Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP me please.


  • Please log in to reply
22 replies to this topic

#1 chrisfake1

chrisfake1

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 13 January 2009 - 05:30 PM

my KIS / kaspersky always detect and block something that i dont know. it came from here 77.74.48.105
i searched about this address and i saw others also encountered this.

i already run a full virus scan but nothing found.
But i guess i should be alerted whit this 77.74.48.105 thing.

Please help me what should i do.

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:08 PM

Posted 13 January 2009 - 05:40 PM

Hi and welcome to BleepingComputer :thumbsup:

The IP address is registered in the Netherlands. DNS Lookup

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 chrisfake1

chrisfake1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 14 January 2009 - 03:17 AM

wow this is great i guess i became too dependent w/ kaspersky. :thumbsup:
this is my log
-----

Malwarebytes' Anti-Malware 1.32
Database version: 1649
Windows 5.1.2600 Service Pack 2

1/14/2009 4:11:27 PM
mbam-log-2009-01-14 (16-11-27).txt

Scan type: Quick Scan
Objects scanned: 52931
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\riwakabe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zitotela.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hulujige.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{808d4a83-8204-470d-9e93-f00a5de17276} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{808d4a83-8204-470d-9e93-f00a5de17276} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{808d4a83-8204-470d-9e93-f00a5de17276} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c1b8a44-61fe-411e-8f33-813a4e2e2984} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c1b8a44-61fe-411e-8f33-813a4e2e2984} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lovubemosi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\riwakabe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\riwakabe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\riwakabe.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hulujige.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zitotela.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\riwakabe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\diguweha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXonnoO.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zeginizo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zitosaba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmp1E.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\75NRVSHZ\pldr8[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jusiwona.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luzigemu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guyuzera.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yavafike.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\todolaze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Edited by chrisfake1, 14 January 2009 - 03:23 AM.


#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:08 PM

Posted 14 January 2009 - 09:25 AM

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 chrisfake1

chrisfake1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 14 January 2009 - 05:13 PM

SDFix: Version 1.240
Run by Gil Pabia on Thu 01/15/2009 at 05:41 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 06:08:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:30,30,04,3a,c7,80,7b,3c,c2,e8,19,0c,e2,95,f1,4a,42,bb,02,0e,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,53,69,b7,9f,c1,6c,aa,b9,05,eb,eb,4f,fa,4a,77,77,..
"khjeh"=hex:8a,6c,4c,9d,74,30,59,24,f6,50,1c,26,72,be,bb,6d,53,b6,fa,a1,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b9,7d,a0,15,00,09,89,78,0c,64,7c,5c,91,a9,e1,33,2d,64,c5,f5,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:98,66,61,23,9f,7f,99,bd,a0,df,6f,eb,42,e2,55,59,98,8a,db,b7,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,53,69,b7,9f,c1,6c,aa,b9,05,eb,eb,4f,fa,4a,77,77,..
"khjeh"=hex:8a,6c,4c,9d,74,30,59,24,f6,50,1c,26,72,be,bb,6d,53,b6,fa,a1,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b9,7d,a0,15,00,09,89,78,0c,64,7c,5c,91,a9,e1,33,2d,64,c5,f5,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:30,30,04,3a,c7,80,7b,3c,c2,e8,19,0c,e2,95,f1,4a,42,bb,02,0e,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,53,69,b7,9f,c1,6c,aa,b9,05,eb,eb,4f,fa,4a,77,77,..
"khjeh"=hex:8a,6c,4c,9d,74,30,59,24,f6,50,1c,26,72,be,bb,6d,53,b6,fa,a1,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b9,7d,a0,15,00,09,89,78,0c,64,7c,5c,91,a9,e1,33,2d,64,c5,f5,11,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\New Folder (2)\\cabalbot.exe"="D:\\Program Files\\New Folder (2)\\cabalbot.exe:*:Enabled:HookSrv"
"C:\\Program Files\\MYGAME\\Special Force\\specialforce.exe"="C:\\Program Files\\MYGAME\\Special Force\\specialforce.exe:*:Enabled:specialforce"
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"="C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe:*:Enabled:Garena"
"C:\\Counter-Strike Source\\hl2.exe"="C:\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\Program Files\\iPod\\bin\\iPodService.exe"="C:\\Program Files\\iPod\\bin\\iPodService.exe:*:Enabled:iPodService"
"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe"="C:\\Program Files\\DAEMON Tools Lite\\daemon.exe:*:Enabled:daemon"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe:*:Enabled:avp"
"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\Screen.exe"="C:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\Screen.exe:*:Enabled:Screen"
"C:\\WINDOWS\\system32\\UAService7.exe"="C:\\WINDOWS\\system32\\UAService7.exe:*:Enabled:UAService7"
"C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe"="C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe:*:Enabled:LSSrvc"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:spoolsv"
"C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"="C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE:*:Enabled:MDM"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"
"C:\\WINDOWS\\system32\\nvsvc32.exe"="C:\\WINDOWS\\system32\\nvsvc32.exe:*:Enabled:nvsvc32"
"C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe:*:Enabled:ICWCONN1"
"C:\\Program Files\\Uniblue\\DiskRescue\\UBDiskRescueSrv.exe"="C:\\Program Files\\Uniblue\\DiskRescue\\UBDiskRescueSrv.exe:*:Enabled:UBDiskRescueSrv"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:services"
"C:\\Program Files\\System Protect\\SysProtect_srv.exe"="C:\\Program Files\\System Protect\\SysProtect_srv.exe:*:Enabled:SysProtect_srv"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Fri 9 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\boliraka.dll"
Thu 8 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\fuweyofa.dll"
Mon 5 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\gafemawe.dll"
Wed 7 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\gavuzeyi.dll"
Wed 7 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\givinoye.dll"
Tue 13 Jan 2009 23,863 ..SH. --- "C:\WINDOWS\system32\giweruru.dll"
Sun 4 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\losamine.dll"
Tue 13 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\meruyuva.dll"
Wed 7 Jan 2009 23,997 ..SH. --- "C:\WINDOWS\system32\nakonaze.dll"
Wed 14 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\numonuji.dll"
Fri 2 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\petipado.dll"
Sat 10 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\pozogere.dll"
Mon 5 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\rebawiza.dll"
Wed 7 Jan 2009 23,927 ..SH. --- "C:\WINDOWS\system32\robejaku.dll"
Wed 14 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\sopejuwi.dll"
Tue 13 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\vosukidu.dll"
Wed 14 Jan 2009 23,927 ..SH. --- "C:\WINDOWS\system32\wiwifezi.dll"
Wed 7 Jan 2009 23,993 ..SH. --- "C:\WINDOWS\system32\wonupago.dll"
Tue 6 Jan 2009 2,625 ..SH. --- "C:\WINDOWS\system32\wotitiha.dll"
Mon 5 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\yapigifa.dll"
Sat 10 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\yodedafi.dll"
Sat 10 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\zodetego.dll"
Sun 10 Aug 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Sun 1 Dec 2002 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Mon 26 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 17 Dec 2003 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 17 Dec 2003 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 17 Dec 2003 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 17 Dec 2003 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 17 Dec 2003 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 17 Dec 2003 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 17 Dec 2003 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 17 Dec 2003 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 17 Dec 2003 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 17 Dec 2003 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 17 Dec 2003 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 17 Dec 2003 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 17 Dec 2003 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 17 Dec 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 17 Dec 2003 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 17 Dec 2003 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 17 Dec 2003 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 17 Dec 2003 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 17 Dec 2003 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 17 Dec 2003 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 17 Dec 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 17 Dec 2003 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 17 Dec 2003 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 17 Dec 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 17 Dec 2003 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 17 Dec 2003 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 17 Dec 2003 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 17 Dec 2003 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 17 Dec 2003 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 17 Dec 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 17 Dec 2003 49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 17 Dec 2003 50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 17 Dec 2003 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 17 Dec 2003 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 17 Dec 2003 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 17 Dec 2003 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 17 Dec 2003 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 17 Dec 2003 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 17 Dec 2003 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 17 Dec 2003 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 17 Dec 2003 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 17 Dec 2003 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 17 Dec 2003 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 17 Dec 2003 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 17 Dec 2003 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 17 Dec 2003 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 17 Dec 2003 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 17 Dec 2003 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 17 Dec 2003 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 17 Dec 2003 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 17 Dec 2003 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 17 Dec 2003 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 17 Dec 2003 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 17 Dec 2003 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 17 Dec 2003 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 17 Dec 2003 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 17 Dec 2003 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 17 Dec 2003 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 17 Dec 2003 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 17 Dec 2003 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 17 Dec 2003 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 17 Dec 2003 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 17 Dec 2003 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 17 Dec 2003 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 17 Dec 2003 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 17 Dec 2003 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 17 Dec 2003 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 17 Dec 2003 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 17 Dec 2003 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 17 Dec 2003 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 17 Dec 2003 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 17 Dec 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 17 Dec 2003 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 17 Dec 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 17 Dec 2003 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 17 Dec 2003 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 17 Dec 2003 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 17 Dec 2003 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 17 Dec 2003 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 17 Dec 2003 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 17 Dec 2003 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 17 Dec 2003 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 17 Dec 2003 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 17 Dec 2003 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 17 Dec 2003 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 17 Dec 2003 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 17 Dec 2003 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 17 Dec 2003 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 17 Dec 2003 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

Finished!

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:08 PM

Posted 14 January 2009 - 05:17 PM

Good... Next steps - 3

Please rerun SDFix. Post its new log.

Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 chrisfake1

chrisfake1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 14 January 2009 - 05:22 PM

i dont have enough time now. Ill go to school.
maybe tom. ill cont. Where can i start SDFix again?
C:\SDFix <-- ??

#8 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:08 PM

Posted 14 January 2009 - 05:25 PM

Yes - there is a runthis.bat file that will start the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#9 chrisfake1

chrisfake1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 15 January 2009 - 03:44 AM

is this correct?
i run systemreport of SDFix.


System Report
*************

Run on Thu 01/15/2009 at 04:32 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [876]
\??\C:\WINDOWS\system32\csrss.exe [924]
\??\C:\WINDOWS\system32\winlogon.exe [948]
C:\WINDOWS\system32\services.exe [992]
C:\WINDOWS\system32\lsass.exe [1004]
C:\WINDOWS\system32\svchost.exe [1172]
C:\WINDOWS\system32\svchost.exe [1264]
C:\WINDOWS\System32\svchost.exe [1388]
C:\WINDOWS\system32\svchost.exe [1428]
C:\WINDOWS\system32\spoolsv.exe [1816]
C:\WINDOWS\Explorer.EXE [228]
C:\WINDOWS\system32\VTTimer.exe [404]
C:\WINDOWS\VM303_STI.EXE [460]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [468]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [476]
C:\Program Files\iTunes\iTunesHelper.exe [536]
C:\Program Files\Search Settings\SearchSettings.exe [540]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [588]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [600]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [608]
C:\WINDOWS\system32\ctfmon.exe [624]
C:\Program Files\DAEMON Tools Lite\daemon.exe [636]
C:\Program Files\Internet Download Manager\IDMan.exe [660]
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [576]
C:\Program Files\ExtraTools\ExtraDNS\ExtraDNS.dll [1548]
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe [1604]
C:\WINDOWS\system32\svchost.exe [1952]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2020]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2032]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [184]
C:\Program Files\Common Files\LightScribe\LSSrvc.exe [1920]
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [300]
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [332]
C:\WINDOWS\system32\nvsvc32.exe [388]
C:\Program Files\System Protect\SysProtect_srv.exe [684]
C:\WINDOWS\system32\svchost.exe [1324]
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [1556]
C:\WINDOWS\system32\UAService7.exe [2144]
C:\Program Files\Internet Download Manager\IEMonitor.exe [3900]
C:\Program Files\iPod\bin\iPodService.exe [2968]
C:\WINDOWS\System32\alg.exe [3828]
C:\Program Files\Mozilla Firefox\firefox.exe [1336]
C:\WINDOWS\system32\wuauclt.exe [2992]
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE [244]


Drivers - Running:

ACPI
AFD
ALCXWDM
Aspi32
atapi
audstub
Beep
Cdfs
Cdrom
DepFrzHi
DepFrzLo
Disk
Fdc
Fips
Flpydisk
FltMgr
Ftdisk
GEARAspiWDM
GhPciScan
Gpc
HSFHWBS2
HSF_DP
i8042prt
Imapi
intelppm
IpNat
IPSec
isapnp
Kbdclass
kl1
klbg
KLFLTDEV
KLIF
klim5
KSecDD
MBAMProtector
mdmxsdk
mnmdd
Modem
MODEMCSA
Mouclass
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
nv
Parport
PartMgr
ParVdm
PCI
PCIIde
PptpMiniport
PSched
Ptilink
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
redbook
serenum
Serial
sptd
sp_prot
sr
Srv
swenum
sysaudio
Tcpip
TermDD
uagp35
Update
usbehci
usbhub
usbprint
usbstor
usbuhci
VgaSave
viaagp1
ViaIde
VolSnap
Wanarp
wdmaud
winachsf
WudfPf
ZSMC303


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
catchme
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
Fastfat
FETND5BV
FETNDIS
GarenaPEngine
hamachi
hpn
HTTP
i2omgmt
i2omp
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
kmixer
lbrtfdc
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
nmwcd
nmwcdc
NTProcDrv
NwlnkFlt
NwlnkFwd
pccsmcfd
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
SbieDrv
Secdrv
Sfloppy
Simbad
SLIP
SONYPVU1
SoRa1
SoRa11
Sparrow
splitter
streamip
swmidi
symc810
symc8xx
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Udfs
ultra
upperdev
usbaudio
usbccgp
usbser
UsbserFilt
viagfx
Wdf01000
WDICA
WpdUsb
WS2IFSL
WSTCODEC
WudfRd


Services - Running:

ALG
Apple
AudioSrv
AVP
BITS
Browser
CryptSvc
DcomLaunch
Dhcp
ERSvc
Eventlog
EventSystem
FastUserSwitchingCompatibility
GhostStartService
helpsvc
iPod
lanmanserver
lanmanworkstation
LightScribeService
MBAMService
MDM
Netman
Nla
NVSvc
PlugPlay
ProtectedStorage
RasMan
RpcSs
SamSs
Schedule
SENS
SharedAccess
ShellHWDetection
Spooler
SP_Service
srservice
stisvc
TapiSrv
TermService
Themes
Uniblue
UserAccess7
WebClient
winmgmt
wscsvc
wuauserv
WudfSvc
WZCSVC


Services - Stopped:

Alerter
AppMgmt
aspnet_state
Bonjour
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
DFServEx
dmadmin
dmserver
Dnscache
FontCache3.0.0.0
HidServ
HTTPFilter
idsvc
ImapiService
LmHosts
Messenger
mnmsrvc
MSDTC
MSIServer
NBService
NetDDE
NetDDEdsdm
Netlogon
NetTcpPortSharing
NtLmSsp
NtmsSvc
ose
PolicyAgent
RasAuto
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SbieSvc
SCardSvr
seclogon
ServiceLayer
SSDPSRV
SwPrv
SysmonLog
TrkWks
upnphost
UPS
usprserv
VSS
W32Time
WmdmPmSN
WmiApSrv
WMPNetworkSvc
xmlprov


Files Created/Modified - 60 Days:


C:\

Jan 15 2009 4:24:56p 1,073,741,824 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

Jan 9 2009 9:46:58a 23,929 ..SH. "C:\WINDOWS\system32\boliraka.dll"
Dec 7 2008 7:08:34p 203,776 A.... "C:\WINDOWS\system32\clrviddc.dll"
Jan 15 2009 5:03:44a 303,624 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Jan 8 2009 10:26:54a 2,627 ..SH. "C:\WINDOWS\system32\fuweyofa.dll"
Jan 5 2009 5:40:42a 23,929 ..SH. "C:\WINDOWS\system32\gafemawe.dll"
Jan 7 2009 6:02:46p 2,627 ..SH. "C:\WINDOWS\system32\gavuzeyi.dll"
Jan 7 2009 6:02:46p 2,627 ..SH. "C:\WINDOWS\system32\givinoye.dll"
Jan 13 2009 11:20:48a 23,863 ..SH. "C:\WINDOWS\system32\giweruru.dll"
Jan 4 2009 9:00:36a 23,931 ..SH. "C:\WINDOWS\system32\losamine.dll"
Jan 13 2009 11:20:48a 23,995 ..SH. "C:\WINDOWS\system32\meruyuva.dll"
Jan 9 2009 5:35:30p 20,853,704 A.... "C:\WINDOWS\system32\MRT.exe"
Dec 7 2008 6:37:58p 499,712 A.... "C:\WINDOWS\system32\msvcp71.dll"
Dec 7 2008 6:37:58p 348,160 A.... "C:\WINDOWS\system32\msvcr71.dll"
Jan 7 2009 6:03:20a 23,997 ..SH. "C:\WINDOWS\system32\nakonaze.dll"
Jan 14 2009 6:04:02a 23,931 ..SH. "C:\WINDOWS\system32\numonuji.dll"
Dec 9 2008 5:36:04a 71,904 A.... "C:\WINDOWS\system32\perfc009.dat"
Dec 9 2008 5:36:04a 444,028 A.... "C:\WINDOWS\system32\perfh009.dat"
Jan 2 2009 6:05:40p 23,929 ..SH. "C:\WINDOWS\system32\petipado.dll"
Dec 7 2008 6:37:58p 278,528 A.... "C:\WINDOWS\system32\pncrt.dll"
Dec 7 2008 6:38:02p 6,656 A.... "C:\WINDOWS\system32\pndx5016.dll"
Dec 7 2008 6:38:02p 5,632 A.... "C:\WINDOWS\system32\pndx5032.dll"
Jan 10 2009 9:46:26a 23,929 ..SH. "C:\WINDOWS\system32\pozogere.dll"
Jan 5 2009 5:40:32p 23,929 ..SH. "C:\WINDOWS\system32\rebawiza.dll"
Dec 7 2008 6:38:10p 185,920 A.... "C:\WINDOWS\system32\rmoc3260.dll"
Jan 7 2009 6:03:22a 23,927 ..SH. "C:\WINDOWS\system32\robejaku.dll"
Jan 14 2009 6:04:02a 23,995 ..SH. "C:\WINDOWS\system32\sopejuwi.dll"
Jan 13 2009 11:20:48a 23,931 ..SH. "C:\WINDOWS\system32\vosukidu.dll"
Jan 14 2009 6:04:02a 23,927 ..SH. "C:\WINDOWS\system32\wiwifezi.dll"
Jan 7 2009 6:03:22a 23,993 ..SH. "C:\WINDOWS\system32\wonupago.dll"
Jan 6 2009 10:44:36a 2,625 ..SH. "C:\WINDOWS\system32\wotitiha.dll"
Jan 5 2009 5:40:34p 23,929 ..SH. "C:\WINDOWS\system32\yapigifa.dll"
Jan 10 2009 9:46:26a 23,931 ..SH. "C:\WINDOWS\system32\yodedafi.dll"
Jan 10 2009 9:46:26a 23,995 ..SH. "C:\WINDOWS\system32\zodetego.dll"
Jan 15 2009 4:25:04p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Jan 15 2009 4:31:34p 2,003 A.... "C:\WINDOWS\Temp\scs13.tmp"
Dec 11 2008 3:57:22a 333,184 A.... "C:\WINDOWS\system32\dllcache\srv.sys"
Jan 15 2009 3:04:24p 3,239,968 A.SH. "C:\WINDOWS\system32\drivers\fidbox.dat"
Jan 15 2009 3:04:24p 540,704 A.SH. "C:\WINDOWS\system32\drivers\fidbox2.dat"
Jan 3 2009 8:09:10a 87,855 A.... "C:\WINDOWS\system32\drivers\klick.dat"
Jan 3 2009 8:07:58a 213,008 A.... "C:\WINDOWS\system32\drivers\klif.sys"
Jan 3 2009 8:30:20a 96,976 A.... "C:\WINDOWS\system32\drivers\klin.dat"
Jan 4 2009 6:38:18p 15,504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
Dec 29 2008 11:37:06a 12,288 A.... "C:\WINDOWS\system32\drivers\sp_prot.sys"
Dec 11 2008 3:57:22a 333,184 A.... "C:\WINDOWS\system32\drivers\srv.sys"
Jan 3 2009 7:49:16a 187,748 A.... "C:\WINDOWS\system32\Restore\rstrlog.dat"
Dec 9 2008 5:33:20a 8,192 A.... "C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll"
Dec 9 2008 5:33:30a 258,048 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll"
Dec 9 2008 5:33:30a 113,664 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll"


C:\Program Files\

Dec 1 2008 7:33:56a 1,406,192 A.... "C:\Program Files\CCleaner\CCleaner.exe"
Dec 11 2008 7:59:06p 114,654 A.... "C:\Program Files\CCleaner\uninst.exe"
Dec 8 2008 5:59:14p 2,745,776 A.... "C:\Program Files\Internet Download Manager\IDMan.exe"
Dec 4 2008 4:17:14a 140,208 A.... "C:\Program Files\Internet Download Manager\Uninstall.exe"
Dec 18 2008 11:32:16a 307,704 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
Dec 18 2008 11:32:16a 233,472 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
Dec 18 2008 11:32:18a 696,824 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
Dec 18 2008 11:32:18a 710,136 A.... "C:\Program Files\Mozilla Firefox\mozcrt19.dll"
Dec 18 2008 11:32:18a 198,136 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
Dec 18 2008 11:32:18a 718,328 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
Dec 18 2008 11:32:20a 288,248 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
Dec 18 2008 11:32:20a 103,928 A.... "C:\Program Files\Mozilla Firefox\nssdbm3.dll"
Dec 18 2008 11:32:20a 87,544 A.... "C:\Program Files\Mozilla Firefox\nssutil3.dll"
Dec 18 2008 11:32:20a 20,472 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
Dec 18 2008 11:32:20a 17,400 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
Dec 18 2008 11:32:26a 103,928 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
Dec 18 2008 11:32:26a 151,552 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
Dec 18 2008 11:32:26a 395,768 A.... "C:\Program Files\Mozilla Firefox\sqlite3.dll"
Dec 18 2008 11:32:26a 136,696 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
Dec 18 2008 11:32:26a 242,168 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
Dec 18 2008 11:32:26a 17,912 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
Dec 18 2008 11:32:30a 9,742,840 A.... "C:\Program Files\Mozilla Firefox\xul.dll"
Dec 1 2008 8:50:52a 38,882 A.... "C:\Program Files\MYGAME Launcher\uninst.exe"
Dec 1 2008 8:55:18a 5 A.... "C:\Program Files\MYGAME Launcher\VersionInfo.dat"
Dec 29 2008 7:29:48a 270,128 A.... "C:\Program Files\uTorrent\uTorrent.exe"
Jan 7 2009 11:32:12a 1,542 A.... "C:\Program Files\Chikka Messenger\Chikka v.4\banner_s.html"
Dec 23 2008 9:00:46a 1,306 A.... "C:\Program Files\Chikka Messenger\Chikka v.4\banner_text.html"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll"
Dec 18 2008 11:32:12a 134,648 A.... "C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll"
Jan 2 2009 6:47:22p 143,076 A.... "C:\Program Files\Mozilla Firefox\components\compreg.dat"
Jan 2 2009 6:47:20p 96,797 A.... "C:\Program Files\Mozilla Firefox\components\xpti.dat"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll"
Dec 18 2008 11:32:20a 65,528 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
Dec 7 2008 6:38:10p 144,960 A.... "C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll"
Dec 8 2008 11:52:20a 143,360 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll"
Dec 7 2008 6:38:26p 8,192 A.... "C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll"
Dec 7 2008 6:38:04p 94,208 A.... "C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll"
Dec 18 2008 11:32:26a 509,536 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Jan 10 2009 9:56:38a 2,048 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\clients.dat"
Dec 23 2008 8:55:04a 14,336 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\Gamecn.dat"
Dec 23 2008 8:55:04a 16,384 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\Gameen.dat"
Dec 23 2008 8:55:04a 14,336 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\Gametw.dat"
Dec 23 2008 8:55:32a 3,283,728 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\Garena.exe"
Nov 19 2008 5:51:42p 56,832 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\PluginKernel.dll"
Dec 23 2008 8:55:56a 183,296 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\roomCN.dat"
Jan 10 2009 9:56:42a 195,584 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\roomEN.dat"
Dec 23 2008 8:56:00a 186,368 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\roomTW.dat"
Dec 7 2008 6:38:02p 1,030 A.... "C:\Program Files\Real\RealPlayer\autoplaylist.dat"
Dec 7 2008 6:38:18p 719,360 A.... "C:\Program Files\Real\RealPlayer\dbghelp.dll"
Dec 7 2008 6:38:26p 692,224 A.... "C:\Program Files\Real\RealPlayer\dtdr3260.dll"
Dec 7 2008 6:38:26p 139,264 A.... "C:\Program Files\Real\RealPlayer\DUNZIP32.dll"
Dec 7 2008 6:38:26p 6,656 A.... "C:\Program Files\Real\RealPlayer\fixrjb.exe"
Dec 7 2008 6:38:04p 102,400 A.... "C:\Program Files\Real\RealPlayer\HXAudioDeviceHook.dll"
Dec 7 2008 6:38:26p 36,352 A.... "C:\Program Files\Real\RealPlayer\ierjplug.dll"
Dec 7 2008 6:38:10p 480 A.... "C:\Program Files\Real\RealPlayer\keys.dat"
Dec 7 2008 6:38:26p 41,472 A.... "C:\Program Files\Real\RealPlayer\mmcdda32.dll"
Dec 7 2008 6:38:12p 52,609 A.... "C:\Program Files\Real\RealPlayer\playrlic.html"
Dec 7 2008 6:38:04p 95,784 A.... "C:\Program Files\Real\RealPlayer\rdsf3260.dll"
Dec 7 2008 6:38:02p 7,168 A.... "C:\Program Files\Real\RealPlayer\realjbox.exe"
Dec 7 2008 6:38:12p 52,609 A.... "C:\Program Files\Real\RealPlayer\RealNetworks License.html"
Dec 7 2008 6:38:02p 214,536 A.... "C:\Program Files\Real\RealPlayer\realplay.exe"
Dec 7 2008 6:38:20p 153,152 A.... "C:\Program Files\Real\RealPlayer\RecordingManager.exe"
Dec 7 2008 6:38:26p 659,456 A.... "C:\Program Files\Real\RealPlayer\rjbres.dll"
Dec 7 2008 6:38:26p 339,968 A.... "C:\Program Files\Real\RealPlayer\rjdlg.dll"
Dec 7 2008 6:38:26p 19,456 A.... "C:\Program Files\Real\RealPlayer\rjprog.dll"
Dec 7 2008 6:38:18p 65,536 A.... "C:\Program Files\Real\RealPlayer\rjwmapln.dll"
Dec 7 2008 6:38:12p 53,248 A.... "C:\Program Files\Real\RealPlayer\rpau3260.dll"
Dec 7 2008 6:38:18p 304,736 A.... "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll"
Dec 7 2008 6:38:02p 9,216 A.... "C:\Program Files\Real\RealPlayer\rphelperapp.exe"
Dec 7 2008 6:38:04p 86,016 A.... "C:\Program Files\Real\RealPlayer\rpplugprot.dll"
Dec 7 2008 6:38:04p 63,016 A.... "C:\Program Files\Real\RealPlayer\rpshell.dll"
Dec 7 2008 6:38:04p 98,304 A.... "C:\Program Files\Real\RealPlayer\rpshellextension.dll"
Dec 7 2008 6:38:22p 43,056 A.... "C:\Program Files\Real\RealPlayer\rpshellsearch.dll"
Dec 7 2008 6:38:22p 32,768 A.... "C:\Program Files\Real\RealPlayer\rpwa3260.dll"
Dec 7 2008 6:38:02p 50 A.... "C:\Program Files\Real\RealPlayer\strs23.dat"
Dec 7 2008 6:38:02p 13 A.... "C:\Program Files\Real\RealPlayer\strs26.dat"
Dec 7 2008 6:38:26p 19,456 A.... "C:\Program Files\Real\RealPlayer\tnetdtct.dll"
Dec 7 2008 6:38:26p 57,344 A.... "C:\Program Files\Real\RealPlayer\tpasdk.dll"
Dec 7 2008 6:38:26p 81,920 A.... "C:\Program Files\Real\RealPlayer\tsasdk.dll"
Dec 7 2008 6:38:28p 14,336 A.... "C:\Program Files\Real\RealPlayer\wmdmhelper.dll"
Nov 29 2008 9:59:24p 927,232 A.... "C:\Program Files\THQ\Company of Heroes\CoHLauncher.exe"
Jan 15 2009 4:25:10p 236 A.... "C:\Program Files\Yahoo!\Messenger\ystats_A.dat"
Nov 16 2008 8:36:00a 245,760 A.... "C:\Program Files\Common Files\INCA Shared\OnlineEngine\TeCtrl.dll"
Nov 18 2008 1:51:46p 442,535 A.... "C:\Program Files\Common Files\INCA Shared\OnlineEngine\tyav32.dll"
Dec 7 2008 7:08:34p 98,343 A.... "C:\Program Files\Common Files\Real\Codecs\14_43260.dll"
Dec 7 2008 7:08:34p 57,383 A.... "C:\Program Files\Common Files\Real\Codecs\28_83260.dll"
Dec 7 2008 6:38:16p 172,032 A.... "C:\Program Files\Common Files\Real\Codecs\amrn.dll"
Dec 7 2008 6:38:16p 77,824 A.... "C:\Program Files\Common Files\Real\Codecs\amrw.dll"
Dec 7 2008 6:38:08p 90,112 A.... "C:\Program Files\Common Files\Real\Codecs\atrc.dll"
Dec 7 2008 6:38:24p 548,919 A.... "C:\Program Files\Common Files\Real\Codecs\colorcvt.dll"
Dec 7 2008 6:38:08p 77,824 A.... "C:\Program Files\Common Files\Real\Codecs\cook.dll"
Dec 7 2008 6:38:16p 212,992 A.... "C:\Program Files\Common Files\Real\Codecs\dmp4.dll"
Dec 7 2008 6:38:08p 106,496 A.... "C:\Program Files\Common Files\Real\Codecs\drv1.dll"
Dec 7 2008 6:38:08p 180,224 A.... "C:\Program Files\Common Files\Real\Codecs\drv2.dll"
Dec 7 2008 6:38:08p 286,720 A.... "C:\Program Files\Common Files\Real\Codecs\drvc.dll"
Dec 7 2008 6:38:16p 53,248 A.... "C:\Program Files\Common Files\Real\Codecs\mp4v.dll"
Dec 7 2008 6:38:18p 86,016 A.... "C:\Program Files\Common Files\Real\Codecs\qclp.dll"
Dec 7 2008 7:08:34p 72,192 A.... "C:\Program Files\Common Files\Real\Codecs\ra32clv1.dll"
Dec 7 2008 6:38:08p 557,056 A.... "C:\Program Files\Common Files\Real\Codecs\raac.dll"
Dec 7 2008 7:08:34p 155,648 A.... "C:\Program Files\Common Files\Real\Codecs\ralf.dll"
Dec 7 2008 6:38:08p 35,328 A.... "C:\Program Files\Common Files\Real\Codecs\rv10.dll"
Dec 7 2008 6:38:08p 57,344 A.... "C:\Program Files\Common Files\Real\Codecs\rv20.dll"
Dec 7 2008 6:38:08p 53,248 A.... "C:\Program Files\Common Files\Real\Codecs\rv30.dll"
Dec 7 2008 6:38:08p 49,152 A.... "C:\Program Files\Common Files\Real\Codecs\rv40.dll"
Dec 7 2008 6:38:08p 139,264 A.... "C:\Program Files\Common Files\Real\Codecs\sipr.dll"
Dec 7 2008 6:38:14p 163,840 A.... "C:\Program Files\Common Files\Real\Common\objb3201.dll"
Dec 7 2008 6:37:58p 1,486,848 A.... "C:\Program Files\Common Files\Real\Common\pnen3260.dll"
Dec 7 2008 6:38:02p 413,696 A.... "C:\Program Files\Common Files\Real\Common\pngu3267.dll"
Dec 7 2008 6:38:02p 12,800 A.... "C:\Program Files\Common Files\Real\Common\pnrs3260.dll"
Dec 7 2008 6:38:12p 147,456 A.... "C:\Program Files\Common Files\Real\Common\rjbviz.dll"
Dec 7 2008 6:38:02p 12,288 A.... "C:\Program Files\Common Files\Real\Common\rppr3260.dll"
Dec 7 2008 6:38:28p 26,112 A.... "C:\Program Files\Common Files\Real\Common\rpun3260.dll"
Dec 7 2008 6:38:26p 30,208 A.... "C:\Program Files\Common Files\Real\Common\security.dll"
Dec 7 2008 6:38:04p 81,920 A.... "C:\Program Files\Common Files\Real\Common\twebbrowse.dll"
Dec 7 2008 6:38:14p 110,592 A.... "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll"
Dec 7 2008 6:38:16p 1,145,896 A.... "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
Dec 7 2008 6:38:16p 29,184 A.... "C:\Program Files\Common Files\Real\Plugins\3gppttrenderer.dll"
Dec 7 2008 6:38:18p 77,824 A.... "C:\Program Files\Common Files\Real\Plugins\aacff.dll"
Dec 7 2008 6:38:16p 36,864 A.... "C:\Program Files\Common Files\Real\Plugins\amrff.dll"
Dec 7 2008 6:38:22p 135,168 A.... "C:\Program Files\Common Files\Real\Plugins\audplin.dll"
Dec 7 2008 6:37:56p 45,056 A.... "C:\Program Files\Common Files\Real\Plugins\authmgr.dll"
Dec 7 2008 7:11:14p 49,152 A.... "C:\Program Files\Common Files\Real\Plugins\camtasf.dll"
Dec 7 2008 7:11:14p 65,536 A.... "C:\Program Files\Common Files\Real\Plugins\camtasr.dll"
Dec 7 2008 6:37:56p 17,408 A.... "C:\Program Files\Common Files\Real\Plugins\cdda3260.dll"
Dec 7 2008 6:37:56p 25,088 A.... "C:\Program Files\Common Files\Real\Plugins\clbascauth.dll"
Dec 7 2008 6:37:58p 44,032 A.... "C:\Program Files\Common Files\Real\Plugins\clntxres.dll"
Dec 7 2008 6:38:22p 73,728 A.... "C:\Program Files\Common Files\Real\Plugins\cont3260.dll"
Dec 7 2008 6:38:18p 45,056 A.... "C:\Program Files\Common Files\Real\Plugins\flvff.dll"
Dec 7 2008 6:38:18p 208,896 A.... "C:\Program Files\Common Files\Real\Plugins\flvrender.dll"
Dec 7 2008 6:38:26p 233,472 A.... "C:\Program Files\Common Files\Real\Plugins\fpsechnd.dll"
Dec 7 2008 7:11:14p 352,256 A.... "C:\Program Files\Common Files\Real\Plugins\h261rend.dll"
Dec 7 2008 6:38:16p 126,976 A.... "C:\Program Files\Common Files\Real\Plugins\h263render.dll"
Dec 7 2008 6:37:56p 204,800 A.... "C:\Program Files\Common Files\Real\Plugins\httpfsys.dll"
Dec 7 2008 6:37:56p 49,152 A.... "C:\Program Files\Common Files\Real\Plugins\hxsdp.dll"
Dec 7 2008 6:38:14p 90,112 A.... "C:\Program Files\Common Files\Real\Plugins\hxxml.dll"
Dec 7 2008 6:38:08p 53,248 A.... "C:\Program Files\Common Files\Real\Plugins\imaprender.dll"
Dec 7 2008 6:38:10p 507,904 A.... "C:\Program Files\Common Files\Real\Plugins\imgrender.dll"
Dec 7 2008 6:37:56p 86,016 A.... "C:\Program Files\Common Files\Real\Plugins\memfsys.dll"
Dec 7 2008 6:38:12p 53,248 A.... "C:\Program Files\Common Files\Real\Plugins\mp3fformat.dll"
Dec 7 2008 6:38:12p 69,632 A.... "C:\Program Files\Common Files\Real\Plugins\mp3metaff.dll"
Dec 7 2008 6:38:12p 163,840 A.... "C:\Program Files\Common Files\Real\Plugins\mp3render.dll"
Dec 7 2008 6:38:16p 135,168 A.... "C:\Program Files\Common Files\Real\Plugins\mp4arender.dll"
Dec 7 2008 6:38:16p 94,208 A.... "C:\Program Files\Common Files\Real\Plugins\mp4fformat.dll"
Dec 7 2008 6:38:16p 151,552 A.... "C:\Program Files\Common Files\Real\Plugins\mp4vrender.dll"
Dec 7 2008 6:38:24p 122,880 A.... "C:\Program Files\Common Files\Real\Plugins\mp4wrtr.dll"
Dec 7 2008 6:38:22p 69,632 A.... "C:\Program Files\Common Files\Real\Plugins\mpgfformat.dll"
Dec 7 2008 6:38:22p 184,320 A.... "C:\Program Files\Common Files\Real\Plugins\mpgrender.dll"
Dec 7 2008 6:37:56p 29,184 A.... "C:\Program Files\Common Files\Real\Plugins\ntlmauth.dll"
Dec 7 2008 6:37:56p 364,544 A.... "C:\Program Files\Common Files\Real\Plugins\pacplin.dll"
Dec 7 2008 6:38:28p 65,536 A.... "C:\Program Files\Common Files\Real\Plugins\pdgenxferfsys.dll"
Dec 7 2008 6:37:56p 73,728 A.... "C:\Program Files\Common Files\Real\Plugins\plusplin.dll"
Dec 7 2008 6:37:56p 24,064 A.... "C:\Program Files\Common Files\Real\Plugins\pxcb3210.dll"
Dec 7 2008 6:37:56p 31,744 A.... "C:\Program Files\Common Files\Real\Plugins\ramfformat.dll"
Dec 7 2008 6:37:56p 77,824 A.... "C:\Program Files\Common Files\Real\Plugins\ramrender.dll"
Dec 7 2008 6:38:08p 159,744 A.... "C:\Program Files\Common Files\Real\Plugins\rarender.dll"
Dec 7 2008 6:38:14p 548,864 A.... "C:\Program Files\Common Files\Real\Plugins\ravemgr.dll"
Dec 7 2008 6:38:22p 19,968 A.... "C:\Program Files\Common Files\Real\Plugins\recf3260.dll"
Dec 7 2008 6:37:56p 184,320 A.... "C:\Program Files\Common Files\Real\Plugins\rmfformat.dll"
Dec 7 2008 6:38:24p 278,528 A.... "C:\Program Files\Common Files\Real\Plugins\rmwrtr.dll"
Dec 7 2008 6:38:26p 35,328 A.... "C:\Program Files\Common Files\Real\Plugins\rmxfpln.dll"
Dec 7 2008 6:38:26p 90,112 A.... "C:\Program Files\Common Files\Real\Plugins\rmxrend.dll"
Dec 7 2008 6:37:56p 53,248 A.... "C:\Program Files\Common Files\Real\Plugins\rn5auth.dll"
Dec 7 2008 6:38:10p 114,688 A.... "C:\Program Files\Common Files\Real\Plugins\rtfformat.dll"
Dec 7 2008 6:38:10p 135,168 A.... "C:\Program Files\Common Files\Real\Plugins\rtrender.dll"
Dec 7 2008 6:38:08p 159,744 A.... "C:\Program Files\Common Files\Real\Plugins\rvrender.dll"
Dec 7 2008 6:38:12p 49,152 A.... "C:\Program Files\Common Files\Real\Plugins\sdpplin.dll"
Dec 7 2008 6:38:26p 30,208 A.... "C:\Program Files\Common Files\Real\Plugins\security.dll"
Dec 7 2008 6:37:56p 61,440 A.... "C:\Program Files\Common Files\Real\Plugins\smlfformat.dll"
Dec 7 2008 6:37:56p 520,192 A.... "C:\Program Files\Common Files\Real\Plugins\smlrender.dll"
Dec 7 2008 6:37:56p 61,440 A.... "C:\Program Files\Common Files\Real\Plugins\smmrender.dll"
Dec 7 2008 6:37:58p 86,016 A.... "C:\Program Files\Common Files\Real\Plugins\smplfsys.dll"
Dec 7 2008 6:38:14p 17,920 A.... "C:\Program Files\Common Files\Real\Plugins\stubdrm.dll"
Dec 7 2008 6:38:08p 114,688 A.... "C:\Program Files\Common Files\Real\Plugins\swfformat.dll"
Dec 7 2008 6:38:10p 630,784 A.... "C:\Program Files\Common Files\Real\Plugins\swfrender.dll"
Dec 7 2008 6:38:26p 57,344 A.... "C:\Program Files\Common Files\Real\Plugins\tfilesys.dll"
Dec 7 2008 6:38:22p 176,128 A.... "C:\Program Files\Common Files\Real\Plugins\vidplin.dll"
Dec 7 2008 6:37:58p 376,832 A.... "C:\Program Files\Common Files\Real\Plugins\vidsite.dll"
Dec 7 2008 6:37:58p 131,072 A.... "C:\Program Files\Common Files\Real\Plugins\vsrcplin.dll"
Dec 7 2008 6:37:58p 122,880 A.... "C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll"
Dec 7 2008 6:38:18p 172,032 A.... "C:\Program Files\Common Files\Real\Plugins\wm9fformat.dll"
Dec 7 2008 6:38:18p 14,848 A.... "C:\Program Files\Common Files\Real\Plugins\wm9writer.dll"
Dec 7 2008 6:38:18p 172,032 A.... "C:\Program Files\Common Files\Real\Plugins\wmsechnd.dll"
Dec 7 2008 6:37:58p 167,936 A.... "C:\Program Files\Common Files\Real\Plugins\zipf3260.dll"
Dec 7 2008 6:38:14p 139,264 A.... "C:\Program Files\Common Files\Real\RCAPlugins\gct23201.dll"
Dec 7 2008 6:38:14p 77,824 A.... "C:\Program Files\Common Files\Real\RCAPlugins\gema3201.dll"
Dec 7 2008 6:38:14p 450,560 A.... "C:\Program Files\Common Files\Real\RCAPlugins\gemx3201.dll"
Dec 7 2008 6:38:22p 102,400 A.... "C:\Program Files\Common Files\Real\RCAPlugins\locd3210.dll"
Dec 7 2008 6:38:14p 724,992 A.... "C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols1.dll"
Dec 7 2008 6:38:14p 647,168 A.... "C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols2.dll"
Dec 7 2008 6:38:22p 356,352 A.... "C:\Program Files\Common Files\Real\RCAPlugins\sonr3210.dll"
Dec 7 2008 6:38:14p 389,120 A.... "C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll"
Dec 7 2008 6:38:14p 57,344 A.... "C:\Program Files\Common Files\Real\RCAPlugins\xmlc3201.dll"
Dec 7 2008 6:37:54p 368,640 A.... "C:\Program Files\Common Files\Real\Update_OB\faus3270.dll"
Dec 7 2008 6:37:56p 569,397 A.... "C:\Program Files\Common Files\Real\Update_OB\nprfxins.dll"
Dec 7 2008 6:37:54p 24,064 A.... "C:\Program Files\Common Files\Real\Update_OB\pnmi3270.dll"
Dec 7 2008 6:37:52p 192,512 A.... "C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe"
Dec 7 2008 6:37:54p 69,632 A.... "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"
Dec 7 2008 6:37:54p 185,872 A.... "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
Dec 7 2008 6:37:54p 98,304 A.... "C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll"
Dec 7 2008 6:37:54p 319,488 A.... "C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll"
Dec 7 2008 6:37:52p 303,104 A.... "C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll"
Dec 7 2008 6:37:54p 176,128 A.... "C:\Program Files\Common Files\Real\Update_OB\rnup3270.dll"
Dec 7 2008 6:37:54p 58,920 A.... "C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe"
Dec 7 2008 6:37:54p 79,400 A.... "C:\Program Files\Common Files\Real\Update_OB\RPElevation.dll"
Dec 7 2008 6:37:54p 311,296 A.... "C:\Program Files\Common Files\Real\Update_OB\setu3270.dll"
Dec 7 2008 6:37:54p 323,584 A.... "C:\Program Files\Common Files\Real\Update_OB\upgr3270.dll"
Dec 7 2008 6:37:54p 136,744 A.... "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe"
Dec 7 2008 6:38:22p 352,256 A.... "C:\Program Files\Common Files\xing shared\mpeg encode\xmencmp3.dll"
Dec 7 2008 5:56:50p 0 A.... "C:\Program Files\DAP Premium\History\Gil Pabia\_lasthist.dat"
Dec 13 2008 8:19:58a 112,128 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\dlls\flags.dll"
Dec 23 2008 8:55:36a 72,704 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\dlls\PEngine.dll"
Dec 23 2008 8:55:36a 131,072 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\lib\LoadSwf.dll"
Dec 7 2008 6:38:26p 147,456 A.... "C:\Program Files\Real\RealPlayer\CDBurning\CdrMmc32.dll"
Dec 7 2008 6:38:26p 167,936 A.... "C:\Program Files\Real\RealPlayer\CDBurning\Cdrw32.dll"
Dec 7 2008 6:38:26p 139,264 A.... "C:\Program Files\Real\RealPlayer\CDBurning\CdrwEx32.dll"
Dec 7 2008 6:38:26p 196,608 A.... "C:\Program Files\Real\RealPlayer\CDBurning\Data32.dll"
Dec 7 2008 6:38:26p 102,400 A.... "C:\Program Files\Real\RealPlayer\CDBurning\DataEx32.dll"
Dec 7 2008 6:38:26p 49,152 A.... "C:\Program Files\Real\RealPlayer\CDBurning\NtiAspi.dll"
Dec 7 2008 6:38:26p 11,776 A.... "C:\Program Files\Real\RealPlayer\CDBurning\pdno3210.dll"
Dec 7 2008 6:38:10p 144,960 A.... "C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll"
Dec 7 2008 6:38:26p 8,192 A.... "C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll"
Dec 7 2008 6:38:04p 94,208 A.... "C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll"
Dec 7 2008 6:38:26p 462,848 A.... "C:\Program Files\Real\RealPlayer\plugins\MPAMedia.dll"
Dec 7 2008 6:38:26p 40,960 A.... "C:\Program Files\Real\RealPlayer\plugins\mpazip.dll"
Dec 7 2008 6:38:26p 9,728 A.... "C:\Program Files\Real\RealPlayer\plugins\pdbm3210.dll"
Dec 7 2008 6:38:26p 77,824 A.... "C:\Program Files\Real\RealPlayer\plugins\pdgenxferplug.dll"
Dec 7 2008 6:38:16p 35,840 A.... "C:\Program Files\Real\RealPlayer\plugins\rjcfspln.dll"
Dec 7 2008 6:38:14p 61,440 A.... "C:\Program Files\Real\RealPlayer\plugins\rjm4pln.dll"
Dec 7 2008 6:38:14p 53,248 A.... "C:\Program Files\Real\RealPlayer\plugins\rjmp3pln.dll"
Dec 7 2008 6:38:16p 7,680 A.... "C:\Program Files\Real\RealPlayer\plugins\rjrmapln.dll"
Dec 7 2008 6:38:26p 360,448 A.... "C:\Program Files\Real\RealPlayer\plugins\rjrmjpln.dll"
Dec 7 2008 6:38:26p 46,080 A.... "C:\Program Files\Real\RealPlayer\plugins\rjrmxpln.dll"
Dec 7 2008 6:38:26p 237,568 A.... "C:\Program Files\Real\RealPlayer\plugins\tcdinfo.dll"
Dec 7 2008 6:38:26p 405,504 A.... "C:\Program Files\Real\RealPlayer\plugins\tdwnmgr.dll"
Dec 7 2008 6:38:22p 61,440 A.... "C:\Program Files\Real\RealPlayer\plugins\teall.dll"
Dec 7 2008 6:38:22p 61,440 A.... "C:\Program Files\Real\RealPlayer\plugins\team4a.dll"
Dec 7 2008 6:38:22p 86,016 A.... "C:\Program Files\Real\RealPlayer\plugins\teamp3.dll"
Dec 7 2008 6:38:22p 61,440 A.... "C:\Program Files\Real\RealPlayer\plugins\teasdk.dll"
Dec 7 2008 6:38:22p 22,528 A.... "C:\Program Files\Real\RealPlayer\plugins\teawave.dll"
Dec 7 2008 6:38:18p 40,960 A.... "C:\Program Files\Real\RealPlayer\plugins\teawma.dll"
Dec 7 2008 6:38:26p 77,824 A.... "C:\Program Files\Real\RealPlayer\plugins\tpdmgr.dll"
Dec 7 2008 6:38:18p 102,400 A.... "C:\Program Files\Real\RealPlayer\plugins\wmaimprtpln.dll"
Dec 7 2008 6:38:02p 442,368 A.... "C:\Program Files\Real\RealPlayer\rpplugins\cdpl3210.dll"
Dec 7 2008 6:38:10p 618,496 A.... "C:\Program Files\Real\RealPlayer\rpplugins\embd3260.dll"
Dec 7 2008 6:38:26p 184,320 A.... "C:\Program Files\Real\RealPlayer\rpplugins\fftr3210.dll"
Dec 7 2008 6:38:02p 288,320 A.... "C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll"
Dec 7 2008 6:38:02p 241,664 A.... "C:\Program Files\Real\RealPlayer\rpplugins\MPACore.dll"
Dec 7 2008 6:38:26p 40,960 A.... "C:\Program Files\Real\RealPlayer\rpplugins\mpazip.dll"
Dec 7 2008 6:38:02p 761,856 A.... "C:\Program Files\Real\RealPlayer\rpplugins\myde3260.dll"
Dec 7 2008 6:38:26p 770,048 A.... "C:\Program Files\Real\RealPlayer\rpplugins\pdbu3210.dll"
Dec 7 2008 6:38:28p 122,880 A.... "C:\Program Files\Real\RealPlayer\rpplugins\pdctnomad.dll"
Dec 7 2008 6:38:26p 925,696 A.... "C:\Program Files\Real\RealPlayer\rpplugins\pdge3260.dll"
Dec 7 2008 6:38:28p 307,200 A.... "C:\Program Files\Real\RealPlayer\rpplugins\pdwmdm.dll"
Dec 7 2008 6:38:02p 356,352 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjbc3260.dll"
Dec 7 2008 6:38:02p 2,117,632 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjbdll.dll"
Dec 7 2008 6:38:02p 114,688 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjbe3260.dll"
Dec 7 2008 6:38:02p 110,592 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjbxfade.dll"
Dec 7 2008 6:38:02p 577,536 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rjmisc.dll"
Dec 7 2008 6:38:02p 901,120 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpap3260.dll"
Dec 7 2008 6:38:02p 49,152 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpappdemon.dll"
Dec 7 2008 6:38:02p 499,712 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpcl3260.dll"
Dec 7 2008 6:38:02p 53,248 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpcomproxy.dll"
Dec 7 2008 6:38:04p 282,624 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpds3260.dll"
Dec 7 2008 6:38:20p 184,320 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpflashplayer.dll"
Dec 7 2008 6:38:02p 172,032 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpgu3260.dll"
Dec 7 2008 6:38:12p 49,152 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpho3260.dll"
Dec 7 2008 6:38:02p 253,952 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpme3260.dll"
Dec 7 2008 6:38:02p 536,576 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpmn3260.dll"
Dec 7 2008 6:38:02p 53,248 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpms3260.dll"
Dec 7 2008 6:38:02p 270,336 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rppl3260.dll"
Dec 7 2008 6:38:02p 139,264 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpqt3260.dll"
Dec 7 2008 6:38:02p 49,152 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpthumbnail.dll"
Dec 7 2008 6:38:02p 610,304 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rput3260.dll"
Dec 7 2008 6:38:02p 339,968 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpwe3260.dll"
Dec 7 2008 6:38:18p 237,568 A.... "C:\Program Files\Real\RealPlayer\rpplugins\rpwm3260.dll"
Dec 7 2008 6:38:02p 528,384 A.... "C:\Program Files\Real\RealPlayer\rpplugins\tmde3210.dll"
Dec 7 2008 6:38:12p 13,293,040 A.... "C:\Program Files\Real\RealPlayer\Setup\setup.exe"
Dec 17 2008 3:43:08p 0 A.... "C:\Program Files\Yahoo!\Messenger\Cache\69gVNn1Cn8AK0VdtghKVGw--.ProfileMap.dat.tmp"
Dec 3 2008 7:39:14p 0 A.... "C:\Program Files\Yahoo!\Messenger\Cache\eamX8hvvnw7yfJ4wIQCh5g--.ProfileMap.dat.tmp"
Jan 5 2009 10:59:24a 0 A.... "C:\Program Files\Yahoo!\Messenger\Cache\iKNGJN20mrnuoJD7E9uNFA--.ProfileMap.dat.tmp"
Jan 14 2009 8:36:04p 0 A.... "C:\Program Files\Yahoo!\Messenger\Cache\jTTfcAfhhZ6DAahST26l5g--.ProfileMap.dat.tmp"
Jan 15 2009 9:18:00a 0 A.... "C:\Program Files\Yahoo!\Messenger\Cache\Z.f0nOdbehjTRHDu75miQQ--.ProfileMap.dat.tmp"
Dec 7 2008 6:37:54p 3,215 A.... "C:\Program Files\Common Files\Real\Update_OB\UI\msgoff.htm"
Dec 13 2008 8:20:02a 126,976 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\plugins\Game\WC3Ass.dll"
Dec 23 2008 8:55:52a 312,832 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\plugins\UI\FPSGame.dll"
Dec 23 2008 8:55:56a 107,520 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\plugins\UI\GEngine.dll"
Dec 23 2008 8:55:56a 41,472 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\plugins\UI\zDep.dll"
Jan 4 2009 10:29:54a 32,768 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\user\3398367\data.dat"
Jan 3 2009 8:44:36a 5,120 A.... "C:\Program Files\Ocean Technologies & Media\GG E-Sports Platform\user\3398367\fps.dat"
Dec 7 2008 6:38:20p 188,416 A.... "C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll"
Dec 7 2008 6:40:32p 52 A.... "C:\Program Files\Real\RealPlayer\cache_db\c_data\db.dat"
Dec 7 2008 6:40:32p 52 A.... "C:\Program Files\Real\RealPlayer\cache_db\c_header\db.dat"
Dec 7 2008 6:40:32p 52 A.... "C:\Program Files\Real\RealPlayer\cache_db\c_usage\db.dat"
Dec 7 2008 6:38:04p 332 A.... "C:\Program Files\Real\RealPlayer\DataCache\admodules\blank.html"
Dec 7 2008 6:38:04p 271 A.... "C:\Program Files\Real\RealPlayer\DataCache\admodules\bottomchrome_blank.html"
Dec 7 2008 6:38:06p 3,147 A.... "C:\Program Files\Real\RealPlayer\DataCache\Devices\deviceshome.html"
Dec 7 2008 6:38:06p 2,504 A.... "C:\Program Files\Real\RealPlayer\DataCache\Devices\nodevice.html"
Dec 7 2008 6:38:06p 4,533 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\404.html"
Dec 7 2008 6:38:06p 4,041 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\CTW.html"
Dec 7 2008 6:38:06p 4,253 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\custsupport.html"
Dec 7 2008 6:38:06p 4,344 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\home.html"
Dec 7 2008 6:38:06p 5,049 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\lfr.html"
Dec 7 2008 6:38:06p 5,750 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\main.html"
Dec 7 2008 6:38:06p 3,955 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\myacct.html"
Dec 7 2008 6:38:06p 2,860 A.... "C:\Program Files\Real\RealPlayer\DataCache\GetMedia\upsell.htm"
Dec 7 2008 6:38:08p 6,912 A.... "C:\Program Files\Real\RealPlayer\DataCache\Login\cancel.html"
Dec 7 2008 6:38:08p 5,593 A.... "C:\Program Files\Real\RealPlayer\DataCache\Login\index.html"
Dec 7 2008 6:38:08p 1,904 A.... "C:\Program Files\Real\RealPlayer\DataCache\Login\welcome.html"
Dec 7 2008 6:38:08p 64 A.... "C:\Program Files\Real\RealPlayer\DataCache\webresources\dnserror.htm"
Dec 7 2008 6:38:24p 90,112 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\atrc.dll"
Dec 7 2008 6:38:24p 548,919 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\colorcvt.dll"
Dec 7 2008 6:38:24p 65,602 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\cook.dll"
Dec 7 2008 6:38:24p 376,832 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\erv2.dll"
Dec 7 2008 6:38:24p 479,298 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\erv4.dll"
Dec 7 2008 6:38:24p 557,056 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\raac.dll"
Dec 7 2008 7:08:34p 155,648 A.... "C:\Program Files\Real\RealPlayer\producer\Codecs\ralf.dll"
Dec 7 2008 6:38:24p 122,880 A.... "C:\Program Files\Real\RealPlayer\producer\plugins\mp4wrtr.dll"
Dec 7 2008 6:38:24p 278,528 A.... "C:\Program Files\Real\RealPlayer\producer\plugins\rmwrtr.dll"
Dec 7 2008 6:38:24p 86,016 A.... "C:\Program Files\Real\RealPlayer\producer\plugins\smplfsys.dll"
Dec 7 2008 6:38:18p 14,848 A.... "C:\Program Files\Real\RealPlayer\producer\plugins\wm9writer.dll"
Dec 7 2008 6:38:24p 45,143 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audiodelaycomp.dll"
Dec 7 2008 6:38:24p 90,206 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audiofmtconverter.dll"
Dec 7 2008 6:38:24p 86,100 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audiolimiter.dll"
Dec 7 2008 7:08:34p 65,634 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audiolosslesscodec.dll"
Dec 7 2008 6:38:24p 327,767 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\audioresampler.dll"
Dec 7 2008 6:38:24p 163,914 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\dsreader.dll"
Dec 7 2008 6:38:24p 847,940 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\encsession.dll"
Dec 7 2008 6:38:24p 241,744 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\hxfilewriter.dll"
Dec 7 2008 6:38:24p 53,321 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\mediasink.dll"
Dec 7 2008 7:08:34p 57,443 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\mpeg4audiopacketizer.dll"
Dec 7 2008 6:38:24p 53,328 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\packetsource.dll"
Dec 7 2008 6:38:24p 77,895 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\qtreader.dll"
Dec 7 2008 6:38:24p 86,110 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rmsessionformat.dll"
Dec 7 2008 6:38:24p 241,736 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rmwriter.dll"
Dec 7 2008 6:38:24p 69,718 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rnaudiocodec.dll"
Dec 7 2008 6:38:24p 77,920 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rnaudiopacketizer.dll"
Dec 7 2008 6:38:24p 106,582 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rnvideocodec.dll"
Dec 7 2008 6:38:24p 45,152 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\rnvideopacketizer.dll"
Dec 7 2008 6:38:24p 49,249 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\videocolorconverter.dll"
Dec 7 2008 6:38:24p 57,427 A.... "C:\Program Files\Real\RealPlayer\producer\Tools\videoresizer.dll"
Nov 15 2008 3:24:10p 1,624 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\ako_cutie13\iconindex.dat"
Nov 15 2008 4:22:42p 1,304 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\big_bone_crips\iconindex.dat"
Jan 14 2009 8:36:08p 5,652 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\chriswanted08\iconindex.dat"
Dec 21 2008 1:01:28p 684 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\gil0815\iconindex.dat"
Dec 17 2008 3:41:52p 676 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\jeric_rockhard\iconindex.dat"
Nov 17 2008 7:20:46p 180 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\jimurillo64\iconindex.dat"
Dec 19 2008 8:28:14p 1,016 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\mhackyville27\iconindex.dat"
Dec 17 2008 3:44:48p 1,996 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\mikevan_011\iconindex.dat"
Nov 15 2008 4:19:42p 484 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\moses_triskelion\iconindex.dat"
Dec 3 2008 7:39:32p 344 A.... "C:\Program Files\Yahoo!\Messenger\Profiles\tabachui16\iconindex.dat"


Files with hidden attributes:

Fri 9 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\boliraka.dll"
Thu 8 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\fuweyofa.dll"
Mon 5 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\gafemawe.dll"
Wed 7 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\gavuzeyi.dll"
Wed 7 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\givinoye.dll"
Tue 13 Jan 2009 23,863 ..SH. --- "C:\WINDOWS\system32\giweruru.dll"
Sun 4 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\losamine.dll"
Tue 13 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\meruyuva.dll"
Wed 7 Jan 2009 23,997 ..SH. --- "C:\WINDOWS\system32\nakonaze.dll"
Wed 14 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\numonuji.dll"
Fri 2 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\petipado.dll"
Sat 10 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\pozogere.dll"
Mon 5 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\rebawiza.dll"
Wed 7 Jan 2009 23,927 ..SH. --- "C:\WINDOWS\system32\robejaku.dll"
Wed 14 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\sopejuwi.dll"
Tue 13 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\vosukidu.dll"
Wed 14 Jan 2009 23,927 ..SH. --- "C:\WINDOWS\system32\wiwifezi.dll"
Wed 7 Jan 2009 23,993 ..SH. --- "C:\WINDOWS\system32\wonupago.dll"
Tue 6 Jan 2009 2,625 ..SH. --- "C:\WINDOWS\system32\wotitiha.dll"
Mon 5 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\yapigifa.dll"
Sat 10 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\yodedafi.dll"
Sat 10 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\zodetego.dll"
Sun 10 Aug 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Sun 1 Dec 2002 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Mon 26 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 17 Dec 2003 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 17 Dec 2003 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 17 Dec 2003 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 17 Dec 2003 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 17 Dec 2003 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 17 Dec 2003 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 17 Dec 2003 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 17 Dec 2003 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 17 Dec 2003 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 17 Dec 2003 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 17 Dec 2003 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 17 Dec 2003 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 17 Dec 2003 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 17 Dec 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 17 Dec 2003 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 17 Dec 2003 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 17 Dec 2003 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 17 Dec 2003 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 17 Dec 2003 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 17 Dec 2003 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 17 Dec 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 17 Dec 2003 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 17 Dec 2003 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 17 Dec 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 17 Dec 2003 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 17 Dec 2003 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 17 Dec 2003 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 17 Dec 2003 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 17 Dec 2003 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 17 Dec 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 17 Dec 2003 49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 17 Dec 2003 50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 17 Dec 2003 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 17 Dec 2003 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 17 Dec 2003 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 17 Dec 2003 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 17 Dec 2003 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 17 Dec 2003 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 17 Dec 2003 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 17 Dec 2003 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 17 Dec 2003 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 17 Dec 2003 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 17 Dec 2003 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 17 Dec 2003 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 17 Dec 2003 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 17 Dec 2003 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 17 Dec 2003 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 17 Dec 2003 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 17 Dec 2003 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 17 Dec 2003 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 17 Dec 2003 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 17 Dec 2003 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 17 Dec 2003 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 17 Dec 2003 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 17 Dec 2003 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 17 Dec 2003 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 17 Dec 2003 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 17 Dec 2003 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 17 Dec 2003 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 17 Dec 2003 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 17 Dec 2003 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 17 Dec 2003 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 17 Dec 2003 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 17 Dec 2003 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 17 Dec 2003 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 17 Dec 2003 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 17 Dec 2003 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 17 Dec 2003 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 17 Dec 2003 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 17 Dec 2003 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 17 Dec 2003 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 17 Dec 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 17 Dec 2003 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 17 Dec 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 17 Dec 2003 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 17 Dec 2003 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 17 Dec 2003 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 17 Dec 2003 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 17 Dec 2003 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 17 Dec 2003 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 17 Dec 2003 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 17 Dec 2003 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 17 Dec 2003 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 17 Dec 2003 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 17 Dec 2003 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 17 Dec 2003 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 17 Dec 2003 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 17 Dec 2003 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 17 Dec 2003 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"


Program Folders:

C:\Program Files\

ACE-HIGH MP3 WAV WMA OGG Converter
Adobe
Apple Software Update
AvRack
AVS4YOU
Bonjour
CAPCOM
CBS Software
CCleaner
Chikka Messenger
Common Files
ComPlus Applications
CONEXANT
CyberLink
DAEMON Tools Lite
DAP Premium
Dealio
DIFX
E.M. PowerPoint Video Converter
EA Games
e-Games
ExtraTools
FreeCDRipper
'Full Speed' Internet Booster + Performance Tests
GameHouse
Google
Grisoft
Half-life
HyperTechnologies
InstallShield Installation Information
Internet Download Manager
Internet Explorer
iPod
iTunes
Java
Kaspersky Lab
Level-up Games
LimeWire
LIUtilities
Malwarebytes' Anti-Malware
Messenger
Microsoft ActiveSync
Microsoft Encarta
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MpcStar
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
MusicIP
MYGAME
MYGAME Launcher
Nero
NetMeeting
Nokia
Ocean Technologies & Media
Online Services
Outlook Express
Paint.NET
PC Connectivity Solution
PLDTPlay
QuickTime
Real
Realtek AC97
Realtek Sound Manager
Recuva
Reference Assemblies
ReflexiveArcade
S3
Search Settings
SpeedBit Video Accelerator
Stardock
Symantec
System Protect
THQ
Uniblue
Uninstall Information
Unlocker
uTorrent
Valve
VIA
Vimicro
Vimicro(2)
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
Yahoo!

C:\Program Files\Common Files\

Adobe
Ahead
Apple
AVSMedia
DESIGNER
Download Manager
DVDVideoSoft
INCA Shared
InstallShield
Java
L&H
LightScribe
Microsoft Shared
MSSoap
ODBC
Real
Services
SpeechEngines
Symantec Shared
System
xing shared


Add/Remove Programs:

Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
ACE-HIGH MP3 WAV WMA OGG Converter
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Candy Land - Dora the Explorer Edition
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
CCleaner (remove only)
Chikka Messenger V4
D-Link DFM-562IS HSFi PCI Modem
Company of Heroes - Opposing Fronts
Counter-Strike Source 1.19
ExtraDNS
Free CD Ripper 3.1
Command & Conquer Generals
VIA Platform Device Manager
Command and ConquerTM Generals Zero Hour
Kaspersky Internet Security 2009
Internet Download Manager
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Update for Windows XP (KB925720)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Hotfix for Windows XP (KB954550-v5)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
LimeWire PRO 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Mozilla Firefox (3.0.5)
Microsoft Compression Client Pack 1.0 for Windows XP
MSN
Microsoft Text-to-Speech Engine 4.0 (English)
NVIDIA Drivers
RealPlayer
Recuva (remove only)
Special Force(Remove only)
St. Marcouf CoH Map
Super TextTwist
System Protect
Uniblue DiskRescue 2009
Uniblue DriverScanner 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uninstall 1.0.0.1
Unlocker 1.8.7
VIA/S3G Display Driver
VIA Rhine-Family Fast Ethernet Adapter
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Windows Imaging Component
WindowBlinds
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.5
Yahoo! ¤uØć¦C
Yahoo! Messenger
CoH Turtle Mod
Microsoft Encarta Premium 2006 DVD
Command & Conquer Generals
Uniblue DiskRescue 2009
Counter-Strike 1.6
Company of Heroes - FAKEMSI
QuickTime
Company of Heroes - FAKEMSI
MSXML 6 Service Pack 2 (KB954459)
Platform
MSVC80_x86
Uniblue SpeedUpMyPC 2009
Company of Heroes - FAKEMSI
Java™ 6 Update 6
Java™ 6 Update 7
Company of Heroes - FAKEMSI
Paint.NET v3.36
Apple Mobile Device Support
Bonjour
Nokia Connectivity Cable Driver
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
iTunes
Dealio Toolbar 3.4
Company of Heroes - FAKEMSI
PowerDVD
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Microsoft Visual C++ 2005 Redistributable
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
MSXML 4.0 SP2 (KB954430)
GG E-Sports Platform
Kaspersky Internet Security 2009
Microsoft Office Professional Edition 2003
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Microsoft .NET Framework 3.0 Service Pack 2
PC Connectivity Solution
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Software Update
Company of Heroes - FAKEMSI
Norton Ghost
MYGAME Launcher(Remove Only)
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 2.0 Service Pack 2
Nero 7 Essentials
Uniblue DriverScanner 2009
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
A4 TECH USB PC Camera H
Search Settings 1.2
Devil May Cry 3 Special Edition
Company of Heroes - FAKEMSI
LightScribe 1.4.124.1
Uniblue RegistryBooster 2009
Company of Heroes - FAKEMSI
Command and ConquerTM Generals Zero Hour
Realtek AC'97 Audio
ServerScout
µTorrent


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"NWEReboot"=""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SearchSettings"="C:\\Program Files\\Search Settings\\SearchSettings.exe"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe\""
"Malwarebytes' Anti-Malware"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"IDMan"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi1"="wdmaud.drv"
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

#10 chrisfake1

chrisfake1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 15 January 2009 - 05:59 AM

done doing the rest here's the log .


-------


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2009 at 06:54 PM

Application Version : 4.24.1004

Core Rules Database Version : 3710
Trace Rules Database Version: 1685

Scan type : Complete Scan
Total Scan Time : 01:56:53

Memory items scanned : 183
Memory threats detected : 0
Registry items scanned : 6794
Registry threats detected : 29
File items scanned : 80895
File threats detected : 23

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32#InprocServer32
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32#ThreadingModel
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ProgID
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\Programmable
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\TypeLib
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\VersionIndependentProgID
HKCR\SearchSettings.BHO.1
HKCR\SearchSettings.BHO.1\CLSID
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO\CLSID
HKCR\SearchSettings.BHO\CurVer
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0\0
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0\0\win32
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0\FLAGS
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0\HELPDIR
C:\PROGRAM FILES\SEARCH SETTINGS\KB127\SEARCHSETTINGS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C1B8A44-61FE-411E-8F33-813A4E2E2984}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKU\S-1-5-21-1292428093-1960408961-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C1B8A44-61FE-411E-8F33-813A4E2E2984}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKU\S-1-5-21-1292428093-1960408961-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

Adware.Tracking Cookie
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@revsci[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@adrevolver[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@fastclick[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@statcounter[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@media.adrevolver[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@content.yieldmanager.edgesuite[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@realmedia[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@ak[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@tribalfusion[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@atdmt[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@ad.yieldmanager[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@content.yieldmanager[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@adopt.euroclick[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@advertising[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@burstnet[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@serving-sys[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@bs.serving-sys[1].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@adopt.specificclick[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@zedo[2].txt
C:\Documents and Settings\Gil Pabia\Cookies\gil pabia@adinterax[1].txt

Rogue.Component/Trace
HKU\S-1-5-21-1292428093-1960408961-839522115-1004\Software\Microsoft\CS41275

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\YAPIGIFA.DLL

#11 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:08 PM

Posted 15 January 2009 - 08:05 AM

No that gives information about your computer. If you look in c:\sdfix you should see a batch file named Runthis.bat. It should restart SDFix.

Let's get a rerun of SuperantiSpyware too. There is still a lot detected.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#12 chrisfake1

chrisfake1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 15 January 2009 - 04:31 PM

sorry for the mstake.


SDFix: Version 1.240
Run by Gil Pabia on Fri 01/16/2009 at 05:22 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 05:28:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:30,30,04,3a,c7,80,7b,3c,c2,e8,19,0c,e2,95,f1,4a,42,bb,02,0e,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,53,69,b7,9f,c1,6c,aa,b9,05,eb,eb,4f,fa,4a,77,77,..
"khjeh"=hex:8a,6c,4c,9d,74,30,59,24,f6,50,1c,26,72,be,bb,6d,53,b6,fa,a1,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b9,7d,a0,15,00,09,89,78,0c,64,7c,5c,91,a9,e1,33,2d,64,c5,f5,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:98,66,61,23,9f,7f,99,bd,a0,df,6f,eb,42,e2,55,59,98,8a,db,b7,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,53,69,b7,9f,c1,6c,aa,b9,05,eb,eb,4f,fa,4a,77,77,..
"khjeh"=hex:8a,6c,4c,9d,74,30,59,24,f6,50,1c,26,72,be,bb,6d,53,b6,fa,a1,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b9,7d,a0,15,00,09,89,78,0c,64,7c,5c,91,a9,e1,33,2d,64,c5,f5,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:30,30,04,3a,c7,80,7b,3c,c2,e8,19,0c,e2,95,f1,4a,42,bb,02,0e,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d1,53,69,b7,9f,c1,6c,aa,b9,05,eb,eb,4f,fa,4a,77,77,..
"khjeh"=hex:8a,6c,4c,9d,74,30,59,24,f6,50,1c,26,72,be,bb,6d,53,b6,fa,a1,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b9,7d,a0,15,00,09,89,78,0c,64,7c,5c,91,a9,e1,33,2d,64,c5,f5,11,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\New Folder (2)\\cabalbot.exe"="D:\\Program Files\\New Folder (2)\\cabalbot.exe:*:Enabled:HookSrv"
"C:\\Program Files\\MYGAME\\Special Force\\specialforce.exe"="C:\\Program Files\\MYGAME\\Special Force\\specialforce.exe:*:Enabled:specialforce"
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"="C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe:*:Enabled:Garena"
"C:\\Counter-Strike Source\\hl2.exe"="C:\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\Program Files\\iPod\\bin\\iPodService.exe"="C:\\Program Files\\iPod\\bin\\iPodService.exe:*:Enabled:iPodService"
"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe"="C:\\Program Files\\DAEMON Tools Lite\\daemon.exe:*:Enabled:daemon"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe:*:Enabled:avp"
"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\Screen.exe"="C:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\Screen.exe:*:Enabled:Screen"
"C:\\WINDOWS\\system32\\UAService7.exe"="C:\\WINDOWS\\system32\\UAService7.exe:*:Enabled:UAService7"
"C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe"="C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe:*:Enabled:LSSrvc"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:spoolsv"
"C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"="C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE:*:Enabled:MDM"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"
"C:\\WINDOWS\\system32\\nvsvc32.exe"="C:\\WINDOWS\\system32\\nvsvc32.exe:*:Enabled:nvsvc32"
"C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe:*:Enabled:ICWCONN1"
"C:\\Program Files\\Uniblue\\DiskRescue\\UBDiskRescueSrv.exe"="C:\\Program Files\\Uniblue\\DiskRescue\\UBDiskRescueSrv.exe:*:Enabled:UBDiskRescueSrv"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:services"
"C:\\Program Files\\System Protect\\SysProtect_srv.exe"="C:\\Program Files\\System Protect\\SysProtect_srv.exe:*:Enabled:SysProtect_srv"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Fri 9 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\boliraka.dll"
Thu 8 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\fuweyofa.dll"
Mon 5 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\gafemawe.dll"
Wed 7 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\gavuzeyi.dll"
Wed 7 Jan 2009 2,627 ..SH. --- "C:\WINDOWS\system32\givinoye.dll"
Tue 13 Jan 2009 23,863 ..SH. --- "C:\WINDOWS\system32\giweruru.dll"
Sun 4 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\losamine.dll"
Tue 13 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\meruyuva.dll"
Wed 7 Jan 2009 23,997 ..SH. --- "C:\WINDOWS\system32\nakonaze.dll"
Wed 14 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\numonuji.dll"
Fri 2 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\petipado.dll"
Sat 10 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\pozogere.dll"
Mon 5 Jan 2009 23,929 ..SH. --- "C:\WINDOWS\system32\rebawiza.dll"
Wed 7 Jan 2009 23,927 ..SH. --- "C:\WINDOWS\system32\robejaku.dll"
Wed 14 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\sopejuwi.dll"
Tue 13 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\vosukidu.dll"
Wed 14 Jan 2009 23,927 ..SH. --- "C:\WINDOWS\system32\wiwifezi.dll"
Wed 7 Jan 2009 23,993 ..SH. --- "C:\WINDOWS\system32\wonupago.dll"
Tue 6 Jan 2009 2,625 ..SH. --- "C:\WINDOWS\system32\wotitiha.dll"
Sat 10 Jan 2009 23,931 ..SH. --- "C:\WINDOWS\system32\yodedafi.dll"
Sat 10 Jan 2009 23,995 ..SH. --- "C:\WINDOWS\system32\zodetego.dll"
Sun 10 Aug 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Sun 1 Dec 2002 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Mon 26 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 17 Dec 2003 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 17 Dec 2003 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 17 Dec 2003 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 17 Dec 2003 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 17 Dec 2003 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 17 Dec 2003 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 17 Dec 2003 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 17 Dec 2003 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 17 Dec 2003 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 17 Dec 2003 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 17 Dec 2003 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 17 Dec 2003 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 17 Dec 2003 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 17 Dec 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 17 Dec 2003 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 17 Dec 2003 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 17 Dec 2003 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 17 Dec 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 17 Dec 2003 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 17 Dec 2003 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 17 Dec 2003 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 17 Dec 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 17 Dec 2003 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 17 Dec 2003 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 17 Dec 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 17 Dec 2003 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 17 Dec 2003 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 17 Dec 2003 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 17 Dec 2003 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 17 Dec 2003 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 17 Dec 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 17 Dec 2003 49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 17 Dec 2003 50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 17 Dec 2003 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 17 Dec 2003 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 17 Dec 2003 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 17 Dec 2003 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 17 Dec 2003 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 17 Dec 2003 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 17 Dec 2003 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 17 Dec 2003 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 17 Dec 2003 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 17 Dec 2003 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 17 Dec 2003 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 17 Dec 2003 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 17 Dec 2003 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 17 Dec 2003 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 17 Dec 2003 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 17 Dec 2003 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 17 Dec 2003 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 17 Dec 2003 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 17 Dec 2003 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 17 Dec 2003 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 17 Dec 2003 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 17 Dec 2003 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 17 Dec 2003 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 17 Dec 2003 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 17 Dec 2003 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 17 Dec 2003 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 17 Dec 2003 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 17 Dec 2003 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 17 Dec 2003 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 17 Dec 2003 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 17 Dec 2003 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 17 Dec 2003 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 17 Dec 2003 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 17 Dec 2003 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 17 Dec 2003 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 17 Dec 2003 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 17 Dec 2003 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 17 Dec 2003 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 17 Dec 2003 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 17 Dec 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 17 Dec 2003 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 17 Dec 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 17 Dec 2003 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 17 Dec 2003 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 17 Dec 2003 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 17 Dec 2003 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 17 Dec 2003 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 17 Dec 2003 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 17 Dec 2003 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 17 Dec 2003 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 17 Dec 2003 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 17 Dec 2003 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 17 Dec 2003 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 17 Dec 2003 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 17 Dec 2003 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 17 Dec 2003 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 17 Dec 2003 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

Finished!

#13 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:08 PM

Posted 15 January 2009 - 07:35 PM

Well done! :thumbsup:

Next step is an online scanner:

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Then run Superantispyware again. Post a fresh log. We should see 0's this time.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#14 chrisfake1

chrisfake1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 16 January 2009 - 05:17 AM

i am encountering problems w/ F secure.
while downloading / scanning progress my PC restarts.
tried 3 time. same result.

#15 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:08 PM

Posted 16 January 2009 - 08:07 AM

Sorry about that. Let's try another...

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users