Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log "mbam Says Clean"


  • This topic is locked This topic is locked
23 replies to this topic

#1 coolncalm

coolncalm

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 September 2008 - 10:25 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:17 AM, on 9/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Administrator\Desktop\7\StealthBot v2.6R3.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Documents and Settings\Administrator\Desktop\9\StealthBot v2.6R3.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215998124750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215998184453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5525 bytes

BC AdBot (Login to Remove)

 


#2 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:06:12 AM

Posted 14 September 2008 - 12:13 PM

Hello coolncalm . Welcome to Bleeping Computers.

My name is The Gorilla,Gorilla is fine and I will be helping you with your log.

I will be handling your log and helping you to get cleaned up.

Please take note of the following:
  • Please do not make any system changes yet. as any changes you make may well alter your log.
  • The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.

#3 coolncalm

coolncalm
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 14 September 2008 - 01:52 PM

Thx u gorilla... nice of u and all the other valunteers to be doing this. I dont know if it will help but the only thing i can tell u to help u figure this out is that i alrdy have spybot SandD on my computer and run it alot to find the cookies and bots and such! I also have A-squeared which i have ran and found nothing at all! , as well as malwarebytes found nothing! My AV zonealarm internet suite find a spyware trijan call WIN32.heuristic.dialer" but does not specify a specific file name, also 1 of the main probs that i have notices is my comp freezing "mouse still moves but nonresponcive" and my comp even shutting itself down at at time.

I dont know if this helps to tell u what my problems r but maybe it help u to find the correct process or such. anyways thx for ur futer and current help i wait to hear from u !

#4 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:06:12 AM

Posted 16 September 2008 - 12:11 PM

Hi coolmcalm :thumbsup:

I see you have Viewpoint installed on your system;

Step #1
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Step #2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step #3
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Finally, Please post back the two logs that Random/Random programme produced along with the log produced by Kaspersky.

#5 coolncalm

coolncalm
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 16 September 2008 - 01:58 PM

Well as unfortunate as this is here is my clean logs "o suppose"

Logfile of random's system information tool 1.01 (written by random/random)
Run by Administrator at 2008-09-16 14:16:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 88 GB (86%) free of 102 GB
Total RAM: 3071 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:45 PM, on 9/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Documents and Settings\Administrator\Desktop\7\StealthBot v2.6R3.exe
C:\Documents and Settings\Administrator\Desktop\9\StealthBot v2.6R3.exe
C:\Documents and Settings\Administrator\Desktop\3\StealthBot v2.6R3.exe
C:\Documents and Settings\Administrator\Desktop\1\StealthBot v2.6R3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\4\StealthBot v2.6R3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215998124750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215998184453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5604 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-03-06 8425472]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-03-06 81920]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-18 16062464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-09-16 14:16:38 ----D---- C:\rsit
2008-09-13 01:49:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 17:29:23 ----D---- C:\Program Files\Wireshark
2008-09-12 14:51:43 ----D---- C:\Program Files\a-squared Free
2008-09-12 14:10:21 ----D---- C:\Program Files\WinPcap
2008-09-10 16:33:30 ----D---- C:\Program Files\Trend Micro
2008-09-10 09:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-07 13:52:55 ----D---- C:\WINDOWS\Sun
2008-09-07 13:52:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2008-09-06 20:49:26 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-06 20:46:00 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-06 20:46:00 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-06 20:46:00 ----A---- C:\WINDOWS\system32\java.exe
2008-09-06 20:45:27 ----D---- C:\Program Files\Java
2008-09-06 20:45:09 ----D---- C:\Program Files\Common Files\Java
2008-09-06 10:38:52 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-06 10:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 09:55:47 ----D---- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-09-06 05:41:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-01 14:42:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Wireshark
2008-08-31 18:18:59 ----D---- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-08-31 13:43:30 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-08-29 18:02:55 ----SHD---- C:\WINDOWS\CSC
2008-08-27 18:59:24 ----D---- C:\WINDOWS\pss
2008-08-27 17:03:26 ----N---- C:\WINDOWS\system32\xfcodec.dll
2008-08-22 11:16:43 ----A---- C:\WINDOWS\wininit.ini
2008-08-13 19:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 19:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 19:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-13 19:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 19:17:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 19:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-13 19:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB902344$
2008-08-13 19:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-08-13 19:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 19:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$
2008-08-11 02:17:23 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-08-11 02:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-07-31 23:52:42 ----N---- C:\WINDOWS\nvsulib.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\Nvgpio.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\NVGfxOgl.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\NVBenchMarks.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\ntuneoem.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\NTuneGpu.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\msvcr71.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\msvcp71.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\MFC71.dll
2008-07-31 23:52:42 ----N---- C:\WINDOWS\AutoTuneScript.dll
2008-07-31 23:52:41 ----D---- C:\Program Files\MSI
2008-07-29 21:15:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-07-29 21:14:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-29 21:14:42 ----D---- C:\Program Files\Common Files\Adobe
2008-07-29 21:14:42 ----D---- C:\Program Files\Adobe
2008-07-27 16:59:09 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-23 19:14:19 ----D---- C:\WINDOWS\system32\NtmsData
2008-07-17 18:14:47 ----D---- C:\WINDOWS\system32\URTTEMP
2008-07-17 18:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-07-17 18:06:11 ----D---- C:\WINDOWS\ie7updates
2008-07-17 18:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-07-17 18:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-07-17 18:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-07-17 18:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-07-16 21:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-07-16 21:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-07-16 21:40:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-07-16 21:20:48 ----A---- C:\WINDOWS\system32\MRT.exe
2008-07-16 21:08:31 ----D---- C:\Program Files\MSBuild
2008-07-16 21:08:25 ----D---- C:\WINDOWS\system32\XPSViewer
2008-07-16 21:08:21 ----D---- C:\Program Files\Reference Assemblies
2008-07-16 21:08:04 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-07-16 20:43:07 ----D---- C:\WINDOWS\RegisteredPackages
2008-07-16 20:30:57 ----D---- C:\WINDOWS\WBEM
2008-07-16 20:29:43 ----HDC---- C:\WINDOWS\ie7
2008-07-16 20:29:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-07-16 20:29:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-07-15 17:23:43 ----N---- C:\WINDOWS\ScUnin.exe
2008-07-15 17:23:08 ----D---- C:\Program Files\Starcraft
2008-07-15 15:01:47 ----D---- C:\WINDOWS\system32\LogFiles
2008-07-14 20:24:17 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-14 20:24:13 ----D---- C:\Documents and Settings\Administrator\Application Data\acccore
2008-07-14 20:23:27 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-14 20:23:25 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-14 20:23:15 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-14 20:23:15 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-14 20:22:59 ----D---- C:\Program Files\Common Files\AOL
2008-07-14 20:22:34 ----D---- C:\Program Files\AIM6
2008-07-13 22:38:48 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-07-13 22:38:09 ----D---- C:\Program Files\WinRAR
2008-07-13 22:19:18 ----D---- C:\Documents and Settings\Administrator\Application Data\Xfire
2008-07-13 22:19:16 ----D---- C:\Program Files\Xfire
2008-07-13 22:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-13 22:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-13 22:18:19 ----D---- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-07-13 22:10:58 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-13 22:10:50 ----D---- C:\Program Files\Mozilla Firefox
2008-07-13 22:08:30 ----D---- C:\Program Files\Panicware
2008-07-13 21:46:08 ----A---- C:\rollback.ini
2008-07-13 21:40:20 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-13 21:40:15 ----N---- C:\WINDOWS\zllsputility.exe
2008-07-13 21:40:15 ----N---- C:\WINDOWS\system32\SpOrder.dll
2008-07-13 21:40:11 ----N---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-07-13 21:40:11 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-07-13 21:40:10 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-07-13 21:40:10 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-07-13 21:40:08 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-07-13 21:40:08 ----D---- C:\Program Files\Zone Labs
2008-07-13 21:40:08 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-07-13 21:40:08 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-07-13 21:40:08 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-07-13 21:40:08 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-07-13 21:39:36 ----D---- C:\WINDOWS\Internet Logs
2008-07-13 21:39:36 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-07-13 21:39:36 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-07-13 21:39:36 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-07-13 21:35:44 ----N---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-13 21:35:44 ----N---- C:\WINDOWS\system32\mucltui.dll
2008-07-13 21:34:55 ----D---- C:\WINDOWS\Prefetch
2008-07-13 21:28:43 ----D---- C:\WINDOWS\system32\scripting
2008-07-13 21:28:43 ----D---- C:\WINDOWS\system32\en-us
2008-07-13 21:28:43 ----D---- C:\WINDOWS\system32\en
2008-07-13 21:28:43 ----D---- C:\WINDOWS\system32\bits
2008-07-13 21:28:43 ----D---- C:\WINDOWS\l2schemas
2008-07-13 21:27:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-07-13 21:26:03 ----D---- C:\WINDOWS\network diagnostic
2008-07-13 21:24:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-07-13 21:18:25 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-13 21:18:19 ----D---- C:\WINDOWS\system32\PreInstall
2008-07-13 21:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-07-13 21:18:16 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-07-13 21:15:48 ----N---- C:\WINDOWS\system32\wups2.dll
2008-07-13 21:15:48 ----N---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-13 21:15:48 ----N---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-13 21:15:47 ----N---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-13 21:15:47 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-07-13 21:09:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-07-13 21:09:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-13 21:06:44 ----N---- C:\WINDOWS\system32\wpa.bak
2008-07-13 21:03:32 ----D---- C:\WINDOWS\system32\Lang
2008-07-13 20:59:13 ----RSD---- C:\WINDOWS\assembly
2008-07-13 20:58:54 ----D---- C:\WINDOWS\Microsoft.NET
2008-07-13 20:57:52 ----R---- C:\WINDOWS\system32\ChCfg.exe
2008-07-13 20:57:33 ----D---- C:\WINDOWS\system32\RTCOM
2008-07-13 20:57:30 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-07-13 20:57:03 ----N---- C:\WINDOWS\system32\spupdsvc.exe
2008-07-13 20:57:02 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-07-13 20:57:00 ----R---- C:\WINDOWS\SoundMan.exe
2008-07-13 20:56:59 ----R---- C:\WINDOWS\SkyTel.exe
2008-07-13 20:56:59 ----R---- C:\WINDOWS\RtlUpd.exe
2008-07-13 20:56:57 ----R---- C:\WINDOWS\RTLCPL.exe
2008-07-13 20:56:52 ----R---- C:\WINDOWS\RTHDCPL.exe
2008-07-13 20:56:52 ----R---- C:\WINDOWS\MicCal.exe
2008-07-13 20:56:51 ----R---- C:\WINDOWS\Alcmtr.exe
2008-07-13 20:56:50 ----R---- C:\WINDOWS\alcwzrd.exe
2008-07-13 20:56:48 ----D---- C:\Program Files\Realtek
2008-07-13 20:56:47 ----HD---- C:\Program Files\InstallShield Installation Information
2008-07-13 20:56:32 ----R---- C:\WINDOWS\RtlExUpd.dll
2008-07-13 20:55:02 ----D---- C:\Program Files\DIFX
2008-07-13 20:54:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-07-13 20:54:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-07-13 20:54:37 ----R---- C:\WINDOWS\system32\fdco1ins.dll
2008-07-13 20:54:37 ----N---- C:\WINDOWS\system32\fdco1.dll
2008-07-13 20:54:35 ----R---- C:\WINDOWS\system32\nvconrm.dll
2008-07-13 20:54:35 ----R---- C:\WINDOWS\system32\bdco1ins.dll
2008-07-13 20:54:35 ----R---- C:\WINDOWS\system32\bdco1.dll
2008-07-13 20:54:35 ----N---- C:\WINDOWS\system32\nvunrm.exe
2008-07-13 20:54:24 ----N---- C:\WINDOWS\system32\NVUNINST.EXE
2008-07-13 20:54:15 ----D---- C:\Program Files\Common Files\InstallShield
2008-07-13 20:52:56 ----R---- C:\WINDOWS\system32\nvwrszht.dll
2008-07-13 20:52:56 ----R---- C:\WINDOWS\system32\nvwrszhc.dll
2008-07-13 20:52:56 ----R---- C:\WINDOWS\system32\nvrszht.dll
2008-07-13 20:52:55 ----R---- C:\WINDOWS\system32\nvwrstr.dll
2008-07-13 20:52:55 ----R---- C:\WINDOWS\system32\nvrszhc.dll
2008-07-13 20:52:55 ----R---- C:\WINDOWS\system32\nvrstr.dll
2008-07-13 20:52:53 ----R---- C:\WINDOWS\system32\nvwrssv.dll
2008-07-13 20:52:53 ----R---- C:\WINDOWS\system32\nvrssv.dll
2008-07-13 20:52:52 ----R---- C:\WINDOWS\system32\nvwrssl.dll
2008-07-13 20:52:52 ----R---- C:\WINDOWS\system32\nvrssl.dll
2008-07-13 20:52:51 ----R---- C:\WINDOWS\system32\nvwrssk.dll
2008-07-13 20:52:51 ----R---- C:\WINDOWS\system32\nvwrsru.dll
2008-07-13 20:52:51 ----R---- C:\WINDOWS\system32\nvrssk.dll
2008-07-13 20:52:50 ----R---- C:\WINDOWS\system32\nvwrsptb.dll
2008-07-13 20:52:50 ----R---- C:\WINDOWS\system32\nvrsru.dll
2008-07-13 20:52:50 ----R---- C:\WINDOWS\system32\nvrsptb.dll
2008-07-13 20:52:49 ----R---- C:\WINDOWS\system32\nvwrspt.dll
2008-07-13 20:52:49 ----R---- C:\WINDOWS\system32\nvrspt.dll
2008-07-13 20:52:48 ----R---- C:\WINDOWS\system32\nvwrspl.dll
2008-07-13 20:52:48 ----R---- C:\WINDOWS\system32\nvrspl.dll
2008-07-13 20:52:47 ----R---- C:\WINDOWS\system32\nvwrsno.dll
2008-07-13 20:52:47 ----R---- C:\WINDOWS\system32\nvrsno.dll
2008-07-13 20:52:46 ----R---- C:\WINDOWS\system32\nvwrsnl.dll
2008-07-13 20:52:46 ----R---- C:\WINDOWS\system32\nvrsnl.dll
2008-07-13 20:52:45 ----R---- C:\WINDOWS\system32\nvwrsko.dll
2008-07-13 20:52:45 ----R---- C:\WINDOWS\system32\nvrsko.dll
2008-07-13 20:52:44 ----R---- C:\WINDOWS\system32\nvwrsja.dll
2008-07-13 20:52:44 ----R---- C:\WINDOWS\system32\nvrsja.dll
2008-07-13 20:52:43 ----R---- C:\WINDOWS\system32\nvwrsit.dll
2008-07-13 20:52:43 ----R---- C:\WINDOWS\system32\nvrsit.dll
2008-07-13 20:52:42 ----R---- C:\WINDOWS\system32\nvwrshu.dll
2008-07-13 20:52:42 ----R---- C:\WINDOWS\system32\nvrshu.dll
2008-07-13 20:52:41 ----R---- C:\WINDOWS\system32\nvwrshe.dll
2008-07-13 20:52:41 ----R---- C:\WINDOWS\system32\nvrshe.dll
2008-07-13 20:52:40 ----R---- C:\WINDOWS\system32\nvwrsfr.dll
2008-07-13 20:52:40 ----R---- C:\WINDOWS\system32\nvrsfr.dll
2008-07-13 20:52:39 ----R---- C:\WINDOWS\system32\nvwrsfi.dll
2008-07-13 20:52:39 ----R---- C:\WINDOWS\system32\nvwrsesm.dll
2008-07-13 20:52:39 ----R---- C:\WINDOWS\system32\nvrsfi.dll
2008-07-13 20:52:38 ----R---- C:\WINDOWS\system32\nvwrses.dll
2008-07-13 20:52:38 ----R---- C:\WINDOWS\system32\nvrsesm.dll
2008-07-13 20:52:38 ----R---- C:\WINDOWS\system32\nvrses.dll
2008-07-13 20:52:37 ----R---- C:\WINDOWS\system32\nvwrseng.dll
2008-07-13 20:52:37 ----R---- C:\WINDOWS\system32\nvrseng.dll
2008-07-13 20:52:36 ----R---- C:\WINDOWS\system32\nvwrsel.dll
2008-07-13 20:52:36 ----R---- C:\WINDOWS\system32\nvrsel.dll
2008-07-13 20:52:35 ----R---- C:\WINDOWS\system32\nvwrsde.dll
2008-07-13 20:52:35 ----R---- C:\WINDOWS\system32\nvrsde.dll
2008-07-13 20:52:34 ----R---- C:\WINDOWS\system32\nvwrsda.dll
2008-07-13 20:52:34 ----R---- C:\WINDOWS\system32\nvrsda.dll
2008-07-13 20:52:33 ----R---- C:\WINDOWS\system32\nvwrscs.dll
2008-07-13 20:52:33 ----R---- C:\WINDOWS\system32\nvwrsar.dll
2008-07-13 20:52:33 ----R---- C:\WINDOWS\system32\nvrscs.dll
2008-07-13 20:52:33 ----R---- C:\WINDOWS\system32\nvrsar.dll
2008-07-13 20:52:32 ----R---- C:\WINDOWS\system32\nvexpbar.dll
2008-07-13 20:52:32 ----R---- C:\WINDOWS\system32\nvcpluir.dll
2008-07-13 20:52:32 ----R---- C:\WINDOWS\system32\nvcplui.exe
2008-07-13 20:52:31 ----R---- C:\WINDOWS\system32\nwiz.exe
2008-07-13 20:52:31 ----R---- C:\WINDOWS\system32\nvwimg.dll
2008-07-13 20:52:31 ----R---- C:\WINDOWS\system32\nvmccsrs.dll
2008-07-13 20:52:30 ----R---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-07-13 20:52:30 ----R---- C:\WINDOWS\system32\nvshell.dll
2008-07-13 20:52:30 ----R---- C:\WINDOWS\system32\nview.dll
2008-07-13 20:52:29 ----R---- C:\WINDOWS\system32\nvdspsch.exe
2008-07-13 20:52:29 ----R---- C:\WINDOWS\system32\nvcolor.exe
2008-07-13 20:52:29 ----R---- C:\WINDOWS\system32\nvappbar.exe
2008-07-13 20:52:29 ----R---- C:\WINDOWS\system32\keystone.exe
2008-07-13 20:52:29 ----N---- C:\WINDOWS\system32\nvudisp.exe
2008-07-13 20:52:29 ----D---- C:\WINDOWS\nview
2008-07-13 20:52:29 ----D---- C:\WINDOWS\NV13481712.TMP
2008-07-13 20:52:28 ----R---- C:\WINDOWS\system32\nvcodins.dll
2008-07-13 20:52:28 ----R---- C:\WINDOWS\system32\nvcod.dll
2008-07-13 20:52:27 ----R---- C:\WINDOWS\system32\nvwssr.dll
2008-07-13 20:52:27 ----R---- C:\WINDOWS\system32\nvwss.dll
2008-07-13 20:52:26 ----R---- C:\WINDOWS\system32\nvvitvsr.dll
2008-07-13 20:52:26 ----R---- C:\WINDOWS\system32\nvvitvs.dll
2008-07-13 20:52:25 ----R---- C:\WINDOWS\system32\nvmoblsr.dll
2008-07-13 20:52:25 ----R---- C:\WINDOWS\system32\nvmobls.dll
2008-07-13 20:52:25 ----R---- C:\WINDOWS\system32\nvmccssr.dll
2008-07-13 20:52:24 ----R---- C:\WINDOWS\system32\nvmccss.dll
2008-07-13 20:52:24 ----R---- C:\WINDOWS\system32\nvgamesr.dll
2008-07-13 20:52:23 ----R---- C:\WINDOWS\system32\nvgames.dll
2008-07-13 20:52:22 ----R---- C:\WINDOWS\system32\nvdispsr.dll
2008-07-13 20:52:21 ----R---- C:\WINDOWS\system32\nvdisps.dll
2008-07-13 20:52:20 ----R---- C:\WINDOWS\system32\nvwddi.dll
2008-07-13 20:52:20 ----R---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-07-13 20:52:20 ----R---- C:\WINDOWS\system32\nvmctray.dll
2008-07-13 20:52:20 ----R---- C:\WINDOWS\system32\nvmccs.dll
2008-07-13 20:52:18 ----R---- C:\WINDOWS\system32\nvcpl.dll
2008-07-13 20:52:17 ----R---- C:\WINDOWS\system32\nvoglnt.dll
2008-07-13 20:52:16 ----R---- C:\WINDOWS\system32\nvapi.dll
2008-07-13 20:52:15 ----R---- C:\WINDOWS\system32\nvsvc32.exe
2008-07-13 20:52:14 ----RA---- C:\WINDOWS\system32\nv4_disp.dll
2008-07-13 20:13:41 ----SHD---- C:\RECYCLER
2008-07-13 20:12:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-13 20:12:54 ----HD---- C:\Program Files\Uninstall Information
2008-07-13 20:12:50 ----SH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-07-13 20:12:49 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-13 20:12:44 ----D---- C:\WINDOWS\SoftwareDistribution
2008-07-13 20:12:42 ----SD---- C:\WINDOWS\system32\Microsoft
2008-07-13 20:10:17 ----D---- C:\WINDOWS\system32\xircom
2008-07-13 20:10:17 ----D---- C:\Program Files\xerox
2008-07-13 20:10:17 ----D---- C:\Program Files\microsoft frontpage
2008-07-13 20:10:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-07-13 20:09:59 ----N---- C:\WINDOWS\control.ini
2008-07-13 20:09:59 ----N---- C:\AUTOEXEC.BAT
2008-07-13 20:09:48 ----N---- C:\WINDOWS\system32\mapi32.dll
2008-07-13 20:09:18 ----RD---- C:\WINDOWS\Offline Web Pages
2008-07-13 20:09:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-07-13 20:09:17 ----RH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-13 20:09:14 ----RH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-07-13 20:09:10 ----HD---- C:\Program Files\WindowsUpdate
2008-07-13 20:08:58 ----D---- C:\WINDOWS\system32\DirectX
2008-07-13 20:08:44 ----A---- C:\WINDOWS\system32\atrace.dll
2008-07-13 20:08:42 ----N---- C:\WINDOWS\system32\desktop.ini
2008-07-13 20:08:42 ----N---- C:\WINDOWS\desktop.ini
2008-07-13 20:08:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-07-13 20:08:37 ----A---- C:\WINDOWS\system32\acctres.dll
2008-07-13 20:08:36 ----D---- C:\Program Files\Common Files\Services
2008-07-13 20:08:34 ----SD---- C:\WINDOWS\Tasks
2008-07-13 20:08:34 ----D---- C:\Program Files\Common Files\MSSoap
2008-07-13 20:08:34 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-07-13 20:08:31 ----D---- C:\WINDOWS\system32\Macromed
2008-07-13 20:08:31 ----D---- C:\WINDOWS\srchasst
2008-07-13 20:08:29 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-13 20:08:29 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-13 20:08:29 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-13 20:08:29 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-07-13 20:08:29 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-07-13 20:08:29 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-13 20:08:28 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-07-13 20:08:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-13 20:08:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-13 20:08:28 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-07-13 20:08:28 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-07-13 20:08:28 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-07-13 20:08:28 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-07-13 20:08:25 ----D---- C:\Program Files\Movie Maker
2008-07-13 20:08:23 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-07-13 20:08:23 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-07-13 20:08:23 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-07-13 20:08:23 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-07-13 20:08:20 ----D---- C:\WINDOWS\system32\Restore
2008-07-13 20:08:20 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-07-13 20:08:20 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-07-13 20:08:20 ----A---- C:\WINDOWS\system32\srclient.dll
2008-07-13 20:08:20 ----A---- C:\WINDOWS\system32\ils.dll
2008-07-13 20:08:20 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-07-13 20:08:20 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-07-13 20:08:19 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-07-13 20:08:19 ----A---- C:\WINDOWS\system32\msconf.dll
2008-07-13 20:08:19 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-07-13 20:08:19 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-07-13 20:08:19 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-07-13 20:08:17 ----D---- C:\Program Files\NetMeeting
2008-07-13 20:08:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-07-13 20:08:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-07-13 20:08:16 ----A---- C:\WINDOWS\system32\inetres.dll
2008-07-13 20:08:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-07-13 20:08:15 ----D---- C:\Program Files\Outlook Express
2008-07-13 20:08:15 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-07-13 20:08:15 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-07-13 20:08:15 ----A---- C:\WINDOWS\system32\mstask.dll
2008-07-13 20:08:15 ----A---- C:\WINDOWS\system32\isign32.dll
2008-07-13 20:08:15 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-07-13 20:08:15 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-07-13 20:08:15 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-07-13 20:08:11 ----D---- C:\Program Files\Common Files\System
2008-07-13 20:08:09 ----D---- C:\Program Files\Internet Explorer
2008-07-13 20:07:51 ----D---- C:\Program Files\ComPlus Applications
2008-07-13 20:07:49 ----N---- C:\WINDOWS\vbaddin.ini
2008-07-13 20:07:49 ----N---- C:\WINDOWS\vb.ini
2008-07-13 20:07:46 ----D---- C:\WINDOWS\Registration
2008-07-13 20:07:41 ----D---- C:\Program Files\Online Services
2008-07-13 20:07:40 ----D---- C:\Program Files\Windows Media Player
2008-07-13 20:07:37 ----D---- C:\Program Files\Messenger
2008-07-13 20:07:34 ----D---- C:\Program Files\MSN Gaming Zone
2008-07-13 20:07:34 ----A---- C:\WINDOWS\system32\write.exe
2008-07-13 20:07:28 ----N---- C:\WINDOWS\system32\hticons.dll
2008-07-13 20:07:28 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-07-13 20:07:27 ----A---- C:\WINDOWS\system32\winchat.exe
2008-07-13 20:07:27 ----A---- C:\WINDOWS\system32\avwav.dll
2008-07-13 20:07:27 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-07-13 20:07:27 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-07-13 20:07:22 ----A---- C:\WINDOWS\system32\winmine.exe
2008-07-13 20:07:22 ----A---- C:\WINDOWS\system32\sol.exe
2008-07-13 20:07:22 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-07-13 20:07:22 ----A---- C:\WINDOWS\system32\getuname.dll
2008-07-13 20:07:22 ----A---- C:\WINDOWS\system32\charmap.exe
2008-07-13 20:07:22 ----A---- C:\WINDOWS\system32\calc.exe
2008-07-13 20:07:21 ----N---- C:\WINDOWS\system32\usrlogon.cmd
2008-07-13 20:07:21 ----N---- C:\WINDOWS\system32\tslabels.ini
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\tskill.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\tscon.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\shadow.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\reset.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\regini.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\msg.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\logoff.exe
2008-07-13 20:07:21 ----A---- C:\WINDOWS\system32\freecell.exe
2008-07-13 20:07:20 ----N---- C:\WINDOWS\system32\msdtcprf.ini
2008-07-13 20:07:20 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-07-13 20:07:20 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-07-13 20:07:20 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-07-13 20:07:20 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-07-13 20:07:20 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-07-13 20:07:19 ----A---- C:\WINDOWS\system32\stclient.dll
2008-07-13 20:07:19 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-07-13 20:07:19 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-07-13 20:07:19 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-07-13 20:07:16 ----N---- C:\WINDOWS\system32\wmimgmt.msc
2008-07-13 20:07:09 ----D---- C:\Program Files\MSN
2008-07-13 20:07:08 ----N---- C:\WINDOWS\system32\hypertrm.dll
2008-07-13 20:07:08 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-07-13 20:07:08 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-07-13 20:07:08 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-07-13 20:07:07 ----D---- C:\Program Files\Windows NT
2008-07-13 20:07:07 ----A---- C:\WINDOWS\system32\spider.exe
2008-07-13 20:07:07 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-07-13 20:07:07 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-07-13 20:07:06 ----N---- C:\WINDOWS\system32\tscupgrd.exe
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-07-13 20:07:06 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-07-13 20:07:05 ----D---- C:\WINDOWS\system32\MsDtc
2008-07-13 20:07:05 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-07-13 20:07:05 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-07-13 20:07:05 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-07-13 20:07:05 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-07-13 20:07:05 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-07-13 20:07:05 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-07-13 20:07:05 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-07-13 20:07:05 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-07-13 20:07:04 ----D---- C:\WINDOWS\system32\Com
2008-07-13 20:07:04 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-07-13 20:07:04 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-07-13 20:07:04 ----A---- C:\WINDOWS\system32\colbact.dll
2008-07-13 20:07:04 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-07-13 20:07:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-07-13 20:07:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-07-13 20:07:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-07-13 20:07:03 ----A---- C:\WINDOWS\system32\comuid.dll
2008-07-13 20:07:03 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-07-13 20:07:03 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-07-13 20:06:58 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-07-13 20:06:58 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-07-13 20:06:58 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-07-13 20:06:58 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-07-13 16:04:07 ----N---- C:\WINDOWS\system32\h323log.txt
2008-07-13 16:00:56 ----A---- C:\WINDOWS\system32\wshirda.dll
2008-07-13 16:00:56 ----A---- C:\WINDOWS\system32\irmon.dll
2008-07-13 16:00:56 ----A---- C:\WINDOWS\system32\irftp.exe
2008-07-13 16:00:33 ----A---- C:\WINDOWS\system32\usbui.dll
2008-07-13 15:59:44 ----N---- C:\WINDOWS\imsins.BAK
2008-07-13 15:59:41 ----SHD---- C:\WINDOWS\Installer
2008-07-13 15:59:41 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-07-13 15:59:41 ----N---- C:\WINDOWS\ODBCINST.INI
2008-07-13 15:59:41 ----D---- C:\Program Files\Common Files\ODBC
2008-07-13 15:59:39 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-07-13 15:59:38 ----RD---- C:\Program Files
2008-07-13 15:59:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-07-13 15:59:38 ----D---- C:\Program Files\Common Files
2008-07-13 15:59:37 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-07-13 15:59:36 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-07-13 15:59:36 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-07-13 15:59:35 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-07-13 15:59:33 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-07-13 15:59:33 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-07-13 15:59:33 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-07-13 15:59:33 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-07-13 15:59:33 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-07-13 15:59:33 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-07-13 15:59:33 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-07-13 15:59:32 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-07-13 15:59:32 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-07-13 15:59:32 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-07-13 15:59:32 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-07-13 15:59:32 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-07-13 15:59:31 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-07-13 15:59:31 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-07-13 15:59:31 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-07-13 15:59:31 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-07-13 15:59:31 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-07-13 15:59:31 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-07-13 15:59:31 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-07-13 15:59:30 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-07-13 15:59:30 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-07-13 15:59:30 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-07-13 15:59:30 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-07-13 15:59:30 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-07-13 15:59:30 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-07-13 15:59:29 ----A---- C:\WINDOWS\system32\irclass.dll
2008-07-13 15:59:29 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-07-13 15:59:29 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-07-13 15:59:28 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-07-13 15:59:28 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-07-13 15:59:27 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-07-13 15:59:27 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-07-13 15:59:26 ----A---- C:\WINDOWS\system32\batt.dll
2008-07-13 15:59:26 ----A---- C:\WINDOWS\notepad.exe
2008-07-13 15:59:25 ----A---- C:\WINDOWS\system32\storprop.dll
2008-07-13 15:59:19----SH----C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-07-13 15:59:19 ----R---- C:\WINDOWS\SET29.tmp
2008-07-13 15:59:16 ----R---- C:\WINDOWS\SET8.tmp
2008-07-13 15:59:15 ----R---- C:\WINDOWS\SET4.tmp
2008-07-13 15:59:14 ----R---- C:\WINDOWS\SET3.tmp
2008-07-13 15:59:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-07-13 15:59:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-07-13 15:59:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-13 15:58:45 ----SHD---- C:\System Volume Information
2008-07-13 15:58:45 ----D---- C:\Documents and Settings
2008-07-13 15:57:45 ----RSH---- C:\boot.ini
2008-07-13 15:53:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-07-13 15:53:54 ----RSD---- C:\WINDOWS\Fonts
2008-07-13 15:53:54 ----RD---- C:\WINDOWS\Web
2008-07-13 15:53:54 ----HD---- C:\WINDOWS\inf
2008-07-13 15:53:54 ----D---- C:\WINDOWS\WinSxS
2008-07-13 15:53:54 ----D---- C:\WINDOWS\twain_32
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Temp
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\wins
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\wbem
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\usmt
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\spool
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\ShellExt
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\Setup
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\ras
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\oobe
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\npp
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\mui
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\inetsrv
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\IME
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\icsxml
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\ias
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\export
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\drivers
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\dhcp
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\config
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\3com_dmi
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\3076
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\2052
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\1054
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\1042
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\1041
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\1037
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\1033
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\1031
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\1028
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32\1025
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system32
2008-07-13 15:53:54 ----D---- C:\WINDOWS\system
2008-07-13 15:53:54 ----D---- C:\WINDOWS\security
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Resources
2008-07-13 15:53:54 ----D---- C:\WINDOWS\repair
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Provisioning
2008-07-13 15:53:54 ----D---- C:\WINDOWS\PeerNet
2008-07-13 15:53:54 ----D---- C:\WINDOWS\pchealth
2008-07-13 15:53:54 ----D---- C:\WINDOWS\mui
2008-07-13 15:53:54 ----D---- C:\WINDOWS\msapps
2008-07-13 15:53:54 ----D---- C:\WINDOWS\msagent
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Media
2008-07-13 15:53:54 ----D---- C:\WINDOWS\java
2008-07-13 15:53:54 ----D---- C:\WINDOWS\ime
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Help
2008-07-13 15:53:54 ----D---- C:\WINDOWS\ehome
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Driver Cache
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Debug
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Cursors
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Connection Wizard
2008-07-13 15:53:54 ----D---- C:\WINDOWS\Config
2008-07-13 15:53:54 ----D---- C:\WINDOWS\AppPatch
2008-07-13 15:53:54 ----D---- C:\WINDOWS\addins
2008-07-13 15:53:54 ----D---- C:\WINDOWS

List of drivers

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-06-03 147984]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-03-06 6704096]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-31 380536]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-03-06 163908]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.01 2008-09-16 14:16:46

Uninstall list

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
DualCoreCenter-->"C:\Program Files\MSI\DualCoreCenter\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StealthBot v2.6 Revision 3 (remove only)-->"C:\Documents and Settings\Administrator\Desktop\new\StealthBot\uninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireshark 1.0.2-->"C:\Program Files\Wireshark\uninstall.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 16, 2008 17:56:08
Records in database: 1241900
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 28326
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:17:05

No malware has been detected. The scan area is clean.
The selected area was scanned.



now if it would help or prove anything i am willing to take s's of my av scan results to show u it is finding a win32.hueristic.dialer but it doesnt specify a file path or name! btw thx agin for helping me with all this!

#6 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:06:12 AM

Posted 18 September 2008 - 10:46 AM

Hi coolncalm,

Thanks for following my instructions so far.

Step #1
When Zonealarm finds the win32 Heuristic Dialer does the program offer you any options. For example;

Delete
Quarantine
Ignore

Could you also post the screen shots of you av scan results.

#7 coolncalm

coolncalm
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 18 September 2008 - 07:06 PM

Yes zonealarm does suggest options to ignore delete or quareenteen but i tried to reseach the virus online and it says only quarenteen because this virus might be acting another file. in other words i might be deketing files i do need and the virus stays.

I also know when i do delete the it "which i have a couple of times" after about 1.5-2 days and another scan that virus\spyware is back! will send screen shot soon...

#8 coolncalm

coolncalm
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 18 September 2008 - 07:34 PM

well ya so sry this r what i have quarenteened so far i will send a scan as soon as it finds it agian "its very random"

Attached Files



#9 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:06:12 AM

Posted 19 September 2008 - 12:08 PM

Hi Coolncalm :thumbsup:

Thanks for the screen shot. I see that there is a 'more info' button within the quarantine section of Zonealarm.

Can you highlight one of the three quarantined files and then click 'more info' and post a screen shot containing that extra detail.

Can you also confirm to me that you have installed the latest definitions to you anti virus software.

Finally, how's your system running?

Cheers

#10 coolncalm

coolncalm
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 19 September 2008 - 12:46 PM

New s's No problem, yes new definitions r installed "i update them about 10x a day to make sure there updated" The more information button doesnt realy help i will post the results but yes this prob is gettin old....

also comp is running great when it runs but from time to time like just last night, it freezes but yet the mouse still moves around yet cant type or click anything "btw its a x2 processor" so i dont know the technicall stuff on a duel core"

post ss in min

#11 coolncalm

coolncalm
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 19 September 2008 - 12:55 PM

here the s's its on attachment.

Attached Files



#12 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:06:12 AM

Posted 19 September 2008 - 01:13 PM

Hi Coolncalm,

Thank you for the screen shot, however even when I zoom in I still cannot read what it says.

Can you post a bigger screen shot. Have you tried posting directly in your reply instead of attaching?

This guide may offer some assistance - http://www.bleepingcomputer.com/forums/t/43088/how-to-capture-and-edit-a-screen-shot/

#13 coolncalm

coolncalm
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 19 September 2008 - 03:31 PM

well i am unsure of how to put it in the reply, i alrdy know the paint options. but it worked for me so maybe this will work for u,

http://smartdefense.zonealarm.com/tmpl/Spy...047312-1043long i know but copy paste in a browser and should bring up the moreinfo page with the details!

#14 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:06:12 AM

Posted 20 September 2008 - 03:10 AM

Hi Coolncalm :thumbsup:

Well that's better, at least I could read what you posted. You were right it did show very little information.

Please continue with the below instruction;

Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.
Cheers

#15 coolncalm

coolncalm
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 September 2008 - 10:48 AM

Of corse ur not goin to like this one either as all the others, but i have blacklight alrdy and i have scanned and it is clean also. I will rescan and post log though just to cure ur thoughts!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users