Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crazy Pop Ups


  • This topic is locked This topic is locked
10 replies to this topic

#1 mel9589

mel9589

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 07 December 2007 - 10:21 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:57 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\1168559001\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...&ar=msnhome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {ecd7b22d-e75d-48ff-be5c-8b4767f304ed} - C:\WINDOWS\system32\psjosrj.dll (file missing)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168559001\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [f093a068] rundll32.exe "C:\WINDOWS\system32\hnyodmnk.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193677725378
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/ghbabeld...zylomplayer.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://www.cramster.com/DRM/Client/FileOpen.CAB
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab
O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) - http://photofiddle.com/ocx/VUploaderProj1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\Software\..\Telephony: DomainName = NBPS.NBPS.ORG
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3A44F5D-E215-4D90-B6EB-582DACC46703}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10735 bytes

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:47 AM

Posted 08 December 2007 - 01:52 PM

Hello mel9589 and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

First delete the current version of HijackThis you have:

C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe <-- Right click on it and delete it.

In Step #3 you will find instructions for running DSS scan, during running that scan you will be asked to confirm downloading and installing of HijackThis, make sure you are connected to internet and allow this.

Step #2

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
Note: If you don't have HijackThis installed on your computer, dss will prompt you to download and install it for you, please allow this to happen !


In your next post please include the following reports:
  • VundoFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.

Regards,

Edited by SNOWHITE, 08 December 2007 - 01:55 PM.

SNOWHITE
Posted Image

#3 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 08 December 2007 - 09:07 PM

Vundo found nothing and I saved the DSS and trued running it multiple times but every time I do it pops up that it has encountered an error and has to shut off. So I don't have any of the logs :thumbsup:

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:47 AM

Posted 08 December 2007 - 10:50 PM

Vundo found nothing and I saved the DSS and trued running it multiple times but every time I do it pops up that it has encountered an error and has to shut off. So I don't have any of the logs :thumbsup:


Lets try this:

Step #1
1. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
2. Download combofix from one of these links:
Link1
Link2
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note:
Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open task-manager > use the processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.
Step #2

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Post back with Combofix report and new HijackThis log. Let me know how the things will go.

Regards,
SNOWHITE
Posted Image

#5 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 09 December 2007 - 10:04 AM

ComboFix 07-12-09.1 - Administrator 2007-12-09 9:49:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.79 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHIR0HU3\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\sznf.ascii

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF
-------\core


((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-09 09:57 . 2007-12-09 09:57 <DIR> d-------- C:\WINDOWS\TEM
2007-12-08 20:50 . 2007-12-08 20:50 <DIR> d-------- C:\Deckard
2007-12-08 14:29 . 2007-12-08 14:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PalaceChat 3
2007-12-08 14:25 . 2007-12-08 14:25 <DIR> d-------- C:\Program Files\PalaceChat
2007-12-07 17:52 . 2007-12-07 17:52 20,480 --a------ C:\WINDOWS\quit.exe
2007-12-07 08:43 . 2007-12-07 08:43 <DIR> d-------- C:\Program Files\CCleaner
2007-12-06 22:11 . 2007-12-06 23:49 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 19:14 . 2007-12-06 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 19:13 . 2007-12-07 11:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 19:13 . 2007-12-06 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-06 19:12 . 2007-12-06 19:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 09:34 . 2007-12-06 13:12 807,676 ---hs---- C:\WINDOWS\system32\knmdoynh.ini
2007-12-05 09:30 . 2007-12-06 09:31 807,588 ---hs---- C:\WINDOWS\system32\nxnakudc.ini
2007-12-03 12:38 . 2007-12-03 12:38 <DIR> d-------- C:\WINDOWS\system32\bits
2007-12-03 12:37 . 2007-03-29 07:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-12-03 12:37 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-12-02 09:24 . 2007-12-06 09:25 72,027 ---hs---- C:\WINDOWS\system32\srtss.bak2
2007-12-01 20:09 . 2007-12-01 20:09 <DIR> d-------- C:\VundoFix Backups
2007-12-01 19:41 . 2007-12-03 15:12 <DIR> d-------- C:\WINDOWS\system32\daSgo01
2007-12-01 18:41 . 2007-12-04 09:55 <DIR> d-------- C:\WINDOWS\system32\mm6
2007-12-01 18:41 . 2007-12-01 18:41 <DIR> d-------- C:\WINDOWS\system32\hv2
2007-12-01 18:41 . 2007-12-01 18:51 <DIR> d-------- C:\WINDOWS\system32\ft21
2007-12-01 18:41 . 2007-12-01 18:41 <DIR> d-------- C:\WINDOWS\system32\dr1
2007-12-01 18:41 . 2007-12-03 15:12 <DIR> d-------- C:\WINDOWS\system32\daSgo02
2007-12-01 18:41 . 2007-12-01 18:42 <DIR> d-------- C:\temp\bkR11
2007-12-01 12:48 . 2007-12-01 12:48 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-01 12:48 . 1998-06-16 23:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2007-12-01 12:48 . 1998-06-16 23:00 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-12-01 12:48 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2007-12-01 12:48 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-12-01 12:48 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-01 12:48 . 1999-03-25 19:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-12-01 12:48 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-12-01 12:48 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-12-01 12:48 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-12-01 12:48 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-12-01 11:16 . 2007-12-01 11:16 <DIR> d-------- C:\Program Files\WMA-MP3.com
2007-12-01 10:15 . 2007-12-01 10:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ruckus Network
2007-12-01 10:09 . 2007-12-01 10:09 <DIR> d-------- C:\Program Files\Bonjour
2007-11-26 07:57 . 2007-11-26 07:57 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
2007-11-22 15:19 . 2007-11-25 08:27 <DIR> d-------- C:\Program Files\BearShare
2007-11-22 15:19 . 2007-11-22 15:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BearShare
2007-11-22 15:19 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2007-11-22 14:55 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-11-22 14:51 . 2007-11-22 16:13 <DIR> d-------- C:\Program Files\BearShareGoldDownloader
2007-11-17 20:29 . 2007-11-17 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-17 20:28 . 2007-11-17 20:28 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-17 19:48 . 2007-11-17 19:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Download Manager
2007-11-17 19:46 . 2007-11-17 19:46 <DIR> d-------- C:\Program Files\FretPro
2007-11-14 08:38 . 2007-12-09 09:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-14 08:38 . 2007-11-14 08:38 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-14 08:37 . 2007-11-14 08:37 <DIR> d-------- C:\Program Files\iPod
2007-11-14 08:36 . 2007-11-14 08:37 <DIR> d-------- C:\Program Files\iTunes
2007-11-14 08:33 . 2007-11-14 08:34 <DIR> d-------- C:\Program Files\QuickTime
2007-11-12 11:21 . 2007-11-12 11:21 <DIR> d-------- C:\Program Files\YouTube Downloader
2007-11-09 23:00 . 2007-11-22 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FileVOoM
2007-11-09 22:20 . 2007-11-09 22:20 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-09 22:16 . 2007-11-09 22:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 20:11 --------- d-----w C:\Program Files\LimeWire
2007-11-22 18:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-11-19 20:12 --------- d-----w C:\Program Files\America Online 9.0
2007-11-18 03:36 739 ---ha-w C:\os070469.bin
2007-11-18 01:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-11 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 16:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 16:36 --------- d-----w C:\Program Files\Common Files\Vernier Software
2007-11-10 03:55 --------- d-----w C:\Program Files\BearShare Music
2007-11-06 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Printer Info Cache
2007-11-06 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Image Zone Express
2007-11-05 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Musicnotes
2007-11-04 00:31 --------- d-----w C:\Program Files\DivX
2007-10-30 11:57 --------- d-----w C:\Program Files\Trend Micro
2007-10-28 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-28 00:35 --------- d-----w C:\Program Files\Yahoo!
2007-10-27 23:02 --------- d-----w C:\Program Files\Java
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 23:55 --------- d-----w C:\Program Files\Presale
2007-10-23 14:37 --------- d-----w C:\Program Files\Winamp
2007-10-20 16:43 --------- d-----w C:\Program Files\NetRatingsNetSight
2007-10-19 21:54 --------- d-----w C:\Program Files\coolpro2
2007-10-19 21:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Syntrillium
2007-10-18 23:22 --------- d-----w C:\Program Files\Common Files\Vbox
2007-10-15 16:56 --------- d-----w C:\Program Files\Replay Converter
2007-10-03 01:36 53,648 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2005-10-18 12:18 44,632 ----a-w C:\Documents and Settings\pattersonm\Application Data\GDIPFONTCACHEV1.DAT
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-31_20.38.48.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2007-12-07 03:11:55 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-12-07 03:11:56 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-12-07 03:11:56 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-12-07 03:12:02 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-12-07 03:12:03 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-12-07 03:11:57 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
- 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 08:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
+ 2007-03-06 23:59:11 300,680 ----a-w C:\WINDOWS\Downloaded Program Files\arclib.dll
+ 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-09-18 02:25:55 10,627,256 ----a-w C:\WINDOWS\Downloaded Program Files\vet.dat
+ 2007-07-13 04:11:05 1,353,016 ----a-w C:\WINDOWS\Downloaded Program Files\vete.dll
+ 2006-11-20 17:02:34 180,282 ----a-w C:\WINDOWS\Downloaded Program Files\webscan.dll
- 2005-03-02 00:57:44 2,135,552 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2006-02-21 03:27:54 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:34:40 2,056,832 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2006-02-21 00:00:46 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34:42 2,015,232 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2006-02-21 03:00:45 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:59:53 2,179,328 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-02-21 03:30:04 2,180,224 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2007-10-29 17:00:52 130,423 ----a-w C:\WINDOWS\hpoins13.dat
+ 2007-11-07 00:26:22 130,423 ----a-w C:\WINDOWS\hpoins13.dat
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-01 23:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-11-18 01:19:49 65,536 ----a-r C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe
+ 2007-12-07 00:13:45 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-12-07 00:13:45 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-12-07 00:13:45 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-11-14 13:37:55 102,400 ----a-r C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe
+ 2007-11-18 01:24:29 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
+ 2007-11-18 01:24:29 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\ProgramMenuShortcut_E9787678103300008E670000000001_1.exe
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 02:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 02:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
+ 2007-03-29 12:56:02 409,600 ------w C:\WINDOWS\system32\bits\qmgr.dll
- 2004-08-04 10:00:00 8,192 ----a-w C:\WINDOWS\system32\bitsprx2.dll
+ 2007-03-29 12:56:02 8,192 ----a-w C:\WINDOWS\system32\bitsprx2.dll
- 2004-08-04 10:00:00 7,168 ----a-w C:\WINDOWS\system32\bitsprx3.dll
+ 2007-03-29 12:56:02 7,168 ----a-w C:\WINDOWS\system32\bitsprx3.dll
- 2004-08-04 12:00:00 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 02:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-15 17:28:06 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-09-15 17:28:06 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 02:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-04 10:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\bitsprx2.dll
+ 2007-03-29 12:56:02 8,192 -c--a-w C:\WINDOWS\system32\dllcache\bitsprx2.dll
- 2004-08-04 10:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\bitsprx3.dll
+ 2007-03-29 12:56:02 7,168 -c--a-w C:\WINDOWS\system32\dllcache\bitsprx3.dll
- 2004-08-04 12:00:00 286,208 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 02:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-15 17:28:06 161,792 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-08-04 12:00:00 695,296 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2004-08-04 12:00:00 193,024 -c--a-w C:\WINDOWS\system32\dllcache\fsquirt.exe
- 2004-09-15 17:27:52 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 02:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-09-15 17:27:52 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 01:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 12:00:00 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-19 02:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 12:00:00 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 02:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 12:00:00 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 02:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-09-15 17:27:52 344,064 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 02:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-08-04 12:00:00 259,072 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-15 17:27:52 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 02:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-15 17:27:52 169,472 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 02:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-15 17:27:52 360,176 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-19 02:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-15 17:27:52 311,296 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 02:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-02-21 00:00:46 2,057,600 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2005-03-02 00:59:53 2,179,328 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2006-02-21 03:30:04 2,180,224 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2004-09-15 17:27:54 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 02:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-08-04 10:00:00 382,464 -c--a-w C:\WINDOWS\system32\dllcache\qmgr.dll
+ 2007-03-29 12:56:02 409,600 -c--a-w C:\WINDOWS\system32\dllcache\qmgr.dll
- 2004-08-04 10:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\qmgrprxy.dll
+ 2007-03-29 12:56:02 18,944 -c--a-w C:\WINDOWS\system32\dllcache\qmgrprxy.dll
- 2004-09-15 17:27:54 819,200 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 23:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-09-15 17:27:54 192,512 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-11-01 23:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2004-08-04 12:00:00 77,891 -c--a-w C:\WINDOWS\system32\dllcache\usrmlnka.exe
+ 2004-08-04 12:00:00 61,508 -c--a-w C:\WINDOWS\system32\dllcache\usrprbda.exe
- 2004-09-15 17:27:54 380,144 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-15 17:27:54 712,704 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-09-15 17:27:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 02:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-09-15 17:27:54 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 02:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-15 17:27:54 34,304 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 02:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-15 17:27:54 189,440 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 02:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-09-15 17:27:54 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 02:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-15 17:27:54 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2006-04-29 10:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-19 02:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-09-15 17:28:00 135,168 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-15 17:28:00 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 02:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-15 17:28:00 282,624 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-15 17:28:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 02:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-15 17:28:00 3,371,008 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 02:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-09-15 17:28:00 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-09-15 17:28:00 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-15 17:28:02 1,116,160 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-15 17:28:02 531,192 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-15 17:28:02 936,960 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2004-09-15 17:28:04 2,362,104 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-15 17:28:06 871,160 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-15 17:28:06 999,424 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-02-28 17:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2006-02-28 17:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
- 2005-01-26 07:03:00 20,576 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2007-05-07 08:00:00 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2006-10-19 02:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-09-15 17:28:06 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 01:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 23:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-29 00:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-19 01:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-08-04 12:00:00 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2007-10-31 19:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2007-09-19 11:42:22 224,024 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-18 14:27:38 224,816 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-02-24 04:01:58 1,093,632 ----a-w C:\WINDOWS\system32\GnucCOM.dll
- 2004-09-15 17:27:52 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 02:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
+ 2007-10-20 00:56:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
- 2004-09-15 17:27:52 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 01:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2007-06-11 18:04:38 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
+ 2006-10-19 02:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 02:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 12:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 02:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 12:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 02:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 12:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 20:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-08-04 12:00:00 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-15 17:27:52 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 02:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-15 17:27:52 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 02:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-09-15 17:27:52 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-10-19 02:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-04 12:00:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-24 00:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
- 2004-09-15 17:27:52 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 02:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2005-03-02 00:34:40 2,056,832 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2006-02-21 00:00:46 2,057,600 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2005-03-02 00:59:53 2,179,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2006-02-21 03:30:04 2,180,224 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2007-10-28 13:16:20 64,878 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-10 03:22:33 64,878 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 13:16:20 405,028 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-10 03:22:33 405,028 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-19 02:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 02:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 02:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 02:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 02:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2005-01-26 19:36:00 339,968 ------w C:\WINDOWS\system32\Px.dll
+ 2007-07-05 22:55:04 567,792 ----a-w C:\WINDOWS\system32\Px.dll
- 2005-10-10 19:28:03 56,832 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2007-05-07 15:03:56 66,296 ----a-w C:\WINDOWS\system32\pxcpya64.exe
- 2005-10-10 19:28:03 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
+ 2007-05-07 15:03:56 120,568 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
- 2005-02-04 06:01:00 401,408 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2007-06-07 06:02:00 535,288 ----a-w C:\WINDOWS\system32\pxdrv.dll
- 2005-10-10 19:28:03 54,272 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2007-05-07 15:03:52 64,760 ----a-w C:\WINDOWS\system32\pxinsa64.exe
- 2005-10-10 19:28:03 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
+ 2007-05-07 15:03:54 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
- 2005-01-26 19:35:08 172,032 ------w C:\WINDOWS\system32\PxMas.dll
+ 2007-07-05 22:55:06 186,864 ----a-w C:\WINDOWS\system32\PxMas.dll
- 2005-01-26 19:39:04 1,077,248 ------w C:\WINDOWS\system32\PxSFS.DLL
+ 2007-07-05 22:55:08 1,649,136 ----a-w C:\WINDOWS\system32\PxSFS.DLL
- 2005-01-26 19:34:40 339,968 ------w C:\WINDOWS\system32\PxWave.dll
+ 2007-07-05 22:55:08 379,376 ----a-w C:\WINDOWS\system32\PxWave.dll
- 2004-08-24 20:06:22 10,752 ------w C:\WINDOWS\system32\PXWMA.dll
+ 2007-07-05 22:55:10 158,192 ----a-w C:\WINDOWS\system32\pxwma.dll
- 2004-09-15 17:27:54 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 02:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2004-08-04 10:00:00 382,464 ----a-w C:\WINDOWS\system32\qmgr.dll
+ 2007-03-29 12:56:02 409,600 ----a-w C:\WINDOWS\system32\qmgr.dll
- 2004-08-04 10:00:00 18,944 ----a-w C:\WINDOWS\system32\qmgrprxy.dll
+ 2007-03-29 12:56:02 18,944 ----a-w C:\WINDOWS\system32\qmgrprxy.dll
- 2005-10-12 23:16:49 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 22:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 22:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2007-10-20 00:56:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
- 2004-09-15 17:27:54 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2005-01-12 06:00:00 28,672 ------w C:\WINDOWS\system32\VXBLOCK.dll
+ 2007-03-26 06:00:00 88,824 ----a-w C:\WINDOWS\system32\vxblock.dll
- 2004-09-15 17:27:54 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 02:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-15 17:27:54 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2004-09-15 17:27:54 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-15 17:27:54 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-09-15 17:27:54 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 02:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-09-15 17:27:54 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 02:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-15 17:27:54 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 02:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-15 17:27:54 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 02:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-15 17:27:54 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 02:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 02:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 02:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-09-15 17:27:54 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 02:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-15 17:27:54 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2006-04-29 10:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-19 02:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 02:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 02:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 02:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 02:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 02:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 02:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-09-15 17:28:00 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-15 17:28:02 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-15 17:28:02 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-15 17:28:02 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-15 17:28:04 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-15 17:28:04 1,509,376 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2004-09-15 17:28:04 2,362,104 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 02:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-09-15 17:28:06 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-15 17:28:06 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 02:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 02:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 02:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-09-15 17:28:06 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 02:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-15 17:28:06 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 02:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-15 17:28:06 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 02:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-15 17:28:06 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 02:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 02:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 01:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 02:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 02:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-09-15 17:28:06 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 02:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-29 01:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 23:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 23:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 23:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 23:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2005-09-23 04:49:12 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecd7b22d-e75d-48ff-be5c-8b4767f304ed}]
C:\WINDOWS\system32\psjosrj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1168559001\ee\AOLSoftware.exe" [2006-09-25 19:52]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-26 13:49]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 00:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 14:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 08:58]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"f093a068"="C:\WINDOWS\system32\hnyodmnk.dll" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-09-26 13:49:10]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon\0\0]
"Script"=verclsid.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon\1\0]
"Script"=\\NBPS.NBPS.ORG\SysVol\NBPS.NBPS.ORG\scripts\audit_12.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon\0\0]
"Script"=verclsid.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon\1\0]
"Script"=\\NBPS.NBPS.ORG\SysVol\NBPS.NBPS.ORG\scripts\audit_12.vbs

R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
R3 km_filter;km_filter;C:\WINDOWS\system32\drivers\km_filter.sys
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{522d07e8-af9e-11db-a120-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 13:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgeoyoeoN-MELIS.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 09:57:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
Completion time: 2007-12-09 9:59:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-01 15:24
C:\ComboFix3.txt ... 2007-11-01 08:03
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:20 AM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\Common Files\AOL\1168559001\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...&ar=msnhome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {ecd7b22d-e75d-48ff-be5c-8b4767f304ed} - C:\WINDOWS\system32\psjosrj.dll (file missing)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168559001\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [f093a068] rundll32.exe "C:\WINDOWS\system32\hnyodmnk.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193677725378
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/ghbabeld...zylomplayer.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://www.cramster.com/DRM/Client/FileOpen.CAB
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab
O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) - http://photofiddle.com/ocx/VUploaderProj1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\Software\..\Telephony: DomainName = NBPS.NBPS.ORG
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3A44F5D-E215-4D90-B6EB-582DACC46703}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10403 bytes

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:47 AM

Posted 09 December 2007 - 07:22 PM

Hello mel9589,

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

BearShareGoldDownloader
netmeter or NetRatingsNetmeter

Please note any other programs that you don't recognize in that list in your next response

Step #2

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\hnyodmnk.dll
C:\WINDOWS\system32\knmdoynh.ini
C:\WINDOWS\system32\nxnakudc.ini
C:\WINDOWS\system32\srtss.bak2
C:\WINDOWS\system32\psjosrj.dll

Folder::
C:\WINDOWS\system32\daSgo01
C:\WINDOWS\system32\mm6
C:\WINDOWS\system32\hv2
C:\WINDOWS\system32\ft21
C:\WINDOWS\system32\dr1
C:\WINDOWS\system32\daSgo02
C:\temp\bkR11
C:\Program Files\BearShareGoldDownloader


Collect::[29]
C:\WINDOWS\quit.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgeoyoeoN-MELIS.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecd7b22d-e75d-48ff-be5c-8b4767f304ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f093a068"=-

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. Additonally, ComboFix will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
ComboFix may need to reboot to finish its work. Let it.

When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

If CF-Submit.htm is detected, ComboFix will generate this message box:

Posted Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Posted Image

Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"
Once the file has been submitted, please DELETE both files on your desktop.


Step #3

- Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • - Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

- Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

- Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.


Step #4
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Post the following reports/logs into your next reply:
  • Combofix.txt
  • AVG Anti-Spyware report
  • A new HijackThis log (run after AVG Anti-Spyware has finished its work.)
  • Unistall list
Regards,
SNOWHITE
Posted Image

#7 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 10 December 2007 - 01:52 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:09 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1168559001\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...&ar=msnhome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168559001\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193677725378
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/ghbabeld...zylomplayer.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://www.cramster.com/DRM/Client/FileOpen.CAB
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab
O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) - http://photofiddle.com/ocx/VUploaderProj1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\Software\..\Telephony: DomainName = NBPS.NBPS.ORG
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3A44F5D-E215-4D90-B6EB-582DACC46703}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = NBPS.NBPS.ORG
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10393 bytes

32 Bit HP CIO Components Installer
Additional Voices for XP
Adobe Acrobat 5.0
Adobe Common File Installer
Adobe Extension Manager CS3
Adobe Extension Manager CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Setup
Adobe Stock Photos 1.0
AIM 6
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
AVG Anti-Spyware 7.5
BearShare
Bonjour Core for Windows
Broadcom Management Programs
Bypass Client
CA eTrust Antivirus
CCleaner (remove only)
Conexant D480 MDC V.9x Modem
Cool Edit Pro 2.1
Coupon Printer for Windows
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Printer Software Uninstall
Dell Support 3.1
DialIdol
Digital Line Detect
DivX Content Uploader
DivX Web Player
EarthLink setup files
Flash Video Exporter 1.2
Free Mp3 Wma Converter V 1.6.3
FretPro V.2.00
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPSSupply
Intel® Extreme Graphics 2 Driver
Intel® PROSet/Wireless Software
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 3
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Movavi VideoSuite 4.3
Mozilla Firefox (2.0.0.11)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
mToolkit
Musicmatch® Jukebox
Musicnotes Player V1.23.1 and Viewer
mWlsSafe
mXML
mZConfig
Netscape Browser (remove only)
NetWaiting
PalaceChat Version 3.0
Photo Click
PowerDVD 5.5
Presale Toolbar
Protected Music Converter 0.99.29b
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
Replay Converter 2.8
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx20 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip
WordPerfect Office 12

#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:47 AM

Posted 11 December 2007 - 01:45 PM

Hello mel9589, could you please post the combofix report and AVG Anti-Spyware report (if available) ? Or let me know if you are having any difficulties while following the instructions from my previous post. :thumbsup:

Regards,
SNOWHITE
Posted Image

#9 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 11 December 2007 - 03:52 PM

ComboFix 07-12-09.1 - Administrator 2007-12-10 10:37:34.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.138 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\hnyodmnk.dll
C:\WINDOWS\system32\knmdoynh.ini
C:\WINDOWS\system32\nxnakudc.ini
C:\WINDOWS\system32\psjosrj.dll
C:\WINDOWS\system32\srtss.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\BearShareGoldDownloader
C:\Program Files\BearShareGoldDownloader\~myplaylist~
C:\Program Files\BearShareGoldDownloader\BearShareGoldDownloader.exe
C:\Program Files\BearShareGoldDownloader\default playlist.m3u
C:\Program Files\BearShareGoldDownloader\freeoffer\FreeScreenSaver&Game.url
C:\Program Files\BearShareGoldDownloader\GnuCache.net
C:\Program Files\BearShareGoldDownloader\GnuUltraCache.net
C:\Program Files\BearShareGoldDownloader\SkinMagic.dll
C:\Program Files\BearShareGoldDownloader\TempDirctory\~downloadlist~
C:\temp\bkR11
C:\temp\bkR11\ftCa.log
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\daSgo01
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\dr1
C:\WINDOWS\system32\ft21
C:\WINDOWS\system32\hv2
C:\WINDOWS\system32\knmdoynh.ini
C:\WINDOWS\system32\mm6
C:\WINDOWS\system32\nxnakudc.ini
C:\WINDOWS\system32\srtss.bak2

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-09 09:57 . 2007-12-09 09:57 <DIR> d-------- C:\WINDOWS\TEM
2007-12-08 20:50 . 2007-12-08 20:50 <DIR> d-------- C:\Deckard
2007-12-08 14:29 . 2007-12-08 14:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PalaceChat 3
2007-12-08 14:25 . 2007-12-08 14:25 <DIR> d-------- C:\Program Files\PalaceChat
2007-12-07 08:43 . 2007-12-07 08:43 <DIR> d-------- C:\Program Files\CCleaner
2007-12-06 22:11 . 2007-12-06 23:49 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 19:14 . 2007-12-06 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 19:13 . 2007-12-07 11:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 19:13 . 2007-12-06 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-06 19:12 . 2007-12-06 19:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-03 12:38 . 2007-12-03 12:38 <DIR> d-------- C:\WINDOWS\system32\bits
2007-12-03 12:37 . 2007-03-29 07:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-12-03 12:37 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-12-01 20:09 . 2007-12-01 20:09 <DIR> d-------- C:\VundoFix Backups
2007-12-01 12:48 . 2007-12-01 12:48 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-01 12:48 . 1998-06-16 23:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2007-12-01 12:48 . 1998-06-16 23:00 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-12-01 12:48 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2007-12-01 12:48 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-12-01 12:48 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-01 12:48 . 1999-03-25 19:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-12-01 12:48 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-12-01 12:48 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-12-01 12:48 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-12-01 12:48 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-12-01 11:16 . 2007-12-01 11:16 <DIR> d-------- C:\Program Files\WMA-MP3.com
2007-12-01 10:15 . 2007-12-01 10:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ruckus Network
2007-12-01 10:09 . 2007-12-01 10:09 <DIR> d-------- C:\Program Files\Bonjour
2007-11-26 07:57 . 2007-11-26 07:57 1,358,156 --a------ C:\WINDOWS\system32\silc.dat
2007-11-22 15:19 . 2007-11-25 08:27 <DIR> d-------- C:\Program Files\BearShare
2007-11-22 15:19 . 2007-11-22 15:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BearShare
2007-11-22 14:55 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-11-17 20:29 . 2007-11-17 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-17 20:28 . 2007-11-17 20:28 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-17 19:48 . 2007-11-17 19:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Download Manager
2007-11-17 19:46 . 2007-11-17 19:46 <DIR> d-------- C:\Program Files\FretPro
2007-11-14 08:38 . 2007-12-10 10:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-14 08:38 . 2007-11-14 08:38 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-14 08:37 . 2007-11-14 08:37 <DIR> d-------- C:\Program Files\iPod
2007-11-14 08:36 . 2007-11-14 08:37 <DIR> d-------- C:\Program Files\iTunes
2007-11-14 08:33 . 2007-11-14 08:34 <DIR> d-------- C:\Program Files\QuickTime
2007-11-12 11:21 . 2007-11-12 11:21 <DIR> d-------- C:\Program Files\YouTube Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 20:11 --------- d-----w C:\Program Files\LimeWire
2007-11-22 18:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-11-22 17:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\FileVOoM
2007-11-19 20:12 --------- d-----w C:\Program Files\America Online 9.0
2007-11-18 03:36 739 ---ha-w C:\os070469.bin
2007-11-18 01:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-11 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 16:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 16:36 --------- d-----w C:\Program Files\Common Files\Vernier Software
2007-11-10 03:55 --------- d-----w C:\Program Files\BearShare Music
2007-11-10 03:20 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-06 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Printer Info Cache
2007-11-06 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Image Zone Express
2007-11-05 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Musicnotes
2007-11-04 00:31 --------- d-----w C:\Program Files\DivX
2007-10-30 11:57 --------- d-----w C:\Program Files\Trend Micro
2007-10-28 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-28 00:35 --------- d-----w C:\Program Files\Yahoo!
2007-10-27 23:02 --------- d-----w C:\Program Files\Java
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 23:55 --------- d-----w C:\Program Files\Presale
2007-10-23 14:37 --------- d-----w C:\Program Files\Winamp
2007-10-20 16:43 --------- d-----w C:\Program Files\NetRatingsNetSight
2007-10-19 21:54 --------- d-----w C:\Program Files\coolpro2
2007-10-19 21:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Syntrillium
2007-10-18 23:22 --------- d-----w C:\Program Files\Common Files\Vbox
2007-10-15 16:56 --------- d-----w C:\Program Files\Replay Converter
2007-10-03 01:36 53,648 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2005-10-18 12:18 44,632 ----a-w C:\Documents and Settings\pattersonm\Application Data\GDIPFONTCACHEV1.DAT
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1168559001\ee\AOLSoftware.exe" [2006-09-25 19:52]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-26 13:49]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 00:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 14:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 08:58]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-09-26 13:49:10]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-1006\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3836267639-1926318843-1959342720-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPLink-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\GPO-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon\0\0]
"Script"=verclsid.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-1309\Scripts\Logon\1\0]
"Script"=\\NBPS.NBPS.ORG\SysVol\NBPS.NBPS.ORG\scripts\audit_12.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2698\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPLink-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\GPO-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon\0\0]
"Script"=verclsid.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-162531612-682003330-2725\Scripts\Logon\1\0]
"Script"=\\NBPS.NBPS.ORG\SysVol\NBPS.NBPS.ORG\scripts\audit_12.vbs

R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
R3 km_filter;km_filter;C:\WINDOWS\system32\drivers\km_filter.sys
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{522d07e8-af9e-11db-a120-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 13:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgeoyoeoN-MELIS.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 10:44:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
Completion time: 2007-12-10 10:46:31 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-09 09:59
C:\ComboFix3.txt ... 2007-11-01 15:24
.
--- E O F ---


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:11:08 PM 12/10/2007

+ Scan result:



C:\Documents and Settings\pattersonm\Cookies\pattersonm@com[1].txt -> TrackingCookie.Com : Cleaned.


::Report end

#10 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:47 AM

Posted 13 December 2007 - 02:00 AM

Hello mel9589 :thumbsup:

Looks better.

Step #1

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Older Java versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please uninstall older versions of Java components:

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2_03


The next programs are also known to be not trusted:

BearShare - see this link http://www.bleepingcomputer.com/uninstall/117/BearShare.html

Viewpoint Manager (Remove Only) - This program is used to update the Viewpoint Media Player. This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

Please note any other programs that you don't recognize in that list in your next response

Step #2

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.
Please post back with Kaspersky scan report and new Hijackthis log. Let me know how is the computer running.

Regards,
SNOWHITE
Posted Image

#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:47 AM

Posted 23 December 2007 - 07:39 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users