Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winsmss.exe plus other assorted malware


  • This topic is locked This topic is locked
22 replies to this topic

#1 londonliving

londonliving

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 23 January 2009 - 05:53 PM

Hi There

Just got my laptop back from a friend who 'needed it to help find work' :) as they were going to be made redundant after the Christmas break.

They start work on Monday, but look at all the lovely extras I've had to deal with on a nearly unusable and full machine :step1:

winsmss.exe is currently the gift that keeps on giving. :step4:

Thanks to WINPATROL I know about it, but not how to get rid of it!

Ran a standard ComboFix Scan after Windows Explorer kept behaving strangely whilst truing to run MalwareBytes Anti-Mailware which helped tremendously last time.

I'll post that log next.

It does keep removing some legitimate (but flaky and not recently updated) files which are part of some specialist software and I keep having to reinstall and reactivate each time.

There are some dodgy looking files on this machine and I want to know what uninvited guests have appeared with some new (unexpected) installations.

Thanks for all your help as ever, a great group of people.

:thumbup2:

LL

BC AdBot (Login to Remove)

 


#2 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 23 January 2009 - 06:01 PM

ComboFix 09-01-21.04 - Tiny One 2009-01-23 22:12:16.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1223 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\Maintenance\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\IE4 Error Log.txt
c:\windows\system32\AVSredirect.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\winsmss.exe
.
---- Previous Run -------
.
c:\windows\system32\azip32.dll
c:\windows\system32\dzgtactx.dll
c:\windows\system32\FTPx.dll
c:\windows\system32\MabryObj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC
-------\Legacy_PACKET
-------\Legacy_WINSMSS
-------\Service_Packet
-------\Service_winsmss


((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-23 16:29 . 2009-01-23 16:33 <DIR> d-------- c:\documents and settings\User\Application Data\LogoMaker
2009-01-23 14:37 . 2009-01-23 14:37 54,781,247 --a------ c:\windows\system32\xa16478953.exe
2009-01-23 14:37 . 2009-01-23 14:37 54,781,247 --a------ c:\windows\system32\xa16474859.exe
2009-01-23 14:37 . 2009-01-23 14:37 176,128 --a------ c:\windows\system32\xwr68965.dll
2009-01-23 14:37 . 2009-01-23 14:37 176,128 --a------ c:\windows\system32\wr68965.dll
2009-01-23 14:12 . 2009-01-23 14:12 <DIR> d-------- r:\program files\Studio V5
2009-01-23 11:48 . 2009-01-23 11:48 <DIR> d-------- c:\documents and settings\User\Application Data\JAM Software
2009-01-23 11:40 . 2009-01-23 11:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\IndigoRose
2009-01-23 11:39 . 2009-01-23 11:39 <DIR> d-------- c:\documents and settings\User\Application Data\Downloaded Installations
2009-01-23 11:34 . 2009-01-23 11:35 <DIR> d-------- r:\program files\WeBuilder 2008
2009-01-23 11:34 . 2009-01-23 11:34 <DIR> d-------- c:\documents and settings\User\Application Data\Blumentals
2009-01-23 11:17 . 2009-01-23 11:17 1,773,568 --a------ c:\windows\system32\msgdiplus.dll
2009-01-23 11:10 . 2009-01-23 11:10 <DIR> d-------- C:\Sandbox
2009-01-23 11:08 . 2009-01-23 22:09 1,548 --a------ c:\windows\Sandboxie.ini
2009-01-22 21:41 . 2009-01-22 21:41 <DIR> d-------- r:\program files\3D Utils
2009-01-22 21:17 . 2009-01-22 21:21 <DIR> d-------- c:\documents and settings\User\Application Data\bibble
2009-01-22 21:13 . 2009-01-22 21:13 <DIR> d-------- c:\program files\Common Files\Bibble Labs
2009-01-22 05:51 . 2009-01-22 05:52 <DIR> d-------- c:\temp\Prince.Of.Persia.3.The.Two.Thrones-RELOADED[www.moviex.info]
2009-01-22 05:47 . 2009-01-22 05:50 <DIR> d-------- c:\temp\Star Wars KOTOR
2009-01-19 02:11 . 2009-01-19 02:11 <DIR> d-------- c:\documents and settings\User\Application Data\Quark
2009-01-19 02:09 . 2009-01-19 02:09 <DIR> d-------- r:\program files\Quark
2009-01-19 02:09 . 2009-01-19 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Quark
2009-01-17 12:59 . 2009-01-17 12:59 <DIR> d-------- r:\program files\eRightSoft
2009-01-15 23:08 . 2009-01-15 23:09 <DIR> d-------- r:\program files\Deskcalc Pro
2009-01-15 15:34 . 2009-01-15 15:34 <DIR> d-------- c:\documents and settings\User\Application Data\URSoft
2009-01-14 07:56 . 2009-01-23 08:34 2,134 --a------ c:\windows\system32\ycap.jpg
2009-01-12 15:14 . 2009-01-12 15:14 <DIR> d-------- c:\temp\ENGiNE
2009-01-12 06:41 . 2006-06-20 08:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-01-12 06:40 . 2009-01-12 06:40 <DIR> d-------- r:\program files\Outsim
2009-01-12 06:40 . 2009-01-12 06:43 <DIR> d-------- r:\program files\Image-Line
2009-01-12 06:40 . 2002-07-07 22:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-01-12 03:06 . 2009-01-12 03:06 <DIR> d-------- c:\documents and settings\User\Application Data\Imagenomic
2009-01-09 22:51 . 2009-01-15 17:42 <DIR> d-------- r:\program files\IconPackager
2009-01-09 22:51 . 2009-01-09 22:51 <DIR> d-------- c:\program files\Common Files\Stardock
2009-01-08 23:02 . 2009-01-08 23:02 <DIR> d-------- c:\documents and settings\User\Application Data\Neuratron
2009-01-08 23:01 . 2005-09-02 08:04 9,068,589 --a------ c:\windows\system32\Drs832.dll
2009-01-08 11:44 . 2009-01-08 11:44 <DIR> d-------- C:\vcs5BGEffects
2009-01-07 22:13 . 2009-01-07 22:14 <DIR> d-------- r:\program files\Atomic RAR Password Recovery
2009-01-06 04:00 . 2009-01-06 04:01 <DIR> d-------- r:\program files\Microsoft adCenter Add-in for Excel 2.0 (Beta)
2009-01-05 18:31 . 2009-01-05 18:31 <DIR> d-------- c:\documents and settings\User\.spss
2009-01-05 18:22 . 2009-01-05 18:22 1,024 --a------ c:\windows\system32\grcauth2.dll
2009-01-05 18:22 . 2009-01-05 18:22 1,024 --a------ c:\windows\system32\grcauth1.dll
2009-01-05 18:22 . 2009-01-05 18:22 114 --a------ c:\windows\system32\prsgrc.tgz
2009-01-05 18:20 . 2009-01-05 18:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2009-01-05 18:17 . 2009-01-05 18:40 <DIR> d-------- r:\program files\SPSSInc
2009-01-05 18:17 . 2009-01-05 18:17 <DIR> d-------- c:\program files\Common Files\SPSS
2009-01-05 18:17 . 2009-01-05 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SPSS
2009-01-03 06:55 . 2009-01-03 06:55 0 --a------ C:\law.sp
2009-01-03 06:53 . 2009-01-03 06:54 <DIR> d-------- C:\Python25
2009-01-03 05:15 . 2009-01-03 05:18 <DIR> d-------- r:\program files\Subliminal Audio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 22:27 --------- d-----w r:\program files\Rainlendar2
2009-01-23 16:46 --------- d-----w r:\program files\Microsoft Silverlight
2009-01-23 16:13 --------- d-----w r:\program files\uTorrent
2009-01-23 16:13 --------- d-----w c:\documents and settings\User\Application Data\uTorrent
2009-01-23 14:39 --------- d-----w c:\documents and settings\User\Application Data\ue_toolbar
2009-01-23 14:33 --------- d-----w r:\program files\PeerGuardian2
2009-01-23 14:11 --------- d-----w r:\program files\Graphics
2009-01-23 11:47 --------- d-----w r:\program files\Utilities
2009-01-23 11:02 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-22 16:21 --------- d-----w c:\documents and settings\User\Application Data\Alien Skin
2009-01-22 13:48 --------- d-----w c:\program files\Common Files\onOne Software Shared
2009-01-22 06:43 --------- d-----w c:\program files\Common Files\Adobe
2009-01-17 02:08 --------- d-----w r:\program files\IM Tools
2009-01-15 23:01 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 17:43 --------- d-----w r:\program files\WebPosition 4
2009-01-15 17:42 --------- d-----w r:\program files\Mozilla Firefox 3 Beta 3
2009-01-15 17:42 --------- d-----w r:\program files\Movie Magic Sreenwriting
2009-01-15 17:42 --------- d-----w r:\program files\Hide IP Platinum
2009-01-15 17:42 --------- d-----w r:\program files\Firefox 2
2009-01-15 00:41 --------- d-----w c:\documents and settings\User\Application Data\Thinstall
2009-01-14 11:38 --------- d-----w c:\documents and settings\User\Application Data\dvdcss
2009-01-12 15:24 --------- d-----w r:\program files\WinRAR-2008
2009-01-09 22:45 --------- d-----w r:\program files\phpDesigner 2008
2009-01-08 23:01 --------- d-----w r:\program files\Sibelius Software
2009-01-08 11:43 --------- d-----w r:\program files\Audio
2009-01-06 23:12 --------- d-----w r:\program files\Mindjet
2009-01-06 04:36 --------- d-----w r:\program files\Eset
2009-01-06 04:33 --------- d-----w r:\program files\Zend
2009-01-03 06:44 --------- d-----w r:\program files\MagicISO
2008-12-31 14:30 --------- d-----w r:\program files\Hotspot_Shield
2008-12-24 19:32 --------- d-----w c:\documents and settings\User\Application Data\X-NetStat
2008-12-21 21:04 --------- d-----w r:\program files\PHP Expert Editor 4.2
2008-12-21 21:03 --------- d-----w r:\program files\PHPRunner4.1
2008-12-21 04:12 --------- d-----w c:\documents and settings\User\Application Data\iMacros
2008-12-19 13:23 --------- d-----w r:\program files\Siber Systems
2008-12-19 13:23 --------- d-----w c:\documents and settings\User\Application Data\GoodSync
2008-12-18 20:50 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2008-12-18 20:50 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2008-12-18 16:12 --------- d-----w c:\documents and settings\User\Application Data\Carnival Software
2008-12-18 12:49 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-17 10:50 --------- d-----w r:\program files\SEO Tools
2008-12-17 07:07 --------- d-----w r:\program files\Alien Skin
2008-12-16 01:25 --------- d-----w r:\program files\Games
2008-12-14 04:02 --------- d-----w c:\documents and settings\All Users\Application Data\RoboForm
2008-12-12 19:21 --------- d-----w c:\documents and settings\User\Application Data\InterVideo
2008-12-12 19:18 --------- d--h--w r:\program files\InstallShield Installation Information
2008-12-12 19:18 --------- d-----w r:\program files\InterVideo Information Service
2008-12-12 19:18 --------- d-----w c:\program files\Common Files\Ulead
2008-12-12 19:16 --------- d-----w r:\program files\InterVideo
2008-12-12 19:16 --------- d-----w c:\program files\Common Files\InterVideo
2008-12-12 02:47 56,912 ----a-w c:\documents and settings\User\g2mdlhlpx.exe
2008-12-12 02:47 --------- d-----w r:\program files\Citrix
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 07:34 --------- d-----w r:\program files\PowerISO
2008-12-08 02:41 --------- d-----w c:\documents and settings\User\Application Data\Sony
2008-12-08 02:40 --------- d-----w c:\documents and settings\User\Application Data\Publish Providers
2008-12-08 01:47 --------- d-----w r:\program files\Vstplugins
2008-12-08 01:47 --------- d-----w r:\program files\Sony
2008-12-08 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-12-08 01:44 --------- d-----w r:\program files\_zSony Vegas Setup
2008-12-08 00:19 --------- d-----w c:\documents and settings\User\Application Data\Broderbund
2008-12-08 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\Broderbund
2008-12-08 00:17 --------- d-----w r:\program files\Utils
2008-12-04 02:27 --------- d-----w r:\program files\Analytics Reporting Suite - beta 2
2008-12-04 02:05 --------- d-----w r:\program files\TechSmith
2008-12-04 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-12-04 01:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-02 09:55 --------- d-----w r:\program files\anim8or.com
2008-12-02 04:20 --------- d-----w r:\program files\Spybot - Search & Destroy
2008-12-01 20:34 --------- d-----w r:\program files\Java
2008-11-30 07:47 --------- d-----w r:\program files\PDF Password Remover v2.1
2008-11-29 12:40 --------- d-----w r:\program files\Force5
2008-11-29 05:33 --------- d-----w c:\documents and settings\User\Application Data\com.adobe.ExMan
2008-11-28 18:00 --------- d-----w r:\program files\Windows Desktop Search
2008-11-28 17:38 --------- d-----w c:\documents and settings\User\Application Data\Skype
2008-11-28 16:29 --------- d-----w c:\documents and settings\User\Application Data\skypePM
2008-11-27 11:18 --------- d-----w r:\program files\Secunia
2008-10-25 22:20 604 ---ha-w r:\program files\STLL Notifier
2008-04-21 15:36 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-13 11:09 77 --sh--w r:\program files\Desktop.ini
2001-12-27 18:07 660,992 ----a-r r:\program files\FontViewer.exe
2007-01-01 15:46 141,824 ----a-w r:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-24 11:09 67,696 ----a-w r:\program files\mozilla firefox\components\jar50.dll
2008-09-24 11:09 54,376 ----a-w r:\program files\mozilla firefox\components\jsd3250.dll
2008-09-24 11:09 34,952 ----a-w r:\program files\mozilla firefox\components\myspell.dll
2008-09-24 11:09 46,720 ----a-w r:\program files\mozilla firefox\components\spellchk.dll
2008-09-24 11:09 172,144 ----a-w r:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2008-06-22 03:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062220080623\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-12_ 5.33.56.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 13:42:10 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 23:22:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-05-01 14:38:05 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:01:38 124,928 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 16:01:38 347,136 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 16:01:39 63,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 16:01:40 383,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 16:01:43 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 16:01:44 267,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 16:01:46 27,648 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 16:01:49 477,696 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 16:01:50 671,232 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 16:01:50 102,912 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 16:01:50 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 16:01:50 105,984 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 16:01:51 1,162,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 16:01:51 233,472 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 16:01:51 827,904 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-03 09:49:31 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 13:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 14:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 15:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-16 20:24:09 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 20:24:09 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 20:24:09 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 20:24:09 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 20:24:09 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 20:24:09 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 20:24:09 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 20:24:09 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 20:24:09 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 20:24:09 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 20:24:09 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 20:24:09 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 20:24:10 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 20:24:10 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 20:24:10 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 20:24:10 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 20:24:10 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 20:24:10 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 20:24:10 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 20:24:10 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 20:24:10 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 20:24:10 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 20:24:11 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 20:24:11 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 20:24:11 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2008-12-13 06:26:56 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
+ 2008-04-14 00:11:57 29,696 -c----w c:\windows\$NtUninstallKB915800-v4$\mimefilt.dll
+ 2008-04-14 00:12:02 98,304 -c----w c:\windows\$NtUninstallKB915800-v4$\nlhtml.dll
+ 2008-04-14 00:12:02 192,000 -c----w c:\windows\$NtUninstallKB915800-v4$\offfilt.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB915800-v4$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB915800-v4$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2007-10-05 15:42:10 221,488 -c----w c:\windows\$NtUninstallKB943729$\spuninst\spuninst.exe
+ 2007-10-05 15:42:10 379,184 -c----w c:\windows\$NtUninstallKB943729$\spuninst\updspapi.dll
+ 2008-04-14 00:11:59 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB946648$\spuninst\updspapi.dll
+ 2008-04-14 00:11:53 246,272 -c----w c:\windows\$NtUninstallKB950974$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2008-04-14 00:11:54 691,712 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951066$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\updspapi.dll
+ 2008-04-14 00:12:38 60,416 -c----w c:\windows\$NtUninstallKB951072-v2$\tzchange.exe
+ 2006-10-18 20:03:58 100,864 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
+ 2007-07-27 09:41:48 231,288 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
+ 2007-07-27 09:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
+ 2006-10-18 21:47:20 937,984 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
+ 2006-10-18 21:47:22 2,450,944 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
+ 2008-04-14 00:11:58 331,776 -c----w c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2008-04-14 00:11:58 73,728 -c----w c:\windows\$NtUninstallKB952954$\mscms.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB953839$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-04-13 19:30:10 1,845,632 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\$NtUninstallKB954459$\msxml6.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
+ 2008-04-14 00:12:07 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
+ 2008-04-14 00:12:01 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 13:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
+ 2008-07-11 12:42:28 62,976 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-04-14 00:11:54 285,184 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2008-06-20 11:40:08 138,496 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2008-04-13 18:31:21 2,023,936 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2008-04-13 19:24:37 2,145,280 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2008-04-13 19:15:11 334,848 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2008-04-13 19:17:01 456,576 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2008-04-14 00:12:01 337,408 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2009-01-06 04:00:04 118,784 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
+ 2009-01-06 04:00:05 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common2007\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common2007.dll
+ 2009-01-06 04:00:04 401,408 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.dll
+ 2009-01-06 04:00:05 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.dll
+ 2009-01-06 04:00:05 282,624 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.dll
+ 2009-01-06 04:00:05 49,152 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.OfficeTools.Controls.ContainerControl\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OfficeTools.Controls.ContainerControl.dll
+ 2009-01-06 04:00:05 8,192 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.OfficeTools.Controls.ManagedWrapper\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OfficeTools.Controls.ManagedWrapper.dll
+ 2009-01-06 04:00:04 180,224 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
+ 2009-01-06 23:12:18 439,600 ----a-w c:\windows\assembly\GAC_MSIL\Mindjet.MindManager.Interop\8.0.217.0__19247b5ea06b230f\Mindjet.MindManager.Interop.dll
+ 2009-01-06 04:00:05 5,632 ----a-w c:\windows\assembly\GAC_MSIL\VSTOPersist.Interop\8.0.0.0__b03f5f7f11d50a3a\VSTOPersist.Interop.dll
+ 2009-01-06 04:00:05 7,168 ----a-w c:\windows\assembly\GAC_MSIL\VSTOStorageWrapper.Interop\8.0.0.0__b03f5f7f11d50a3a\VSTOStorageWrapper.Interop.dll
+ 2008-12-16 01:25:17 451,072 ----a-w c:\windows\Cribbage Quest\uninstall.exe
+ 2006-03-20 17:34:42 24,576 ----a-w c:\windows\Downloaded Program Files\dwusplay.dll
+ 2006-03-20 17:34:42 196,608 ----a-w c:\windows\Downloaded Program Files\dwusplay.exe
+ 2006-03-20 17:34:52 484,272 ----a-w c:\windows\Downloaded Program Files\isusweb.dll
+ 2008-12-20 04:34:21 23,600 ----a-w c:\windows\Downloaded Program Files\tvichw32.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 10:09:26 2,145,280 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-04-23 04:16:28 124,928 -c----w c:\windows\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w c:\windows\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w c:\windows\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w c:\windows\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w c:\windows\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w c:\windows\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w c:\windows\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w c:\windows\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w c:\windows\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w c:\windows\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w c:\windows\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w c:\windows\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w c:\windows\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w c:\windows\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w c:\windows\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w c:\windows\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w c:\windows\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-23 21:16:30 3,591,680 -c----w c:\windows\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w c:\windows\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w c:\windows\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w c:\windows\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w c:\windows\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w c:\windows\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w c:\windows\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w c:\windows\ie7updates\KB953838-IE7\wininet.dll
+ 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 09:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 02:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2004-11-29 16:52:24 225,280 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\asiodxfd.dll
+ 2006-08-28 19:14:18 29,163,520 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\CubaseStd4.exe
+ 2006-07-04 11:09:08 560,128 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\eacdll.dll
+ 2006-06-28 19:09:16 3,641,344 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\Grungelizer.dll
+ 2006-06-28 19:03:42 929,792 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\MidiGate.dll
+ 2006-08-07 17:54:18 106,496 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\mp3dec.dll
+ 2006-07-20 13:39:40 200,704 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\mpeg2decoder.dll
+ 2006-06-28 19:13:54 1,441,792 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\RingModulator.dll
+ 2006-07-20 13:44:38 102,400 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\sd2AH.dll
+ 2006-08-16 19:06:20 229,376 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\VSTPlugManager.dll
+ 2006-07-20 13:45:24 208,896 ----a-r c:\windows\Installer\$PatchCache$\UnManaged\S-1-5-21-472722980-2923720443-594902606-1005\B680BF5A206B2544F89EFDB6BFECD390\4.0.0\WMAHandler.dll
+ 2009-01-22 06:36:33 77,824 ----a-r c:\windows\Installer\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}\ARPPRODUCTICON.exe
+ 2008-10-07 12:02:23 49,152 ----a-r c:\windows\Installer\{0AE19D89-17A9-404D-932A-FAAF43F3C77E}\ARPPRODUCTICON.exe
+ 2008-10-07 12:02:23 45,056 ----a-r c:\windows\Installer\{0AE19D89-17A9-404D-932A-FAAF43F3C77E}\BaseProductionModeShortCut.exe
+ 2008-10-07 12:02:23 49,152 ----a-r c:\windows\Installer\{0AE19D89-17A9-404D-932A-FAAF43F3C77E}\NewShortcut1.exe
+ 2008-10-07 12:02:23 2,494 ----a-r c:\windows\Installer\{0AE19D89-17A9-404D-932A-FAAF43F3C77E}\NewShortcut1_DB8CEC4230B14F49BD069393EB81CCF7.exe
+ 2008-10-07 12:02:23 40,960 ----a-r c:\windows\Installer\{0AE19D89-17A9-404D-932A-FAAF43F3C77E}\NewShortcut2_0AE19D8917A9404D932AFAAF43F3C77E.exe
+ 2009-01-11 15:13:25 26,694 ----a-r c:\windows\Installer\{194BFA8B-8ABF-43F4-A4B5-A38F6B21C3C2}\_366b66c4.exe
+ 2009-01-11 15:13:25 26,694 ----a-r c:\windows\Installer\{194BFA8B-8ABF-43F4-A4B5-A38F6B21C3C2}\_42307eb7.exe
+ 2008-12-12 19:17:19 422,598 ----a-r c:\windows\Installer\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\ARPPRODUCTICON.exe
+ 2008-12-12 19:17:19 65,536 ----a-r c:\windows\Installer\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2009-01-03 06:53:40 94,208 ----a-r c:\windows\Installer\{31800004-6386-4999-A519-518F2D78D8F0}\python_icon.exe
+ 2008-11-22 18:02:34 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2009-01-22 06:36:23 77,824 ----a-r c:\windows\Installer\{3A6829EF-0791-4FDD-9382-C690DD0821B9}\ARPPRODUCTICON.exe
+ 2009-01-05 18:20:08 45,056 ----a-r c:\windows\Installer\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}\ARPPRODUCTICON.exe
+ 2009-01-05 18:20:08 45,056 ----a-r c:\windows\Installer\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}\BaseShortcut_621025AE3510478EBC271A647150976F.exe
+ 2009-01-05 18:20:08 45,056 ----a-r c:\windows\Installer\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}\NewShortcut1_621025AE3510478EBC271A647150976F.exe
+ 2009-01-05 18:20:08 4,286 ----a-r c:\windows\Installer\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}\NewShortcut3_E85C03FAB0AE40E48DEC2E3C9B52122A.exe
+ 2008-12-04 02:06:40 680,448 ----a-r c:\windows\Installer\{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}\IconEF5C48881.exe
+ 2008-11-10 10:25:26 295,606 ----a-r c:\windows\Installer\{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}\ARPPRODUCTICON.exe
+ 2008-11-10 10:25:26 295,606 ----a-r c:\windows\Installer\{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}\NewShortcut1_4F93ABBE5A1D4D5694CB022F109FDE4D.exe
+ 2008-11-10 10:25:26 295,606 ----a-r c:\windows\Installer\{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}\NewShortcut11_4F93ABBE5A1D4D5694CB022F109FDE4D.exe
+ 2008-10-25 22:01:35 292,878 ----a-r c:\windows\Installer\{531BC138-F1F7-496B-879C-F039ECEF438D}\ARPPRODUCTICON.exe
+ 2008-10-25 22:01:35 292,878 ----a-r c:\windows\Installer\{531BC138-F1F7-496B-879C-F039ECEF438D}\NewShortcut4_C2C2101F05384548B5AF39E0D3B3CB50.exe
+ 2008-10-25 22:01:35 292,878 ----a-r c:\windows\Installer\{531BC138-F1F7-496B-879C-F039ECEF438D}\RunLightroom313212_C2C2101F05384548B5AF39E0D3B3CB50.exe
+ 2009-01-08 23:15:55 65,536 ----a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\ARPPRODUCTICON.exe
+ 2009-01-08 23:15:55 65,536 ----a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\AuditionCommonShortc_01CEC7E570FD4D068FADBF21DF0CC6DC.exe
+ 2009-01-08 23:15:55 65,536 ----a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\NewShortcut1_E3A4979EE8C048379F3D271B50BA9E7C_1.exe
+ 2009-01-08 23:15:55 65,536 ----a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\NewShortcut2_E3A4979EE8C048379F3D271B50BA9E7C_1.exe
+ 2009-01-08 23:15:55 65,536 ----a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\NewShortcut3_E3A4979EE8C048379F3D271B50BA9E7C.exe
+ 2008-09-01 08:58:57 176,014 ----a-r c:\windows\Installer\{55FFD2A7-065B-408A-BC55-BB7958874D14}\_732FE3BD9F2E5F9A6142DE.exe
+ 2008-09-01 08:58:57 176,014 ----a-r c:\windows\Installer\{55FFD2A7-065B-408A-BC55-BB7958874D14}\_8504126291B6FA354A79B5.exe
+ 2008-09-04 12:52:01 29,926 ----a-r c:\windows\Installer\{5856F90C-3D9F-4748-9FED-2C755D8CE6A9}\_29941D7ECEC9542C9B5328.exe
+ 2008-09-04 12:52:01 29,926 ----a-r c:\windows\Installer\{5856F90C-3D9F-4748-9FED-2C755D8CE6A9}\_6FEFF9B68218417F98F549.exe
+ 2008-09-04 12:52:01 29,926 ----a-r c:\windows\Installer\{5856F90C-3D9F-4748-9FED-2C755D8CE6A9}\_AAB78A579C8B56C3E78473.exe
+ 2008-12-08 00:17:59 49,430 ----a-r c:\windows\Installer\{58F9D852-9443-4955-A1ED-12C9E0504DD0}\ARPPRODUCTICON.exe
+ 2008-12-08 00:17:59 90,112 ----a-r c:\windows\Installer\{58F9D852-9443-4955-A1ED-12C9E0504DD0}\MavisBeacon.exe1_8FF8832F2C204C0087FBCB1B21BF2D78.exe
+ 2008-12-08 00:17:59 90,112 ----a-r c:\windows\Installer\{58F9D852-9443-4955-A1ED-12C9E0504DD0}\NewShortcut5_A1C70BF0BB1845ABA6F5B42606E7DB9C.exe
+ 2008-12-04 01:20:36 609,792 ----a-r c:\windows\Installer\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}\Icon59991D183.exe
+ 2008-08-30 15:19:05 10,134 ----a-r c:\windows\Installer\{6F9CD605-D30F-40AB-B438-FE56A5DAF7AF}\_9E6FA7BE0AC2964633E510.exe
+ 2008-08-30 15:19:05 31,662 ----a-r c:\windows\Installer\{6F9CD605-D30F-40AB-B438-FE56A5DAF7AF}\_9E8EF4308FFE35C06554D7.exe
+ 2009-01-19 02:10:10 405,504 ----a-r c:\windows\Installer\{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}\ARPPRODUCTICON.exe
+ 2009-01-19 02:10:10 405,504 ----a-r c:\windows\Installer\{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}\SCUTQXP_706EA4A897B54C29A0F30B38C666F0C4.exe
+ 2009-01-23 11:51:36 10,134 ----a-r c:\windows\Installer\{71414EC2-0684-4A15-A85A-E0E259D117AF}\ARPPRODUCTICON.exe
+ 2009-01-23 11:51:36 163,840 ----a-r c:\windows\Installer\{71414EC2-0684-4A15-A85A-E0E259D117AF}\m6animator.exe_71414EC206844A15A85AE0E259D117AF.exe
+ 2009-01-23 11:51:36 163,840 ----a-r c:\windows\Installer\{71414EC2-0684-4A15-A85A-E0E259D117AF}\m6explorer.exe_71414EC206844A15A85AE0E259D117AF.exe
+ 2009-01-23 11:51:36 208,896 ----a-r c:\windows\Installer\{71414EC2-0684-4A15-A85A-E0E259D117AF}\m6librarian.exe_71414EC206844A15A85AE0E259D117AF.exe
+ 2009-01-23 11:51:36 135,168 ----a-r c:\windows\Installer\{71414EC2-0684-4A15-A85A-E0E259D117AF}\m6studio.exe_71414EC206844A15A85AE0E259D117AF.exe
+ 2009-01-23 11:51:36 25,214 ----a-r c:\windows\Installer\{71414EC2-0684-4A15-A85A-E0E259D117AF}\m6tools.chm_71414EC206844A15A85AE0E259D117AF.exe
+ 2009-01-12 03:03:48 10,134 ----a-r c:\windows\Installer\{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}\SystemFolder_msiexec.exe
+ 2008-09-05 12:29:28 33,982 ----a-r c:\windows\Installer\{84814E6B-2581-46EC-926A-823BD1C670F6}\ARPPRODUCTICON.exe
+ 2008-11-14 06:35:26 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-01-23 11:52:55 10,134 ----a-r c:\windows\Installer\{8679D366-D73F-4303-92F7-853B13C1F424}\ARPPRODUCTICON.exe
+ 2009-01-23 11:52:55 25,214 ----a-r c:\windows\Installer\{8679D366-D73F-4303-92F7-853B13C1F424}\MODHelp.chm_8679D366D73F430392F7853B13C1F424.exe
+ 2009-01-23 11:52:55 292,878 ----a-r c:\windows\Installer\{8679D366-D73F-4303-92F7-853B13C1F424}\MODPanel.exe_8679D366D73F430392F7853B13C1F424.exe
+ 2008-09-25 22:17:18 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2009-01-06 04:01:07 15,086 ----a-r c:\windows\Installer\{A0D66C5B-A622-475D-AD04-4B9E80F7DBB9}\_6FEFF9B68218417F98F549.exe
+ 2009-01-06 04:01:07 10,134 ----a-r c:\windows\Installer\{A0D66C5B-A622-475D-AD04-4B9E80F7DBB9}\_96F55909DFFBB359A6F89A.exe
+ 2008-11-10 11:32:21 65,536 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
+ 2008-11-10 11:32:20 38,926 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat.exe
+ 2008-11-10 11:32:21 38,926 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat_3D.exe
+ 2008-11-10 11:32:21 36,294 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat_Standard.exe
+ 2008-11-10 11:32:21 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Distiller.exe
+ 2008-11-10 11:32:21 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_ELEMENTS_DT.exe
+ 2008-11-10 11:32:20 335,872 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-10-25 22:19:46 300,318 ----a-r c:\windows\Installer\{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}\_21F3885A18D238E15AAE81.exe
+ 2008-10-25 22:19:46 300,318 ----a-r c:\windows\Installer\{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}\_6FEFF9B68218417F98F549.exe
+ 2008-10-25 22:19:46 300,318 ----a-r c:\windows\Installer\{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}\_77D3D944D4BD9E302F35EF.exe
+ 2008-10-25 22:19:46 10,134 ----a-r c:\windows\Installer\{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}\_C16C1EC014759169D0736C.exe
+ 2008-10-25 22:19:46 300,318 ----a-r c:\windows\Installer\{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}\_F4C83E5394449819A43175.exe
+ 2009-01-06 23:13:20 65,536 ----a-r c:\windows\Installer\{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}\ARPPRODUCTICON.exe
+ 2009-01-06 23:13:20 65,536 ----a-r c:\windows\Installer\{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}\Desktop_MindManager6_C4D150117314479F90CAEF8478756B79.exe
+ 2009-01-06 23:13:20 65,536 ----a-r c:\windows\Installer\{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}\ProgramGroup_MindMan_C4D150117314479F90CAEF8478756B79.exe
+ 2009-01-06 23:13:20 65,536 ----a-r c:\windows\Installer\{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}\QuickLaunch_MindMana_C4D150117314479F90CAEF8478756B79.exe
+ 2009-01-06 23:13:20 65,536 ----a-r c:\windows\Installer\{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}\StartMenu_MindManage_C4D150117314479F90CAEF8478756B79.exe
+ 2008-12-14 05:19:17 10,134 ----a-r c:\windows\Installer\{E6F75E80-273A-4054-B032-6CD04413357B}\ARPPRODUCTICON.exe
+ 2009-01-05 20:22:14 487,409 ----a-w c:\windows\Installer\SandboxieInstall.exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 08:00:00 29,696 ----a-w c:\windows\Nircmd.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 08:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2008-06-11 23:43:32 111,992 ----a-w c:\windows\system32\acaptuser32.dll
+ 2008-04-07 05:38:06 45,392 ----a-r c:\windows\system32\AdobePDF.dll
+ 2008-04-07 05:38:12 22,872 ----a-r c:\windows\system32\AdobePDFUI.dll
- 2008-04-23 04:16:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2009-01-07 07:08:07 270,336 ----a-w c:\windows\system32\aepa-872d09e4-215d-4d6a-b056-515b9c76f5a8.dll
- 2008-05-07 16:48:12 57,344 ----a-w c:\windows\system32\ASTSRV.EXE
+ 2008-05-07 17:48:12 57,344 ----a-w c:\windows\system32\ASTSRV.EXE
+ 2007-05-17 17:30:48 318,976 ----a-w c:\windows\system32\avisynth.dll
+ 2001-01-21 19:58:46 40,448 ----a-w c:\windows\system32\Axdist.exe
- 2007-04-29 07:30:48 32,768 ----a-w c:\windows\system32\Base64.dll
+ 2008-02-06 19:41:58 32,768 ----a-w c:\windows\system32\Base64.dll
+ 2006-11-11 20:40:54 135,233 ----a-w c:\windows\system32\bt2k_ins.dll
+ 2006-11-11 20:45:44 73,728 ----a-w c:\windows\system32\BtAudioHelper.dll
+ 2006-11-11 20:46:34 135,168 ----a-w c:\windows\system32\btbigbmp.dll
+ 2006-11-11 20:31:12 159,744 ----a-w c:\windows\system32\btbip.dll
+ 2006-11-11 20:48:22 614,400 ----a-w c:\windows\system32\BTChooser.dll
+ 2006-11-11 20:57:12 417,851 ----a-w c:\windows\system32\btcss.dll
+ 2006-11-11 20:40:38 36,864 ----a-w c:\windows\system32\btdev.dll
+ 2006-11-11 20:49:26 114,688 ----a-w c:\windows\system32\bthcrp.dll
+ 2006-11-11 20:50:18 126,976 ----a-w c:\windows\system32\bthcrpui.dll
+ 2006-11-11 20:40:18 425,984 ----a-w c:\windows\system32\btins.dll
+ 2006-11-11 21:09:38 77,824 ----a-w c:\windows\system32\BtMmHook.dll
+ 2006-11-11 20:38:18 65,536 ----a-w c:\windows\system32\BTNCopy.dll
+ 2006-11-11 20:59:42 962,637 ----a-w c:\windows\system32\BTNeighborhood.dll
+ 2006-11-11 20:47:26 122,880 ----a-w c:\windows\system32\btosif.dll
+ 2006-11-11 20:51:24 159,744 ----a-w c:\windows\system32\btosif_notes.dll
+ 2006-11-11 20:51:52 204,800 ----a-w c:\windows\system32\btosif_ol.dll
+ 2006-11-11 20:52:18 143,360 ----a-w c:\windows\system32\btosif_olx.dll
+ 2006-11-11 20:50:38 90,112 ----a-w c:\windows\system32\btprn2k.dll
+ 2006-11-11 20:39:22 3,133,440 ----a-w c:\windows\system32\btrez.dll
+ 2006-11-11 20:38:54 94,208 ----a-w c:\windows\system32\btrezxp.dll
+ 2006-11-11 20:57:32 98,304 ----a-w c:\windows\system32\btsec.dll
+ 2006-11-11 20:47:58 208,896 ----a-w c:\windows\system32\btsendto.dll
+ 2006-11-11 20:55:20 73,728 ----a-w c:\windows\system32\btsendto_ie.dll
+ 2006-11-11 20:52:44 49,152 ----a-w c:\windows\system32\btsendto_notes.dll
+ 2006-11-11 20:54:50 172,032 ----a-w c:\windows\system32\btsendto_office.dll
+ 2006-11-11 20:53:58 151,603 ----a-w c:\windows\system32\btsendto_wab.dll
+ 2006-10-30 09:52:22 106,557 ----a-w c:\windows\system32\btw_ci.dll
+ 2006-11-11 21:01:58 229,376 ----a-w c:\windows\system32\btwhidcs.dll
+ 2006-11-11 21:08:48 90,112 ----a-w c:\windows\system32\BtWiaExt.dll
+ 2006-11-11 21:00:52 983,105 ----a-w c:\windows\system32\BtWizard.dll
+ 2006-11-11 20:48:44 45,056 ----a-w c:\windows\system32\btwpimif.dll
+ 2006-11-11 20:46:20 106,496 ----a-w c:\windows\system32\BTXPPanel.dll
+ 2006-11-11 20:45:58 24,576 ----a-w c:\windows\system32\BtXpShell.dll
+ 2008-02-26 13:21:22 832,896 ----a-w c:\windows\system32\ButtonThumbnailExtractor.dll
+ 2004-02-09 10:21:32 24,576 ----a-r c:\windows\system32\CAITF32.DLL
+ 2004-02-09 10:22:12 28,672 ----a-r c:\windows\system32\CALAUNCH.EXE
+ 2006-09-28 20:52:18 655,360 ----a-w c:\windows\system32\CDDBControl.dll
+ 2006-09-28 20:52:18 98,304 ----a-w c:\windows\system32\CddbLangDE.dll
+ 2006-09-28 20:52:18 98,304 ----a-w c:\windows\system32\CddbLangES.dll
+ 2006-09-28 20:52:18 98,304 ----a-w c:\windows\system32\CddbLangFR.dll
+ 2006-09-28 20:52:18 102,400 ----a-w c:\windows\system32\CddbLangIT.dll
+ 2006-09-28 20:52:18 77,824 ----a-w c:\windows\system32\CddbLangJA.dll
+ 2006-09-28 20:52:18 98,304 ----a-w c:\windows\system32\CddbLangNL.dll
+ 2006-09-28 20:52:18 765,952 ----a-w c:\windows\system32\CDDBUI.dll
- 2007-07-30 18:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 14:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
+ 1998-07-06 01:00:00 33,792 ----a-w c:\windows\system32\CmDlgDE.dll
- 2006-09-12 20:00:00 197,632 ----a-w c:\windows\system32\CNMLM81.DLL
+ 2008-04-02 20:00:00 198,656 ----a-w c:\windows\system32\CNMLM81.DLL
- 2007-04-08 19:56:47 86,232 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-01-23 10:04:27 960,664 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
+ 2004-08-04 00:56:42 561,179 ----a-w c:\windows\system32\dao360.dll
- 2005-08-21 14:57:30 227,840 ----a-w c:\windows\system32\Deco_32.dll
+ 2005-08-21 15:57:30 227,840 ----a-w c:\windows\system32\Deco_32.dll
+ 2008-12-01 20:34:31 410,976 ----a-w c:\windows\system32\deploytk.dll
+ 2004-02-22 10:11:08 719,872 ----a-w c:\windows\system32\devil.dll
+ 2003-10-07 19:19:32 36,864 ----a-w c:\windows\system32\DGRip.dll
+ 2002-07-19 12:08:14 182,784 ----a-w c:\windows\system32\DGVorbis.dll
- 2008-04-23 04:16:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 11:40:08 138,496 ------w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 ------w c:\windows\system32\dllcache\afd.sys
+ 2008-04-13 18:46:30 18,944 ----a-w c:\windows\system32\dllcache\bthusb.sys
- 2007-07-30 18:19:20 92,504 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 14:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
- 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:26:58 253,952 ------w c:\windows\system32\dllcache\es.dll
- 2008-04-23 04:16:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-04-14 00:12:20 193,024 ----a-w c:\windows\system32\dllcache\fsquirt.exe
+ 2008-10-23 12:36:14 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
- 2008-04-23 04:16:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-04-11 19:04:26 691,712 ------w c:\windows\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 20:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 01:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-03-07 17:02:08 29,696 ------w c:\windows\system32\dllcache\mimefilt.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-05-01 14:33:02 331,776 ------w c:\windows\system32\dllcache\msadce.dll
+ 2008-06-24 16:43:16 74,240 ------w c:\windows\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-23 21:16:30 3,591,680 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-09-04 17:15:04 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
+ 2008-10-15 16:34:24 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
+ 2008-03-07 17:02:08 98,304 ------w c:\windows\system32\dllcache\nlhtml.dll
+ 2008-08-14 10:09:26 2,145,280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-04-23 04:16:28 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-03-07 17:02:08 192,000 ------w c:\windows\system32\dllcache\offfilt.dll
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-11 10:57:09 333,952 ------w c:\windows\system32\dllcache\srv.sys
- 2008-04-14 00:12:07 246,814 ------w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
- 2008-04-23 04:16:28 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2007-03-15 17:16:42 236,928 ------w c:\windows\system32\dllcache\WgaLogon.dll
+ 2008-09-05 22:30:42 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
- 2007-03-15 17:17:08 336,768 ------w c:\windows\system32\dllcache\WgaTray.exe
+ 2008-09-05 22:29:58 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
+ 2008-09-15 12:12:56 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
- 2008-04-23 04:16:29 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 05:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 05:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 14:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 18:19:16 53,080 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 14:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 14:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 18:19:32 325,976 ----a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 14:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 14:08:58 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-30 18:19:28 203,096 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 14:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
- 2007-07-24 14:17:08 81,920 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-08-29 09:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2007-07-24 14:17:08 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-08-29 08:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-08-14 07:57:42 74,720 ----a-w c:\windows\system32\drivers\adfs.sys
- 2008-06-20 11:40:08 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2006-10-30 09:52:04 329,901 ----a-w c:\windows\system32\drivers\btaudio.sys
- 2008-04-13 18:46:29 18,944 ----a-w c:\windows\system32\drivers\bthusb.sys
+ 2008-04-13 18:46:30 18,944 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
+ 2006-11-13 09:41:20 862,922 ----a-w c:\windows\system32\drivers\btkrnl.sys
+ 2006-10-30 09:51:24 30,459 ----a-w c:\windows\system32\drivers\btport.sys
+ 2006-10-30 09:57:34 37,296 ----a-w c:\windows\system32\drivers\btusbflt.sys
+ 2006-10-30 09:51:30 149,123 ----a-w c:\windows\system32\drivers\btwdndis.sys
+ 2006-10-30 09:51:34 47,875 ----a-w c:\windows\system32\drivers\btwhid.sys
+ 2006-10-30 09:51:40 67,672 ----a-w c:\windows\system32\drivers\btwusb.sys
+ 2007-12-10 03:00:00 9,072 ----a-w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-12-10 03:00:00 9,200 ----a-w c:\windows\system32\drivers\cdralw2k.sys
- 2008-01-29 11:01:28 16,168 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 13:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
- 2007-12-29 14:35:54 112,992 ----a-w c:\windows\system32\drivers\keyscrambler.sys
+ 2008-06-24 17:45:18 113,896 ----a-w c:\windows\system32\drivers\keyscrambler.sys
+ 2008-10-22 16:10:22 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
+ 2008-10-22 16:10:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
- 2008-04-13 19:17:01 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2008-06-16 08:31:08 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys
+ 2008-11-18 13:36:52 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys
+ 2008-02-06 03:00:00 44,608 ----a-w c:\windows\system32\drivers\pxhelp20.sys
- 2007-08-08 20:42:08 45,568 ----a-w c:\windows\system32\drivers\rimmptsk.sys
+ 2006-11-14 23:16:24 32,256 ----a-w c:\windows\system32\drivers\rimmptsk.sys
- 2005-04-18 22:21:08 27,136 ----a-w c:\windows\system32\drivers\risdptsk.sys
+ 2005-07-14 11:14:34 27,904 ----a-w c:\windows\system32\drivers\risdptsk.sys
- 2006-07-29 11:11:23 30,601 ----a-w c:\windows\system32\drivers\scdemu.sys
+ 2008-11-02 08:44:10 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
+ 2007-07-03 15:54:24 80,552 ----a-w c:\windows\system32\drivers\sscdbus.sys
+ 2007-07-03 15:56:00 9,256 ----a-w c:\windows\system32\drivers\sscdcm.sys
+ 2007-07-03 15:56:00 9,256 ----a-w c:\windows\system32\drivers\sscdcmnt.sys
+ 2007-07-03 15:57:24 11,944 ----a-w c:\windows\system32\drivers\sscdmdfl.sys
+ 2007-07-03 15:58:20 106,792 ----a-w c:\windows\system32\drivers\sscdmdm.sys
+ 2007-07-03 16:00:16 9,256 ----a-w c:\windows\system32\drivers\sscdwh.sys
+ 2007-07-03 16:00:16 9,256 ----a-w c:\windows\system32\drivers\sscdwhnt.sys
+ 2008-01-23 21:25:32 27,136 ----a-w c:\windows\system32\drivers\tapvpn.sys
+ 2008-02-06 15:52:12 68,080 ----a-w c:\windows\system32\drvins64.exe
+ 2008-04-17 13:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 13:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-11-07 14:23:30 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-04-14 00:11:53 246,272 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\system32\es.dll
- 2008-04-23 04:16:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-06-22 03:14:36 2,874,712 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-23 10:03:05 2,221,184 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2001-09-05 20:00:58 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
+ 2001-09-05 21:00:58 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
- 2008-01-29 11:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 13:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-05-29 11:16:52 633,344 ------w c:\windows\system32\gpprefcl.dll
+ 2004-01-25 00:00:00 70,656 ----a-w c:\windows\system32\i420vfw.dll
- 2008-04-23 04:16:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2007-07-31 10:51:33 298,104 ----a-w c:\windows\system32\imon.dll
+ 2008-12-18 20:50:51 298,104 ----a-w c:\windows\system32\imon.dll
- 2008-04-14 00:11:54 691,712 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\system32\inetcomm.dll
- 2008-06-10 00:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-01 20:34:31 139,264 ----a-w c:\windows\system32\java.exe
- 2008-06-10 00:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-01 20:34:31 139,264 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 01:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 20:34:31 143,360 ----a-w c:\windows\system32\javaws.exe
- 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2001-11-14 11:56:00 1,802,240 ----a-w c:\windows\system32\lcppn21.dll
- 2008-03-20 17:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-09-05 22:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2004-12-08 16:30:16 663,552 ----a-w c:\windows\system32\libifcoremd.dll
+ 2004-12-08 16:30:20 2,084,956 ----a-w c:\windows\system32\libmmd.dll
+ 2007-03-24 11:45:48 57,344 ----a-r c:\windows\system32\libsyslic1.dll
+ 2007-03-14 00:57:54 144,896 ----a-r c:\windows\system32\libsyslic1.original.dll
- 2006-10-18 20:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 01:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-09-03 18:23:10 235,424 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10.exe
- 2008-07-01 03:39:18 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-22 06:36:23 89,100 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-07-01 03:51:35 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-22 06:36:33 85,020 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-04-14 00:11:57 29,696 ----a-w c:\windows\system32\mimefilt.dll
+ 2008-03-07 17:02:08 29,696 ----a-w c:\windows\system32\mimefilt.dll
- 2008-07-08 11:42:10 409,852 ---ha-w c:\windows\system32\mlfcache.dat
+ 2008-12-17 11:47:35 415,660 ---ha-w c:\windows\system32\mlfcache.dat
+ 1999-09-17 10:56:20 118,784 ----a-w c:\windows\system32\Mp3dec.dll
+ 2003-05-21 06:47:00 49,152 ----a-w c:\windows\system32\mp3enc.dll
- 2008-06-25 16:15:46 17,972,344 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2004-08-04 00:56:42 536,576 ----a-w c:\windows\system32\msado15.dll
+ 2004-08-04 00:56:42 200,704 ----a-w c:\windows\system32\msadox.dll
+ 1998-07-06 01:00:00 158,208 ----a-w c:\windows\system32\MSCmCDE.dll
- 2008-04-14 00:11:58 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\system32\mscms.dll
- 2008-04-23 04:16:28 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-04-23 21:16:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2007-02-13 16:22:54 947,472 ----a-w c:\windows\system32\msjava.dll
+ 2008-07-31 10:16:54 947,472 ----a-w c:\windows\system32\msjava.dll
- 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 14:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 16:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ----a-w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2007-07-30 19:19:10 271,224 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 14:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2007-07-30 19:18:34 207,736 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 14:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2008-04-14 00:12:01 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-04-14 00:12:02 98,304 ----a-w c:\windows\system32\nlhtml.dll
+ 2008-03-07 17:02:08 98,304 ----a-w c:\windows\system32\nlhtml.dll
- 2008-04-13 18:31:21 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2008-04-13 19:24:37 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-04-23 04:16:28 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-04-14 00:12:02 192,000 ----a-w c:\windows\system32\offfilt.dll
+ 2008-03-07 17:02:08 192,000 ----a-w c:\windows\system32\offfilt.dll
+ 2003-11-15 17:54:18 36,864 ----a-w c:\windows\system32\ogg.dll
- 2008-08-11 09:50:57 73,022 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-23 22:07:13 73,336 ----a-w c:\windows\system32\perfc009.dat
- 2008-08-11 09:50:57 446,108 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 22:07:13 446,654 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-07-09 04:05:48 584,176 ------w c:\windows\system32\px.dll
+ 2008-07-09 04:05:48 129,520 ------w c:\windows\system32\pxafs.dll
+ 2008-02-06 15:52:20 66,544 ----a-w c:\windows\system32\pxcpya64.exe
+ 2008-02-06 15:52:18 120,304 ----a-w c:\windows\system32\pxcpyi64.exe
+ 2008-07-09 04:05:48 539,120 ------w c:\windows\system32\pxdrv.dll
+ 2008-07-09 04:05:48 72,176 ------w c:\windows\system32\pxhpinst.exe
+ 2008-02-06 15:52:14 65,008 ----a-w c:\windows\system32\pxinsa64.exe
+ 2008-02-06 15:52:16 118,256 ----a-w c:\windows\system32\pxinsi64.exe
+ 2008-07-09 04:05:48 186,864 ------w c:\windows\system32\pxmas.dll
+ 2008-07-09 04:05:48 1,690,096 ------w c:\windows\system32\pxsfs.dll
+ 2008-07-09 04:05:50 379,376 ------w c:\windows\system32\pxwave.dll
+ 2007-04-18 08:51:20 2,113,536 ----a-w c:\windows\system32\python25.dll
+ 2006-10-30 09:51:40 67,672 ----a-w c:\windows\system32\ReinstallBackups\0076\DriverFiles\btwusb.sys
+ 2006-10-30 09:57:34 37,296 ----a-w c:\windows\system32\ReinstallBackups\0077\DriverFiles\btusbflt.sys
+ 2008-06-13 11:05:51 272,128 ----a-w c:\windows\system32\ReinstallBackups\0077\DriverFiles\i386\bthport.sys
+ 2008-04-13 18:46:30 18,944 ----a-w c:\windows\system32\ReinstallBackups\0077\DriverFiles\i386\BTHUSB.SYS
+ 2008-04-14 00:12:20 193,024 ----a-w c:\windows\system32\ReinstallBackups\0077\DriverFiles\i386\fsquirt.exe
+ 2005-07-14 11:14:34 27,904 ----a-w c:\windows\system32\ReinstallBackups\0078\DriverFiles\risdptsk.sys
+ 2006-10-30 09:57:34 37,296 ----a-w c:\windows\system32\ReinstallBackups\0079\DriverFiles\btusbflt.sys
+ 2008-06-13 11:05:51 272,128 ----a-w c:\windows\system32\ReinstallBackups\0079\DriverFiles\i386\bthport.sys
+ 2008-04-13 18:46:30 18,944 ----a-w c:\windows\system32\ReinstallBackups\0079\DriverFiles\i386\BTHUSB.SYS
+ 2008-04-14 00:12:20 193,024 ----a-w c:\windows\system32\ReinstallBackups\0079\DriverFiles\i386\fsquirt.exe
+ 2006-10-30 09:57:34 37,296 ----a-w c:\windows\system32\ReinstallBackups\0080\DriverFiles\btusbflt.sys
+ 2008-06-13 11:05:51 272,128 ----a-w c:\windows\system32\ReinstallBackups\0080\DriverFiles\i386\bthport.sys
+ 2008-04-13 18:46:30 18,944 ----a-w c:\windows\system32\ReinstallBackups\0080\DriverFiles\i386\BTHUSB.SYS
+ 2008-04-14 00:12:20 193,024 ----a-w c:\windows\system32\ReinstallBackups\0080\DriverFiles\i386\fsquirt.exe
+ 2007-05-02 10:11:16 83,592 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_bus.sys
+ 2007-05-02 10:11:16 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys
+ 2007-05-02 10:11:18 15,112 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys
+ 2007-05-02 10:11:18 109,704 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_mdm.sys
+ 2007-05-02 10:11:18 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_whnt.sys
- 2005-08-26 18:07:28 81,920 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2007-05-02 10:11:12 72,968 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2007-05-02 10:12:34 83,592 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_bus.sys
+ 2007-05-02 10:12:34 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys
+ 2007-05-02 10:12:36 15,112 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys
+ 2007-05-02 10:12:36 109,704 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys
+ 2007-05-02 10:12:36 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys
- 2005-08-30 01:46:16 81,920 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2007-05-02 10:12:28 72,968 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2007-07-03 15:54:24 80,552 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdbus.sys
+ 2007-07-03 15:56:00 9,256 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
+ 2007-07-03 15:57:24 11,944 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
+ 2007-07-03 15:58:20 106,792 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
+ 2007-07-03 15:59:10 86,824 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdserd.sys
+ 2007-07-03 16:00:16 9,256 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
- 2005-12-22 12:24:52 65,536 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2007-07-03 15:53:24 70,824 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2007-07-05 11:37:34 83,456 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdbus.sys
+ 2007-07-05 11:37:34 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys
+ 2007-07-05 11:37:34 14,848 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys
+ 2007-07-05 11:37:34 109,696 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmdm.sys
+ 2007-07-05 11:37:34 103,808 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys
+ 2007-07-05 11:37:36 99,712 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdobex.sys
+ 2007-07-05 11:37:36 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys
- 2006-07-21 12:15:56 53,760 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2007-07-19 08:44:10 70,904 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2001-11-16 14:59:30 94,208 ----a-r c:\windows\system32\SBE6@000.DLL
+ 2001-11-16 14:27:30 98,304 ----a-r c:\windows\system32\SBE6@DEU.DLL
+ 2001-11-16 14:28:32 102,400 ----a-r c:\windows\system32\SBE6@ESP.DLL
+ 2001-11-16 14:29:02 102,400 ----a-r c:\windows\system32\SBE6@FRA.DLL
+ 2001-11-16 14:29:48 102,400 ----a-r c:\windows\system32\SBE6@ITA.DLL
+ 2001-11-16 14:57:52 81,920 ----a-r c:\windows\system32\SBE6@JPN.DLL
+ 2001-11-16 14:26:48 94,208 ----a-r c:\windows\system32\SBE6@NOR.DLL
+ 2001-11-16 14:30:44 102,400 ----a-r c:\windows\system32\SBE6@PTB.DLL
+ 2001-11-16 14:57:10 98,304 ----a-r c:\windows\system32\SBE6@RUS.DLL
+ 2001-11-16 14:57:28 94,208 ----a-r c:\windows\system32\SBE6@SVE.DLL
+ 2001-09-12 14:32:12 1,335,584 ----a-w c:\windows\system32\sbe6_32.dll
+ 2008-07-18 21:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 14:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-18 21:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 14:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2008-04-07 05:38:06 45,392 ----a-w c:\windows\system32\spool\drivers\w32x86\3\AdobePdf.dll
+ 2008-04-07 05:38:12 22,872 ----a-w c:\windows\system32\spool\drivers\w32x86\3\AdobePDFUI.dll
+ 2008-04-28 05:30:46 29,312 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2008-04-07 05:37:36 193,904 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADUIGP.DLL
- 2006-09-12 20:00:00 95,744 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNMCP81.DLL
+ 2008-02-11 20:00:00 96,256 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNMCP81.DLL
+ 2008-04-14 01:12:04 728,576 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2008-04-14 01:12:04 543,232 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2008-05-15 16:49:20 21,832 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SNAGITD9.DLL
- 2008-04-14 00:12:07 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2008-04-14 01:12:08 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
- 2008-04-14 00:12:07 744,448 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2008-04-14 01:12:08 744,448 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
- 2006-09-12 20:00:00 95,744 ----a-w c:\windows\system32\spool\drivers\w32x86\canonmp460112c\CNMCP81.DLL
+ 2008-02-11 20:00:00 96,256 ----a-w c:\windows\system32\spool\drivers\w32x86\canonmp460112c\CNMCP81.DLL
+ 2003-01-26 11:41:24 40,960 ----a-w c:\windows\system32\SSubTmr6.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-04-14 00:12:38 60,416 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 1996-01-12 00:00:00 722,192 ----a-w c:\windows\system32\vb40032.dll
+ 2005-09-10 14:57:10 143,360 ----a-w c:\windows\system32\vbMHWB.dll
+ 2003-11-16 10:48:00 1,060,864 ----a-w c:\windows\system32\vorbis.dll
+ 2003-11-16 10:48:02 909,312 ----a-w c:\windows\system32\vorbisenc.dll
+ 2002-07-19 08:35:18 28,672 ----a-w c:\windows\system32\vorbisfile.dll
+ 2008-11-14 12:24:46 258,048 ----a-w c:\windows\system32\vshost.exe
+ 2008-07-09 04:05:50 88,560 ------w c:\windows\system32\vxblock.dll
+ 2006-11-11 20:32:20 491,581 ----a-w c:\windows\system32\wbtapi.dll
- 2008-04-23 04:16:29 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2007-03-15 17:16:42 236,928 ----a-w c:\windows\system32\WgaLogon.dll
+ 2008-09-05 22:30:42 241,704 ----a-w c:\windows\system32\WgaLogon.dll
- 2007-03-15 17:17:08 336,768 ----a-w c:\windows\system32\WgaTray.exe
+ 2008-09-05 22:29:58 917,032 ----a-w c:\windows\system32\WgaTray.exe
+ 2006-11-11 20:30:58 585,728 ----a-w c:\windows\system32\WidcommSdk.dll
- 2008-04-13 19:30:10 1,845,632 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys
- 2008-04-23 04:16:29 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 05:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 05:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-11-13 15:53:04 229,376 ----a-w c:\windows\system32\wtempfile.exe
- 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 14:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-30 18:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 14:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 14:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-30 18:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 14:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 14:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-30 18:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 14:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2007-07-30 18:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 14:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-12-10 14:59:56 307,200 ----a-w c:\windows\system32\yr-1aa85d49-5c0a-444e-90af-04ead680cadf.dll
+ 2004-01-25 00:00:00 70,656 ----a-w c:\windows\system32\yv12vfw.dll
+ 2009-01-23 22:24:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_248.dat
+ 2009-01-23 22:24:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3e0.dat
+ 2008-11-02 04:28:46 451,072 ----a-w c:\windows\Texas Hold 'Em Championship\uninstall.exe
+ 2008-09-30 16:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 16:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "r:\program files\Hotspot_Shield\tbHots.dll" [2008-06-24 1569304]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FE6A929-59D1-4763-91AD-29B61CFFB35B}]
2008-11-14 03:35 70944 --a------ r:\program files\Mindjet\MindManager 8\Mm8InternetExplorer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2008-06-24 22:17 1569304 --a------ r:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "r:\program files\Hotspot_Shield\tbHots.dll" [2008-06-24 1569304]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "r:\program files\Hotspot_Shield\tbHots.dll" [2008-06-24 1569304]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="r:\program files\Rainlendar2\Rainlendar2.exe" [2007-08-24 2932736]
"LClock"="r:\program files\LClock\lclock.exe" [2004-09-19 65536]
"Aestan Tray Menu"="c:\wamp\wampmanager.exe" [2007-02-18 1152512]
"Camtasia Recorder"="r:\program files\TechSmith\Camtasia Studio 6\CamRecorder.exe" [2008-10-10 2678104]
"RoboForm"="r:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-14 160592]
"SandboxieControl"="r:\program files\Utilities\SbieCtrl.exe" [2009-01-05 336896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="r:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"IntelliPoint"="r:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"BtTray"="r:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-12-28 258134]
"SynTPEnh"="r:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"Adobe Acrobat Speed Launcher"="r:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"nod32kui"="r:\program files\Eset\nod32kui.exe" [2008-12-18 949376]
"MMReminderService"="r:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]
"iTunesHelper"="r:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MDDiskProtect.exe"="c:\program files\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 106496]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]
"SxgTkBar"="SxgTkBar.exe" [2002-07-22 c:\windows\system32\Sxgtkbar.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="r:\program files\KeyScrambler\getting_started.html" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SnagIt 9.lnk - r:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 6822728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "r:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 r:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.xvid"= xvid.dll
"MSVideo"= CSvidcap.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\User\Application Data\iolo\

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\ntosboot.bat
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 20:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"StarWindService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"r:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"r:\\Program Files\\Opera\\Opera.exe"=
"r:\\Program Files\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\engine.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\audmig.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\macroeditor.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\speechbar.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\userwiz.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"r:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"r:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"r:\\Program Files\\phpDesigner 2008\\phpDesigner2008.exe"=
"r:\\Program Files\\Zend\\ZendStudio-5.5.1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox 2\\firefox.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"r:\\Program Files\\Octoshape Streaming Services\\User\\OctoshapeClient.exe"=
"r:\\Program Files\\SecondLife\\SecondLife.exe"=
"r:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"r:\\Program Files\\Navicat 8.0 MySQL\\navicat.exe"=
"r:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"r:\\Program Files\\Flock\\flock\\flock.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"r:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"r:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"r:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"r:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"r:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"r:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"r:\\Program Files\\Utilities\\SiSoftware Sandra Professional Business 2009\\RpcAgentSrv.exe"=
"r:\\Program Files\\Utilities\\SiSoftware Sandra Professional Business 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"r:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"r:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:*:Disabled:TCP Port 135
"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"48264:TCP"= 48264:TCP:uTorrent
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-02-11 3456]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2006-04-30 16640]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2006-09-13 213888]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-18 15424]
R1 SASDIFSV;SASDIFSV;r:\program files\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;r:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-04-11 113896]
R3 SbieDrv;SbieDrv;r:\program files\Utilities\SbieDrv.sys [2009-01-05 103936]
R3 SOFTXG;YAMAHA XG SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [2008-07-22 966784]
R4 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2007-10-06 935936]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-07-14 13824]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;r:\program files\Utilities\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2009-01-12 98488]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-07-14 13696]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-09-05 37296]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S3 SASENUM;SASENUM;r:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 SIWIO;SIWIO;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;c:\windows\system32\drivers\UsbMicfilt.sys [2007-03-13 22571]
S3 ZSMC302;PCL-W310;c:\windows\system32\drivers\usbvm302.sys [2006-12-31 93962]
S4 0227491172140703mcinstcleanup;McAfee Application Installer Cleanup (0227491172140703);c:\windows\TEMP\022749~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\022749~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 winsmss ;Windows Session Manager Services ;c:\windows\system32\\winsmss.exe --> c:\windows\system32\\winsmss.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-04-18 c:\windows\Tasks\Uniblue SpyEraser.job
- r:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 08:50]

2009-01-23 c:\windows\Tasks\User_Feed_Synchronization-{E7865968-F99A-45D6-8E9C-31BE1EEE68DE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-AdobeBridge - (no file)
Notify-geBuRlJa - geBuRlJa.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
IE:
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Browster Prefetch On/Off - r:\program files\Browster\Browster.dll/CustomPrefetchMenu.htm
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - r:\program files\Altova\XMLSpy2008\spy.htm
IE: Fill Forms - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open and Translate in Word - r:\program files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
IE: Password Generator - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm TaskBar Icon - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: RoboForm Toolbar - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - r:\program files\Utilities\Bluetooth Software\btsendto_ie_ctx.htm
IE: Set Fields - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
IE: Zend Studio - Debug current page - r:\program files\Zend\ZendStudio-5.5.1\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - r:\program files\Zend\ZendStudio-5.5.1\bin\ZendIEToolbar.dll/DebugNext.html
IE: {{2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - r:\program files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
LSP: c:\windows\system32\imon.dll
TCP: {72F4BB1C-8CC4-49D8-B885-1D4FDBA0CCA0} = 195.92.195.95,195.92.195.94
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\adzuh488.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox 2\components\xpinstal.dll
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\adzuh488.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\np-mswmp.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\np32dsw.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\npnul32.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll
FF - plugin: r:\program files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll
FF - plugin: r:\program files\Octoshape Streaming Services\User\octoprogram-L03-N00-U00-C00_0804080_000\npoctoshape.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npdsplay.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npqtplugin.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npqtplugin2.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npqtplugin3.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npqtplugin4.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npqtplugin5.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npqtplugin6.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npqtplugin7.dll
FF - plugin: r:\program files\Opera 9.5\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
























FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 22:26:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C0DD146-A2A6-BFA4-F4B84228CE730E88}\{718890A1-4FA8-4866-06B3B07592C0C36E}\{C0B10667-122D-45CB-48A7F7AE622314D0}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{29D83109-D499-A3EF-54ABD4209B2D5F0C}\{354D4B2F-7299-D6B0-F9DE68C9556AEC8D}\{1096A586-413B-60D3-8347C002DC18071C}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{30723499-6545-EACE-9B5A6213A2611088}\{8F702A1D-0083-23E8-7D232F31414B690B}\{20188B26-1B3F-8E02-CDCA05C95C90DBD0}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32D8DBD4-B955-25F6-FF2FD67811A2C9DA}\{94CF5F21-4368-969C-99FE195940743E13}\{15E9DC49-AD27-6FBF-ADF6ADCA641CD874}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{454884EE-A952-6288-D98E4C6628C57FD8}\{4E2828CC-5D4E-CAA4-0B0E2FF0C61DD876}\{D33FFB02-83E4-6D49-8432C9C83D6B1A26}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{551E7168-6B6B-73F4-2358001EBB1BFA13}\{9EB39097-9AF5-4CC7-A66D04881D6D8211}\{B54D5FC9-25C8-0FB7-F96BD94B39BD18AF}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55F992BA-1D26-E5AF-0907C8AEF5A56624}\{F1333513-8015-AAF3-FD42BD84CFB0024A}\{F02E7673-B596-886F-5D7515D1DE7A7F98}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8FD8A5D7-9511-025F-16B31A5B051F5A4D}\{7F4BC209-0230-7A50-936F3704F4AD01D8}\{4F172B6C-B722-D8DB-046FD06C67D2EAC6}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{945169D7-C27E-315B-97A3E6913A1C7622}\{06C63AB7-5C18-FA8E-E5D32118C99A5B59}\{F7BD6AFF-A45B-6FB8-BB91AB79C0A3DA53}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C9E2B393-56C9-49A0-E9536816E76F722D}\{C3EAC204-1FBE-55E0-B9FAECEF4AC48E44}\{36C3AF1D-C1DF-E2E1-C86849C42C7FDBDC}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F71B406A-64B6-7890-A4E79C228CB5B5C7}\{B2D97AB2-1AAA-0E19-47D2DF75F80031A6}\{B1F98325-4C85-36BE-448BCE0A416EDA34}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE8DBE89-D247-CDA0-331071706D351D5D}\{D7E03019-A44C-9829-6C33C3798CE56E87}\{A96D9761-82B1-07BB-8B5956B67D5931EC}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|’’’’"•€|ž»Ōw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|’’’’¤•€|ł•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1528)
r:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1584)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
r:\program files\Utilities\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
r:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
r:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
r:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
r:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
r:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
r:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
r:\program files\Eset\nod32krn.exe
r:\program files\Utilities\SbieSvc.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
r:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
r:\program files\TechSmith\SnagIt 9\TscHelp.exe
r:\program files\TechSmith\SnagIt 9\SnagPriv.exe
r:\program files\TechSmith\Camtasia Studio 6\TscHelp.exe
r:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
r:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************
.
Completion time: 2009-01-23 22:34:28 - machine was rebooted [Tiny One]
ComboFix-quarantined-files.txt 2009-01-23 22:33:37
ComboFix2.txt 2008-08-12 04:35:24
ComboFix3.txt 2008-05-29 12:07:51
ComboFix4.txt 2008-04-11 19:26:59
ComboFix5.txt 2009-01-23 21:35:21

Pre-Run: 6,319,755,264 bytes free
Post-Run: 6,189,027,328 bytes free

1585 --- E O F --- 2009-01-22 17:26:21


#3 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 23 January 2009 - 06:35 PM

Whilst I am waiting for a reply to this thread (yes, I know to be patient :thumbup2: ) I am going through the Secunia highlighted issues I recognise.

I know this will require a new HJT / ComboFix Log to be posted and will do so as required.

Thanks

LL

#4 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 28 January 2009 - 06:32 AM

UPDATE:

Currently Running Kaspersky Online Virus Scan and have reached 24 hours...

...still only at 85% :thumbup2:

It didn't help that my ISP reset the connection!

Will post new HJT log after scan completes.

So far the thrill to learn there are potentially 50 nasties, though some are legitimate but behave the wrong way!

Posting back soon.

Thanks for looking into this.

LL

#5 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 29 January 2009 - 04:31 AM

WOW.

That was a mammoth connection to Kaspersky - 160Gb - approx 30 hours. Thank you Kaspersky.com

Apparently, the job search of my friend also involved acquiring 'games and stuff'.

Well, the following post will have the HijackThis log - it did break and complain whilst running, so the post after that will be the ComboFix version.

Now under your guidance and let's get this system clean. :thumbup2:

LL

#6 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 29 January 2009 - 04:48 AM

Having followed the NEW INSTRUCTIONS on the preparation guide and this output was generated by DDS.

DDS (Ver_09-01-19.01) - NTFSx86
Run by Tiny One at 9:37:26.85 on 29/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.567 [GMT 0:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
R:\Program Files\Utilities\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
R:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
R:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
R:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R:\Program Files\Eset\nod32krn.exe
R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
R:\Program Files\Utilities\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\Explorer.EXE
R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\WLTRAY.exe
R:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\stsystra.exe
R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
R:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\system32\rundll32.exe
R:\Program Files\Eset\nod32kui.exe
R:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
R:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
R:\Program Files\Java\jre6\bin\jusched.exe
R:\Program Files\Rainlendar2\Rainlendar2.exe
R:\Program Files\LClock\lclock.exe
C:\wamp\wampmanager.exe
R:\Program Files\TechSmith\Camtasia Studio 6\CamRecorder.exe
R:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
R:\Program Files\Utilities\SbieCtrl.exe
R:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
R:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
R:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
R:\Program Files\TechSmith\Camtasia Studio 6\TSCHelp.exe
R:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
R:\PROGRAM FILES\UNIBLUE\SPEEDUPMYPC\SPEEDUPMYPC.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe
R:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
R:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
R:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Desktop\Maintenance\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.bbc.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - r:\program files\hotspot_shield\tbHots.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - r:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - r:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - r:\program files\keyscrambler\KeyScramblerIE.dll
BHO: UltraEdit Toolbar: {4e7bd74f-2b8d-469e-85aa-fd60bb9aae22} - r:\progra~1\ue_too~1\UE_TOO~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - r:\progra~1\spybot~1\SDHelper.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - r:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - r:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - r:\program files\java\jre6\bin\ssv.dll
BHO: BrwIEConnector Class: {908a31e8-2a6e-4736-8e8a-aaf00c4ae38f} - r:\program files\browster\Browster.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - r:\program files\hotspot_shield\tbHots.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - r:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - r:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - r:\progra~1\zend\zendst~1.1\bin\ZENDIE~1.DLL
TB: UltraEdit Toolbar: {4e7bd74f-2b8d-469e-85aa-fd60bb9aae22} - r:\progra~1\ue_too~1\UE_TOO~1.DLL
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - r:\program files\hotspot_shield\tbHots.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - r:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - r:\program files\siber systems\ai roboform\roboform.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - r:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {fc3c24d3-4b56-4d13-bc64-ef3cca1498be} - Systran50premi.IEExplorerBar
uRun: [Rainlendar2] "r:\program files\rainlendar2\Rainlendar2.exe"
uRun: [LClock] r:\program files\lclock\lclock.exe
uRun: [Aestan Tray Menu] c:\wamp\wampmanager.exe
uRun: [Camtasia Recorder] "r:\program files\techsmith\camtasia studio 6\CamRecorder.exe" /m
uRun: [RoboForm] "r:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SandboxieControl] "r:\program files\utilities\SbieCtrl.exe"
mRun: [WinPatrol] r:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IntelliPoint] "r:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [BtTray] "r:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [SynTPEnh] r:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SxgTkBar] SxgTkBar.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Acrobat Speed Launcher] "r:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [nod32kui] "r:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [MMReminderService] r:\program files\mindjet\mindmanager 8\MMReminderService.exe
mRun: [iTunesHelper] r:\program files\itunes\iTunesHelper.exe
mRun: [MDDiskProtect.exe] c:\program files\mediafour\macdrive\MDDiskProtect.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [SunJavaUpdateSched] "r:\program files\java\jre6\bin\jusched.exe"
mRun: []
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [KeyScrambler] r:\program files\keyscrambler\getting_started.html
StartupFolder: c:\docume~1\tinyon~1\startm~1\programs\startup\secuni~1.lnk - r:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - r:\program files\techsmith\snagit 9\SnagIt32.exe
IE:
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Browster Prefetch On/Off - r:\program files\browster\Browster.dll/CustomPrefetchMenu.htm
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://r:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - r:\program files\altova\xmlspy2008\spy.htm
IE: Fill Forms - file://r:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open and Translate in Word - r:\program files\systran\5.0\premium\IEShellExt.dll /10
IE: Password Generator - file://r:\program files\siber systems\ai roboform\RoboFormComPasswordGenerator.html
IE: RoboForm TaskBar Icon - file://r:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: RoboForm Toolbar - file://r:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://r:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - r:\program files\utilities\bluetooth software\btsendto_ie_ctx.htm
IE: Set Fields - file://r:\program files\siber systems\ai roboform\RoboFormComSetFields.html
IE: Zend Studio - Debug current page - r:\program files\zend\zendstudio-5.5.1\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - r:\program files\zend\zendstudio-5.5.1\bin\ZendIEToolbar.dll/DebugNext.html
IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - r:\program files\altova\xmlspy2008\spy.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - r:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - r:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - r:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "r:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - r:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - r:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - {AC41D38F-B56D-40AD-94E0-B493D130C959} - r:\program files\mindjet\mindmanager 6\Mm6InternetExplorer.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - r:\program files\keyscrambler\KeyScramblerIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - {07A11D74-9D25-4fea-A833-8B0D76A5577A}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - r:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - r:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194709915390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: {72F4BB1C-8CC4-49D8-B885-1D4FDBA0CCA0} = 195.92.195.95,195.92.195.94
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - r:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - r:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - r:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tinyon~1\applic~1\mozilla\firefox\profiles\adzuh488.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
























FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-2-11 3456]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2006-4-30 16640]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2006-9-13 213888]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-18 15424]
R1 SASDIFSV;SASDIFSV;r:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;r:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-4-11 113896]
R3 SbieDrv;SbieDrv;r:\program files\utilities\SbieDrv.sys [2009-1-5 103936]
R3 SOFTXG;YAMAHA XG SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [2008-7-22 966784]
R4 aawservice;Ad-Aware 2007 Service;r:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
R4 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2007-10-6 935936]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R4 NOD32krn;NOD32 Kernel Service;r:\program files\eset\nod32krn.exe [2008-12-18 552064]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;r:\program files\utilities\sisoftware sandra professional business 2009\RpcAgentSrv.exe [2009-1-12 98488]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-8-7 9344]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;c:\windows\system32\drivers\AWRTPD.sys [2007-7-11 6272]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;c:\windows\system32\drivers\AWRTRD.sys [2007-8-7 8320]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-9-5 37296]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S3 SASENUM;SASENUM;r:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SIWIO;SIWIO;\??\c:\windows\temp\siwio.sys --> c:\windows\temp\SiwIo.sys [?]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;c:\windows\system32\drivers\UsbMicfilt.sys [2007-3-13 22571]
S3 ZSMC302;PCL-W310;c:\windows\system32\drivers\usbvm302.sys [2006-12-31 93962]
S4 0227491172140703mcinstcleanup;McAfee Application Installer Cleanup (0227491172140703);c:\windows\temp\022749~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\022749~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 winsmss ;Windows Session Manager Services ;c:\windows\system32\\winsmss.exe --> c:\windows\system32\\winsmss.exe [?]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-01-28 10:12

--d----- r:\program files\CurrencyManage
2009-01-27 22:27 --d----- c:\temp\webcam max
2009-01-26 00:08 --d----- c:\temp\Sandbox
2009-01-25 22:10 --d----- c:\temp\Quark
2009-01-25 16:02 --d----- c:\docume~1\alluse~1\applic~1\SugarGames
2009-01-25 16:01 --d----- c:\windows\5 Realms Of Cards
2009-01-25 04:50 1,123 a------- c:\windows\system32\WS_FTP_Install.BAK
2009-01-25 00:22 --d----- c:\temp\Infection
2009-01-25 00:18 --d----- c:\temp\Acrobat 9 Extended
2009-01-25 00:07 --d----- c:\docume~1\tinyon~1\applic~1\IndigoRose
2009-01-24 17:48 --d----- c:\windows\Aloha Solitaire
2009-01-24 14:58 --d----- c:\windows\World Class Solitaire
2009-01-24 14:39 --d----- c:\windows\TriPeaks Solitaire To Go
2009-01-24 14:05 --d----- c:\windows\Ancient Tripeaks II
2009-01-24 14:03 --d----- c:\windows\Ancient Tripeaks
2009-01-24 14:01 --d----- c:\docume~1\tinyon~1\applic~1\EA
2009-01-24 14:01 --d----- c:\docume~1\alluse~1\applic~1\EA
2009-01-24 14:01 --d----- c:\windows\Great Escapes Solitaire
2009-01-24 13:58 --d----- c:\windows\Waterscape Solitaire American Falls
2009-01-24 13:45 --d----- c:\docume~1\alluse~1\applic~1\SpinTop Games
2009-01-24 13:45 --d----- c:\windows\Mystery Solitaire Secret Island
2009-01-24 13:40 --d----- c:\windows\Word Search Deluxe
2009-01-24 13:37 --d----- c:\windows\Zodiac Tower
2009-01-24 13:22 --d----- c:\docume~1\tinyon~1\applic~1\Beep
2009-01-24 13:21 --d----- c:\windows\Zodiac
2009-01-24 02:05 --d----- c:\documents and settings\tiny one\.nbi
2009-01-24 00:08 --d----- r:\program files\netbeans-5.0
2009-01-23 16:29 --d----- c:\docume~1\tinyon~1\applic~1\LogoMaker
2009-01-23 14:37 54,781,247 a------- c:\windows\system32\xa16478953.exe
2009-01-23 14:37 54,781,247 a------- c:\windows\system32\xa16474859.exe
2009-01-23 14:12 --d----- r:\program files\Studio V5
2009-01-23 11:48 --d----- c:\docume~1\tinyon~1\applic~1\JAM Software
2009-01-23 11:40 --d----- c:\docume~1\alluse~1\applic~1\IndigoRose
2009-01-23 11:39 --d----- c:\docume~1\tinyon~1\applic~1\Downloaded Installations
2009-01-23 11:34 --d----- c:\docume~1\tinyon~1\applic~1\Blumentals
2009-01-23 11:34 --d----- r:\program files\WeBuilder 2008
2009-01-23 11:17 1,773,568 a------- c:\windows\system32\msgdiplus.dll
2009-01-23 11:10 --d----- C:\Sandbox
2009-01-23 11:08 2,432 a------- c:\windows\Sandboxie.ini
2009-01-22 21:41 --d----- r:\program files\3D Utils
2009-01-22 21:17 --d----- c:\docume~1\tinyon~1\applic~1\bibble
2009-01-22 21:13 --d----- c:\program files\common files\Bibble Labs
2009-01-22 05:51 --d----- c:\temp\Prince.Of.Persia.3.The.Two.Thrones-RELOADED[www.moviex.info]
2009-01-22 05:47 --d----- c:\temp\Star Wars KOTOR
2009-01-19 02:11 --d----- c:\docume~1\tinyon~1\applic~1\Quark
2009-01-19 02:09 --d----- r:\program files\Quark
2009-01-19 02:09 --d----- c:\docume~1\alluse~1\applic~1\Quark
2009-01-17 12:59 --d----- r:\program files\eRightSoft
2009-01-15 23:08 --d----- r:\program files\Deskcalc Pro
2009-01-15 15:34 --d----- c:\docume~1\tinyon~1\applic~1\URSoft
2009-01-14 07:56 2,134 a------- c:\windows\system32\ycap.jpg
2009-01-12 15:14 --d----- c:\temp\ENGiNE
2009-01-12 06:41 225,280 a------- c:\windows\system32\rewire.dll
2009-01-12 06:40 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-01-12 06:40 --d----- r:\program files\Image-Line
2009-01-12 06:40 --d----- r:\program files\Outsim
2009-01-09 22:51 --d----- c:\program files\common files\Stardock
2009-01-09 22:51 --d----- r:\program files\IconPackager
2009-01-08 23:02 --d----- c:\docume~1\tinyon~1\applic~1\Neuratron
2009-01-08 23:01 9,068,589 a------- c:\windows\system32\Drs832.dll
2009-01-08 11:44 --d----- C:\vcs5BGEffects
2009-01-07 22:13 --d----- r:\program files\Atomic RAR Password Recovery
2009-01-06 04:00 --d----- r:\program files\Microsoft adCenter Add-in for Excel 2.0 (Beta)
2009-01-05 18:31 --d----- c:\documents and settings\tiny one\.spss
2009-01-05 18:22 1,024 a------- c:\windows\system32\grcauth2.dll
2009-01-05 18:22 1,024 a------- c:\windows\system32\grcauth1.dll
2009-01-05 18:22 114 a------- c:\windows\system32\prsgrc.tgz
2009-01-05 18:20 --d----- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
2009-01-05 18:17 --d----- c:\docume~1\alluse~1\applic~1\SPSS
2009-01-05 18:17 --d----- c:\program files\common files\SPSS
2009-01-05 18:17 --d----- r:\program files\SPSSInc
2009-01-03 06:55 0 a------- C:\law.sp
2009-01-03 06:53 --d----- C:\Python25
2009-01-03 05:15 --d----- r:\program files\Subliminal Audio

==================== Find3M ====================

2009-01-23 23:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-07 07:08 270,336 a------- c:\windows\system32\aepa-872d09e4-215d-4d6a-b056-515b9c76f5a8.dll
2008-12-18 20:50 512,096 a------- c:\windows\system32\drivers\amon.sys
2008-12-18 20:50 298,104 a------- c:\windows\system32\imon.dll
2008-12-18 20:50 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
2008-12-17 11:47 415,660 a---h--- c:\windows\system32\mlfcache.dat
2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 02:47 56,912 a------- c:\documents and settings\tiny one\g2mdlhlpx.exe
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-10 14:59 307,200 a------- c:\windows\system32\yr-1aa85d49-5c0a-444e-90af-04ead680cadf.dll
2008-11-14 12:24 258,048 a------- c:\windows\system32\vshost.exe
2008-11-13 15:53 229,376 a------- c:\windows\system32\wtempfile.exe
2008-10-25 22:20 604 a---h--- r:\program files\STLL Notifier
2008-04-21 15:36 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-12-13 11:09 77 ---sh--- r:\program files\Desktop.ini
2001-12-27 18:07 660,992 a----r-- r:\program files\FontViewer.exe
2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-06-22 03:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062220080623\index.dat

============= FINISH: 9:38:32.81 ===============



I noticed it states Comodo Firewall is enabled, but the current firewall is the built in Windows one...

#7 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 29 January 2009 - 05:05 AM

Kaspersky Online Virus Scan Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 28, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 27, 2009 07:49:26
Records in database: 1703948
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\
R:\
U:\

Scan statistics:
Files scanned: 810035
Threat name: 51
Infected objects: 80
Suspicious objects: 0
Duration of the scan: 28:31:33


File name / Threat name / Threats count
C:\Program Files\Tatung Einstein\textwiz.zip Infected: not-a-virus:AdWare.Win32.SaveNow.ar 1
C:\QooBox\Quarantine\C\WINDOWS\system32\System advisory\WinIni.exe.vir Infected: Trojan-Downloader.Win32.Delf.cxm 1
C:\QooBox\Quarantine\setup\Quark 8\IHEOFZ~1.EXE Infected: Trojan-Downloader.Win32.Agent.angt 1
C:\QooBox\Quarantine\setup.exe Infected: Trojan-Downloader.Win32.Agent.angt 1
C:\Sandbox\Tiny_One\DefaultBox\user\current\Local Settings\Temp\275D.tmp\b2e.exe Infected: Trojan-Downloader.Win32.Agent.akcu 1
C:\TempCdrv\Adobe After Effects - Plugins MegaPack only [RH]\AAE_PluginsMegaPack_[RH].rar Infected: Trojan.Win32.Genome.ebd 1
C:\TempCdrv\Adobe After Effects - Plugins MegaPack only [RH]\Adobe After Effects Plugins MegaPack\Buena Software Au Naturel 1.1.1\Buena Software Au Naturel 1.1.1.rar Infected: Trojan.Win32.Genome.ebd 1
C:\WINDOWS\system32\wtempfile.exe Infected: Trojan-Downloader.MSIL.Agent.cg 1
R:\AAABackup pendrive\SpeedUpMyPC 3.0 kg\kg.exe Infected: Backdoor.Win32.Ciadoor.cx 1
R:\Program Files\Alcohol Soft\Alcohol 120\Register.exe Infected: Trojan-Dropper.Win32.Agent.adw 1
R:\Program Files\Eset\infected\15B0ARAA.NQF Infected: not-a-virus:PSWTool.Win32.MPR.015 1
R:\Program Files\Eset\infected\5ROATFBA.NQF Infected: Trojan-Clicker.MSIL.Xone.bo 1
R:\Program Files\Eset\infected\BRUTTSCA.NQF Infected: Backdoor.Win32.Small.czo 1
R:\Program Files\Eset\infected\BRUTTSCA.NQF Infected: Backdoor.Win32.Small.eiu 1
R:\Program Files\Eset\infected\BRUTTSCA.NQF Infected: Trojan.BAT.Runner.s 1
R:\Program Files\Eset\infected\BRUTTSCA.NQF Infected: Backdoor.Win32.Small.cvt 2
R:\Program Files\Eset\infected\EZ2JDSDA.NQF Infected: not-a-virus:PSWTool.Win32.MPR.015 1
R:\Program Files\Eset\infected\H5YLVTBA.NQF Infected: Backdoor.Win32.Rbot.twx 1
R:\Program Files\FairUse Wizard 2\FU-Setup.exe Infected: not-a-virus:AdWare.Win32.Rabio.ai 1
R:\Program Files\SEO Tools\craigslistgenius\craigslistgenius\prodata.ini Infected: Trojan-Downloader.MSIL.Agent.cg 1
R:\Program Files\spyer2k\Spyer2k.exe Infected: not-a-virus:PSWTool.Win32.Spyer.c 1
R:\Program Files\Utils\ARPR\arpr.exe.old Infected: not-a-virus:PSWTool.Win32.OEPass.b 1
R:\Program Files\WebcamMax\setup.exe Infected: Trojan-PSW.Win32.Agent.tr 1
R:\Reference Library\Publishing and Business Books\Allworth.Press.The.Real.Business.of.Web.Design.chm Infected: not-a-virus:AdWare.Win32.AlexaBar.n 2
R:\PenDrive 512\Rock XP 3.0.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 4
R:\Tech Info\textwiz\textwiz.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ar 1
R:\Tech Info\WebfettiSetup2.2.60.11-2.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
R:\Web Downloads\35 card games\Gamehouse Sudoku.exe Infected: Trojan-Downloader.Win32.Agent.awou 2
R:\Web Downloads\35 card games\Poker Superstars III.exe Infected: Trojan-Downloader.Win32.Agent.awba 1
R:\Web Downloads\Activate_Windows_Vista_32_64__sp1_.rar Infected: Trojan-Downloader.Win32.Zlob.aaqf 1
R:\Web Downloads\Nero 9.0.9.4a9 Full + Keys\Nero 9.0.9.4.exe Infected: Backdoor.Win32.Agent.ucr 1
R:\Web Downloads\Nero 9.0.9.4a9 Full + Keys.rar Infected: Backdoor.Win32.Agent.ucr 1
R:\Web Downloads\RAR Password cracker v4.12\rpc412_setup.exe Infected: Trojan.Win32.Shutdowner.bfc 1
R:\Web Downloads\Untested Complete\2008 New Network LookOut Administrator Professional v2 6 Working 2008 8.rar Infected: not-a-virus:Monitor.Win32.NetMon.cr 1
R:\Web Downloads\Untested Complete\2008 New Network LookOut Administrator Professional v2 6 Working 2008 8.rar Infected: not-a-virus:Monitor.Win32.NetMon.cq 1
R:\Web Downloads\Untested Complete\Craigslist EasyAd Poster Suite Deluxe.rar Infected: Trojan.Win32.Monder.gen 1
R:\Web Downloads\Untested Complete\Infiltrator.Systems.Network.Security.Scanner.v3.00.06.Retail-ARN\anss3006.rar Infected: not-a-virus:PSWTool.Win32.Finder.a 1
R:\Web Downloads\Untested Complete\Infiltrator.Systems.Network.Security.Scanner.v3.00.06.Retail-ARN\anss3006.zip Infected: not-a-virus:PSWTool.Win32.Finder.a 1
R:\Web Downloads\Untested Complete\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3\nGen\nGen.exe Infected: Trojan.Win32.Genome.dwm 1
R:\Web Downloads\Untested Complete\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3\Setup.dat Infected: not-a-virus:Monitor.Win32.NetMon.ab 1
R:\Web Downloads\Untested Complete\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3.zip Infected: Backdoor.Win32.Small.czo 1
R:\Web Downloads\Untested Complete\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3.zip Infected: Backdoor.Win32.Small.eiu 1
R:\Web Downloads\Untested Complete\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3.zip Infected: Trojan.BAT.Runner.s 1
R:\Web Downloads\Untested Complete\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3.zip Infected: Backdoor.Win32.Small.cvt 2
R:\Web Downloads\Untested Complete\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3.zip Infected: Trojan.Win32.Genome.dwm 1
R:\Web Downloads\Untested Complete\Network.LookOut.Net.Monitor.for.Employees.Professional.v3.6.3.zip Infected: not-a-virus:Monitor.Win32.NetMon.ab 1
R:\Web Downloads\Untested Complete\WinRAR_3.80_Professional\WinRAR 3.80\is175181.exe Infected: Trojan.Win32.Monder.alyv 1
R:\Web Downloads\Untested Complete\WinRAR_3.80_Professional\WinRAR 3.80.EXE Infected: Trojan.Win32.Monder.alyv 1
R:\Web Downloads\_NOO_TOO\26 Reflexive Games\(game)DinerDashFloOnTheGoSetup.exe Infected: Trojan-Downloader.Win32.Agent.aqiu 1
R:\Web Downloads\_NOO_TOO\26 Reflexive Games\(game)HappyHourSetup.exe Infected: Trojan-Downloader.Win32.Agent.bfce 1
R:\Web Downloads\_NOO_TOO\Active WebCam 9.9.rar Infected: Trojan-GameThief.Win32.OnLineGames.sfbl 1
R:\Web Downloads\_NOO_TOO\Advanced Password Recovery\Advanced Excel 97 Password Recovery v1.31\ae97pr.zip Infected: not-a-virus:PSWTool.Win32.OEPass.d 1
R:\Web Downloads\_NOO_TOO\Advanced Password Recovery\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe Infected: not-a-virus:PSWTool.Win32.OEPass.k 1
R:\Web Downloads\_NOO_TOO\Advanced Password Recovery\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR Infected: not-a-virus:PSWTool.Win32.OEPass.i 1
R:\Web Downloads\_NOO_TOO\Advanced Password Recovery\Advanced PDF Password Recovery v1.21\apdfpr.exe Infected: not-a-virus:PSWTool.Win32.OEPass.g 1
R:\Web Downloads\_NOO_TOO\Advanced Password Recovery\Advanced Rar Password Recovery v1.11\DISTINCT.RAR Infected: not-a-virus:PSWTool.Win32.OEPass.b 1
R:\Web Downloads\_NOO_TOO\Advanced Password Recovery\Advanced Rar Password Recovery v1.11\setup.exe Infected: not-a-virus:PSWTool.Win32.OEPass.b 1
R:\Web Downloads\_NOO_TOO\ASCII.Art.Generator.v3.2.2-iND\ASCII.Art.Generator.v3.2.2-iND\ascag322\setup.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.613 1
R:\Web Downloads\_NOO_TOO\ASCII.Art.Generator.v3.2.2-iND\ASCII.Art.Generator.v3.2.2-iND\ascag322.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.613 1
R:\Web Downloads\_NOO_TOO\ASCII.Art.Generator.v3.2.2-iND\ASCII.Art.Generator.v3.2.2-iND\ASCII.Art.Generator.v3.2.2-iND\ascag322.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.613 1
R:\Web Downloads\_NOO_TOO\ASCII.Art.Generator.v3.2.2-iND.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.613 1
R:\Web Downloads\_NOO_TOO\Cubase Studio SX v4 Latest Working - with Video Tutorials\Cubase Studio 4\setup.exe Infected: Trojan-Downloader.Win32.Zlob.abbk 1
R:\Web Downloads\_NOO_TOO\setup.exe.!ut Infected: Trojan.Win32.Small.xut 1
R:\Web Downloads\_NOO_TOO\Free-Craigslist-Software.exe Infected: Trojan-Downloader.MSIL.Agent.s 1
R:\Web Downloads\_NOO_TOO\Free-Craigslist-Software.exe Infected: Trojan-Downloader.MSIL.Agent.bn 1
R:\Web Downloads\_NOO_TOO\Elcomsoft Collection Password Recovery Software\Portable Elcomsoft Collection\Portable Elcomsoft Collection\Advanced IE Password Recovery\aiepr.exe Infected: not-a-virus:PSWTool.Win32.OEPass.l 1
R:\Web Downloads\_NOO_TOO\Elcomsoft Collection Password Recovery Software\Portable Elcomsoft Collection\Portable Elcomsoft Collection.exe Infected: not-a-virus:PSWTool.Win32.OEPass.l 1
R:\Web Downloads\_NOO_TOO\Elcomsoft Collection Password Recovery Software\Portable Elcomsoft Collection.rar Infected: not-a-virus:PSWTool.Win32.OEPass.l 1
R:\Web Downloads\_NOO_TOO\MagicISO_Maker_5.5.272\MagicISO Maker 5.5.272\Magic.ISO.Maker.v5.5.272-NoPE\magic.iso.maker.v5.5.272-nope.exe Infected: Trojan-Downloader.Win32.Obfuscated.epl 1
R:\Web Downloads\_NOO_TOO\Portable Flash Effect Maker pro[h33t][shahaz]\Portable Flash Effect Maker pro[h33t][shahaz]\albumboader\myflashplayer.exe Infected: not-a-virus:AdWare.Win32.AdBar.r 1
R:\Web Downloads\_NOO_TOO\rebuilt.Craigslist EasyAd Poster Suite Deluxe.rar Infected: Trojan.Win32.Monder.gen 1
R:\Web Downloads\_NOO_TOO\Wordpress Complete Reference Guide.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.tso 1

The selected area was scanned.


Edited by londonliving, 29 January 2009 - 05:07 AM.


#8 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 29 January 2009 - 05:57 AM

The ComboFix version of the HJT log.

ComboFix 09-01-21.04 - Tiny One 2009-01-29 10:18:23.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1133 [GMT 0:00]
Running from: c:\documents and settings\Tiny One\Desktop\Maintenance\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.

2009-01-28 10:12 . 2009-01-28 10:19 <DIR> d-------- r:\program files\CurrencyManage
2009-01-27 22:27 . 2009-01-27 22:27 <DIR> d-------- c:\temp\webcam max
2009-01-26 11:39 . 2009-01-27 08:03 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\vlc
2009-01-26 00:08 . 2009-01-26 00:19 <DIR> d-------- c:\temp\Sandbox
2009-01-25 22:10 . 2009-01-25 22:28 <DIR> d-------- c:\temp\Quark
2009-01-25 16:02 . 2009-01-25 16:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\SugarGames
2009-01-25 16:01 . 2009-01-25 16:01 <DIR> d-------- c:\windows\5 Realms Of Cards
2009-01-25 04:50 . 2009-01-25 04:59 1,123 --a------ c:\windows\system32\WS_FTP_Install.BAK
2009-01-25 00:22 . 2009-01-25 00:23 <DIR> d-------- c:\temp\Infection
2009-01-25 00:18 . 2009-01-26 10:19 <DIR> d-------- c:\temp\Acrobat 9 Extended
2009-01-25 00:07 . 2009-01-25 00:07 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\IndigoRose
2009-01-24 17:48 . 2009-01-24 17:48 <DIR> d-------- c:\windows\Aloha Solitaire
2009-01-24 14:58 . 2009-01-24 14:58 <DIR> d-------- c:\windows\World Class Solitaire
2009-01-24 14:39 . 2009-01-24 14:39 <DIR> d-------- c:\windows\TriPeaks Solitaire To Go
2009-01-24 14:05 . 2009-01-24 14:05 <DIR> d-------- c:\windows\Ancient Tripeaks II
2009-01-24 14:03 . 2009-01-24 14:03 <DIR> d-------- c:\windows\Ancient Tripeaks
2009-01-24 14:01 . 2009-01-24 14:01 <DIR> d-------- c:\windows\Great Escapes Solitaire
2009-01-24 14:01 . 2009-01-24 14:01 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\EA
2009-01-24 14:01 . 2009-01-24 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\EA
2009-01-24 13:58 . 2009-01-24 13:58 <DIR> d-------- c:\windows\Waterscape Solitaire American Falls
2009-01-24 13:45 . 2009-01-24 13:45 <DIR> d-------- c:\windows\Mystery Solitaire Secret Island
2009-01-24 13:45 . 2009-01-24 13:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpinTop Games
2009-01-24 13:40 . 2009-01-24 13:40 <DIR> d-------- c:\windows\Word Search Deluxe
2009-01-24 13:37 . 2009-01-24 13:39 <DIR> d-------- c:\windows\Zodiac Tower
2009-01-24 13:22 . 2009-01-24 13:22 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\Beep
2009-01-24 13:21 . 2009-01-24 13:21 <DIR> d-------- c:\windows\Zodiac
2009-01-24 02:05 . 2009-01-24 02:11 <DIR> d-------- c:\documents and settings\Tiny One\.nbi
2009-01-24 00:08 . 2009-01-24 00:08 <DIR> d-------- r:\program files\netbeans-5.0
2009-01-23 16:29 . 2009-01-23 16:33 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\LogoMaker
2009-01-23 14:37 . 2009-01-23 14:37 54,781,247 --a------ c:\windows\system32\xa16478953.exe
2009-01-23 14:37 . 2009-01-23 14:37 54,781,247 --a------ c:\windows\system32\xa16474859.exe
2009-01-23 14:12 . 2009-01-23 14:12 <DIR> d-------- r:\program files\Studio V5
2009-01-23 11:48 . 2009-01-23 11:48 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\JAM Software
2009-01-23 11:40 . 2009-01-23 11:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\IndigoRose
2009-01-23 11:39 . 2009-01-23 11:39 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\Downloaded Installations
2009-01-23 11:34 . 2009-01-23 11:35 <DIR> d-------- r:\program files\WeBuilder 2008
2009-01-23 11:34 . 2009-01-23 11:34 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\Blumentals
2009-01-23 11:17 . 2009-01-23 11:17 1,773,568 --a------ c:\windows\system32\msgdiplus.dll
2009-01-23 11:10 . 2009-01-28 17:20 <DIR> d-------- C:\Sandbox
2009-01-23 11:08 . 2009-01-28 17:38 2,432 --a------ c:\windows\Sandboxie.ini
2009-01-22 21:41 . 2009-01-22 21:41 <DIR> d-------- r:\program files\3D Utils
2009-01-22 21:17 . 2009-01-22 21:21 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\bibble
2009-01-22 21:13 . 2009-01-22 21:13 <DIR> d-------- c:\program files\Common Files\Bibble Labs
2009-01-22 05:51 . 2009-01-22 05:52 <DIR> d-------- c:\temp\Prince.Of.Persia.3.The.Two.Thrones-RELOADED[www.moviex.info]
2009-01-22 05:47 . 2009-01-22 05:50 <DIR> d-------- c:\temp\Star Wars KOTOR
2009-01-19 02:11 . 2009-01-19 02:11 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\Quark
2009-01-19 02:09 . 2009-01-19 02:09 <DIR> d-------- r:\program files\Quark
2009-01-19 02:09 . 2009-01-19 02:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Quark
2009-01-17 12:59 . 2009-01-17 12:59 <DIR> d-------- r:\program files\eRightSoft
2009-01-15 23:08 . 2009-01-15 23:09 <DIR> d-------- r:\program files\Deskcalc Pro
2009-01-15 15:34 . 2009-01-15 15:34 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\URSoft
2009-01-14 07:56 . 2009-01-23 08:34 2,134 --a------ c:\windows\system32\ycap.jpg
2009-01-12 15:14 . 2009-01-12 15:14 <DIR> d-------- c:\temp\ENGiNE
2009-01-12 06:41 . 2006-06-20 08:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-01-12 06:40 . 2009-01-12 06:40 <DIR> d-------- r:\program files\Outsim
2009-01-12 06:40 . 2009-01-12 06:43 <DIR> d-------- r:\program files\Image-Line
2009-01-12 06:40 . 2002-07-07 22:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-01-12 03:06 . 2009-01-12 03:06 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\Imagenomic
2009-01-09 22:51 . 2009-01-15 17:42 <DIR> d-------- r:\program files\IconPackager
2009-01-09 22:51 . 2009-01-09 22:51 <DIR> d-------- c:\program files\Common Files\Stardock
2009-01-08 23:02 . 2009-01-08 23:02 <DIR> d-------- c:\documents and settings\Tiny One\Application Data\Neuratron
2009-01-08 23:01 . 2005-09-02 08:04 9,068,589 --a------ c:\windows\system32\Drs832.dll
2009-01-08 11:44 . 2009-01-08 11:44 <DIR> d-------- C:\vcs5BGEffects
2009-01-07 22:13 . 2009-01-07 22:14 <DIR> d-------- r:\program files\Atomic RAR Password Recovery
2009-01-06 04:00 . 2009-01-06 04:01 <DIR> d-------- r:\program files\Microsoft adCenter Add-in for Excel 2.0 (Beta)
2009-01-05 18:31 . 2009-01-05 18:31 <DIR> d-------- c:\documents and settings\Tiny One\.spss
2009-01-05 18:22 . 2009-01-05 18:22 1,024 --a------ c:\windows\system32\grcauth2.dll
2009-01-05 18:22 . 2009-01-05 18:22 1,024 --a------ c:\windows\system32\grcauth1.dll
2009-01-05 18:22 . 2009-01-05 18:22 114 --a------ c:\windows\system32\prsgrc.tgz
2009-01-05 18:20 . 2009-01-05 18:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2009-01-05 18:17 . 2009-01-05 18:40 <DIR> d-------- r:\program files\SPSSInc
2009-01-05 18:17 . 2009-01-05 18:17 <DIR> d-------- c:\program files\Common Files\SPSS
2009-01-05 18:17 . 2009-01-05 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SPSS
2009-01-03 06:55 . 2009-01-03 06:55 0 --a------ C:\law.sp
2009-01-03 06:53 . 2009-01-03 06:54 <DIR> d-------- C:\Python25
2009-01-03 05:15 . 2009-01-03 05:18 <DIR> d-------- r:\program files\Subliminal Audio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 05:08 --------- d-----w c:\documents and settings\Tiny One\Application Data\uTorrent
2009-01-28 20:07 --------- d-----w r:\program files\Rainlendar2
2009-01-28 19:43 --------- d-----w r:\program files\PeerGuardian2
2009-01-28 17:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-28 17:37 --------- d-----w r:\program files\EDraw Max
2009-01-28 17:29 --------- d-----w r:\program files\Graphics
2009-01-28 11:25 --------- d-----w c:\documents and settings\Tiny One\Application Data\ue_toolbar
2009-01-28 06:34 --------- d-----w r:\program files\Axialis
2009-01-27 22:40 --------- d-----w r:\program files\WebcamMax
2009-01-25 18:24 --------- d-----w r:\program files\Games
2009-01-24 22:24 --------- d--h--w r:\program files\InstallShield Installation Information
2009-01-24 13:15 --------- d-----w r:\program files\SUPERAntiSpyware
2009-01-24 01:02 --------- d-----w r:\program files\Malwarebytes' Anti-Malware
2009-01-24 00:58 --------- d-----w r:\program files\Opera 9.5
2009-01-23 23:37 --------- d-----w r:\program files\Java
2009-01-23 23:15 --------- d-----w r:\program files\Safari
2009-01-23 16:46 --------- d-----w r:\program files\Microsoft Silverlight
2009-01-23 16:13 --------- d-----w r:\program files\uTorrent
2009-01-23 11:47 --------- d-----w r:\program files\Utilities
2009-01-23 11:02 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-22 16:21 --------- d-----w c:\documents and settings\Tiny One\Application Data\Alien Skin
2009-01-22 13:48 --------- d-----w c:\program files\Common Files\onOne Software Shared
2009-01-22 06:43 --------- d-----w c:\program files\Common Files\Adobe
2009-01-17 02:08 --------- d-----w r:\program files\IM Tools
2009-01-15 17:43 --------- d-----w r:\program files\WebPosition 4
2009-01-15 17:42 --------- d-----w r:\program files\Mozilla Firefox 3 Beta 3
2009-01-15 17:42 --------- d-----w r:\program files\Movie Magic Sreenwriting
2009-01-15 17:42 --------- d-----w r:\program files\Hide IP Platinum
2009-01-15 17:42 --------- d-----w r:\program files\Firefox 2
2009-01-15 00:41 --------- d-----w c:\documents and settings\Tiny One\Application Data\Thinstall
2009-01-14 16:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-14 11:38 --------- d-----w c:\documents and settings\Tiny One\Application Data\dvdcss
2009-01-12 15:24 --------- d-----w r:\program files\WinRAR-2008
2009-01-09 22:45 --------- d-----w r:\program files\phpDesigner 2008
2009-01-08 23:01 --------- d-----w r:\program files\Sibelius Software
2009-01-08 11:43 --------- d-----w r:\program files\Audio
2009-01-06 23:12 --------- d-----w r:\program files\Mindjet
2009-01-06 04:36 --------- d-----w r:\program files\Eset
2009-01-06 04:33 --------- d-----w r:\program files\Zend
2009-01-03 06:44 --------- d-----w r:\program files\MagicISO
2008-12-31 14:30 --------- d-----w r:\program files\Hotspot_Shield
2008-12-24 19:32 --------- d-----w c:\documents and settings\Tiny One\Application Data\X-NetStat
2008-12-21 21:04 --------- d-----w r:\program files\PHP Expert Editor 4.2
2008-12-21 21:03 --------- d-----w r:\program files\PHPRunner4.1
2008-12-21 04:12 --------- d-----w c:\documents and settings\Tiny One\Application Data\iMacros
2008-12-19 13:23 --------- d-----w r:\program files\Siber Systems
2008-12-19 13:23 --------- d-----w c:\documents and settings\Tiny One\Application Data\GoodSync
2008-12-18 20:50 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2008-12-18 20:50 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2008-12-18 16:12 --------- d-----w c:\documents and settings\Tiny One\Application Data\Carnival Software
2008-12-18 12:49 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-17 10:50 --------- d-----w r:\program files\SEO Tools
2008-12-17 07:07 --------- d-----w r:\program files\Alien Skin
2008-12-14 04:02 --------- d-----w c:\documents and settings\All Users\Application Data\RoboForm
2008-12-12 19:21 --------- d-----w c:\documents and settings\Tiny One\Application Data\InterVideo
2008-12-12 19:18 --------- d-----w r:\program files\InterVideo Information Service
2008-12-12 19:18 --------- d-----w c:\program files\Common Files\Ulead
2008-12-12 19:16 --------- d-----w r:\program files\InterVideo
2008-12-12 19:16 --------- d-----w c:\program files\Common Files\InterVideo
2008-12-12 02:47 56,912 ----a-w c:\documents and settings\Tiny One\g2mdlhlpx.exe
2008-12-12 02:47 --------- d-----w r:\program files\Citrix
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 07:34 --------- d-----w r:\program files\PowerISO
2008-12-08 02:41 --------- d-----w c:\documents and settings\Tiny One\Application Data\Sony
2008-12-08 02:40 --------- d-----w c:\documents and settings\Tiny One\Application Data\Publish Providers
2008-12-08 01:47 --------- d-----w r:\program files\Vstplugins
2008-12-08 01:47 --------- d-----w r:\program files\Sony
2008-12-08 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-12-08 01:44 --------- d-----w r:\program files\_zSony Vegas Setup
2008-12-08 00:19 --------- d-----w c:\documents and settings\Tiny One\Application Data\Broderbund
2008-12-08 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\Broderbund
2008-12-08 00:17 --------- d-----w r:\program files\Utils
2008-12-04 02:27 --------- d-----w r:\program files\Analytics Reporting Suite - beta 2
2008-12-04 02:05 --------- d-----w r:\program files\TechSmith
2008-12-04 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-12-04 01:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-02 09:55 --------- d-----w r:\program files\anim8or.com
2008-12-02 04:20 --------- d-----w r:\program files\Spybot - Search & Destroy
2008-11-30 07:47 --------- d-----w r:\program files\PDF Password Remover v2.1
2008-11-29 12:40 --------- d-----w r:\program files\Force5
2008-11-29 05:33 --------- d-----w c:\documents and settings\Tiny One\Application Data\com.adobe.ExMan
2008-11-28 18:00 --------- d-----w r:\program files\Windows Desktop Search
2008-11-28 17:38 --------- d-----w c:\documents and settings\Tiny One\Application Data\Skype
2008-11-28 16:29 --------- d-----w c:\documents and settings\Tiny One\Application Data\skypePM
2008-10-25 22:20 604 ---ha-w r:\program files\STLL Notifier
2008-04-21 15:36 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-13 11:09 77 --sh--w r:\program files\Desktop.ini
2001-12-27 18:07 660,992 ----a-r r:\program files\FontViewer.exe
2007-01-01 15:46 141,824 ----a-w r:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-24 11:09 67,696 ----a-w r:\program files\mozilla firefox\components\jar50.dll
2008-09-24 11:09 54,376 ----a-w r:\program files\mozilla firefox\components\jsd3250.dll
2008-09-24 11:09 34,952 ----a-w r:\program files\mozilla firefox\components\myspell.dll
2008-09-24 11:09 46,720 ----a-w r:\program files\mozilla firefox\components\spellchk.dll
2008-09-24 11:09 172,144 ----a-w r:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2008-06-22 03:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062220080623\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-23_22.31.39.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-25 16:01:35 451,072 ----a-w c:\windows\5 Realms Of Cards\uninstall.exe
+ 2009-01-24 17:48:30 451,072 ----a-w c:\windows\Aloha Solitaire\uninstall.exe
+ 2009-01-24 14:05:34 451,072 ----a-w c:\windows\Ancient Tripeaks II\uninstall.exe
+ 2009-01-24 14:03:39 451,072 ----a-w c:\windows\Ancient Tripeaks\uninstall.exe
+ 2009-01-24 14:01:22 451,072 ----a-w c:\windows\Great Escapes Solitaire\uninstall.exe
+ 2009-01-24 22:24:31 312,558 ----a-r c:\windows\Installer\{213D87A3-BE42-42CE-9B2C-7BF7A85710DD}\ARPPRODUCTICON.exe
+ 2009-01-23 23:15:59 307,200 ----a-r c:\windows\Installer\{34F85A4D-03CC-428A-80A4-880228646518}\SafariIco.exe
- 2008-11-10 11:32:21 65,536 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
+ 2009-01-25 01:01:58 65,536 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
- 2008-11-10 11:32:20 38,926 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat.exe
+ 2009-01-25 01:01:57 38,926 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat.exe
- 2008-11-10 11:32:21 38,926 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat_3D.exe
+ 2009-01-25 01:01:59 38,926 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat_3D.exe
- 2008-11-10 11:32:21 36,294 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat_Standard.exe
+ 2009-01-25 01:01:58 36,294 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat_Standard.exe
- 2008-11-10 11:32:21 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Distiller.exe
+ 2009-01-25 01:01:58 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Distiller.exe
- 2008-11-10 11:32:21 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_ELEMENTS_DT.exe
+ 2009-01-25 01:01:58 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_ELEMENTS_DT.exe
- 2008-11-10 11:32:20 335,872 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2009-01-25 01:01:57 335,872 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2009-01-24 13:45:06 451,072 ----a-w c:\windows\Mystery Solitaire Secret Island\uninstall.exe
- 2008-12-01 20:34:31 410,976 ----a-w c:\windows\system32\deploytk.dll
+ 2009-01-23 23:37:52 410,984 ----a-w c:\windows\system32\deploytk.dll
+ 2006-05-02 07:13:02 165,888 ----a-w c:\windows\system32\E177E04D548C4006A465EEB92D3DE021\Runtime\Objects\prv_ee_6_2_83.dll
- 2009-01-23 10:03:05 2,221,184 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-24 23:25:30 2,235,512 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-12-01 20:34:31 139,264 ----a-w c:\windows\system32\java.exe
+ 2009-01-23 23:37:52 144,792 ----a-w c:\windows\system32\java.exe
- 2008-12-01 20:34:31 139,264 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-23 23:37:52 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-12-01 20:34:31 143,360 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-23 23:37:52 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-01-22 06:36:33 85,020 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-24 00:14:27 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-01-23 22:07:13 73,336 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-28 20:09:55 73,336 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-23 22:07:13 446,654 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-28 20:09:55 446,654 ----a-w c:\windows\system32\perfh009.dat
+ 2008-05-29 10:47:32 2,023,424 ----a-w c:\windows\system32\QtCore4.dll
+ 2008-04-23 23:49:52 7,315,456 ----a-w c:\windows\system32\QtGui4.dll
+ 2009-01-29 10:28:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1d4.dat
+ 2009-01-29 10:28:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3dc.dat
+ 2009-01-24 14:39:05 451,072 ----a-w c:\windows\TriPeaks Solitaire To Go\uninstall.exe
+ 2009-01-24 13:58:39 451,072 ----a-w c:\windows\Waterscape Solitaire American Falls\uninstall.exe
+ 2009-01-24 13:40:27 451,072 ----a-w c:\windows\Word Search Deluxe\uninstall.exe
+ 2009-01-24 14:58:28 451,072 ----a-w c:\windows\World Class Solitaire\uninstall.exe
+ 2009-01-24 13:39:18 451,072 ----a-w c:\windows\Zodiac Tower\uninstall.exe
+ 2009-01-24 13:21:58 451,072 ----a-w c:\windows\Zodiac\uninstall.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "r:\program files\Hotspot_Shield\tbHots.dll" [2008-06-24 1569304]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FE6A929-59D1-4763-91AD-29B61CFFB35B}]
2008-11-14 03:35 70944 --a------ r:\program files\Mindjet\MindManager 8\Mm8InternetExplorer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2008-06-24 22:17 1569304 --a------ r:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "r:\program files\Hotspot_Shield\tbHots.dll" [2008-06-24 1569304]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "r:\program files\Hotspot_Shield\tbHots.dll" [2008-06-24 1569304]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="r:\program files\Rainlendar2\Rainlendar2.exe" [2007-08-24 2932736]
"LClock"="r:\program files\LClock\lclock.exe" [2004-09-19 65536]
"Aestan Tray Menu"="c:\wamp\wampmanager.exe" [2007-02-18 1152512]
"Camtasia Recorder"="r:\program files\TechSmith\Camtasia Studio 6\CamRecorder.exe" [2008-10-10 2678104]
"RoboForm"="r:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-14 160592]
"SandboxieControl"="r:\program files\Utilities\SbieCtrl.exe" [2009-01-05 336896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="r:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"IntelliPoint"="r:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"BtTray"="r:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-12-28 258134]
"SynTPEnh"="r:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"Adobe Acrobat Speed Launcher"="r:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"nod32kui"="r:\program files\Eset\nod32kui.exe" [2008-12-18 949376]
"MMReminderService"="r:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]
"iTunesHelper"="r:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MDDiskProtect.exe"="c:\program files\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 106496]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"SunJavaUpdateSched"="r:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]
"SxgTkBar"="SxgTkBar.exe" [2002-07-22 c:\windows\system32\Sxgtkbar.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="r:\program files\KeyScrambler\getting_started.html" [X]

c:\documents and settings\Tiny One\Start Menu\Programs\Startup\
Secunia PSI.lnk - r:\program files\Secunia\PSI\psi.exe [2008-11-25 728408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SnagIt 9.lnk - r:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 6822728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "r:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 r:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.xvid"= xvid.dll
"MSVideo"= CSvidcap.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Tiny One\Application Data\iolo\

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\ntosboot.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 20:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"StarWindService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"r:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"r:\\Program Files\\Opera\\Opera.exe"=
"r:\\Program Files\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\engine.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\audmig.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\macroeditor.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\speechbar.exe"=
"r:\\Program Files\\ViaVoice\\Bin\\userwiz.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"r:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"r:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"r:\\Program Files\\phpDesigner 2008\\phpDesigner2008.exe"=
"r:\\Program Files\\Zend\\ZendStudio-5.5.1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox 2\\firefox.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"r:\\Program Files\\Octoshape Streaming Services\\Tiny One\\OctoshapeClient.exe"=
"r:\\Program Files\\SecondLife\\SecondLife.exe"=
"r:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"r:\\Program Files\\Navicat 8.0 MySQL\\navicat.exe"=
"r:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"r:\\Program Files\\Flock\\flock\\flock.exe"=
"c:\\Documents and Settings\\Tiny One\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"r:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"r:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"r:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"r:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"r:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"r:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"r:\\Program Files\\Utilities\\SiSoftware Sandra Professional Business 2009\\RpcAgentSrv.exe"=
"r:\\Program Files\\Utilities\\SiSoftware Sandra Professional Business 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"r:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"r:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"r:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:*:Disabled:TCP Port 135
"5000:TCP"= 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*:Disabled:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-02-11 3456]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2006-04-30 16640]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2006-09-13 213888]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-18 15424]
R1 SASDIFSV;SASDIFSV;r:\program files\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;r:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-04-11 113896]
R3 SbieDrv;SbieDrv;r:\program files\Utilities\SbieDrv.sys [2009-01-05 103936]
R3 SOFTXG;YAMAHA XG SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [2008-07-22 966784]
R4 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2007-10-06 935936]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-07-14 13824]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;r:\program files\Utilities\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2009-01-12 98488]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-07-14 13696]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-09-05 37296]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S3 SASENUM;SASENUM;r:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 SIWIO;SIWIO;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;c:\windows\system32\drivers\UsbMicfilt.sys [2007-03-13 22571]
S3 ZSMC302;PCL-W310;c:\windows\system32\drivers\usbvm302.sys [2006-12-31 93962]
S4 0227491172140703mcinstcleanup;McAfee Application Installer Cleanup (0227491172140703);c:\windows\TEMP\022749~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\022749~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 winsmss ;Windows Session Manager Services ;c:\windows\system32\\winsmss.exe --> c:\windows\system32\\winsmss.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-04-18 c:\windows\Tasks\Uniblue SpyEraser.job
- r:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 08:50]

2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{E7865968-F99A-45D6-8E9C-31BE1EEE68DE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
IE:
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Browster Prefetch On/Off - r:\program files\Browster\Browster.dll/CustomPrefetchMenu.htm
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - r:\program files\Altova\XMLSpy2008\spy.htm
IE: Fill Forms - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open and Translate in Word - r:\program files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
IE: Password Generator - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm TaskBar Icon - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: RoboForm Toolbar - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - r:\program files\Utilities\Bluetooth Software\btsendto_ie_ctx.htm
IE: Set Fields - file://r:\program files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
IE: Zend Studio - Debug current page - r:\program files\Zend\ZendStudio-5.5.1\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - r:\program files\Zend\ZendStudio-5.5.1\bin\ZendIEToolbar.dll/DebugNext.html
IE: {{2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - r:\program files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
LSP: c:\windows\system32\imon.dll
TCP: {72F4BB1C-8CC4-49D8-B885-1D4FDBA0CCA0} = 195.92.195.95,195.92.195.94
FF - ProfilePath - c:\documents and settings\Tiny One\Application Data\Mozilla\Firefox\Profiles\adzuh488.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox 2\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
























FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 10:30:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C0DD146-A2A6-BFA4-F4B84228CE730E88}\{718890A1-4FA8-4866-06B3B07592C0C36E}\{C0B10667-122D-45CB-48A7F7AE622314D0}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{29D83109-D499-A3EF-54ABD4209B2D5F0C}\{354D4B2F-7299-D6B0-F9DE68C9556AEC8D}\{1096A586-413B-60D3-8347C002DC18071C}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{30723499-6545-EACE-9B5A6213A2611088}\{8F702A1D-0083-23E8-7D232F31414B690B}\{20188B26-1B3F-8E02-CDCA05C95C90DBD0}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32D8DBD4-B955-25F6-FF2FD67811A2C9DA}\{94CF5F21-4368-969C-99FE195940743E13}\{15E9DC49-AD27-6FBF-ADF6ADCA641CD874}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{454884EE-A952-6288-D98E4C6628C57FD8}\{4E2828CC-5D4E-CAA4-0B0E2FF0C61DD876}\{D33FFB02-83E4-6D49-8432C9C83D6B1A26}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{551E7168-6B6B-73F4-2358001EBB1BFA13}\{9EB39097-9AF5-4CC7-A66D04881D6D8211}\{B54D5FC9-25C8-0FB7-F96BD94B39BD18AF}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55F992BA-1D26-E5AF-0907C8AEF5A56624}\{F1333513-8015-AAF3-FD42BD84CFB0024A}\{F02E7673-B596-886F-5D7515D1DE7A7F98}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8FD8A5D7-9511-025F-16B31A5B051F5A4D}\{7F4BC209-0230-7A50-936F3704F4AD01D8}\{4F172B6C-B722-D8DB-046FD06C67D2EAC6}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{945169D7-C27E-315B-97A3E6913A1C7622}\{06C63AB7-5C18-FA8E-E5D32118C99A5B59}\{F7BD6AFF-A45B-6FB8-BB91AB79C0A3DA53}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C9E2B393-56C9-49A0-E9536816E76F722D}\{C3EAC204-1FBE-55E0-B9FAECEF4AC48E44}\{36C3AF1D-C1DF-E2E1-C86849C42C7FDBDC}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F71B406A-64B6-7890-A4E79C228CB5B5C7}\{B2D97AB2-1AAA-0E19-47D2DF75F80031A6}\{B1F98325-4C85-36BE-448BCE0A416EDA34}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6f,7b,10,
9f,a9,ec,ba,9b,58,10,3c,7f,de,3d,7d,cc,f2,b6,5c,5f,15,46,15,92,8f,3b,60,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE8DBE89-D247-CDA0-331071706D351D5D}\{D7E03019-A44C-9829-6C33C3798CE56E87}\{A96D9761-82B1-07BB-8B5956B67D5931EC}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|’’’’"•€|ž»Ōw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|’’’’¤•€|ł•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1532)
r:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1588)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
r:\program files\Utilities\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
r:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
r:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
r:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
r:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
r:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
r:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
r:\program files\Eset\nod32krn.exe
r:\program files\Utilities\SbieSvc.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
r:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
r:\program files\TechSmith\SnagIt 9\TscHelp.exe
r:\program files\TechSmith\SnagIt 9\SnagPriv.exe
r:\program files\TechSmith\Camtasia Studio 6\TscHelp.exe
r:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
r:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************
.
Completion time: 2009-01-29 10:40:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-29 10:39:46
ComboFix2.txt 2009-01-23 22:34:30
ComboFix3.txt 2008-08-12 04:35:24
ComboFix4.txt 2008-05-29 12:07:51
ComboFix5.txt 2009-01-29 10:16:29

Pre-Run: 3,722,608,640 bytes free
Post-Run: 4,292,997,120 bytes free

617 --- E O F --- 2009-01-27 12:55:42



#9 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 29 January 2009 - 06:15 AM

My other post about Adobe AIR problems should also be noted.

Adobe AIR does not appear in the Add/Remove Programs Screen.

Now to wait for help. :thumbup2:

LL

#10 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 04 February 2009 - 06:29 AM

I know it's probably a tough one, but the five day response has passed.

Any idea on turnaround right now?

Cheers

LL

#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:04 AM

Posted 05 February 2009 - 10:51 AM

Hello, londonliving.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • RSIT Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 05 February 2009 - 11:27 AM

Hi there aommaster

Thanks for looking into this.

Problem still exists as far as I know.

I'll be back with the machine in question later today.

Cheers

LL

#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:04 AM

Posted 05 February 2009 - 12:42 PM

Alrighty!

Also, please make sure that when you post your log, you don't apply anything like a quote box, code box, or change change, etc.

Just copy and paste the log into the post and I'll have a look at it :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 06 February 2009 - 10:22 AM

Went back 2 months as I am not certain what crept in where...

-------------------------------------------------------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Tiny One at 2009-02-06 15:17:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (16%) free of 40 GB
Total RAM: 1918 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:43, on 06/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
R:\Program Files\Utilities\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
R:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
R:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
R:\Program Files\Eset\nod32krn.exe
R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
R:\Program Files\Utilities\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\Explorer.EXE
R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\WLTRAY.exe
R:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\stsystra.exe
R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
R:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\WINDOWS\system32\rundll32.exe
R:\Program Files\Eset\nod32kui.exe
R:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
R:\Program Files\Rainlendar2\Rainlendar2.exe
R:\Program Files\LClock\lclock.exe
R:\Program Files\TechSmith\Camtasia Studio 6\CamRecorder.exe
R:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
R:\Program Files\Utilities\SbieCtrl.exe
R:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
R:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\ctfmon.exe
R:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
R:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
R:\Program Files\TechSmith\Camtasia Studio 6\TSCHelp.exe
R:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
R:\PROGRAM FILES\UNIBLUE\SPEEDUPMYPC\SPEEDUPMYPC.EXE
R:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
R:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
R:\Program Files\VideoLAN\VLC\vlc.exe
R:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tiny One\Desktop\RSIT.exe
R:\Program Files\Trend Micro\HijackThis\Tiny One.exe
R:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1061209
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - R:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - R:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - R:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - R:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - R:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - R:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - R:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: BrwIEConnector Class - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - r:\Program Files\Browster\Browster.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - R:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - R:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - R:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - R:\PROGRA~1\Zend\ZENDST~1.1\bin\ZENDIE~1.DLL
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - R:\Program Files\Hotspot_Shield\tbHots.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - R:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - R:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - R:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [WinPatrol] R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelliPoint] "R:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BtTray] "R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SynTPEnh] R:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "R:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nod32kui] "R:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MMReminderService] R:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [iTunesHelper] R:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "R:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Rainlendar2] "R:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [LClock] R:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Aestan Tray Menu] C:\wamp\wampmanager.exe
O4 - HKCU\..\Run: [Camtasia Recorder] "R:\Program Files\TechSmith\Camtasia Studio 6\CamRecorder.exe" /m
O4 - HKCU\..\Run: [RoboForm] "R:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SandboxieControl] "R:\Program Files\Utilities\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] R:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] R:\Program Files\KeyScrambler\getting_started.html (User 'Default user')
O4 - Startup: Secunia PSI.lnk = R:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: SnagIt 9.lnk = R:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Browster Prefetch On/Off - res://r:\Program Files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - R:\Program Files\Altova\XMLSpy2008\spy.htm
O8 - Extra context menu item: Fill Forms - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open and Translate in Word - res://R:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Password Generator - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - R:\Program Files\Utilities\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Set Fields - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://R:\Program Files\Zend\ZendStudio-5.5.1\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://R:\Program Files\Zend\ZendStudio-5.5.1\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - R:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - R:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - R:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - R:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - R:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - R:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://R:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "R:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "R:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - R:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - R:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - R:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - R:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194709915390
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72F4BB1C-8CC4-49D8-B885-1D4FDBA0CCA0}: NameServer = 195.92.195.95,195.92.195.94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - R:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleilCS - Unknown owner - R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - R:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - R:\Program Files\Utilities\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - R:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - R:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - R:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - R:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - R:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - R:\Program Files\Utilities\SbieSvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 23133 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E7865968-F99A-45D6-8E9C-31BE1EEE68DE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - R:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15 66888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - R:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
CKeyScramblerBHO Object - R:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008-08-22 812008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22}]
UltraEdit Toolbar - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL [2007-07-10 1901568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - R:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FE6A929-59D1-4763-91AD-29B61CFFB35B}]
CmjBrowserHelperObject Object - R:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll [2008-11-14 70944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
R:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-12-14 5759816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - R:\Program Files\Java\jre6\bin\ssv.dll [2009-01-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{908A31E8-2A6E-4736-8E8A-AAF00C4AE38F}]
BrwIEConnector Class - r:\Program Files\Browster\Browster.dll [2006-12-16 929792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - R:\Program Files\Hotspot_Shield\tbHots.dll [2008-06-24 1569304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - R:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - R:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95188727-288F-4581-A48D-EAB3BD027314} - Zend Studio - R:\PROGRA~1\Zend\ZENDST~1.1\bin\ZENDIE~1.DLL [2007-12-02 192512]
{4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - UltraEdit Toolbar - R:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL [2007-07-10 1901568]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - R:\Program Files\Hotspot_Shield\tbHots.dll [2008-06-24 1569304]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - R:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15 161096]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - R:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-12-14 5759816]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - R:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=R:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"IntelliPoint"=R:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"BtTray"=R:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2007-12-28 258134]
"SynTPEnh"=R:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"SxgTkBar"=C:\WINDOWS\system32\SxgTkBar.exe [2002-07-22 53248]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"Adobe Acrobat Speed Launcher"=R:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"nod32kui"=R:\Program Files\Eset\nod32kui.exe [2008-12-18 949376]
"MMReminderService"=R:\Program Files\Mindjet\MindManager 8\MMReminderService.exe [2008-11-14 37656]
"iTunesHelper"=R:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"MDDiskProtect.exe"=C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe [2005-04-15 106496]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"SunJavaUpdateSched"=R:\Program Files\Java\jre6\bin\jusched.exe [2009-01-23 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=R:\Program Files\Rainlendar2\Rainlendar2.exe [2007-08-24 2932736]
"LClock"=R:\Program Files\LClock\lclock.exe [2004-09-19 65536]
"Aestan Tray Menu"=C:\wamp\wampmanager.exe [2007-02-18 1152512]
"Camtasia Recorder"=R:\Program Files\TechSmith\Camtasia Studio 6\CamRecorder.exe [2008-10-10 2678104]
"RoboForm"=R:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-12-14 160592]
"SandboxieControl"=R:\Program Files\Utilities\SbieCtrl.exe [2009-01-05 336896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"StarWindService"=2
"NMIndexingService"=3
"NICCONFIGSVC"=2
"gusvc"=3
"GoogleDesktopManager"=3
"FLEXnet Licensing Service"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SnagIt 9.lnk - R:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe

C:\Documents and Settings\Tiny One\Start Menu\Programs\Startup
Secunia PSI.lnk - R:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
R:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-03-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=R:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"R:\Program Files\uTorrent\utorrent.exe"="R:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"R:\Program Files\Opera\Opera.exe"="R:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"R:\Program Files\Nero 7\Nero Home\NeroHome.exe"="R:\Program Files\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Media Player Classic\mplayerc.exe"="C:\Program Files\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"R:\Program Files\ViaVoice\Bin\engine.exe"="R:\Program Files\ViaVoice\Bin\engine.exe:*:Disabled:IBM ViaVoice ® Speech Recognition"
"R:\Program Files\ViaVoice\Bin\audmig.exe"="R:\Program Files\ViaVoice\Bin\audmig.exe:*:Disabled:audmig"
"R:\Program Files\ViaVoice\Bin\macroeditor.exe"="R:\Program Files\ViaVoice\Bin\macroeditor.exe:*:Enabled:macroeditor"
"R:\Program Files\ViaVoice\Bin\speechbar.exe"="R:\Program Files\ViaVoice\Bin\speechbar.exe:*:Enabled:speechbar"
"R:\Program Files\ViaVoice\Bin\userwiz.exe"="R:\Program Files\ViaVoice\Bin\userwiz.exe:*:Enabled:userwiz"
"C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe"="C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"R:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="R:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"R:\Program Files\phpDesigner 2008\phpDesigner2008.exe"="R:\Program Files\phpDesigner 2008\phpDesigner2008.exe:*:Disabled:phpDesigner2008"
"R:\Program Files\Zend\ZendStudio-5.5.1\jre\bin\javaw.exe"="R:\Program Files\Zend\ZendStudio-5.5.1\jre\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\Mozilla Firefox 2\firefox.exe"="C:\Program Files\Mozilla Firefox 2\firefox.exe:*:Enabled:Firefox"
"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe"="C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"R:\Program Files\Octoshape Streaming Services\Tiny One\OctoshapeClient.exe"="R:\Program Files\Octoshape Streaming Services\Tiny One\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"R:\Program Files\SecondLife\SecondLife.exe"="R:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life"
"R:\Program Files\VideoLAN\VLC\vlc.exe"="R:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"R:\Program Files\Navicat 8.0 MySQL\navicat.exe"="R:\Program Files\Navicat 8.0 MySQL\navicat.exe:*:Enabled:Navicat"
"R:\Program Files\Mozilla Firefox\firefox.exe"="R:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"R:\Program Files\Flock\flock\flock.exe"="R:\Program Files\Flock\flock\flock.exe:*:Enabled:Flock"
"C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe"="C:\Documents and Settings\Tiny One\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe:*:Enabled:Google Talk, Labs Edition"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"R:\Program Files\Bonjour\mDNSResponder.exe"="R:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"R:\Program Files\iTunes\iTunes.exe"="R:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"R:\Program Files\InterVideo\DVD8\WinDVD.exe"="R:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Disabled:WinDVD"
"R:\Program Files\SPSSInc\Statistics17\statistics.com"="R:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com"
"R:\Program Files\SPSSInc\Statistics17\statistics.exe"="R:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe"
"R:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe"="R:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe"="R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\WNt500x86\RpcSandraSrv.exe"="R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"R:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe"="R:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4"
"R:\Program Files\Adobe\Adobe Contribute CS4\Contribute.exe"="R:\Program Files\Adobe\Adobe Contribute CS4\Contribute.exe:*:Enabled:Contribute CS4 "
"R:\Program Files\Java\jre6\bin\java.exe"="R:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - M:\autorun.exe


======File associations======

.js - open - "R:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
.txt - open - "R:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe" "%1"
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 2 months======

2009-02-06 15:17:16 ----D---- C:\rsit
2009-02-01 17:37:27 ----A---- C:\WINDOWS\system32\dzgtactx.dll
2009-02-01 17:37:26 ----A---- C:\WINDOWS\system32\MabryObj.dll
2009-02-01 17:37:26 ----A---- C:\WINDOWS\system32\FTPx.dll
2009-02-01 17:37:26 ----A---- C:\WINDOWS\system32\azip32.dll
2009-01-30 12:28:32 ----SHD---- C:\RECYCLER
2009-01-30 08:18:08 ----A---- C:\AdobeRenderServerLog.txt
2009-01-29 17:57:53 ----D---- C:\Program Files\Common Files\Diskeeper Corporation
2009-01-29 17:57:52 ----D---- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2009-01-29 10:40:44 ----A---- C:\ComboFix.txt
2009-01-28 10:12:43 ----D---- R:\Program Files\CurrencyManage
2009-01-26 11:39:52 ----D---- C:\Documents and Settings\Tiny One\Application Data\vlc
2009-01-25 16:02:11 ----D---- C:\Documents and Settings\All Users\Application Data\SugarGames
2009-01-25 16:01:35 ----D---- C:\WINDOWS\5 Realms Of Cards
2009-01-25 04:50:12 ----A---- C:\WINDOWS\system32\WS_FTP_Install.BAK
2009-01-25 00:07:39 ----D---- C:\Documents and Settings\Tiny One\Application Data\IndigoRose
2009-01-24 17:48:30 ----D---- C:\WINDOWS\Aloha Solitaire
2009-01-24 14:58:28 ----D---- C:\WINDOWS\World Class Solitaire
2009-01-24 14:39:05 ----D---- C:\WINDOWS\TriPeaks Solitaire To Go
2009-01-24 14:05:34 ----D---- C:\WINDOWS\Ancient Tripeaks II
2009-01-24 14:03:39 ----D---- C:\WINDOWS\Ancient Tripeaks
2009-01-24 14:01:41 ----D---- C:\Documents and Settings\Tiny One\Application Data\EA
2009-01-24 14:01:41 ----D---- C:\Documents and Settings\All Users\Application Data\EA
2009-01-24 14:01:22 ----D---- C:\WINDOWS\Great Escapes Solitaire
2009-01-24 13:58:39 ----D---- C:\WINDOWS\Waterscape Solitaire American Falls
2009-01-24 13:58:07 ----A---- C:\WINDOWS\Waterscape Solitaire American Falls Setup Log.txt
2009-01-24 13:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2009-01-24 13:45:06 ----D---- C:\WINDOWS\Mystery Solitaire Secret Island
2009-01-24 13:40:27 ----D---- C:\WINDOWS\Word Search Deluxe
2009-01-24 13:37:21 ----D---- C:\WINDOWS\Zodiac Tower
2009-01-24 13:22:21 ----D---- C:\Documents and Settings\Tiny One\Application Data\Beep
2009-01-24 13:21:58 ----D---- C:\WINDOWS\Zodiac
2009-01-24 00:08:07 ----D---- R:\Program Files\netbeans-5.0
2009-01-23 16:29:02 ----D---- C:\Documents and Settings\Tiny One\Application Data\LogoMaker
2009-01-23 14:37:24 ----A---- C:\WINDOWS\system32\xa16478953.exe
2009-01-23 14:37:20 ----A---- C:\WINDOWS\system32\xa16474859.exe
2009-01-23 14:12:24 ----D---- R:\Program Files\Studio V5
2009-01-23 11:48:05 ----D---- C:\Documents and Settings\Tiny One\Application Data\JAM Software
2009-01-23 11:40:48 ----D---- C:\Documents and Settings\All Users\Application Data\IndigoRose
2009-01-23 11:39:47 ----D---- C:\Documents and Settings\Tiny One\Application Data\Downloaded Installations
2009-01-23 11:34:36 ----D---- C:\Documents and Settings\Tiny One\Application Data\Blumentals
2009-01-23 11:34:35 ----D---- R:\Program Files\WeBuilder 2008
2009-01-23 11:17:10 ----A---- C:\WINDOWS\system32\msgdiplus.dll
2009-01-23 11:10:14 ----D---- C:\Sandbox
2009-01-23 11:08:53 ----A---- C:\WINDOWS\Sandboxie.ini
2009-01-22 21:41:54 ----D---- R:\Program Files\3D Utils
2009-01-22 21:17:20 ----D---- C:\Documents and Settings\Tiny One\Application Data\bibble
2009-01-22 21:13:01 ----D---- C:\Program Files\Common Files\Bibble Labs
2009-01-19 02:11:11 ----D---- C:\Documents and Settings\Tiny One\Application Data\Quark
2009-01-19 02:09:25 ----D---- R:\Program Files\Quark
2009-01-19 02:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\Quark
2009-01-17 13:03:59 ----A---- C:\WINDOWS\system32\devil.dll
2009-01-17 13:03:56 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-01-17 13:03:53 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-01-17 13:03:52 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-01-17 13:03:21 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-01-17 13:03:21 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-01-17 13:03:19 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-01-17 12:59:21 ----D---- R:\Program Files\eRightSoft
2009-01-15 23:08:03 ----D---- R:\Program Files\Deskcalc Pro
2009-01-15 15:34:52 ----D---- C:\Documents and Settings\Tiny One\Application Data\URSoft
2009-01-13 19:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-12 06:41:44 ----A---- C:\WINDOWS\system32\rewire.dll
2009-01-12 06:40:20 ----D---- R:\Program Files\Image-Line
2009-01-12 06:40:17 ----D---- R:\Program Files\Outsim
2009-01-12 03:06:14 ----D---- C:\Documents and Settings\Tiny One\Application Data\Imagenomic
2009-01-09 22:51:28 ----D---- C:\Program Files\Common Files\Stardock
2009-01-09 22:51:26 ----D---- R:\Program Files\IconPackager
2009-01-08 23:02:53 ----D---- C:\Documents and Settings\Tiny One\Application Data\Neuratron
2009-01-08 23:01:15 ----A---- C:\WINDOWS\system32\Drs832.dll
2009-01-08 11:44:47 ----D---- C:\vcs5BGEffects
2009-01-07 22:13:47 ----D---- R:\Program Files\Atomic RAR Password Recovery
2009-01-06 04:00:54 ----D---- R:\Program Files\Microsoft adCenter Add-in for Excel 2.0 (Beta)
2009-01-05 18:22:23 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-01-05 18:22:23 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-01-05 18:20:20 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2009-01-05 18:17:41 ----D---- C:\Documents and Settings\All Users\Application Data\SPSS
2009-01-05 18:17:40 ----D---- C:\Program Files\Common Files\SPSS
2009-01-05 18:17:39 ----D---- R:\Program Files\SPSSInc
2009-01-03 06:53:23 ----D---- C:\Python25
2009-01-03 05:15:59 ----A---- C:\WINDOWS\system32\MSCmCDE.dll
2009-01-03 05:15:59 ----A---- C:\WINDOWS\system32\CmDlgDE.dll
2009-01-03 05:15:51 ----A---- C:\WINDOWS\system32\vorbisenc.dll
2009-01-03 05:15:50 ----A---- C:\WINDOWS\system32\DGVorbis.dll
2009-01-03 05:15:50 ----A---- C:\WINDOWS\system32\DGRip.dll
2009-01-03 05:15:49 ----A---- C:\WINDOWS\system32\vorbisfile.dll
2009-01-03 05:15:49 ----A---- C:\WINDOWS\system32\vorbis.dll
2009-01-03 05:15:49 ----A---- C:\WINDOWS\system32\ogg.dll
2009-01-03 05:15:49 ----A---- C:\WINDOWS\system32\mp3enc.dll
2009-01-03 05:15:49 ----A---- C:\WINDOWS\system32\Mp3dec.dll
2009-01-03 05:15:49 ----A---- C:\WINDOWS\system32\Axdist.exe
2009-01-03 05:15:45 ----D---- R:\Program Files\Subliminal Audio
2008-12-19 13:23:49 ----D---- C:\Documents and Settings\Tiny One\Application Data\GoodSync
2008-12-18 20:51:10 ----A---- C:\WINDOWS\system32\imon.dll
2008-12-18 16:21:44 ----D---- R:\Program Files\Audio
2008-12-18 16:12:22 ----D---- C:\Documents and Settings\Tiny One\Application Data\Carnival Software
2008-12-18 12:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-17 07:07:30 ----D---- R:\Program Files\Alien Skin
2008-12-16 01:25:17 ----D---- C:\WINDOWS\Cribbage Quest
2008-12-14 04:02:30 ----D---- R:\Program Files\Siber Systems
2008-12-14 04:02:01 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-12-12 19:21:15 ----D---- C:\Documents and Settings\Tiny One\Application Data\InterVideo
2008-12-12 19:18:22 ----D---- C:\Program Files\Common Files\Ulead
2008-12-12 19:18:21 ----D---- R:\Program Files\InterVideo Information Service
2008-12-12 19:16:56 ----D---- C:\Program Files\Common Files\InterVideo
2008-12-12 19:16:28 ----D---- R:\Program Files\InterVideo
2008-12-12 02:47:22 ----D---- R:\Program Files\Citrix
2008-12-10 21:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 21:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 21:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 21:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-08 02:40:31 ----D---- C:\Documents and Settings\Tiny One\Application Data\Publish Providers
2008-12-08 02:40:09 ----D---- C:\Documents and Settings\Tiny One\Application Data\Sony
2008-12-08 01:47:52 ----D---- R:\Program Files\Vstplugins
2008-12-08 01:47:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-12-08 01:47:31 ----D---- R:\Program Files\Sony
2008-12-08 01:44:51 ----D---- R:\Program Files\_zSony Vegas Setup
2008-12-08 00:19:59 ----D---- C:\Documents and Settings\Tiny One\Application Data\Broderbund

======List of files/folders modified in the last 2 months======

2009-02-06 15:17:45 ----D---- C:\WINDOWS\Temp
2009-02-06 15:17:27 ----D---- R:\Program Files\PeerGuardian2
2009-02-06 15:03:08 ----D---- C:\Documents and Settings\Tiny One\Application Data\uTorrent
2009-02-06 14:55:24 ----AD---- C:\WINDOWS
2009-02-06 10:45:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-06 09:52:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-06 09:45:58 ----A---- C:\FONTLOG.TXT
2009-02-06 09:09:40 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-06 05:47:55 ----A---- C:\OnOneErrorLog.txt
2009-02-05 09:02:04 ----D---- C:\WINDOWS\system32
2009-02-05 08:34:52 ----D---- R:\Program Files\Rainlendar2
2009-02-04 19:49:41 ----SD---- C:\WINDOWS\Tasks
2009-02-04 19:47:54 ----D---- C:\WINDOWS\Prefetch
2009-02-04 19:47:27 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem #2.txt
2009-02-04 19:47:16 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2009-02-04 19:46:58 ----A---- C:\WINDOWS\system32\bscs.ini
2009-02-04 04:41:47 ----D---- C:\temp
2009-02-03 21:43:35 ----D---- C:\Documents and Settings\Tiny One\Application Data\ue_toolbar
2009-02-03 14:51:00 ----D---- C:\Documents and Settings\Tiny One\Application Data\Adobe
2009-02-02 15:07:08 ----RD---- R:\Program Files\Games
2009-02-01 17:45:20 ----D---- R:\Program Files\WebPosition 4
2009-02-01 13:16:57 ----SHD---- C:\WINDOWS\Installer
2009-02-01 13:11:52 ----D---- C:\wamp
2009-01-30 12:38:06 ----RSD---- C:\WINDOWS\Fonts
2009-01-30 05:20:38 ----D---- C:\Documents and Settings\Tiny One\Application Data\Alien Skin
2009-01-30 05:19:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-29 17:57:57 ----SHD---- C:\Config.Msi
2009-01-29 17:57:54 ----D---- C:\WINDOWS\Help
2009-01-29 17:57:53 ----D---- C:\WINDOWS\WinSxS
2009-01-29 17:53:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-29 11:26:27 ----D---- C:\WINDOWS\system32\dllcache
2009-01-29 10:40:53 ----AD---- C:\QooBox
2009-01-29 10:40:52 ----D---- C:\WINDOWS\system32\drivers
2009-01-29 10:33:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-29 10:30:14 ----N---- C:\WINDOWS\system.ini
2009-01-29 10:22:08 ----D---- C:\WINDOWS\system32\config
2009-01-29 10:21:07 ----D---- C:\WINDOWS\ERDNT
2009-01-29 10:20:01 ----D---- C:\WINDOWS\AppPatch
2009-01-28 17:37:51 ----D---- R:\Program Files\EDraw Max
2009-01-28 17:29:43 ----D---- R:\Program Files\Graphics
2009-01-28 06:34:56 ----D---- R:\Program Files\Axialis
2009-01-27 22:40:00 ----D---- R:\Program Files\WebcamMax
2009-01-26 13:08:07 ----A---- C:\WINDOWS\PHPRunner.INI
2009-01-25 00:54:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-24 22:24:32 ----HD---- R:\Program Files\InstallShield Installation Information
2009-01-24 13:15:58 ----D---- R:\Program Files\SUPERAntiSpyware
2009-01-24 02:52:48 ----RD---- C:\Program Files
2009-01-24 01:02:32 ----D---- R:\Program Files\Malwarebytes' Anti-Malware
2009-01-24 00:58:05 ----D---- R:\Program Files\Opera 9.5
2009-01-23 23:37:52 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-23 23:37:52 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-23 23:37:52 ----A---- C:\WINDOWS\system32\java.exe
2009-01-23 23:37:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-23 23:37:49 ----D---- R:\Program Files\Java
2009-01-23 23:15:37 ----D---- R:\Program Files\Safari
2009-01-23 16:46:33 ----D---- R:\Program Files\Microsoft Silverlight
2009-01-23 16:13:55 ----D---- R:\Program Files\uTorrent
2009-01-23 13:37:59 ----HD---- C:\WINDOWS\inf
2009-01-23 11:47:59 ----D---- R:\Program Files\Utilities
2009-01-23 11:02:06 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-01-22 14:31:47 ----D---- C:\TempCdrv
2009-01-22 13:48:22 ----D---- C:\Program Files\Common Files\onOne Software Shared
2009-01-22 10:33:28 ----D---- R:\Program Files\Adobe
2009-01-22 06:43:01 ----D---- C:\Program Files\Common Files\Adobe
2009-01-19 02:10:06 ----D---- C:\WINDOWS\system32\QuickTime
2009-01-17 03:18:08 ----D---- C:\WINDOWS\security
2009-01-17 02:08:49 ----D---- R:\Program Files\IM Tools
2009-01-15 23:06:57 ----A---- C:\WINDOWS\Deskcalc.INI
2009-01-15 17:42:56 ----D---- R:\Program Files\Mozilla Firefox 3 Beta 3
2009-01-15 17:42:56 ----D---- R:\Program Files\Mozilla Firefox
2009-01-15 17:42:55 ----D---- R:\Program Files\Movie Magic Sreenwriting
2009-01-15 17:42:54 ----D---- R:\Program Files\Hide IP Platinum
2009-01-15 17:42:53 ----D---- R:\Program Files\Firefox 2
2009-01-15 00:41:20 ----D---- C:\Documents and Settings\Tiny One\Application Data\Thinstall
2009-01-14 11:38:30 ----D---- C:\Documents and Settings\Tiny One\Application Data\dvdcss
2009-01-13 19:40:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-12 15:24:20 ----D---- R:\Program Files\WinRAR-2008
2009-01-11 15:19:39 ----D---- C:\Documents and Settings\Tiny One\Application Data\Google
2009-01-10 01:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-09 22:45:10 ----D---- R:\Program Files\phpDesigner 2008
2009-01-09 22:34:34 ----RSD---- C:\WINDOWS\assembly
2009-01-08 23:01:11 ----D---- R:\Program Files\Sibelius Software
2009-01-07 07:08:07 ----A---- C:\WINDOWS\system32\aepa-872d09e4-215d-4d6a-b056-515b9c76f5a8.dll
2009-01-06 23:12:11 ----D---- R:\Program Files\Mindjet
2009-01-06 04:36:41 ----D---- R:\Program Files\Eset
2009-01-06 04:33:35 ----D---- R:\Program Files\Zend
2009-01-06 04:00:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-03 06:44:45 ----D---- R:\Program Files\MagicISO
2008-12-31 14:30:39 ----D---- R:\Program Files\Hotspot_Shield
2008-12-24 19:32:29 ----D---- C:\Documents and Settings\Tiny One\Application Data\X-NetStat
2008-12-21 21:04:11 ----D---- R:\Program Files\PHP Expert Editor 4.2
2008-12-21 21:03:21 ----D---- R:\Program Files\PHPRunner4.1
2008-12-21 04:12:35 ----D---- C:\Documents and Settings\Tiny One\Application Data\iMacros
2008-12-20 04:34:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-19 16:41:36 ----D---- C:\WINDOWS\Media
2008-12-18 17:29:10 ----A---- C:\WINDOWS\verypdf.ini
2008-12-18 07:14:43 ----D---- C:\WINDOWS\ie7updates
2008-12-17 10:50:27 ----D---- R:\Program Files\SEO Tools
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 07:34:23 ----D---- R:\Program Files\PowerISO
2008-12-10 21:33:24 ----D---- R:\Program Files\internet explorer
2008-12-10 14:59:56 ----A---- C:\WINDOWS\system32\yr-1aa85d49-5c0a-444e-90af-04ead680cadf.dll
2008-12-08 00:19:59 ----D---- C:\Documents and Settings\All Users\Application Data\Broderbund
2008-12-08 00:17:40 ----D---- R:\Program Files\Utils

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-07-24 9341]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2007-03-12 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-03-12 38576]
R1 MDFSYSNT;MDFSYSNT; C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 213888]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-18 15424]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 SASDIFSV;SASDIFSV; \??\R:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\R:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-14 5632]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-18 512096]
R2 CamthWDM;WebcamMax, WDM Video Capture; C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 935936]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-14 32256]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-02-07 39264]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-02 1972224]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-30 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-13 862922]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-12-13 223128]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2008-06-24 113896]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 SbieDrv;SbieDrv; \??\R:\Program Files\Utilities\SbieDrv.sys []
R3 SOFTXG;YAMAHA XG SoftSynthesizer; C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2002-05-22 966784]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-11-15 179896]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2005-11-30 474184]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-03-12 118064]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-30 30459]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 btusbflt;Bluetooth USB Filter; C:\WINDOWS\system32\drivers\btusbflt.sys [2006-10-30 37296]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-30 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-10-30 47875]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-30 67672]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-07-20 9728]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-08-09 16509]
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SANDRA;SANDRA; \??\R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\WNt500x86\Sandra.sys []
S3 SASENUM;SASENUM; \??\R:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SIWIO;SIWIO; \??\C:\WINDOWS\TEMP\SiwIo.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;Bluetooth HID Port; C:\WINDOWS\system32\drivers\Toshidpt.sys []
S3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys []
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys []
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys []
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USB_RNDIS;Point d'acces Inventel; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2007-03-05 19472]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; R:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-28 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-02 446464]
R2 BlueSoleilCS;BlueSoleilCS; R:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-12-28 1155180]
R2 Bonjour Service;Bonjour Service; R:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; R:\Program Files\Utilities\Bluetooth Software\bin\btwdins.exe [2006-11-11 266295]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
R2 Diskeeper;Diskeeper; R:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-11-22 1333016]
R2 HotspotShieldService;Hotspot Shield Service; R:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-08-27 84440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
R2 NOD32krn;NOD32 Kernel Service; R:\Program Files\Eset\nod32krn.exe [2008-12-18 552064]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; R:\Program Files\Utilities\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-09-01 98488]
R2 SbieSvc;Sandboxie Service; R:\Program Files\Utilities\SbieSvc.exe [2009-01-05 52224]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 BsHelpCS;BsHelpCS; R:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-02-02 520192]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 JavaQuickStarterService;Java Quick Starter; R:\Program Files\Java\jre6\bin\jqs.exe [2009-01-23 152984]
S2 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-12-13 72704]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-24 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; R:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); R:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe [2007-07-06 5730304]
S4 0227491172140703mcinstcleanup;McAfee Application Installer Cleanup (0227491172140703); C:\WINDOWS\TEMP\022749~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-16 230944]
S4 astcc;AST Service; C:\WINDOWS\SYSTEM32\astsrv.exe [2008-05-07 57344]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 InCDsrv;InCD Helper; R:\Program Files\Nero 7\InCD\InCDsrv.exe [2007-03-12 931376]
S4 ioloDMV;iolo DMV Service; R:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [2006-12-07 504424]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); R:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 202544]
S4 winsmss ;Windows Session Manager Services ; C:\WINDOWS\system32\\winsmss.exe []

-----------------EOF-----------------

#15 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 06 February 2009 - 10:27 AM

When running RSIT hijackthis has a problem and couldn't start. Seemed to work OK second time through.

Cheers

LL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users