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 06/10/2007 13:05:10 | Attr = ]
ati1mdxx.sys -> %System32%\dllcache\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 06/10/2007 13:05:11 | Attr = ]
ati1pdxx.sys -> %System32%\dllcache\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 06/10/2007 13:05:12 | Attr = ]
ati1raxx.sys -> %System32%\dllcache\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 06/10/2007 13:05:12 | Attr = ]
ati1rvxx.sys -> %System32%\dllcache\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 06/10/2007 13:05:13 | Attr = ]
ati1snxx.sys -> %System32%\dllcache\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 06/10/2007 13:05:14 | Attr = ]
ati1ttxx.sys -> %System32%\dllcache\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 06/10/2007 13:05:15 | Attr = ]
ati1tuxx.sys -> %System32%\dllcache\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 06/10/2007 13:05:15 | Attr = ]
ati1xbxx.sys -> %System32%\dllcache\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 06/10/2007 13:05:17 | Attr = ]
ati1xsxx.sys -> %System32%\dllcache\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 06/10/2007 13:05:18 | Attr = ]
ati2cqag.dll -> %System32%\dllcache\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 06/10/2007 13:05:19 | Attr = ]
ati2dvaa.dll -> %System32%\dllcache\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 06/10/2007 13:05:19 | Attr = ]
ati2dvag.dll -> %System32%\dllcache\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 06/10/2007 13:05:20 | Attr = ]
ati2mtaa.sys -> %System32%\dllcache\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 06/10/2007 13:05:21 | Attr = ]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 06/10/2007 13:05:22 | Attr = ]
ati3d1ag.dll -> %System32%\dllcache\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 06/10/2007 13:05:23 | Attr = ]
ati3duag.dll -> %System32%\dllcache\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 06/10/2007 13:05:24 | Attr = ]
atibt829.sys -> %System32%\dllcache\atibt829.sys -> [Ver = | Size = 46464 bytes | Created Date = 06/10/2007 13:05:25 | Attr = ]
atidrab.dll -> %System32%\dllcache\atidrab.dll -> ATI Technologies Inc. [Ver = 5.01.2195.5012 (ReleasedBinaries.010718-0005) | Size = 382592 bytes | Created Date = 06/10/2007 13:05:26 | Attr = ]
atidrae.dll -> %System32%\dllcache\atidrae.dll -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 137216 bytes | Created Date = 06/10/2007 13:05:27 | Attr = ]
atidvai.dll -> %System32%\dllcache\atidvai.dll -> ATI Technologies Inc. [Ver = 5.10.2280.1028 (ReleasedBinaries.010715-1631) | Size = 268160 bytes | Created Date = 06/10/2007 13:05:28 | Attr = ]
atimpab.sys -> %System32%\dllcache\atimpab.sys -> ATI Technologies Inc. [Ver = 5.00.2195.5007 (ReleasedBinaries.010718-0005) | Size = 289664 bytes | Created Date = 06/10/2007 13:05:32 | Attr = ]
atimpae.sys -> %System32%\dllcache\atimpae.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 75136 bytes | Created Date = 06/10/2007 13:05:33 | Attr = ]
atimtai.sys -> %System32%\dllcache\atimtai.sys -> ATI Technologies Inc. [Ver = 5.13.01.1140 (ReleasedBinaries.010715-1631) | Size = 281600 bytes | Created Date = 06/10/2007 13:05:34 | Attr = ]
atinbtxx.sys -> %System32%\dllcache\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 06/10/2007 13:05:35 | Attr = ]
atinmdxx.sys -> %System32%\dllcache\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 06/10/2007 13:05:36 | Attr = ]
atinpdxx.sys -> %System32%\dllcache\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 06/10/2007 13:05:36 | Attr = ]
atinraxx.sys -> %System32%\dllcache\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 06/10/2007 13:05:37 | Attr = ]
atinrvxx.sys -> %System32%\dllcache\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 06/10/2007 13:05:38 | Attr = ]
atinsnxx.sys -> %System32%\dllcache\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 06/10/2007 13:05:40 | Attr = ]
atinttxx.sys -> %System32%\dllcache\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 06/10/2007 13:05:41 | Attr = ]
atintuxx.sys -> %System32%\dllcache\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 06/10/2007 13:05:42 | Attr = ]
atinxbxx.sys -> %System32%\dllcache\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 06/10/2007 13:05:43 | Attr = ]
atinxsxx.sys -> %System32%\dllcache\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 06/10/2007 13:05:44 | Attr = ]
atipcxxx.sys -> %System32%\dllcache\atipcxxx.sys -> [Ver = | Size = 10240 bytes | Created Date = 06/10/2007 13:05:45 | Attr = ]
atiraged.dll -> %System32%\dllcache\atiraged.dll -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 104832 bytes | Created Date = 06/10/2007 13:05:46 | Attr = ]
atiragem.sys -> %System32%\dllcache\atiragem.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 70528 bytes | Created Date = 06/10/2007 13:05:46 | Attr = ]
atirtcap.sys -> %System32%\dllcache\atirtcap.sys -> [Ver = | Size = 49920 bytes | Created Date = 06/10/2007 13:05:47 | Attr = ]
atirtsnd.sys -> %System32%\dllcache\atirtsnd.sys -> [Ver = | Size = 26880 bytes | Created Date = 06/10/2007 13:05:47 | Attr = ]
atitunep.sys -> %System32%\dllcache\atitunep.sys -> [Ver = | Size = 17152 bytes | Created Date = 06/10/2007 13:05:48 | Attr = ]
atitvsnd.sys -> %System32%\dllcache\atitvsnd.sys -> [Ver = | Size = 17152 bytes | Created Date = 06/10/2007 13:05:48 | Attr = ]
ativdaxx.ax -> %System32%\dllcache\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 06/10/2007 13:05:49 | Attr = ]
ativmdcd.sys -> %System32%\dllcache\ativmdcd.sys -> [Ver = | Size = 9472 bytes | Created Date = 06/10/2007 13:05:50 | Attr = ]
ativmvxx.ax -> %System32%\dllcache\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 06/10/2007 13:05:50 | Attr = ]
ativtmxx.dll -> %System32%\dllcache\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 06/10/2007 13:05:51 | Attr = ]
ativttxx.sys -> %System32%\dllcache\ativttxx.sys -> [Ver = | Size = 19456 bytes | Created Date = 06/10/2007 13:05:52 | Attr = ]
ativvaxx.dll -> %System32%\dllcache\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 06/10/2007 13:05:53 | Attr = ]
ativxbar.sys -> %System32%\dllcache\ativxbar.sys -> [Ver = | Size = 26624 bytes | Created Date = 06/10/2007 13:05:54 | Attr = ]
atixbar.sys -> %System32%\dllcache\atixbar.sys -> [Ver = | Size = 23552 bytes | Created Date = 06/10/2007 13:05:55 | Attr = ]
atv01nt5.dll -> %System32%\dllcache\atv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 06/10/2007 13:05:58 | Attr = ]
atv02nt5.dll -> %System32%\dllcache\atv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 06/10/2007 13:05:59 | Attr = ]
atv04nt5.dll -> %System32%\dllcache\atv04nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 06/10/2007 13:06:00 | Attr = ]
atv06nt5.dll -> %System32%\dllcache\atv06nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 06/10/2007 13:06:01 | Attr = ]
atv10nt5.dll -> %System32%\dllcache\atv10nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 06/10/2007 13:06:03 | Attr = ]
avmcoxp.dll -> %System32%\dllcache\avmcoxp.dll -> AVM GmbH [Ver = 2.4 | Size = 87552 bytes | Created Date = 06/10/2007 13:06:10 | Attr = ]
avmenum.dll -> %System32%\dllcache\avmenum.dll -> AVM GmbH [Ver = 1, 0, 0, 3 | Size = 144384 bytes | Created Date = 06/10/2007 13:06:11 | Attr = ]
avmwan.sys -> %System32%\dllcache\avmwan.sys -> AVM GmbH [Ver = 02.04.00 | Size = 37568 bytes | Created Date = 06/10/2007 13:06:12 | Attr = ]
aztw2320.sys -> %System32%\dllcache\aztw2320.sys -> Aztech Systems Ltd [Ver = 5.1.2501.0 built by: WinDDK | Size = 36992 bytes | Created Date = 06/10/2007 13:06:14 | Attr = ]
b1cbase.sys -> %System32%\dllcache\b1cbase.sys -> AVM GmbH [Ver = 5.2 | Size = 89952 bytes | Created Date = 06/10/2007 13:06:15 | Attr = ]
b57xp32.sys -> %System32%\dllcache\b57xp32.sys -> Broadcom Corporation [Ver = 2.16b.0.0 built by: WinDDK | Size = 96640 bytes | Created Date = 06/10/2007 13:06:16 | Attr = ]
banshee.dll -> %System32%\dllcache\banshee.dll -> 3Dfx Interactive, Inc. [Ver = 5.00.2462.60 | Size = 342336 bytes | Created Date = 06/10/2007 13:06:16 | Attr = ]
banshee.sys -> %System32%\dllcache\banshee.sys -> 3Dfx Interactive, Inc. [Ver = 5.00.2462.60 | Size = 36128 bytes | Created Date = 06/10/2007 13:06:17 | Attr = ]
bcm42u.sys -> %System32%\dllcache\bcm42u.sys -> Broadcom Corporation [Ver = 2.29.0.8 | Size = 66557 bytes | Created Date = 06/10/2007 13:06:21 | Attr = ]
bcm42xx5.sys -> %System32%\dllcache\bcm42xx5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 54271 bytes | Created Date = 06/10/2007 13:06:21 | Attr = ]
bcm4e5.sys -> %System32%\dllcache\bcm4e5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 26568 bytes | Created Date = 06/10/2007 13:06:23 | Attr = ]
bcmdm.sys -> %System32%\dllcache\bcmdm.sys -> BCM [Ver = 3.2.12.9 07/17/2001 14:21:30 | Size = 871388 bytes | Created Date = 06/10/2007 13:06:24 | Attr = ]
brbidiif.dll -> %System32%\dllcache\brbidiif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 19456 bytes | Created Date = 06/10/2007 13:06:31 | Attr = ]
brcoinst.dll -> %System32%\dllcache\brcoinst.dll -> Brother Industries Ltd. [Ver = 1.0.0.8 (Lab06_N.010129-0357) | Size = 9728 bytes | Created Date = 06/10/2007 13:06:32 | Attr = ]
brevif.dll -> %System32%\dllcache\brevif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 12800 bytes | Created Date = 06/10/2007 13:06:33 | Attr = ]
brfilt.sys -> %System32%\dllcache\brfilt.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 2944 bytes | Created Date = 06/10/2007 13:06:34 | Attr = ]
brfiltlo.sys -> %System32%\dllcache\brfiltlo.sys -> Brother Industries, Ltd. [Ver = 1.09.000 (Lab06_N.010129-0357) | Size = 12160 bytes | Created Date = 06/10/2007 13:06:35 | Attr = ]
brfiltup.sys -> %System32%\dllcache\brfiltup.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (Lab06_N.010129-0357) | Size = 3968 bytes | Created Date = 06/10/2007 13:06:36 | Attr = ]
brmfbidi.dll -> %System32%\dllcache\brmfbidi.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 15360 bytes | Created Date = 06/10/2007 13:06:36 | Attr = ]
brmflpt.dll -> %System32%\dllcache\brmflpt.dll -> Brother Industries, Ltd. [Ver = 1.45.15.346 | Size = 29696 bytes | Created Date = 06/10/2007 13:06:38 | Attr = ]
brmfrsmg.exe -> %System32%\dllcache\brmfrsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 32256 bytes | Created Date = 06/10/2007 13:06:39 | Attr = ]
brmfusb.dll -> %System32%\dllcache\brmfusb.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 41472 bytes | Created Date = 06/10/2007 13:06:40 | Attr = ]
brparimg.sys -> %System32%\dllcache\brparimg.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 3168 bytes | Created Date = 06/10/2007 13:06:45 | Attr = ]
brparwdm.sys -> %System32%\dllcache\brparwdm.sys -> Brother Industries Ltd. [Ver = 1.00 | Size = 39552 bytes | Created Date = 06/10/2007 13:06:47 | Attr = ]
brscnrsm.dll -> %System32%\dllcache\brscnrsm.dll -> Brother Industries,Ltd. [Ver = 1.0.0.14 | Size = 5120 bytes | Created Date = 06/10/2007 13:06:49 | Attr = ]
brserif.dll -> %System32%\dllcache\brserif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 9728 bytes | Created Date = 06/10/2007 13:06:51 | Attr = ]
brserwdm.sys -> %System32%\dllcache\brserwdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.15 (Lab06_N.010129-0357) | Size = 60416 bytes | Created Date = 06/10/2007 13:06:51 | Attr = ]
brusbmdm.sys -> %System32%\dllcache\brusbmdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 (Lab06_N.010129-0357) | Size = 11008 bytes | Created Date = 06/10/2007 13:06:52 | Attr = ]
brusbscn.sys -> %System32%\dllcache\brusbscn.sys -> Brother Industries Ltd. [Ver = 1,0,0,6 (Lab06_N.010129-0357) | Size = 10368 bytes | Created Date = 06/10/2007 13:06:54 | Attr = ]
brzwlan.sys -> %System32%\dllcache\brzwlan.sys -> BreezeCOM [Ver = 4.4.1.18 | Size = 31529 bytes | Created Date = 06/10/2007 13:06:55 | Attr = ]
cb102.sys -> %System32%\dllcache\cb102.sys -> Fast Ethernet Controller Provider [Ver = 2.20.0.0 | Size = 37916 bytes | Created Date = 06/10/2007 13:07:50 | Attr = ]
cb325.sys -> %System32%\dllcache\cb325.sys -> Silicom Ltd. [Ver = 4.106.24 | Size = 39680 bytes | Created Date = 06/10/2007 13:07:52 | Attr = ]
cben5.sys -> %System32%\dllcache\cben5.sys -> Xircom, Inc. [Ver = 3.14.05.00 | Size = 46108 bytes | Created Date = 06/10/2007 13:07:52 | Attr = ]
cbmdmkxx.sys -> %System32%\dllcache\cbmdmkxx.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 714698 bytes | Created Date = 06/10/2007 13:07:53 | Attr = ]
ce2n5.sys -> %System32%\dllcache\ce2n5.sys -> Xircom, Inc. [Ver = 3.06.04.00 | Size = 21530 bytes | Created Date = 06/10/2007 13:07:57 | Attr = ]
ce3n5.sys -> %System32%\dllcache\ce3n5.sys -> Xircom, Inc. [Ver = 2.11.01.00 | Size = 27164 bytes | Created Date = 06/10/2007 13:07:59 | Attr = ]
cem28n5.sys -> %System32%\dllcache\cem28n5.sys -> Xircom, Inc. [Ver = 1.22.02.00 | Size = 22044 bytes | Created Date = 06/10/2007 13:08:00 | Attr = ]
cem33n5.sys -> %System32%\dllcache\cem33n5.sys -> Xircom, Inc. [Ver = 1.22.02.00 | Size = 22044 bytes | Created Date = 06/10/2007 13:08:00 | Attr = ]
cem56n5.sys -> %System32%\dllcache\cem56n5.sys -> Xircom, Inc. [Ver = 2.70.02.00 | Size = 49182 bytes | Created Date = 06/10/2007 13:08:01 | Attr = ]
ch7xxnt5.dll -> %System32%\dllcache\ch7xxnt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 06/10/2007 13:08:03 | Attr = ]
cicap.sys -> %System32%\dllcache\cicap.sys -> Xircom [Ver = 4.0.0.41 | Size = 980034 bytes | Created Date = 06/10/2007 13:08:13 | Attr = ]
cinemclc.sys -> %System32%\dllcache\cinemclc.sys -> RAVISENT Technologies Inc. [Ver = 5.0.00.0081 | Size = 272640 bytes | Created Date = 06/10/2007 13:08:15 | Attr = ]
cmbp0wdm.sys -> %System32%\dllcache\cmbp0wdm.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 20736 bytes | Created Date = 06/10/2007 13:08:26 | Attr = ]
cmdide.sys -> %System32%\dllcache\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Created Date = 06/10/2007 13:08:27 | Attr = ]
cnxt1803.sys -> %System32%\dllcache\cnxt1803.sys -> Conexant Systems, Inc. [Ver = V1.15.7 | Size = 39936 bytes | Created Date = 06/10/2007 13:08:32 | Attr = ]
cpqndis5.sys -> %System32%\dllcache\cpqndis5.sys -> Compaq Computer Corporation [Ver = 3.06.04.00 | Size = 21533 bytes | Created Date = 06/10/2007 13:08:44 | Attr = ]
cpqtrnd5.sys -> %System32%\dllcache\cpqtrnd5.sys -> Compaq Computer Corp. [Ver = 5.84.02 | Size = 60970 bytes | Created Date = 06/10/2007 13:08:45 | Attr = ]
cpscan.dll -> %System32%\dllcache\cpscan.dll -> COMPAQ Inc. [Ver = 1.0.0.7 | Size = 216064 bytes | Created Date = 06/10/2007 13:08:47 | Attr = ]
crtaud.sys -> %System32%\dllcache\crtaud.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 42112 bytes | Created Date = 06/10/2007 13:08:49 | Attr = ]
ctlfacem.sys -> %System32%\dllcache\ctlfacem.sys -> Creative Technology Ltd. [Ver = 5.12.01.2108 built by: WinDDK | Size = 6912 bytes | Created Date = 06/10/2007 13:08:53 | Attr = ]
ctljystk.sys -> %System32%\dllcache\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Created Date = 06/10/2007 13:08:54 | Attr = ]
ctlsb16.sys -> %System32%\dllcache\ctlsb16.sys -> Copyright © Creative Technology Ltd. 1994-2001 [Ver = 5.1.2501.0 built by: WinDDK | Size = 96256 bytes | Created Date = 06/10/2007 13:08:56 | Attr = ]
ctmasetp.dll -> %System32%\dllcache\ctmasetp.dll -> Comtrol® Corporation [Ver = 5.1.2600.2180 | Size = 249856 bytes | Created Date = 06/10/2007 13:08:58 | Attr = ]
ctwdm32.dll -> %System32%\dllcache\ctwdm32.dll -> Creative Technology Ltd. [Ver = 5.0.0.2001 | Size = 4096 bytes | Created Date = 06/10/2007 13:08:59 | Attr = ]
cwbase.sys -> %System32%\dllcache\cwbase.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3072 bytes | Created Date = 06/10/2007 13:09:01 | Attr = ]
cwbmidi.sys -> %System32%\dllcache\cwbmidi.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3072 bytes | Created Date = 06/10/2007 13:09:02 | Attr = ]
cwbwdm.sys -> %System32%\dllcache\cwbwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 72832 bytes | Created Date = 06/10/2007 13:09:03 | Attr = ]
cwcosnt5.sys -> %System32%\dllcache\cwcosnt5.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3584 bytes | Created Date = 06/10/2007 13:09:05 | Attr = ]
cwcspud.sys -> %System32%\dllcache\cwcspud.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 111872 bytes | Created Date = 06/10/2007 13:09:06 | Attr = ]
cwcwdm.sys -> %System32%\dllcache\cwcwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 93952 bytes | Created Date = 06/10/2007 13:09:07 | Attr = ]
cwrwdm.sys -> %System32%\dllcache\cwrwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.2.3790.0 built by: WinDDK | Size = 48640 bytes | Created Date = 06/10/2007 13:09:09 | Attr = ]
d100ib5.sys -> %System32%\dllcache\d100ib5.sys -> Intel Corporation [Ver = 5.41.17.0000 built by: WinDDK | Size = 117760 bytes | Created Date = 06/10/2007 13:09:21 | Attr = ]
dac2w2k.sys -> %System32%\dllcache\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Created Date = 06/10/2007 13:09:29 | Attr = ]
dc21x4.sys -> %System32%\dllcache\dc21x4.sys -> Intel Corporation. [Ver = 5.05.04 | Size = 63208 bytes | Created Date = 06/10/2007 13:09:42 | Attr = ]
defpa.sys -> %System32%\dllcache\defpa.sys -> Digital Networks, LLC [Ver = 5.5 built by: WinDDK | Size = 20928 bytes | Created Date = 06/10/2007 13:09:54 | Attr = ]
devcon32.dll -> %System32%\dllcache\devcon32.dll -> Creative Technology Ltd. [Ver = 4.06.651 | Size = 256512 bytes | Created Date = 06/10/2007 13:09:59 | Attr = ]
devldr32.exe -> %System32%\dllcache\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Created Date = 06/10/2007 13:10:01 | Attr = ]
dfe650.sys -> %System32%\dllcache\dfe650.sys -> D-Link [Ver = 5.00.2128.1 | Size = 24648 bytes | Created Date = 06/10/2007 13:10:05 | Attr = ]
dfe650d.sys -> %System32%\dllcache\dfe650d.sys -> D-Link [Ver = 5.00.2128.1 | Size = 24649 bytes | Created Date = 06/10/2007 13:10:06 | Attr = ]
dgapci.sys -> %System32%\dllcache\dgapci.sys -> Digi International Inc. [Ver = v3.7.3.0 | Size = 29531 bytes | Created Date = 06/10/2007 13:10:10 | Attr = ]
dgconfig.dll -> %System32%\dllcache\dgconfig.dll -> Digi International [Ver = v3.7.3.0 | Size = 419357 bytes | Created Date = 06/10/2007 13:10:12 | Attr = ]
diapi2.sys -> %System32%\dllcache\diapi2.sys -> Eicon Technology [Ver = 1.0.1.390 | Size = 164923 bytes | Created Date = 06/10/2007 13:07:46 | Attr = ]
diapi2NT.dll -> %System32%\dllcache\diapi2NT.dll -> Eicon Technology Corporation [Ver = 2.10 101-390 | Size = 32256 bytes | Created Date = 06/10/2007 13:07:48 | Attr = ]
digiasyn.dll -> %System32%\dllcache\digiasyn.dll -> Digi International Inc. [Ver = 3.10 | Size = 65622 bytes | Created Date = 06/10/2007 13:10:29 | Attr = ]
digiasyn.sys -> %System32%\dllcache\digiasyn.sys -> Digi International Inc. [Ver = 3.10 | Size = 37735 bytes | Created Date = 06/10/2007 13:10:31 | Attr = ]
digidbp.dll -> %System32%\dllcache\digidbp.dll -> Digi International Inc. [Ver = 3.10 | Size = 131156 bytes | Created Date = 06/10/2007 13:10:32 | Attr = ]
digidxb.sys -> %System32%\dllcache\digidxb.sys -> Digi International Inc. [Ver = 3.10 | Size = 103044 bytes | Created Date = 06/10/2007 13:10:33 | Attr = ]
digifep5.sys -> %System32%\dllcache\digifep5.sys -> Digi International Inc. [Ver = v3.7.3.0 | Size = 90525 bytes | Created Date = 06/10/2007 13:10:35 | Attr = ]
digifwrk.dll -> %System32%\dllcache\digifwrk.dll -> Digi International Inc. [Ver = 3.10 | Size = 229462 bytes | Created Date = 06/10/2007 13:10:36 | Attr = ]
digihlc.dll -> %System32%\dllcache\digihlc.dll -> Digi International Inc. [Ver = 3.10 | Size = 159828 bytes | Created Date = 06/10/2007 13:10:38 | Attr = ]
digiinf.dll -> %System32%\dllcache\digiinf.dll -> Digi International Inc. [Ver = 3.10 | Size = 102484 bytes | Created Date = 06/10/2007 13:10:42 | Attr = ]
digiisdn.dll -> %System32%\dllcache\digiisdn.dll -> Digi International Inc. [Ver = 3.10 | Size = 41046 bytes | Created Date = 06/10/2007 13:10:43 | Attr = ]
digiisdn.sys -> %System32%\dllcache\digiisdn.sys -> Digi International Inc. [Ver = 3.10 | Size = 21606 bytes | Created Date = 06/10/2007 13:10:45 | Attr = ]
digirlpt.dll -> %System32%\dllcache\digirlpt.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 110621 bytes | Created Date = 06/10/2007 13:10:46 | Attr = ]
digirlpt.sys -> %System32%\dllcache\digirlpt.sys -> Digi International, Inc. [Ver = 2.3.7 | Size = 42432 bytes | Created Date = 06/10/2007 13:10:48 | Attr = ]
digiview.exe -> %System32%\dllcache\digiview.exe -> Digi International Inc. [Ver = 3.10 | Size = 614429 bytes | Created Date = 06/10/2007 13:10:51 | Attr = ]
dimaint.sys -> %System32%\dllcache\dimaint.sys -> Eicon Technology [Ver = 2.0.1.315 | Size = 91305 bytes | Created Date = 06/10/2007 13:10:53 | Attr = ]
disrvci.dll -> %System32%\dllcache\disrvci.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 6729 bytes | Created Date = 06/10/2007 13:11:05 | Attr = ]
disrvpp.dll -> %System32%\dllcache\disrvpp.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 31305 bytes | Created Date = 06/10/2007 13:11:07 | Attr = ]
disrvsu.dll -> %System32%\dllcache\disrvsu.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 38985 bytes | Created Date = 06/10/2007 13:11:08 | Attr = ]
ditrace.exe -> %System32%\dllcache\ditrace.exe -> Eicon Technology [Ver = 2.0.1.315 | Size = 236060 bytes | Created Date = 06/10/2007 13:11:09 | Attr = ]
divaci.dll -> %System32%\dllcache\divaci.dll -> [Ver = | Size = 6216 bytes | Created Date = 06/10/2007 13:11:13 | Attr = ]
divaprop.dll -> %System32%\dllcache\divaprop.dll -> [Ver = | Size = 37962 bytes | Created Date = 06/10/2007 13:11:14 | Attr = ]
divasu.dll -> %System32%\dllcache\divasu.dll -> [Ver = | Size = 29768 bytes | Created Date = 06/10/2007 13:11:15 | Attr = ]
diwan.sys -> %System32%\dllcache\diwan.sys -> Eicon Technology [Ver = 2.0.1.700 | Size = 952007 bytes | Created Date = 06/10/2007 13:11:18 | Attr = ]
dlh5xnd5.sys -> %System32%\dllcache\dlh5xnd5.sys -> D-Link Corporation [Ver = v2.5.4 | Size = 26698 bytes | Created Date = 06/10/2007 13:11:19 | Attr = ]
dm9pci5.sys -> %System32%\dllcache\dm9pci5.sys -> CNet Technology, Inc. [Ver = 1.23.01.0228 built by: WinDDK | Size = 29696 bytes | Created Date = 06/10/2007 13:11:24 | Attr = ]
dp83820.sys -> %System32%\dllcache\dp83820.sys -> National Semiconductor Coproration [Ver = 5.0.4.17 | Size = 28062 bytes | Created Date = 06/10/2007 13:11:43 | Attr = ]
ds1wdm.sys -> %System32%\dllcache\ds1wdm.sys -> Yamaha Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 334208 bytes | Created Date = 06/10/2007 13:11:53 | Attr = ]
e1000nt5.sys -> %System32%\dllcache\e1000nt5.sys -> Intel Corporation [Ver = 2.94.294.0 | Size = 50719 bytes | Created Date = 06/10/2007 13:12:05 | Attr = ]
e100b325.sys -> %System32%\dllcache\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Created Date = 06/10/2007 13:12:07 | Attr = ]
e100isa4.sys -> %System32%\dllcache\e100isa4.sys -> Intel Corporation [Ver = 5.0.5.0 | Size = 19594 bytes | Created Date = 06/10/2007 13:12:08 | Attr = ]
el515.sys -> %System32%\dllcache\el515.sys -> 3Com Corporation [Ver = 1.08.03 | Size = 44103 bytes | Created Date = 06/10/2007 13:12:10 | Attr = ]
el556nd5.sys -> %System32%\dllcache\el556nd5.sys -> 3Com Corporation [Ver = 1.21.00.001 | Size = 55999 bytes | Created Date = 06/10/2007 13:12:12 | Attr = ]
el574nd4.sys -> %System32%\dllcache\el574nd4.sys -> 3Com Corporation [Ver = 2.00.03.4001 | Size = 24653 bytes | Created Date = 06/10/2007 13:12:14 | Attr = ]
el575nd5.sys -> %System32%\dllcache\el575nd5.sys -> 3Com Corporation [Ver = 2.60.5000.0020 | Size = 69692 bytes | Created Date = 06/10/2007 13:12:16 | Attr = ]
el589nd5.sys -> %System32%\dllcache\el589nd5.sys -> 3Com Corporation [Ver = 2.50.50.0033 | Size = 26141 bytes | Created Date = 06/10/2007 13:12:17 | Attr = ]
el656cd5.sys -> %System32%\dllcache\el656cd5.sys -> 3Com Corporation [Ver = 3.00.5000.0004 | Size = 69194 bytes | Created Date = 06/10/2007 13:12:19 | Attr = ]
el656ct5.sys -> %System32%\dllcache\el656ct5.sys -> 3Com Corporation [Ver = 1.00.4002.0070 | Size = 634134 bytes | Created Date = 06/10/2007 13:12:20 | Attr = ]
el656nd5.sys -> %System32%\dllcache\el656nd5.sys -> 3Com Corporation [Ver = 1.50.5000.0007 | Size = 77386 bytes | Created Date = 06/10/2007 13:12:22 | Attr = ]
el656se5.sys -> %System32%\dllcache\el656se5.sys -> 3Com Corporation [Ver = 1.00.4002.0070 | Size = 241206 bytes | Created Date = 06/10/2007 13:12:24 | Attr = ]
el90xbc5.sys -> %System32%\dllcache\el90xbc5.sys -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Created Date = 06/10/2007 13:12:26 | Attr = ]
el90xnd5.sys -> %System32%\dllcache\el90xnd5.sys -> 3Com Corporation [Ver = 3.60.50.008 | Size = 153631 bytes | Created Date = 06/10/2007 13:12:27 | Attr = ]
el985n51.sys -> %System32%\dllcache\el985n51.sys -> 3Com Corporation. [Ver = 1.17.34.4 | Size = 455199 bytes | Created Date = 06/10/2007 13:12:29 | Attr = ]
el98xn5.sys -> %System32%\dllcache\el98xn5.sys -> 3Com Corporation [Ver = 4.0.0.13 | Size = 70174 bytes | Created Date = 06/10/2007 13:12:31 | Attr = ]
el99xn51.sys -> %System32%\dllcache\el99xn51.sys -> 3Com Corporation [Ver = 2.00.00.0030 built by: WinDDK | Size = 171520 bytes | Created Date = 06/10/2007 13:12:33 | Attr = ]
elnk3.sys -> %System32%\dllcache\elnk3.sys -> 3Com Corporation [Ver = 5.32.40 | Size = 25159 bytes | Created Date = 06/10/2007 13:12:36 | Attr = ]
em556n4.sys -> %System32%\dllcache\em556n4.sys -> 3Com Corporation [Ver = 1.10.02 | Size = 19996 bytes | Created Date = 06/10/2007 13:12:38 | Attr = ]
emu10k1m.sys -> %System32%\dllcache\emu10k1m.sys -> Creative Technology Ltd. [Ver = 5.12.01.3300 built by: WinDDK | Size = 283904 bytes | Created Date = 06/10/2007 13:12:43 | Attr = ]
epro4.sys -> %System32%\dllcache\epro4.sys -> Intel Corporation [Ver = 3.70.00.0000 | Size = 18503 bytes | Created Date = 06/10/2007 13:12:47 | Attr = ]
eqn.sys -> %System32%\dllcache\eqn.sys -> Equinox Systems Inc. [Ver = 5.0.U72 Intel built by: WinDDK | Size = 629952 bytes | Created Date = 06/10/2007 13:12:52 | Attr = ]
eqndiag.exe -> %System32%\dllcache\eqndiag.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 53248 bytes | Created Date = 06/10/2007 13:12:56 | Attr = ]
eqnlogr.exe -> %System32%\dllcache\eqnlogr.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 51200 bytes | Created Date = 06/10/2007 13:12:58 | Attr = ]
eqnloop.exe -> %System32%\dllcache\eqnloop.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 61952 bytes | Created Date = 06/10/2007 13:13:02 | Attr = ]
es1370mp.sys -> %System32%\dllcache\es1370mp.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 37120 bytes | Created Date = 06/10/2007 13:13:05 | Attr = ]
es1371mp.sys -> %System32%\dllcache\es1371mp.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 40704 bytes | Created Date = 06/10/2007 13:13:08 | Attr = ]
es1969.sys -> %System32%\dllcache\es1969.sys -> ESS Technology Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 72192 bytes | Created Date = 06/10/2007 13:13:10 | Attr = ]
es198x.sys -> %System32%\dllcache\es198x.sys -> ESS Technology, Inc. [Ver = 5.1.2526.0 built by: WinDDK | Size = 174464 bytes | Created Date = 06/10/2007 13:13:12 | Attr = ]
es56cvmp.sys -> %System32%\dllcache\es56cvmp.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 595647 bytes | Created Date = 06/10/2007 13:13:14 | Attr = ]
es56hpi.sys -> %System32%\dllcache\es56hpi.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 594238 bytes | Created Date = 06/10/2007 13:13:16 | Attr = ]
es56tpi.sys -> %System32%\dllcache\es56tpi.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 347550 bytes | Created Date = 06/10/2007 13:13:19 | Attr = ]
ess.sys -> %System32%\dllcache\ess.sys -> ESS Technology, Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 63360 bytes | Created Date = 06/10/2007 13:13:23 | Attr = ]
essm2e.sys -> %System32%\dllcache\essm2e.sys -> ESS Technology, Inc. [Ver = 5.1.3612.0 built by: WinDDK | Size = 137088 bytes | Created Date = 06/10/2007 13:13:25 | Attr = ]
esucm.dll -> %System32%\dllcache\esucm.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 43008 bytes | Created Date = 06/10/2007 13:13:26 | Attr = ]
esuimg.dll -> %System32%\dllcache\esuimg.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 34816 bytes | Created Date = 06/10/2007 13:13:29 | Attr = ]
esuni.dll -> %System32%\dllcache\esuni.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45568 bytes | Created Date = 06/10/2007 13:13:31 | Attr = ]
esunib.dll -> %System32%\dllcache\esunib.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45568 bytes | Created Date = 06/10/2007 13:13:34 | Attr = ]
ex10.sys -> %System32%\dllcache\ex10.sys -> Intel Corporation [Ver = 1.51.00.0000 | Size = 16998 bytes | Created Date = 06/10/2007 13:13:40 | Attr = ]
f3ab18xi.sys -> %System32%\dllcache\f3ab18xi.sys -> FUJITSU LIMITED [Ver = 3,00,10,0022 | Size = 12362 bytes | Created Date = 06/10/2007 13:13:47 | Attr = ]
f3ab18xj.sys -> %System32%\dllcache\f3ab18xj.sys -> FUJITSU LIMITED [Ver = 3,00,10,0022 | Size = 11850 bytes | Created Date = 06/10/2007 13:13:49 | Attr = ]
fa312nd5.sys -> %System32%\dllcache\fa312nd5.sys -> NETGEAR Corp. [Ver = 5.00.119.0 | Size = 16074 bytes | Created Date = 06/10/2007 13:13:52 | Attr = ]
fa410nd5.sys -> %System32%\dllcache\fa410nd5.sys -> NETGEAR [Ver = 5.00.2128.1 | Size = 24618 bytes | Created Date = 06/10/2007 13:13:55 | Attr = ]
fem556n5.sys -> %System32%\dllcache\fem556n5.sys -> 3Com Corporation [Ver = 1.01.08.6001 | Size = 22090 bytes | Created Date = 06/10/2007 13:13:59 | Attr = ]
fetnd5.sys -> %System32%\dllcache\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Created Date = 06/10/2007 13:14:06 | Attr = ]
forehe.sys -> %System32%\dllcache\forehe.sys -> Marconi Communications, Inc. [Ver = 5.0.12.6327 | Size = 34173 bytes | Created Date = 06/10/2007 13:14:14 | Attr = ]
fpcibase.sys -> %System32%\dllcache\fpcibase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 444416 bytes | Created Date = 06/10/2007 13:14:17 | Attr = ]
fpcmbase.sys -> %System32%\dllcache\fpcmbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 441728 bytes | Created Date = 06/10/2007 13:14:20 | Attr = ]
fpnpbase.sys -> %System32%\dllcache\fpnpbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 442240 bytes | Created Date = 06/10/2007 13:14:22 | Attr = ]
fus2base.sys -> %System32%\dllcache\fus2base.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 455680 bytes | Created Date = 06/10/2007 13:14:28 | Attr = ]
fusbbase.sys -> %System32%\dllcache\fusbbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 455296 bytes | Created Date = 06/10/2007 13:14:31 | Attr = ]
fxusbase.sys -> %System32%\dllcache\fxusbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 454912 bytes | Created Date = 06/10/2007 13:14:48 | Attr = ]
g200d.dll -> %System32%\dllcache\g200d.dll -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 470144 bytes | Created Date = 06/10/2007 13:14:50 | Attr = ]
g200m.sys -> %System32%\dllcache\g200m.sys -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 320384 bytes | Created Date = 06/10/2007 13:14:53 | Attr = ]
g400d.dll -> %System32%\dllcache\g400d.dll -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 1733120 bytes | Created Date = 06/10/2007 13:14:56 | Attr = ]
g400m.sys -> %System32%\dllcache\g400m.sys -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 322432 bytes | Created Date = 06/10/2007 13:14:59 | Attr = ]
gpr400.sys -> %System32%\dllcache\gpr400.sys -> Gemplus [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 17408 bytes | Created Date = 06/10/2007 13:15:09 | Attr = ]
grclass.sys -> %System32%\dllcache\grclass.sys -> Gemplus [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 82304 bytes | Created Date = 06/10/2007 13:15:13 | Attr = ]
grserial.sys -> %System32%\dllcache\grserial.sys -> Gemplus [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 28288 bytes | Created Date = 06/10/2007 13:15:16 | Attr = ]
hcf_msft.sys -> %System32%\dllcache\hcf_msft.sys -> Conexant [Ver = 2.1.2.171.021.003 | Size = 907456 bytes | Created Date = 06/10/2007 13:15:19 | Attr = ]
hpgt21.dll -> %System32%\dllcache\hpgt21.dll -> [Ver = 1, 0, 0, 1 | Size = 83968 bytes | Created Date = 06/10/2007 13:15:46 | Attr = ]
hpgt33.dll -> %System32%\dllcache\hpgt33.dll -> [Ver = 1, 0, 0, 1 | Size = 89088 bytes | Created Date = 06/10/2007 13:15:53 | Attr = ]
hpgt34.dll -> %System32%\dllcache\hpgt34.dll -> [Ver = 1, 0, 0, 1 | Size = 101376 bytes | Created Date = 06/10/2007 13:15:58 | Attr = ]
hpgt34tk.dll -> %System32%\dllcache\hpgt34tk.dll -> Hewlett Packard [Ver = 4.11.2000.0 | Size = 126976 bytes | Created Date = 06/10/2007 13:16:01 | Attr = ]
hpgt42.dll -> %System32%\dllcache\hpgt42.dll -> [Ver = 1, 0, 0, 1 | Size = 93696 bytes | Created Date = 06/10/2007 13:16:04 | Attr = ]
hpgt53.dll -> %System32%\dllcache\hpgt53.dll -> [Ver = 1, 0, 0, 1 | Size = 165888 bytes | Created Date = 06/10/2007 13:16:09 | Attr = ]
hpgt53tk.dll -> %System32%\dllcache\hpgt53tk.dll -> Avisioin [Ver = 1,0,7,0210 | Size = 68608 bytes | Created Date = 06/10/2007 13:16:12 | Attr = ]
hsfbs2s2.sys -> %System32%\dllcache\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 06/10/2007 13:17:16 | Attr = ]
hsfcisp2.dll -> %System32%\dllcache\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 06/10/2007 13:17:18 | Attr = ]
hsfcxts2.sys -> %System32%\dllcache\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 06/10/2007 13:17:19 | Attr = ]
hsfdpsp2.sys -> %System32%\dllcache\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 06/10/2007 13:17:21 | Attr = ]
hsf_amos.sys -> %System32%\dllcache\hsf_amos.sys -> Conexant [Ver = 3.05.12.04 | Size = 150239 bytes | Created Date = 06/10/2007 13:16:34 | Attr = ]
hsf_bsc2.sys -> %System32%\dllcache\hsf_bsc2.sys -> Conexant [Ver = 3.05.12.04 | Size = 67167 bytes | Created Date = 06/10/2007 13:16:37 | Attr = ]
hsf_fall.sys -> %System32%\dllcache\hsf_fall.sys -> Conexant [Ver = 3.05.12.04 | Size = 289887 bytes | Created Date = 06/10/2007 13:16:40 | Attr = ]
hsf_faxx.sys -> %System32%\dllcache\hsf_faxx.sys -> Conexant [Ver = 3.05.12.04 | Size = 199711 bytes | Created Date = 06/10/2007 13:16:43 | Attr = ]
hsf_fsks.sys -> %System32%\dllcache\hsf_fsks.sys -> Conexant [Ver = 3.05.12.04 | Size = 115807 bytes | Created Date = 06/10/2007 13:16:46 | Attr = ]
hsf_inst.dll -> %System32%\dllcache\hsf_inst.dll -> Conexant [Ver = 3.05.12.04 | Size = 9759 bytes | Created Date = 06/10/2007 13:16:49 | Attr = ]
hsf_k56k.sys -> %System32%\dllcache\hsf_k56k.sys -> Conexant [Ver = 3.05.12.04 | Size = 391199 bytes | Created Date = 06/10/2007 13:16:52 | Attr = ]
hsf_msft.sys -> %System32%\dllcache\hsf_msft.sys -> Conexant [Ver = 3.05.12.06 | Size = 542879 bytes | Created Date = 06/10/2007 13:16:56 | Attr = ]
hsf_samp.sys -> %System32%\dllcache\hsf_samp.sys -> Conexant [Ver = 3.05.12.05 | Size = 57471 bytes | Created Date = 06/10/2007 13:16:59 | Attr = ]
hsf_soar.sys -> %System32%\dllcache\hsf_soar.sys -> Conexant [Ver = 3.05.12.05 | Size = 44863 bytes | Created Date = 06/10/2007 13:17:02 | Attr = ]
hsf_spkp.sys -> %System32%\dllcache\hsf_spkp.sys -> Conexant [Ver = 3.05.12.04 | Size = 73279 bytes | Created Date = 06/10/2007 13:17:07 | Attr = ]
hsf_tone.sys -> %System32%\dllcache\hsf_tone.sys -> Conexant [Ver = 3.05.12.04 | Size = 50751 bytes | Created Date = 06/10/2007 13:17:10 | Attr = ]
hsf_v124.sys -> %System32%\dllcache\hsf_v124.sys -> Conexant [Ver = 3.05.12.04 | Size = 488383 bytes | Created Date = 06/10/2007 13:17:13 | Attr = ]
i740dnt5.dll -> %System32%\dllcache\i740dnt5.dll -> Intel Corporation [Ver = 5.0.01.0604.0920 | Size = 353184 bytes | Created Date = 06/10/2007 13:17:44 | Attr = ]
i740nt5.sys -> %System32%\dllcache\i740nt5.sys -> Intel Corporation [Ver = 5.0.01.0604.0920 | Size = 58592 bytes | Created Date = 06/10/2007 13:17:49 | Attr = ]
i81xdnt5.dll -> %System32%\dllcache\i81xdnt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 702845 bytes | Created Date = 06/10/2007 13:17:52 | Attr = ]
i81xnt5.sys -> %System32%\dllcache\i81xnt5.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Created Date = 06/10/2007 13:17:53 | Attr = ]
ibmexmp.sys -> %System32%\dllcache\ibmexmp.sys -> IBM Corp. [Ver = 3.14.00.0000 | Size = 28700 bytes | Created Date = 06/10/2007 13:17:57 | Attr = ]
ibmsgnet.dll -> %System32%\dllcache\ibmsgnet.dll -> IBM Corporation [Ver = 1.00.00.0000 | Size = 9216 bytes | Created Date = 06/10/2007 13:18:00 | Attr = ]
ibmtok.sys -> %System32%\dllcache\ibmtok.sys -> IBM Corporation [Ver = 12.23.04.0050 | Size = 100936 bytes | Created Date = 06/10/2007 13:18:03 | Attr = ]
ibmtrp.sys -> %System32%\dllcache\ibmtrp.sys -> IBM Corporation [Ver = 5.33.02.0050 | Size = 109085 bytes | Created Date = 06/10/2007 13:18:06 | Attr = ]
iconf32.dll -> %System32%\dllcache\iconf32.dll -> Xircom [Ver = 1.1.0.11 | Size = 372824 bytes | Created Date = 06/10/2007 13:18:40 | Attr = ]
io8.sys -> %System32%\dllcache\io8.sys -> Perle Systems Ltd. [Ver = 1.0.1.0022 (XPClient.010817-1148) | Size = 38784 bytes | Created Date = 06/10/2007 13:19:19 | Attr = ]
io8ports.dll -> %System32%\dllcache\io8ports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0008 | Size = 90200 bytes | Created Date = 06/10/2007 13:19:22 | Attr = ]
ip5515.sys -> %System32%\dllcache\ip5515.sys -> Interphase ® Corporation a Windows ® 2000 DDK Driver Provider [Ver = 5.1.2257.1 built by: Administrator | Size = 45632 bytes | Created Date = 06/10/2007 13:19:25 | Attr = ]
irmk7.sys -> %System32%\dllcache\irmk7.sys -> MKNet Corporation [Ver = 4.1.0 | Size = 23552 bytes | Created Date = 06/10/2007 13:19:40 | Attr = ]
irstusb.sys -> %System32%\dllcache\irstusb.sys -> SigmaTel, Inc. [Ver = 1, 20, 0, 0 | Size = 26624 bytes | Created Date = 06/10/2007 13:19:46 | Attr = ]
ktc111.sys -> %System32%\dllcache\ktc111.sys -> Kingston Technology Company [Ver = 2.00 | Size = 19016 bytes | Created Date = 06/10/2007 13:20:33 | Attr = ]
lanepic5.sys -> %System32%\dllcache\lanepic5.sys -> SMSC [Ver = 3.40.0000.0000 | Size = 26442 bytes | Created Date = 06/10/2007 13:20:36 | Attr = ]
lbrtfdc.sys -> %System32%\dllcache\lbrtfdc.sys -> Toshiba Corp. [Ver = Version 5.10.3 (xpsp_sp2_rtm.040803-2158) | Size = 34688 bytes | Created Date = 06/10/2007 13:20:39 | Attr = ]
lit220p.sys -> %System32%\dllcache\lit220p.sys -> Litronic Industries [Ver = 1 | Size = 15744 bytes | Created Date = 06/10/2007 13:20:42 | Attr = ]
lmndis3.sys -> %System32%\dllcache\lmndis3.sys -> D-Link [Ver = 5.00.2128.1 | Size = 25065 bytes | Created Date = 06/10/2007 13:20:47 | Attr = ]
lne100.sys -> %System32%\dllcache\lne100.sys -> The Linksts Group [Ver = 2.00 | Size = 20573 bytes | Created Date = 06/10/2007 13:20:50 | Attr = ]
lne100tx.sys -> %System32%\dllcache\lne100tx.sys -> Linksys Group, Inc. [Ver = 4.55 | Size = 70730 bytes | Created Date = 06/10/2007 13:20:54 | Attr = ]
ltck000c.sys -> %System32%\dllcache\ltck000c.sys -> Xircom, Inc. [Ver = 1.98.2 | Size = 727786 bytes | Created Date = 06/10/2007 13:21:06 | Attr = ]
ltmdmnt.sys -> %System32%\dllcache\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Created Date = 06/10/2007 13:21:09 | Attr = ]
ltmdmntl.sys -> %System32%\dllcache\ltmdmntl.sys -> LT [Ver = 3.01.3 | Size = 576746 bytes | Created Date = 06/10/2007 13:21:10 | Attr = ]
ltmdmntt.sys -> %System32%\dllcache\ltmdmntt.sys -> LT [Ver = 6.08 | Size = 420992 bytes | Created Date = 06/10/2007 13:21:13 | Attr = ]
ltsm.sys -> %System32%\dllcache\ltsm.sys -> Lucent Technologies [Ver = 3.1.92.1 3.1.92.1 07/18/2001 12:51:10 | Size = 802683 bytes | Created Date = 06/10/2007 13:21:15 | Attr = ]
ltsmt.sys -> %System32%\dllcache\ltsmt.sys -> LT [Ver = 3.1.92.1 07/18/2001 13:02:42 | Size = 797500 bytes | Created Date = 06/10/2007 13:21:19 | Attr = ]
lwadihid.sys -> %System32%\dllcache\lwadihid.sys -> Logitech Inc. [Ver = 5.1.420.093 | Size = 20864 bytes | Created Date = 06/10/2007 13:21:24 | Attr = ]
lwusbhid.sys -> %System32%\dllcache\lwusbhid.sys -> Logitech Inc. [Ver = 5.1.410.190 | Size = 22848 bytes | Created Date = 06/10/2007 13:21:25 | Attr = ]
maestro.sys -> %System32%\dllcache\maestro.sys -> ESS Technology, Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 48768 bytes | Created Date = 06/10/2007 13:21:36 | Attr = ]
mdgndis5.sys -> %System32%\dllcache\mdgndis5.sys -> Madge Networks Ltd [Ver = 6.06 | Size = 164586 bytes | Created Date = 06/10/2007 13:21:48 | Attr = ]
memstpci.sys -> %System32%\dllcache\memstpci.sys -> Sony Corporation [Ver = 1.00.1120.0 (xpsp_sp2_rtm.040803-2158) | Size = 26112 bytes | Created Date = 06/10/2007 13:22:00 | Attr = ]
mgaud.dll -> %System32%\dllcache\mgaud.dll -> Matrox Graphics Inc. [Ver = 5.00.2475.1200 (ReleasedBinaries.010308-1115) | Size = 235648 bytes | Created Date = 06/10/2007 13:22:02 | Attr = ]
mgaum.sys -> %System32%\dllcache\mgaum.sys -> Matrox Graphics Inc. [Ver = 5.00.2475.1200 (ReleasedBinaries.010308-1115) | Size = 320384 bytes | Created Date = 06/10/2007 13:22:06 | Attr = ]
mraid35x.sys -> %System32%\dllcache\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Created Date = 06/10/2007 13:22:42 | Attr = ]
msdvbnp.ax -> %System32%\dllcache\msdvbnp.ax -> [Ver = | Size = 56832 bytes | Created Date = 06/10/2007 13:22:54 | Attr = ]
mtlmnt5.sys -> %System32%\dllcache\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 06/10/2007 13:23:56 | Attr = ]
mtlstrm.sys -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 06/10/2007 13:23:57 | Attr = ]
mtxparhd.dll -> %System32%\dllcache\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 06/10/2007 13:24:02 | Attr = ]
mtxparhm.sys -> %System32%\dllcache\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 06/10/2007 13:24:03 | Attr = ]
mtxvideo.sys -> %System32%\dllcache\mtxvideo.sys -> Matrox Graphics Inc [Ver = 1.00.25 | Size = 103296 bytes | Created Date = 06/10/2007 13:24:04 | Attr = ]
mxcard.sys -> %System32%\dllcache\mxcard.sys -> Moxa Technologies Co., Ltd. [Ver = 1.1 (XPClient.010817-1148) | Size = 21888 bytes | Created Date = 06/10/2007 13:24:10 | Attr = ]
mxicfg.dll -> %System32%\dllcache\mxicfg.dll -> Moxa Technologies Co., Ltd [Ver = 1.1 | Size = 19968 bytes | Created Date = 06/10/2007 13:24:14 | Attr = ]
mxnic.sys -> %System32%\dllcache\mxnic.sys -> Macronix International Co., Ltd. [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Created Date = 06/10/2007 13:24:17 | Attr = ]
mxport.dll -> %System32%\dllcache\mxport.dll -> Moxa Technologies Co., Ltd [Ver = 1.1 | Size = 7168 bytes | Created Date = 06/10/2007 13:24:21 | Attr = ]
mxport.sys -> %System32%\dllcache\mxport.sys -> Moxa Technologies Co., Ltd. [Ver = 1.1 (XPClient.010817-1148) | Size = 75520 bytes | Created Date = 06/10/2007 13:24:24 | Attr = ]
n1000nt5.sys -> %System32%\dllcache\n1000nt5.sys -> Compaq Computer Corporation [Ver = 2.94.294.0 | Size = 52255 bytes | Created Date = 06/10/2007 13:24:29 | Attr = ]
n100325.sys -> %System32%\dllcache\n100325.sys -> Compaq Computer Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 128000 bytes | Created Date = 06/10/2007 13:24:32 | Attr = ]
n9i128.dll -> %System32%\dllcache\n9i128.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.101.03 | Size = 35392 bytes | Created Date = 06/10/2007 13:24:36 | Attr = ]
n9i128.sys -> %System32%\dllcache\n9i128.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.101.03 | Size = 13664 bytes | Created Date = 06/10/2007 13:24:39 | Attr = ]
n9i128v2.dll -> %System32%\dllcache\n9i128v2.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.102.35 | Size = 59104 bytes | Created Date = 06/10/2007 13:24:44 | Attr = ]
n9i128v2.sys -> %System32%\dllcache\n9i128v2.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.102.35 | Size = 33088 bytes | Created Date = 06/10/2007 13:24:47 | Attr = ]
n9i3d.sys -> %System32%\dllcache\n9i3d.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.103.09 | Size = 27936 bytes | Created Date = 06/10/2007 13:24:51 | Attr = ]
n9i3disp.dll -> %System32%\dllcache\n9i3disp.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.103.09 | Size = 91488 bytes | Created Date = 06/10/2007 13:24:54 | Attr = ]
neo20xx.dll -> %System32%\dllcache\neo20xx.dll -> NeoMagic Corporation [Ver = 5.31.00 (ReleasedBinaries.010308-1115) | Size = 60480 bytes | Created Date = 06/10/2007 13:25:10 | Attr = ]
neo20xx.sys -> %System32%\dllcache\neo20xx.sys -> NeoMagic Corporation [Ver = 5.31.00 (ReleasedBinaries.010308-1115) | Size = 39264 bytes | Created Date = 06/10/2007 13:25:13 | Attr = ]
netflx3.sys -> %System32%\dllcache\netflx3.sys -> Compaq Computer Corporation [Ver = 5.0.1.18 | Size = 65278 bytes | Created Date = 06/10/2007 13:25:22 | Attr = ]
netwlan5.sys -> %System32%\dllcache\netwlan5.sys -> 802.11b [Ver = 3, 1, 4, 26 | Size = 132695 bytes | Created Date = 06/10/2007 13:25:32 | Attr = ]
ngrpci.sys -> %System32%\dllcache\ngrpci.sys -> NETGEAR Corporation. [Ver = 4.56 | Size = 32840 bytes | Created Date = 06/10/2007 13:25:34 | Attr = ]
nm5a2wdm.sys -> %System32%\dllcache\nm5a2wdm.sys -> NeoMagic Corporation [Ver = 5.1.2501.0 built by: WinDDK | Size = 126080 bytes | Created Date = 06/10/2007 13:25:42 | Attr = ]
nm6wdm.sys -> %System32%\dllcache\nm6wdm.sys -> NeoMagic Corporation [Ver = 5.1.2501.0 built by: WinDDK | Size = 87040 bytes | Created Date = 06/10/2007 13:25:47 | Attr = ]
nscirda.sys -> %System32%\dllcache\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Created Date = 06/10/2007 13:25:57 | Attr = ]
ntgrip.sys -> %System32%\dllcache\ntgrip.sys -> Kensington Technology Group [Ver = 1.00 | Size = 51552 bytes | Created Date = 06/10/2007 13:26:18 | Attr = ]
ntmtlfax.sys -> %System32%\dllcache\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 06/10/2007 13:26:33 | Attr = ]
nv3.dll -> %System32%\dllcache\nv3.dll -> NVIDIA Corporation [Ver = 5.1.3528.0343 (ReleasedBinaries.010717-0141) | Size = 123776 bytes | Created Date = 06/10/2007 13:26:43 | Attr = ]
nv3.sys -> %System32%\dllcache\nv3.sys -> NVIDIA Corporation [Ver = 5.1.3528.0343 (ReleasedBinaries.010717-0141) | Size = 198144 bytes | Created Date = 06/10/2007 13:26:51 | Attr = ]
nv4_disp.dll -> %System32%\dllcache\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 06/10/2007 13:26:56 | Attr = ]
nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 06/10/2007 13:26:57 | Attr = ]
opl3sax.sys -> %System32%\dllcache\opl3sax.sys -> Yamaha Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 54528 bytes | Created Date = 06/10/2007 13:27:34 | Attr = ]
otc06x5.sys -> %System32%\dllcache\otc06x5.sys -> Ositech Communications, Inc. [Ver = 1.01.020 | Size = 27209 bytes | Created Date = 06/10/2007 13:27:43 | Attr = ]
otceth5.sys -> %System32%\dllcache\otceth5.sys -> Ositech Communications, Inc. [Ver = 1.02.014.3 | Size = 43689 bytes | Created Date = 06/10/2007 13:27:47 | Attr = ]
otcsercb.sys -> %System32%\dllcache\otcsercb.sys -> Ositech Communications, Inc. [Ver = 1.05.02 | Size = 54186 bytes | Created Date = 06/10/2007 13:27:51 | Attr = ]
pc100nds.sys -> %System32%\dllcache\pc100nds.sys -> Linksys [Ver = 5.00.2195.1 | Size = 30495 bytes | Created Date = 06/10/2007 13:28:52 | Attr = ]
pca200e.sys -> %System32%\dllcache\pca200e.sys -> Marconi Communications, Inc. [Ver = 5.0.12.6327 | Size = 29502 bytes | Created Date = 06/10/2007 13:28:59 | Attr = ]
pcmlm56.sys -> %System32%\dllcache\pcmlm56.sys -> Linksys [Ver = 5.00.2128.1 | Size = 26153 bytes | Created Date = 06/10/2007 13:29:01 | Attr = ]
pcntn5hl.sys -> %System32%\dllcache\pcntn5hl.sys -> AMD Inc. [Ver = 1.09.001 | Size = 30282 bytes | Created Date = 06/10/2007 13:29:06 | Attr = ]
pcntn5m.sys -> %System32%\dllcache\pcntn5m.sys -> AMD Inc. [Ver = 4.09.00 | Size = 29769 bytes | Created Date = 06/10/2007 13:29:09 | Attr = ]
pcntpci5.sys -> %System32%\dllcache\pcntpci5.sys -> AMD Inc. [Ver = 4.38.00 built by: WinDDK | Size = 35328 bytes | Created Date = 06/10/2007 13:29:14 | Attr = ]
pctspk.exe -> %System32%\dllcache\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Created Date = 06/10/2007 13:29:17 | Attr = ]
pcx500.sys -> %System32%\dllcache\pcx500.sys -> Cisco Systems [Ver = 7.50.01 Firmware built by: Cisco Systems | Size = 169984 bytes | Created Date = 06/10/2007 13:29:22 | Attr = ]
perm2.sys -> %System32%\dllcache\perm2.sys -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00-0009 (MS) (xpsp_sp2_rtm.040803-2158) | Size = 27904 bytes | Created Date = 06/10/2007 13:29:36 | Attr = ]
perm2dll.dll -> %System32%\dllcache\perm2dll.dll -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 211712 bytes | Created Date = 06/10/2007 13:29:37 | Attr = ]
perm3.sys -> %System32%\dllcache\perm3.sys -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00 (xpsp_sp2_rtm.040803-2158) | Size = 28032 bytes | Created Date = 06/10/2007 13:29:37 | Attr = ]
perm3dd.dll -> %System32%\dllcache\perm3dd.dll -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00 (xpsp_sp2_rtm.040803-2158) | Size = 259328 bytes | Created Date = 06/10/2007 13:29:39 | Attr = ]
pscr.sys -> %System32%\dllcache\pscr.sys -> SCM Microsystems, Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 16128 bytes | Created Date = 06/10/2007 13:30:48 | Attr = ]
psisdecd.dll -> %System32%\dllcache\psisdecd.dll -> [Ver = | Size = 363520 bytes | Created Date = 06/10/2007 13:30:53 | Attr = ]
psisrndr.ax -> %System32%\dllcache\psisrndr.ax -> [Ver = | Size = 33280 bytes | Created Date = 06/10/2007 13:31:00 | Attr = ]
ptserli.sys -> %System32%\dllcache\ptserli.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 128286 bytes | Created Date = 06/10/2007 13:31:09 | Attr = ]
ptserlp.sys -> %System32%\dllcache\ptserlp.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 112574 bytes | Created Date = 06/10/2007 13:31:13 | Attr = ]
ptserlv.sys -> %System32%\dllcache\ptserlv.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 130942 bytes | Created Date = 06/10/2007 13:31:17 | Attr = ]
ql1080.sys -> %System32%\dllcache\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Created Date = 06/10/2007 13:31:33 | Attr = ]
ql12160.sys -> %System32%\dllcache\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Created Date = 06/10/2007 13:31:45 | Attr = ]
ql1280.sys -> %System32%\dllcache\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Created Date = 06/10/2007 13:31:53 | Attr = ]
r2mdkxga.sys -> %System32%\dllcache\r2mdkxga.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 899146 bytes | Created Date = 06/10/2007 13:32:14 | Attr = ]
r2mdmkxx.sys -> %System32%\dllcache\r2mdmkxx.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 714762 bytes | Created Date = 06/10/2007 13:32:20 | Attr = ]
recagent.sys -> %System32%\dllcache\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 06/10/2007 13:32:54 | Attr = ]
reslog32.dll -> %System32%\dllcache\reslog32.dll -> Xircom [Ver = 1.0.0.6 | Size = 86097 bytes | Created Date = 06/10/2007 13:33:07 | Attr = ]
rlnet5.sys -> %System32%\dllcache\rlnet5.sys -> RadioLAN [Ver = 2.30 | Size = 37563 bytes | Created Date = 06/10/2007 13:33:17 | Attr = ]
rocket.sys -> %System32%\dllcache\rocket.sys -> Comtrol Corporation [Ver = 4.50 | Size = 79104 bytes | Created Date = 06/10/2007 13:33:22 | Attr = ]
rpfun.sys -> %System32%\dllcache\rpfun.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 3840 bytes | Created Date = 06/10/2007 13:33:27 | Attr = ]
rsmgrstr.dll -> %System32%\dllcache\rsmgrstr.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 9216 bytes | Created Date = 06/10/2007 13:33:32 | Attr = ]
rthwcls.sys -> %System32%\dllcache\rthwcls.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 30720 bytes | Created Date = 06/10/2007 13:33:39 | Attr = ]
rtl8029.sys -> %System32%\dllcache\rtl8029.sys -> Realtek Semiconductor Corporation [Ver = 5.508.0803.2000 | Size = 19017 bytes | Created Date = 06/10/2007 13:33:43 | Attr = ]
rtl8139.sys -> %System32%\dllcache\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Created Date = 06/10/2007 13:33:46 | Attr = ]
rw430ext.dll -> %System32%\dllcache\rw430ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 24576 bytes | Created Date = 06/10/2007 13:33:50 | Attr = ]
rw450ext.dll -> %System32%\dllcache\rw450ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 06/10/2007 13:33:53 | Attr = ]
rwia430.dll -> %System32%\dllcache\rwia430.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 06/10/2007 13:33:58 | Attr = ]
rwia450.dll -> %System32%\dllcache\rwia450.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 82432 bytes | Created Date = 06/10/2007 13:34:01 | Attr = ]
s3gnb.dll -> %System32%\dllcache\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 06/10/2007 13:34:08 | Attr = ]
s3gnbm.sys -> %System32%\dllcache\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 06/10/2007 13:34:09 | Attr = ]
s3m.sys -> %System32%\dllcache\s3m.sys -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 166720 bytes | Created Date = 06/10/2007 13:34:14 | Attr = ]
s3mt3d.dll -> %System32%\dllcache\s3mt3d.dll -> S3 Incorporated [Ver = 5.01.526.0007 (ReleasedBinaries.010718-0005) | Size = 182272 bytes | Created Date = 06/10/2007 13:34:18 | Attr = ]
s3mt3d.sys -> %System32%\dllcache\s3mt3d.sys -> S3 Incorporated [Ver = 5.01.526.0007 (ReleasedBinaries.010718-0005) | Size = 41216 bytes | Created Date = 06/10/2007 13:34:22 | Attr = ]
s3mtrio.dll -> %System32%\dllcache\s3mtrio.dll -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 62496 bytes | Created Date = 06/10/2007 13:34:25 | Attr = ]
s3mvirge.dll -> %System32%\dllcache\s3mvirge.dll -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 210496 bytes | Created Date = 06/10/2007 13:34:30 | Attr = ]
s3sav3d.dll -> %System32%\dllcache\s3sav3d.dll -> S3 Incorporated [Ver = 5.01.620.0006 (ReleasedBinaries.010308-1115) | Size = 179264 bytes | Created Date = 06/10/2007 13:34:34 | Attr = ]
s3sav3dm.sys -> %System32%\dllcache\s3sav3dm.sys -> S3 Incorporated [Ver = 5.01.620.0006 (ReleasedBinaries.010308-1115) | Size = 61504 bytes | Created Date = 06/10/2007 13:34:38 | Attr = ]
s3sav4.dll -> %System32%\dllcache\s3sav4.dll -> S3 Incorporated [Ver = 5.12.01.8012-8.40.03 built by: ReleasedBinaries | Size = 198400 bytes | Created Date = 06/10/2007 13:34:42 | Attr = ]
s3sav4m.sys -> %System32%\dllcache\s3sav4m.sys -> S3 Incorporated [Ver = 5.12.01.8012-8.40.03 built by: ReleasedBinaries | Size = 77824 bytes | Created Date = 06/10/2007 13:34:46 | Attr = ]
s3savmx.dll -> %System32%\dllcache\s3savmx.dll -> S3 Graphics, Inc. [Ver = 5.13.01.7056-7.50.16 | Size = 245632 bytes | Created Date = 06/10/2007 13:34:50 | Attr = ]
s3savmxm.sys -> %System32%\dllcache\s3savmxm.sys -> S3 Graphics, Inc. [Ver = 5.13.01.7056-7.50.16 | Size = 75392 bytes | Created Date = 06/10/2007 13:34:53 | Attr = ]
sblfx.dll -> %System32%\dllcache\sblfx.dll -> Creative Technology Ltd. [Ver = 5.12.01.3210 | Size = 495616 bytes | Created Date = 06/10/2007 13:35:02 | Attr = ]
sccmn50m.sys -> %System32%\dllcache\sccmn50m.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 23936 bytes | Created Date = 06/10/2007 13:35:11 | Attr = ]
sccmusbm.sys -> %System32%\dllcache\sccmusbm.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 23936 bytes | Created Date = 06/10/2007 13:35:15 | Attr = ]
scr111.sys -> %System32%\dllcache\scr111.sys -> SCM Microsystems [Ver = 1.01.006 (XPClient.010817-1148) | Size = 17280 bytes | Created Date = 06/10/2007 13:35:28 | Attr = ]
sfmanm.sys -> %System32%\dllcache\sfmanm.sys -> Creative Technology Ltd. [Ver = 4.10.3300 | Size = 36480 bytes | Created Date = 06/10/2007 13:36:14 | Attr = ]
sgiul50.dll -> %System32%\dllcache\sgiul50.dll -> Trident Microsystems Inc. [Ver = 5.1.2462.0032 (ReleasedBinaries.010308-1115) | Size = 386560 bytes | Created Date = 06/10/2007 13:36:19 | Attr = ]
sgiulnt5.sys -> %System32%\dllcache\sgiulnt5.sys -> Trident Microsystems Inc. [Ver = 5.1.2462.0032 (ReleasedBinaries.010308-1115) | Size = 98080 bytes | Created Date = 06/10/2007 13:36:23 | Attr = ]
sgsmld.sys -> %System32%\dllcache\sgsmld.sys -> Micro Systemation [Ver = 1.1 | Size = 18400 bytes | Created Date = 06/10/2007 13:36:27 | Attr = ]
sgsmusb.sys -> %System32%\dllcache\sgsmusb.sys -> Micro Systemation [Ver = 1, 0, 0, 4 | Size = 161568 bytes | Created Date = 06/10/2007 13:36:31 | Attr = ]
siint5.dll -> %System32%\dllcache\siint5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 06/10/2007 13:36:45 | Attr = ]
sis300ip.sys -> %System32%\dllcache\sis300ip.sys -> Silicon Integrated Systems Corporation [Ver = 5.13.01.1100 (Lab01_N(ericks).010612-1818) | Size = 101760 bytes | Created Date = 06/10/2007 13:36:47 | Attr = ]
sis300iv.dll -> %System32%\dllcache\sis300iv.dll -> Silicon Integrated Systems Corporation [Ver = 5.13.01.1100 (Lab01_N(ericks).010612-1818) | Size = 252032 bytes | Created Date = 06/10/2007 13:36:51 | Attr = ]
sis6306p.sys -> %System32%\dllcache\sis6306p.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1080 (Lab01_N(ericks).010522-2022) | Size = 68608 bytes | Created Date = 06/10/2007 13:36:54 | Attr = ]
sis6306v.dll -> %System32%\dllcache\sis6306v.dll -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1080 (Lab01_N(ericks).010522-2022) | Size = 150144 bytes | Created Date = 06/10/2007 13:37:01 | Attr = ]
sisgrp.sys -> %System32%\dllcache\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 5.13.01.2000 (ReleasedBinaries.010625-1804) | Size = 104064 bytes | Created Date = 06/10/2007 13:37:05 | Attr = ]
sisgrv.dll -> %System32%\dllcache\sisgrv.dll -> Silicon Integrated Systems Corporation [Ver = 5.13.01.2000 (ReleasedBinaries.010625-1804) | Size = 238592 bytes | Created Date = 06/10/2007 13:37:09 | Attr = ]
sisnic.sys -> %System32%\dllcache\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Created Date = 06/10/2007 13:37:14 | Attr = ]
sisv.sys -> %System32%\dllcache\sisv.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1300 (Lab01_N(ericks).010522-2022) | Size = 50432 bytes | Created Date = 06/10/2007 13:37:17 | Attr = ]
sisv256.dll -> %System32%\dllcache\sisv256.dll -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1300 (Lab01_N(ericks).010522-2022) | Size = 157696 bytes | Created Date = 06/10/2007 13:37:22 | Attr = ]
sk98xwin.sys -> %System32%\dllcache\sk98xwin.sys -> SysKonnect GmbH. [Ver = 3.12 | Size = 94698 bytes | Created Date = 06/10/2007 13:37:25 | Attr = ]
skfpwin.sys -> %System32%\dllcache\skfpwin.sys -> SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH. [Ver = 5.13 | Size = 91294 bytes | Created Date = 06/10/2007 13:37:30 | Attr = ]
sla30nd5.sys -> %System32%\dllcache\sla30nd5.sys -> Symbol Technologies [Ver = 4.2.0.8 | Size = 63547 bytes | Created Date = 06/10/2007 13:37:35 | Attr = ]
slcoinst.dll -> %System32%\dllcache\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 06/10/2007 13:37:37 | Attr = ]
slextspk.dll -> %System32%\dllcache\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 06/10/2007 13:37:38 | Attr = ]
slgen.dll -> %System32%\dllcache\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 06/10/2007 13:37:38 | Attr = ]
slnt7554.sys -> %System32%\dllcache\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 06/10/2007 13:37:40 | Attr = ]
slntamr.sys -> %System32%\dllcache\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 06/10/2007 13:37:40 | Attr = ]
slnthal.sys -> %System32%\dllcache\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 06/10/2007 13:37:41 | Attr = ]
slrundll.exe -> %System32%\dllcache\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 06/10/2007 13:37:42 | Attr = ]
slserv.exe -> %System32%\dllcache\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 06/10/2007 13:37:43 | Attr = ]
slwdmsup.sys -> %System32%\dllcache\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 06/10/2007 13:37:44 | Attr = ]
smc8000n.sys -> %System32%\dllcache\smc8000n.sys -> SMC Networks, Inc. [Ver = 3.13.1025.2000 built by: yfeng | Size = 24576 bytes | Created Date = 06/10/2007 13:38:23 | Attr = ]
smcpwr2n.sys -> %System32%\dllcache\smcpwr2n.sys -> SMC Networks, Inc. [Ver = 3.28.1214.2000 | Size = 25034 bytes | Created Date = 06/10/2007 13:38:28 | Attr = ]
smidispb.dll -> %System32%\dllcache\smidispb.dll -> Silicon Motion Inc. [Ver = 5.01.2401.0143e | Size = 147200 bytes | Created Date = 06/10/2007 13:38:34 | Attr = ]
smiminib.sys -> %System32%\dllcache\smiminib.sys -> Silicon Motion Inc. [Ver = 5.01.2401.0143e | Size = 58368 bytes | Created Date = 06/10/2007 13:38:39 | Attr = ]
sonync.sys -> %System32%\dllcache\sonync.sys -> Sony Corporation [Ver = 6.0.0.05300 | Size = 20752 bytes | Created Date = 06/10/2007 13:39:19 | Attr = ]
sonypi.dll -> %System32%\dllcache\sonypi.dll -> Sony Corporation [Ver = 1.5.090699 | Size = 114688 bytes | Created Date = 06/10/2007 13:39:24 | Attr = ]
sonypi.sys -> %System32%\dllcache\sonypi.sys -> Sony Corporation [Ver = 6.0.5.07140 | Size = 37040 bytes | Created Date = 06/10/2007 13:39:28 | Attr = ]
sonypvu1.sys -> %System32%\dllcache\sonypvu1.sys -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 06/10/2007 13:39:32 | Attr = ]
sparrow.sys -> %System32%\dllcache\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Created Date = 06/10/2007 13:39:37 | Attr = ]
spdports.dll -> %System32%\dllcache\spdports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0012 | Size = 106584 bytes | Created Date = 06/10/2007 13:39:42 | Attr = ]
speed.sys -> %System32%\dllcache\speed.sys -> Perle Systems Ltd. [Ver = 1.0.4.0021 (XPClient.010817-1148) | Size = 61824 bytes | Created Date = 06/10/2007 13:39:46 | Attr = ]
spxupchk.dll -> %System32%\dllcache\spxupchk.dll -> Perle Systems Ltd. [Ver = 1.0.0.0002 | Size = 24660 bytes | Created Date = 06/10/2007 13:40:00 | Attr = ]
srwlnd5.sys -> %System32%\dllcache\srwlnd5.sys -> 3Com [Ver = 3.0.4 alpha | Size = 48736 bytes | Created Date = 06/10/2007 13:40:16 | Attr = ]
ssomani.scr -> %System32%\dllcache\ssomani.scr -> Oh My Goddess! [Ver = 1, 0, 0, 1 | Size = 592384 bytes | Created Date = 28/09/2007 22:56:46 | Attr = ]
stcusb.sys -> %System32%\dllcache\stcusb.sys -> SCM Microsystems, Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 16896 bytes | Created Date = 06/10/2007 13:40:26 | Attr = ]
stlnata.sys -> %System32%\dllcache\stlnata.sys -> Stallion Technologies [Ver = 5.6.5 | Size = 285760 bytes | Created Date = 06/10/2007 13:40:32 | Attr = ]
stlncoin.dll -> %System32%\dllcache\stlncoin.dll -> Stallion Technologies [Ver = 5.6.5 | Size = 53248 bytes | Created Date = 06/10/2007 13:40:37 | Attr = ]
stlnprop.dll -> %System32%\dllcache\stlnprop.dll -> Stallion Technologies [Ver = 5.6.4 | Size = 155648 bytes | Created Date = 06/10/2007 13:40:41 | Attr = ]
sx.sys -> %System32%\dllcache\sx.sys -> Perle Systems Ltd. [Ver = 1.1.2.0031 (XPClient.010817-1148) | Size = 103936 bytes | Created Date = 06/10/2007 13:41:09 | Attr = ]
sxports.dll -> %System32%\dllcache\sxports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0008 | Size = 94293 bytes | Created Date = 06/10/2007 13:41:13 | Attr = ]
symc810.sys -> %System32%\dllcache\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Created Date = 06/10/2007 13:41:25 | Attr = ]
symc8xx.sys -> %System32%\dllcache\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Created Date = 06/10/2007 13:41:30 | Attr = ]
sym_hi.sys -> %System32%\dllcache\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Created Date = 06/10/2007 13:41:17 | Attr = ]
sym_u3.sys -> %System32%\dllcache\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Created Date = 06/10/2007 13:41:21 | Attr = ]
t2r4disp.dll -> %System32%\dllcache\t2r4disp.dll -> Number Nine Visual Technology [Ver = 5.01.104.09 | Size = 172768 bytes | Created Date = 06/10/2007 13:41:38 | Attr = ]
t2r4mini.sys -> %System32%\dllcache\t2r4mini.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.104.09 | Size = 36640 bytes | Created Date = 06/10/2007 13:41:42 | Attr = ]
tbatm155.sys -> %System32%\dllcache\tbatm155.sys -> Toshiba Corporation [Ver = 0.4.0.0 (XPClient.010817-1148) | Size = 30464 bytes | Created Date = 06/10/2007 13:41:53 | Attr = ]
tdk100b.sys -> %System32%\dllcache\tdk100b.sys -> TDK Corporation [Ver = 1.00 | Size = 37961 bytes | Created Date = 06/10/2007 13:42:01 | Attr = ]
tdkcd31.sys -> %System32%\dllcache\tdkcd31.sys -> TDK Corporation [Ver = 5.00.2128.1 | Size = 17129 bytes | Created Date = 06/10/2007 13:42:05 | Attr = ]
tffsport.sys -> %System32%\dllcache\tffsport.sys -> M-Systems [Ver = 5.02 | Size = 149376 bytes | Created Date = 06/10/2007 13:42:11 | Attr = ]
tgiul50.dll -> %System32%\dllcache\tgiul50.dll -> Trident Microsystems Inc. [Ver = 5.1.2462.0015 (ReleasedBinaries.010308-1115) | Size = 81408 bytes | Created Date = 06/10/2007 13:42:12 | Attr = ]
tgiulnt5.sys -> %System32%\dllcache\tgiulnt5.sys -> Trident Microsystems Inc. [Ver = 5.1.2462.0015 (ReleasedBinaries.010308-1115) | Size = 138528 bytes | Created Date = 06/10/2007 13:42:18 | Attr = ]
tjisdn.sys -> %System32%\dllcache\tjisdn.sys -> Tiger Jet Network [Ver = 3.03 | Size = 123995 bytes | Created Date = 06/10/2007 13:42:24 | Attr = ]
tos4mo.sys -> %System32%\dllcache\tos4mo.sys -> TOSHIBA Corporation [Ver = 2.23 | Size = 28232 bytes | Created Date = 06/10/2007 13:42:30 | Attr = ]
tosdvd02.sys -> %System32%\dllcache\tosdvd02.sys -> Toshiba Corporation [Ver = 1.00.99.1004 (XPClient.010817-1148) | Size = 241664 bytes | Created Date = 06/10/2007 13:42:35 | Attr = ]
tosdvd03.sys -> %System32%\dllcache\tosdvd03.sys -> Toshiba Corporation [Ver = 1.00.99.1003 (XPClient.010817-1148) | Size = 230912 bytes | Created Date = 06/10/2007 13:42:39 | Attr = ]
tp4.dll -> %System32%\dllcache\tp4.dll -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 31744 bytes | Created Date = 06/10/2007 13:42:50 | Attr = ]
tp4mon.exe -> %System32%\dllcache\tp4mon.exe -> IBM Corporation [Ver = 6.03 (xpsp_sp2_rtm.040803-2158) | Size = 82432 bytes | Created Date = 06/10/2007 13:42:55 | Attr = ]
tp4res.dll -> %System32%\dllcache\tp4res.dll -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 42496 bytes | Created Date = 06/10/2007 13:42:55 | Attr = ]
tpro4.sys -> %System32%\dllcache\tpro4.sys -> Intel Corporation [Ver = 3.06.02.0000 | Size = 34375 bytes | Created Date = 06/10/2007 13:43:00 | Attr = ]
trid3d.dll -> %System32%\dllcache\trid3d.dll -> Trident Microsystems Inc. [Ver = 5.1.2471.0046 (ReleasedBinaries.000421-1946) | Size = 315520 bytes | Created Date = 06/10/2007 13:43:05 | Attr = ]
trid3dm.sys -> %System32%\dllcache\trid3dm.sys -> Trident Microsystems Inc. [Ver = 5.1.2471.0032 (ReleasedBinaries.000421-1946) | Size = 222336 bytes | Created Date = 06/10/2007 13:43:09 | Attr = ]
tridkb.dll -> %System32%\dllcache\tridkb.dll -> Trident Microsystems Inc. [Ver = 5.1.2489.0045 (ReleasedBinaries.000421-1946) | Size = 440576 bytes | Created Date = 06/10/2007 13:43:14 | Attr = ]
tridkbm.sys -> %System32%\dllcache\tridkbm.sys -> Trident Microsystems Inc. [Ver = 5.1.2489.0032 (ReleasedBinaries.000421-1946) | Size = 159232 bytes | Created Date = 06/10/2007 13:43:18 | Attr = ]
tridxp.dll -> %System32%\dllcache\tridxp.dll -> Trident Microsystems Inc. [Ver = 5.1.2475.0115 (ReleasedBinaries.010510-2313) | Size = 525568 bytes | Created Date = 06/10/2007 13:43:23 | Attr = ]
tridxpm.sys -> %System32%\dllcache\tridxpm.sys -> Trident Microsystems Inc. [Ver = 5.1.2475.96 (ReleasedBinaries.010510-2313) | Size = 166784 bytes | Created Date = 06/10/2007 13:43:27 | Attr = ]
twotrack.sys -> %System32%\dllcache\twotrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Created Date = 06/10/2007 13:43:35 | Attr = ]
ultra.sys -> %System32%\dllcache\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Created Date = 06/10/2007 13:43:42 | Attr = ]
um34scan.dll -> %System32%\dllcache\um34scan.dll -> UMAX Data Systems Inc. [Ver = 1.0.0.7 | Size = 216064 bytes | Created Date = 06/10/2007 13:43:46 | Attr = ]
um54scan.dll -> %System32%\dllcache\um54scan.dll -> UMAX Data Systems Inc. [Ver = 1.0.0.8 | Size = 211968 bytes | Created Date = 06/10/2007 13:43:50 | Attr = ]
umaxscan.dll -> %System32%\dllcache\umaxscan.dll -> UMAX DATA SYSTEMS INC. [Ver = 5.00.2434.1 | Size = 50688 bytes | Created Date = 06/10/2007 13:44:09 | Attr = ]
usb101et.sys -> %System32%\dllcache\usb101et.sys -> KLSI USA, Inc. [Ver = 3.43.0005.0000 | Size = 32384 bytes | Created Date = 06/10/2007 13:44:35 | Attr = ]
usr1801.sys -> %System32%\dllcache\usr1801.sys -> U.S. Robotics, Inc. [Ver = 1.00.034 | Size = 794654 bytes | Created Date = 06/10/2007 13:44:45 | Attr = ]
usr1806.sys -> %System32%\dllcache\usr1806.sys -> U.S. Robotics, Inc. [Ver = 1.00.036 | Size = 793598 bytes | Created Date = 06/10/2007 13:44:50 | Attr = ]
usr1806v.sys -> %System32%\dllcache\usr1806v.sys -> U.S. Robotics, Inc. [Ver = 1.00.036 | Size = 794399 bytes | Created Date = 06/10/2007 13:44:55 | Attr = ]
usr1807a.sys -> %System32%\dllcache\usr1807a.sys -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 224802 bytes | Created Date = 06/10/2007 13:45:00 | Attr = ]
usroslba.sys -> %System32%\dllcache\usroslba.sys -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 7556 bytes | Created Date = 06/10/2007 13:45:05 | Attr = ]
usrpda.sys -> %System32%\dllcache\usrpda.sys -> U.S. Robotics Corporation [Ver = 4. 11. 22 | Size = 113762 bytes | Created Date = 06/10/2007 13:45:09 | Attr = ]
usrti.sys -> %System32%\dllcache\usrti.sys -> U.S. Robotics, Inc. [Ver = 2.60.005 | Size = 765884 bytes | Created Date = 06/10/2007 13:45:15 | Attr = ]
usrwdxjs.sys -> %System32%\dllcache\usrwdxjs.sys -> U.S. Robotics Corporation [Ver = 3.27.036.0005 | Size = 687999 bytes | Created Date = 06/10/2007 13:45:20 | Attr = ]
vchnt5.dll -> %System32%\dllcache\vchnt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 06/10/2007 13:45:26 | Attr = ]
viairda.sys -> %System32%\dllcache\viairda.sys -> VIA Technologies, Inc. [Ver = 5,1,2480,0 (XPClient.010817-1148) | Size = 24576 bytes | Created Date = 06/10/2007 13:45:31 | Attr = ]
vinwm.sys -> %System32%\dllcache\vinwm.sys -> Xircom [Ver = 2.1.0.10 | Size = 249402 bytes | Created Date = 06/10/2007 13:45:37 | Attr = ]
vmodem.sys -> %System32%\dllcache\vmodem.sys -> PCTEL, INC. [Ver = 7.60.10A | Size = 604253 bytes | Created Date = 06/10/2007 13:45:42 | Attr = ]
vpctcom.sys -> %System32%\dllcache\vpctcom.sys -> PCtel, Inc. [Ver = 8.00-9K | Size = 397502 bytes | Created Date = 06/10/2007 13:45:47 | Attr = ]
vvoice.sys -> %System32%\dllcache\vvoice.sys -> PCtel, Inc. [Ver = 3.53.00 | Size = 64605 bytes | Created Date = 06/10/2007 13:45:53 | Attr = ]
w840nd.sys -> %System32%\dllcache\w840nd.sys -> Winbond Electronics Corporation [Ver = 2.40 | Size = 19528 bytes | Created Date = 06/10/2007 13:46:02 | Attr = ]
w926nd.sys -> %System32%\dllcache\w926nd.sys -> Winbond Electronics Corporation [Ver = 1.60 | Size = 19016 bytes | Created Date = 06/10/2007 13:46:06 | Attr = ]
w940nd.sys -> %System32%\dllcache\w940nd.sys -> Winbond Electronics Corporation [Ver = 3.22 | Size = 16925 bytes | Created Date = 06/10/2007 13:46:11 | Attr = ]
wadv01nt.sys -> %System32%\dllcache\wadv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Created Date = 06/10/2007 13:46:18 | Attr = ]
wadv02nt.sys -> %System32%\dllcache\wadv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Created Date = 06/10/2007 13:46:19 | Attr = ]
wadv05nt.sys -> %System32%\dllcache\wadv05nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Created Date = 06/10/2007 13:46:20 | Attr = ]
wadv07nt.sys -> %System32%\dllcache\wadv07nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 06/10/2007 13:46:21 | Attr = ]
wadv08nt.sys -> %System32%\dllcache\wadv08nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 06/10/2007 13:46:22 | Attr = ]
wadv09nt.sys -> %System32%\dllcache\wadv09nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 06/10/2007 13:46:22 | Attr = ]
wadv11nt.sys -> %System32%\dllcache\wadv11nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 06/10/2007 13:46:23 | Attr = ]
watv01nt.sys -> %System32%\dllcache\watv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Created Date = 06/10/2007 13:46:26 | Attr = ]
watv02nt.sys -> %System32%\dllcache\watv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Created Date = 06/10/2007 13:46:27 | Attr = ]
watv04nt.sys -> %System32%\dllcache\watv04nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Created Date = 06/10/2007 13:46:28 | Attr = ]
watv06nt.sys -> %System32%\dllcache\watv06nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 06/10/2007 13:46:28 | Attr = ]
watv10nt.sys -> %System32%\dllcache\watv10nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 06/10/2007 13:46:29 | Attr = ]
wbfirdma.sys -> %System32%\dllcache\wbfirdma.sys -> Winbond Electronics Corp. [Ver = 5.4.9820.0306 | Size = 35871 bytes | Created Date = 06/10/2007 13:46:33 | Attr = ]
wch7xxnt.sys -> %System32%\dllcache\wch7xxnt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Created Date = 06/10/2007 13:46:39 | Attr = ]
wdhaalba.sys -> %System32%\dllcache\wdhaalba.sys -> 3Com Corporation [Ver = 3.34.034.0075 | Size = 701386 bytes | Created Date = 06/10/2007 13:46:40 | Attr = ]
winacisa.sys -> %System32%\dllcache\winacisa.sys -> Rockwell [Ver = 2,0,2,111 | Size = 771581 bytes | Created Date = 06/10/2007 13:47:02 | Attr = ]
wlandrv2.sys -> %System32%\dllcache\wlandrv2.sys -> Raytheon Corp. [Ver = 4.00.00.0004 | Size = 34890 bytes | Created Date = 06/10/2007 13:47:15 | Attr = ]
wlluc48.sys -> %System32%\dllcache\wlluc48.sys -> Lucent Technologies [Ver = 7.43.0.9 | Size = 154624 bytes | Created Date = 06/10/2007 13:47:20 | Attr = ]
wsiintxx.sys -> %System32%\dllcache\wsiintxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Created Date = 06/10/2007 13:47:54 | Attr = ]
wvchntxx.sys -> %System32%\dllcache\wvchntxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Created Date = 06/10/2007 13:48:02 | Attr = ]
xem336n5.sys -> %System32%\dllcache\xem336n5.sys -> US Robotics MCD (Megahertz) [Ver = 1.25.014 | Size = 16970 bytes | Created Date = 06/10/2007 13:48:04 | Attr = ]
xlog.exe -> %System32%\dllcache\xlog.exe -> Eicon Technology [Ver = 2.0.1.315 | Size = 99865 bytes | Created Date = 06/10/2007 13:48:12 | Attr = ]
xrxftplt.exe -> %System32%\dllcache\xrxftplt.exe -> [Ver = 1, 0, 0, 2 | Size = 27648 bytes | Created Date = 06/10/2007 13:48:57 | Attr = ]
xrxscnui.dll -> %System32%\dllcache\xrxscnui.dll -> [Ver = 1, 0, 0, 1 | Size = 17408 bytes | Created Date = 06/10/2007 13:49:01 | Attr = ]
xrxwbtmp.dll -> %System32%\dllcache\xrxwbtmp.dll -> Xerox Corporation [Ver = 1, 0, 0, 1 | Size = 23040 bytes | Created Date = 06/10/2007 13:49:06 | Attr = ]
xrxwiadr.dll -> %System32%\dllcache\xrxwiadr.dll -> Xerox [Ver = 1, 0, 0, 2 | Size = 116224 bytes | Created Date = 06/10/2007 13:49:11 | Attr = ]
Dvd43.sys -> %System32%\drivers\Dvd43.sys -> Fengtao Software Inc. [Ver = 2, 6, 0, 28 | Size = 35296 bytes | Created Date = 25/10/2007 16:49:19 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 06/10/2007 11:05:49 | Attr = ]
hosts.20071010-100228.backup -> %System32%\drivers\etc\hosts.20071010-100228.backup -> [Ver = | Size = 27 bytes | Created Date = 10/10/2007 10:02:28 | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 281 bytes | Modified Date = 26/10/2007 17:44:44 | Attr = HS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 24/10/2007 20:02:58 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 23/10/2007 08:54:38 | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 25/10/2007 16:08:20 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 501731328 bytes | Modified Date = 26/10/2007 17:48:48 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 26/10/2007 10:39:36 | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 24/10/2007 20:02:02 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 11/10/2007 20:55:22 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 26/10/2007 15:26:44 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/10/2007 09:22:04 | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Modified Date = 26/10/2007 15:26:44 | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/10/2007 09:22:46 | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/10/2007 09:24:40 | Attr = H ]
ahd3.ini -> %SystemRoot%\ahd3.ini -> [Ver = | Size = 749 bytes | Modified Date = 14/10/2007 19:55:44 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 26/10/2007 17:48:50 | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 20/10/2007 06:03:32 | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 26/10/2007 15:03:40 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 24/10/2007 21:00:42 | Attr = S]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 101 bytes | Modified Date = 25/10/2007 17:51:24 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 23/10/2007 08:55:36 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 26/10/2007 07:29:12 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 26/10/2007 15:00:54 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/10/2007 09:23:28 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/10/2007 09:24:06 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 13/10/2007 18:41:50 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 26/10/2007 17:37:50 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 26/10/2007 21:07:52 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 24/10/2007 20:03:38 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 202 bytes | Modified Date = 25/10/2007 18:05:26 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 18/10/2007 08:48:50 | Attr = ]
panose.bin -> %SystemRoot%\panose.bin -> [Ver = | Size = 2241 bytes | Modified Date = 30/09/2007 08:39:56 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 24/10/2007 20:06:06 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 26/10/2007 10:40:34 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 26/10/2007 10:40:34 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 08/10/2007 15:20:08 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 14/10/2007 19:54:10 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 26/10/2007 17:44:44 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 26/10/2007 15:04:26 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 24/10/2007 20:02:52 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 26/10/2007 21:10:28 | Attr = ]
WDIC.INI -> %SystemRoot%\WDIC.INI -> [Ver = | Size = 11758 bytes | Modified Date = 13/10/2007 11:00:32 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 752 bytes | Modified Date = 26/10/2007 17:44:44 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 13/10/2007 22:27:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 26/10/2007 17:49:46 | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 06/10/2007 12:12:36 | Attr = ]
Catroot2 -> %System32%\Catroot2 -> [Folder | Modified Date = 26/10/2007 07:28:44 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 08/10/2007 15:21:14 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 26/10/2007 07:29:36 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 25/10/2007 16:49:20 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 358576 bytes | Modified Date = 26/10/2007 07:31:20 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 68452 bytes | Modified Date = 27/09/2007 21:07:06 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 432704 bytes | Modified Date = 27/09/2007 21:07:06 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 510032 bytes | Modified Date = 27/09/2007 21:07:06 | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 10/10/2007 09:21:42 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 11/10/2007 20:55:22 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 47198 bytes | Modified Date = 26/10/2007 17:50:02 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 08/10/2007 15:20:10 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 26/10/2007 17:51:00 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 26/10/2007 17:50:40 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 26/10/2007 21:06:38 | Attr = ]
Dvd43.sys -> %System32%\drivers\Dvd43.sys -> Fengtao Software Inc. [Ver = 2, 6, 0, 28 | Size = 35296 bytes | Modified Date = 25/10/2007 17:51:12 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/10/2007 10:02:30 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 06/10/2007 14:21:24 | Attr = ]
hosts.20071010-100228.backup -> %System32%\drivers\etc\hosts.20071010-100228.backup -> [Ver = | Size = 27 bytes | Modified Date = 06/10/2007 10:37:18 | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 17:30:00 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Modified Date = 02/04/2007 14:21:28 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 17:30:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 04/08/2004 17:30:00 | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 179421 bytes | Modified Date = 19/10/2007 20:26:14 | Attr = ]

< End of report >


SO IT FIT
Thank you so much,
D.


#15 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:27 AM

Posted 29 October 2007 - 09:12 AM

Hi dreamhouse, :thumbsup:

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
YY -> (combofix) combofix [Win32_Own | On_Demand | Stopped] ->
YY -> (TQFTAUVG) TQFTAUVG [Win32_Own | Disabled | Stopped] -> %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TQFTAUVG.exe
[Registry - Non-Microsoft Only]
< Internet Explorer Settings > ->
YY -> HKLM: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm
YY -> HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{63837897-A6BB-424F-ACB8-F25C93F87890} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.0 - CodeBase = http://java.sun.com/update/1.4.0/jinstall-...indows-i586.cab
[Files/Folders - Created Within 30 days]
NY -> ComboFix -> %SystemDrive%\ComboFix
NY -> Deckard -> %SystemDrive%\Deckard
NY -> qoobox -> %SystemDrive%\qoobox
NY -> $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$
NY -> $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$
NY -> catchme.exe -> %SystemRoot%\catchme.exe
[Files/Folders - Modified Within 30 days]
NY -> ComboFix -> %SystemDrive%\ComboFix
NY -> Deckard -> %SystemDrive%\Deckard
NY -> qoobox -> %SystemDrive%\qoobox
NY -> System Volume Information -> %SystemDrive%\System Volume Information
NY -> $NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$
NY -> $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$
NY -> $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$
NY -> catchme.exe -> %SystemRoot%\catchme.exe
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users