Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Mirar - Please Help !


  • Please log in to reply
2 replies to this topic

#1 zim390

zim390

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Bridgewater, MA
  • Local time:08:23 AM

Posted 03 December 2008 - 10:31 AM

I am victim of the Mirar tool bar add on and I am now experiencing a boat load of popups.

Just happened last night.. so frustrating!

Running Windows XP.

I see Mirar in my Add/Remove Programs but it will not remove it.
I have Avast Antivirus. It is giving me constant warnings of Trojans. I've moved them all to "Chest".

Windows Security Center is constantly issuing warnings, which I assume are being generated from the virus / Trojan.

I also have Malwarebytes and SuperAntiSpyware and have run both...finding numerous infections which have been deleted or moved to “Chest” I’ve included MWB log file below.

Please help!!!
Thanks in advance.

Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.1.2600 Service Pack 3

12/3/2008 9:20:04 AM
mbam-log-2008-12-03 (09-20-04).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 126069
Time elapsed: 1 hour(s), 1 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 13

Memory Processes Infected:
C:\Program Files\GetModule\GetModule30.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule30 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ed\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\WinNB55.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule30.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv971228270584.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4789.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4799.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4a1a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS611c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS63fb.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfgb.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:23 AM

Posted 03 December 2008 - 03:48 PM

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 zim390

zim390
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Bridgewater, MA
  • Local time:08:23 AM

Posted 03 December 2008 - 05:09 PM

Hi Mark,

Thanks for the response. I rebooted, updated MWB and ran a full scan, which I've attached. By the way, the Mirar Toolbar is now gone from IE, and does not show in the list of programs. However, I am constantly getting security warning pop-ups in the middle of my screen and from the Red Security Shield located in the bottom right corner of my screen. They keep asking me to "click here" to remove something or to download Winweb Security. I've chosen not to click, but simply "X" out of each one I get. But they are getting to be a real annoyance. I assume that they are the result of something still left as a remnant of Mirar.

I've also added RSIT Info (after the MWB Log) in case that may be of some help.

Any ideas?

Thx
Ed

Here's the MWB Log:

Malwarebytes' Anti-Malware 1.30
Database version: 1454
Windows 5.1.2600 Service Pack 3

12/3/2008 5:03:26 PM
mbam-log-2008-12-03 (17-03-25).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 127790
Time elapsed: 1 hour(s), 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ed at 2008-12-03 17:07:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 185 GB (78%) free of 238 GB
Total RAM: 502 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:27 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\All Users\Application Data\5D02E130.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ed\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Ed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...che=2&hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}] "C:\Documents and Settings\All Users\Application Data\5D02E130.exe"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://usmdsilcheted01/businessobjects/vie...tiveXViewer.cab
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://ttst03.verizon.com/sametime/stmeeti...STJNILoader.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fellowshiptech.webex.com/client/T26...bex/ieatgpc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5214 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-08-01 825528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2006-08-01 850104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}"=C:\Documents and Settings\All Users\Application Data\5D02E130.exe [2008-12-02 75303]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-06 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-08-22 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
C:\PROGRA~1\RALINK\Common\RaUI.exe [2006-03-15 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^User Login.LNK]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2
"ose"=3
"iPod Service"=3
"SDhelper"=2
"Multi-user Cleanup Service"=2
"WMPNetworkSvc"=3
"gusvc"=3
"AdobeActiveFileMonitor4.0"=2
"Apple Mobile Device"=2
"IDriverT"=3
"NBService"=3
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"NMIndexingService"=3
"LightScribeService"=2
"Bonjour Service"=2
"PLFlash DeviceIoControl Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\marimba\Castanet Tuner\Tuner.exe"="C:\marimba\Castanet Tuner\Tuner.exe:*:Enabled:Marimba"
"C:\marimba\Castanet Tuner\lib\jre\bin\java.exe"="C:\marimba\Castanet Tuner\lib\jre\bin\java.exe:*:Enabled:MarimbaJre"
"C:\WINDOWS\system32\winvnc5.exe"="C:\WINDOWS\system32\winvnc5.exe:10.159.0.0/255.255.0.0,10.160.0.0/255.255.0.0,12.37.0.0/255.255.0.0,64.132.0.0/255.255.0.0,104.1.0.0/255.255.0.0,104.2.0.0/255.255.0.0,104.3.0.0/255.255.0.0,104.4.0.0/255.255.0.0,104.5.0.0/255.255.0.0,104.6.0.0/255.255.0.0,104.8.0.0/255.255.0.0,104.16.0.0/255.255.0.0,104.24.0.0/255.255.0.0,104.32.0.0/255.255.0.0,104.128.0.0/255.255.0.0,104.129.0.0/255.255.0.0,104.130.0.0/255.255.0.0,104.131.0.0/255.255.0.0,104.132.0.0/255.255.0.0,104.135.0.0/255.255.0.0,104.136.0.0/255.255.0.0,104.137.0.0/255.255.0.0,104.138.0.0/255.255.0.0,104.139.0.0/255.255.0.0,104.144.0.0/255.255.0.0,104.145.0.0/255.255.0.0,104.146.0.0/255.255.0.0,104.147.0.0/255.255.0.0,104.148.0.0/255.255.0.0,104.151.0.0/255.255.0.0,104.152.0.0/255.255.0.0,104.153.0.0/255.255.0.0,104.154.0.0/255.255.0.0,105.1.0.0/255.255.0.0,105.3.0.0/255.255.0.0,105.5.0.0/255.255.0.0,105.10.0.0/255.255.0.0,105.11.0.0/255.255.0.0,105.12.0.0/255.255.0.0,105.13.0.0/255.255.0.0,105.14.0.0/255.255.0.0,105.15.0.0/255.255.0.0,105.20.0.0/255.255.0.0,105.35.0.0/255.255.0.0,105.36.0.0/255.255.0.0,105.37.0.0/255.255.0.0,105.38.0.0/255.255.0.0,105.39.0.0/255.255.0.0,105.40.0.0/255.255.0.0,105.43.0.0/255.255.0.0,105.100.0.0/255.255.0.0,105.252.0.0/255.255.0.0,106.10.0.0/255.255.0.0,106.11.0.0/255.255.0.0,106.12.0.0/255.255.0.0,106.15.0.0/255.255.0.0,106.16.0.0/255.255.0.0,106.19.0.0/255.255.0.0,106.20.0.0/255.255.0.0,106.21.0.0/255.255.0.0,106.22.0.0/255.255.0.0,106.31.0.0/255.255.0.0,106.32.0.0/255.255.0.0,106.101.0.0/255.255.0.0,106.102.0.0/255.255.0.0,106.103.0.0/255.255.0.0,106.104.0.0/255.255.0.0,106.105.0.0/255.255.0.0,106.106.0.0/255.255.0.0,106.107.0.0/255.255.0.0,106.108.0.0/255.255.0.0,106.109.0.0/255.255.0.0,106.110.0.0/255.255.0.0,106.111.0.0/255.255.0.0,106.112.0.0/255.255.0.0,106.113.0.0/255.255.0.0,106.114.0.0/255.255.0.0,106.250.0.0/255.255.0.0,106.251.0.0/255.255.0.0,106.252.0.0/255.255.0.0,107.10.0.0/255.255.0.0,107.12.0.0/255.255.0.0,112.16.0.0/255.255.0.0,112.32.0.0/255.255.0.0,112.64.0.0/255.255.0.0,112.80.0.0/255.255.0.0,113.1.0.0/255.255.0.0,113.2.0.0/255.255.0.0,113.3.0.0/255.255.0.0,113.4.0.0/255.255.0.0,113.5.0.0/255.255.0.0,113.50.0.0/255.255.0.0,113.52.0.0/255.255.0.0,113.55.0.0/255.255.0.0,114.9.0.0/255.255.0.0,114.18.0.0/255.255.0.0,114.48.0.0/255.255.0.0,125.16.0.0/255.255.0.0,131.146.0.0/255.255.0.0,132.197.0.0/255.255.0.0,136.151.0.0/255.255.0.0,138.83.0.0/255.255.0.0,138.88.0.0/255.255.0.0,139.49.0.0/255.255.0.0,140.108.0.0/255.255.0.0,141.149.0.0/255.255.0.0,141.150.0.0/255.255.0.0,141.151.0.0/255.255.0.0,141.152.0.0/255.255.0.0,141.153.0.0/255.255.0.0,141.154.0.0/255.255.0.0,141.155.0.0/255.255.0.0,141.156.0.0/255.255.0.0,141.157.0.0/255.255.0.0,141.158.0.0/255.255.0.0,141.239.0.0/255.255.0.0,143.63.0.0/255.255.0.0,143.91.0.0/255.255.0.0,143.251.0.0/255.255.0.0,144.5.0.0/255.255.0.0,144.8.0.0/255.255.0.0,144.28.0.0/255.255.0.0,144.70.0.0/255.255.0.0,146.1.0.0/255.255.0.0,146.13.0.0/255.255.0.0,146.170.0.0/255.255.0.0,148.131.0.0/255.255.0.0,148.132.0.0/255.255.0.0,151.196.0.0/255.255.0.0,151.198.0.0/255.255.0.0,151.200.0.0/255.255.0.0,151.202.0.0/255.255.0.0,151.203.0.0/255.255.0.0,151.204.0.0/255.255.0.0,151.205.0.0/255.255.0.0,153.39.0.0/255.255.0.0,159.67.0.0/255.255.0.0,159.98.0.0/255.255.0.0,159.161.0.0/255.255.0.0,161.128.0.0/255.255.0.0,161.206.0.0/255.255.0.0,162.47.0.0/255.255.0.0,162.83.0.0/255.255.0.0,162.84.0.0/255.255.0.0,165.122.0.0/255.255.0.0,166.32.0.0/255.255.0.0,166.33.0.0/255.255.0.0,166.34.0.0/255.255.0.0,166.35.0.0/255.255.0.0,166.36.0.0/255.255.0.0,166.37.0.0/255.255.0.0,166.38.0.0/255.255.0.0,166.39.0.0/255.255.0.0,166.40.0.0/255.255.0.0,166.41.0.0/255.255.0.0,166.42.0.0/255.255.0.0,166.44.0.0/255.255.0.0,166.46.0.0/255.255.0.0,166.47.0.0/255.255.0.0,166.50.0.0/255.255.0.0,166.56.0.0/255.255.0.0,166.58.0.0/255.255.0.0,166.68.0.0/255.255.0.0,170.65.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.17.0.0/255.255.0.0,172.23.0.0/255.255.0.0,172.24.0.0/255.255.0.0,172.28.0.0/255.255.0.0,172.30.0.0/255.255.0.0,172.31.0.0/255.255.0.0,192.76.0.0/255.255.0.0,192.84.0.0/255.255.0.0,192.136.0.0/255.255.0.0,192.138.0.0/255.255.0.0,192.195.0.0/255.255.0.0,198.23.0.0/255.255.0.0,198.184.0.0/255.255.0.0,198.207.0.0/255.255.0.0,198.232.0.0/255.255.0.0,199.116.0.0/255.255.0.0,199.196.0.0/255.255.0.0,202.54.0.0/255.255.0.0,203.199.0.0/255.255.0.0,207.16.0.0/255.255.0.0,207.115.0.0/255.255.0.0,208.52.0.0/255.255.0.0,209.84.0.0/255.255.0.0,209.154.0.0/255.255.0.0,216.69.0.0/255.255.0.0:Enabled:VzVNC"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\marimba\castanet tuner\Tuner.exe"="C:\marimba\castanet tuner\Tuner.exe:*:Enabled:Marimba"
"C:\marimba\castanet tuner\lib\jre\bin\java.exe"="C:\marimba\castanet tuner\lib\jre\bin\java.exe:*:Enabled:MarimbaJre"
"C:\WINDOWS\system32\winvnc5.exe"="C:\WINDOWS\system32\winvnc5.exe:10.159.0.0/255.255.0.0,10.160.0.0/255.255.0.0,12.37.0.0/255.255.0.0,64.132.0.0/255.255.0.0,104.1.0.0/255.255.0.0,104.2.0.0/255.255.0.0,104.3.0.0/255.255.0.0,104.4.0.0/255.255.0.0,104.5.0.0/255.255.0.0,104.6.0.0/255.255.0.0,104.8.0.0/255.255.0.0,104.16.0.0/255.255.0.0,104.24.0.0/255.255.0.0,104.32.0.0/255.255.0.0,104.128.0.0/255.255.0.0,104.129.0.0/255.255.0.0,104.130.0.0/255.255.0.0,104.131.0.0/255.255.0.0,104.132.0.0/255.255.0.0,104.135.0.0/255.255.0.0,104.136.0.0/255.255.0.0,104.137.0.0/255.255.0.0,104.138.0.0/255.255.0.0,104.139.0.0/255.255.0.0,104.144.0.0/255.255.0.0,104.145.0.0/255.255.0.0,104.146.0.0/255.255.0.0,104.147.0.0/255.255.0.0,104.148.0.0/255.255.0.0,104.151.0.0/255.255.0.0,104.152.0.0/255.255.0.0,104.153.0.0/255.255.0.0,104.154.0.0/255.255.0.0,105.1.0.0/255.255.0.0,105.3.0.0/255.255.0.0,105.5.0.0/255.255.0.0,105.10.0.0/255.255.0.0,105.11.0.0/255.255.0.0,105.12.0.0/255.255.0.0,105.13.0.0/255.255.0.0,105.14.0.0/255.255.0.0,105.15.0.0/255.255.0.0,105.20.0.0/255.255.0.0,105.35.0.0/255.255.0.0,105.36.0.0/255.255.0.0,105.37.0.0/255.255.0.0,105.38.0.0/255.255.0.0,105.39.0.0/255.255.0.0,105.40.0.0/255.255.0.0,105.43.0.0/255.255.0.0,105.100.0.0/255.255.0.0,105.252.0.0/255.255.0.0,106.10.0.0/255.255.0.0,106.11.0.0/255.255.0.0,106.12.0.0/255.255.0.0,106.15.0.0/255.255.0.0,106.16.0.0/255.255.0.0,106.19.0.0/255.255.0.0,106.20.0.0/255.255.0.0,106.21.0.0/255.255.0.0,106.22.0.0/255.255.0.0,106.31.0.0/255.255.0.0,106.32.0.0/255.255.0.0,106.101.0.0/255.255.0.0,106.102.0.0/255.255.0.0,106.103.0.0/255.255.0.0,106.104.0.0/255.255.0.0,106.105.0.0/255.255.0.0,106.106.0.0/255.255.0.0,106.107.0.0/255.255.0.0,106.108.0.0/255.255.0.0,106.109.0.0/255.255.0.0,106.110.0.0/255.255.0.0,106.111.0.0/255.255.0.0,106.112.0.0/255.255.0.0,106.113.0.0/255.255.0.0,106.114.0.0/255.255.0.0,106.250.0.0/255.255.0.0,106.251.0.0/255.255.0.0,106.252.0.0/255.255.0.0,107.10.0.0/255.255.0.0,107.12.0.0/255.255.0.0,112.16.0.0/255.255.0.0,112.32.0.0/255.255.0.0,112.64.0.0/255.255.0.0,112.80.0.0/255.255.0.0,113.1.0.0/255.255.0.0,113.2.0.0/255.255.0.0,113.3.0.0/255.255.0.0,113.4.0.0/255.255.0.0,113.5.0.0/255.255.0.0,113.50.0.0/255.255.0.0,113.52.0.0/255.255.0.0,113.55.0.0/255.255.0.0,114.9.0.0/255.255.0.0,114.18.0.0/255.255.0.0,114.48.0.0/255.255.0.0,125.16.0.0/255.255.0.0,131.146.0.0/255.255.0.0,132.197.0.0/255.255.0.0,136.151.0.0/255.255.0.0,138.83.0.0/255.255.0.0,138.88.0.0/255.255.0.0,139.49.0.0/255.255.0.0,140.108.0.0/255.255.0.0,141.149.0.0/255.255.0.0,141.150.0.0/255.255.0.0,141.151.0.0/255.255.0.0,141.152.0.0/255.255.0.0,141.153.0.0/255.255.0.0,141.154.0.0/255.255.0.0,141.155.0.0/255.255.0.0,141.156.0.0/255.255.0.0,141.157.0.0/255.255.0.0,141.158.0.0/255.255.0.0,141.239.0.0/255.255.0.0,143.63.0.0/255.255.0.0,143.91.0.0/255.255.0.0,143.251.0.0/255.255.0.0,144.5.0.0/255.255.0.0,144.8.0.0/255.255.0.0,144.28.0.0/255.255.0.0,144.70.0.0/255.255.0.0,146.1.0.0/255.255.0.0,146.13.0.0/255.255.0.0,146.170.0.0/255.255.0.0,148.131.0.0/255.255.0.0,148.132.0.0/255.255.0.0,151.196.0.0/255.255.0.0,151.198.0.0/255.255.0.0,151.200.0.0/255.255.0.0,151.202.0.0/255.255.0.0,151.203.0.0/255.255.0.0,151.204.0.0/255.255.0.0,151.205.0.0/255.255.0.0,153.39.0.0/255.255.0.0,159.67.0.0/255.255.0.0,159.98.0.0/255.255.0.0,159.161.0.0/255.255.0.0,161.128.0.0/255.255.0.0,161.206.0.0/255.255.0.0,162.47.0.0/255.255.0.0,162.83.0.0/255.255.0.0,162.84.0.0/255.255.0.0,165.122.0.0/255.255.0.0,166.32.0.0/255.255.0.0,166.33.0.0/255.255.0.0,166.34.0.0/255.255.0.0,166.35.0.0/255.255.0.0,166.36.0.0/255.255.0.0,166.37.0.0/255.255.0.0,166.38.0.0/255.255.0.0,166.39.0.0/255.255.0.0,166.40.0.0/255.255.0.0,166.41.0.0/255.255.0.0,166.42.0.0/255.255.0.0,166.44.0.0/255.255.0.0,166.46.0.0/255.255.0.0,166.47.0.0/255.255.0.0,166.50.0.0/255.255.0.0,166.56.0.0/255.255.0.0,166.58.0.0/255.255.0.0,166.68.0.0/255.255.0.0,170.65.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.17.0.0/255.255.0.0,172.23.0.0/255.255.0.0,172.24.0.0/255.255.0.0,172.28.0.0/255.255.0.0,172.30.0.0/255.255.0.0,172.31.0.0/255.255.0.0,192.76.0.0/255.255.0.0,192.84.0.0/255.255.0.0,192.136.0.0/255.255.0.0,192.138.0.0/255.255.0.0,192.195.0.0/255.255.0.0,198.23.0.0/255.255.0.0,198.184.0.0/255.255.0.0,198.207.0.0/255.255.0.0,198.232.0.0/255.255.0.0,199.116.0.0/255.255.0.0,199.196.0.0/255.255.0.0,202.54.0.0/255.255.0.0,203.199.0.0/255.255.0.0,207.16.0.0/255.255.0.0,207.115.0.0/255.255.0.0,208.52.0.0/255.255.0.0,209.84.0.0/255.255.0.0,209.154.0.0/255.255.0.0,216.69.0.0/255.255.0.0:Enabled:VzVNC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{194d4ce8-6c14-11dd-bc6b-0006f40c370d}]
shell\AutoRun\command - E:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428aca31-a0e1-11dc-ba55-444553544200}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428aca32-a0e1-11dc-ba55-444553544200}]
shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
shell\configure\command - F:\SETUP.EXE
shell\install\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f526b9c-f924-11db-b987-444553544200}]
shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


======List of files/folders created in the last 1 months======

2008-12-03 10:50:47 ----D---- C:\Program Files\trend micro
2008-12-03 10:50:45 ----D---- C:\rsit
2008-12-02 21:33:57 ----D---- C:\WINDOWS\system32\čZ«
2008-12-02 21:33:57 ----D---- C:\Program Files\uTorrent
2008-12-02 21:33:05 ----A---- C:\Documents and Settings\All Users\Application Data\5D02E130.exe
2008-11-26 13:59:10 ----D---- C:\Program Files\Apple Software Update
2008-11-26 13:57:53 ----D---- C:\Program Files\iPod
2008-11-26 13:57:33 ----D---- C:\Program Files\iTunes
2008-11-26 13:57:33 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 13:56:04 ----D---- C:\Program Files\Bonjour
2008-11-24 17:49:50 ----D---- C:\Program Files\WinZip
2008-11-12 08:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 08:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 08:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-03 16:08:59 ----D---- C:\WINDOWS\Prefetch
2008-12-03 15:18:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-03 15:18:43 ----D---- C:\Program Files\Spyware Doctor
2008-12-03 15:15:27 ----D---- C:\WINDOWS\Temp
2008-12-03 15:14:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-03 13:33:58 ----D---- C:\WINDOWS\system32
2008-12-03 12:57:32 ----D---- C:\WINDOWS
2008-12-03 12:56:49 ----RD---- C:\Program Files
2008-12-03 12:56:48 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 09:45:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-26 14:03:03 ----SH---- C:\boot.ini
2008-11-26 14:03:03 ----A---- C:\WINDOWS\win.ini
2008-11-26 14:03:03 ----A---- C:\WINDOWS\system.ini
2008-11-26 13:59:14 ----SHD---- C:\WINDOWS\Installer
2008-11-26 13:59:14 ----HD---- C:\Config.Msi
2008-11-26 13:59:12 ----SD---- C:\WINDOWS\Tasks
2008-11-26 13:58:16 ----HD---- C:\WINDOWS\inf
2008-11-26 13:58:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 13:57:52 ----D---- C:\Program Files\Common Files\Apple
2008-11-26 13:55:36 ----D---- C:\Program Files\QuickTime
2008-11-26 12:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-26 10:40:44 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-26 08:51:00 ----D---- C:\Word
2008-11-25 12:37:55 ----D---- C:\Dell Downloads
2008-11-25 12:16:06 ----D---- C:\Excel
2008-11-24 17:50:08 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-11-24 17:48:44 ----RD---- C:\Downloads
2008-11-23 17:19:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 08:17:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-19 21:50:37 ----D---- C:\WINDOWS\Help
2008-11-17 21:47:41 ----D---- C:\WINDOWS\Debug
2008-11-15 09:22:06 ----D---- C:\PowerPoint
2008-11-12 18:45:12 ----D---- C:\Movies
2008-11-12 08:03:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 08:03:15 ----D---- C:\WINDOWS\WinSxS
2008-11-08 21:14:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-08 21:14:39 ----D---- C:\Program Files\Common Files\Adobe
2008-11-08 21:14:39 ----D---- C:\Program Files\Adobe
2008-11-05 14:25:23 ----A---- C:\WINDOWS\PhotoSnapViewer.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 ikhfile;File Security Kernel Anti-Spyware Driver; C:\WINDOWS\system32\drivers\ikhfile.sys [2006-07-10 30592]
R1 ikhlayer;Kernel Anti-Spyware Driver; C:\WINDOWS\system32\drivers\ikhlayer.sys [2007-04-28 51072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-06 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-07-31 165760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-19 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-19 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-19 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 245376]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\Ed\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]
S4 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\lotus\notes\ntmulti.exe [2005-03-28 57393]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2007-04-28 895088]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users