Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NIghtmare


  • This topic is locked This topic is locked
12 replies to this topic

#1 Barr

Barr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 30 January 2009 - 09:54 PM

Hi all,

Let me just start by thanking you for helping out. I have been so frustrated I could scream.
Here is what happened.

While browing, a Microsoft Windows Malicious Sotware Removal Tool came up (in Portuguese since I was in a portuguese site). It took over
the computer saying it detected an infected file and it was going to reboot the computer. All I could do was to close the box, and watch my computer reboot.
When it came back, a message in Portuguese came up saying Microsoft was cleaning up the files. This message came up upon reboot even before the Windows was fully loaded.


Then, Firefox wouldn't start and the Symantec icon had a sign that it wasn't working.
I immediately proceed to run Malwarebytes. Here is the log:

Malwarebytes' Anti-Malware 1.33
Database version: 1703
Windows 5.1.2600 Service Pack 3

1/28/2009 7:14:42 PM
mbam-log-2009-01-28 (19-14-42).txt

Scan type: Quick Scan
Objects scanned: 60640
Time elapsed: 19 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55fe9fa0-a1a3-44a0-b88e-76ab89f486ab} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55fe9fa0-a1a3-44a0-b88e-76ab89f486ab} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wgaX1.dll (Trojan.BHO) -> Quarantined and deleted successfully.

I cleaned it up Here is the log


Database version: 1703
Windows 5.1.2600 Service Pack 3

1/28/2009 9:27:21 PM
mbam-log-2009-01-28 (21-27-20).txt

Scan type: Quick Scan
Objects scanned: 60920
Time elapsed: 27 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:

Then yesterday it came right back. I got the same message on the desktop saying that the Microsoft Removal Tool found suspcious files and that I needed to reboot my machine. I tried exiting but then the count down for reboot started again.

When it came back up I run Malwarebytes again and came up with this log:

Malwarebytes' Anti-Malware 1.33
Database version: 1707
Windows 5.1.2600 Service Pack 3

1/29/2009 8:25:57 PM
mbam-log-2009-01-29 (20-25-57).txt

Scan type: Quick Scan
Objects scanned: 162
Time elapsed: 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:

______________________________
I am at loss at what to do. I tried:

Reinstalling Firefox
Reinstalling Symantec
Creating another system restore point and cleaning up the files that were there before.

Nothing works.
Right now there are about 25 Microsoft Removal Tool boxes opening. I will need to click ok and it will reboot my computer once again.

Please help...
And here is HijackThis logs from today.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:43 PM, on 1/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows UpdateSP1a.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UP.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\ISABEL BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ISABEL BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Extensão do Navegador - {C6A981A5-46E6-4FDA-BAC5-9FAC3AAEDC35} - C:\WINDOWS\system32\wgaX1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Windows Defender] VSFPNC
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User 'Default user')
O4 - Global Startup: Windows UpdateSP1a.exe
O4 - Global Startup: UP.exe
O4 - Global Startup: Windows UpdateSP2.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180573363875
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wisc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wisc.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wisc.edu
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

--
End of file - 10329 bytes

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:22 PM

Posted 07 February 2009 - 09:48 AM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,Barr. :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:

Step1
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step2

Click Start>Run>copy/paste the following in running box>and click ok

MRT.exe

A window box will prompt, click next, and select Full scan. Let it run. When finished, Please go to C:\Windows\Debug folder. A log file named mrt.log , copy/paste the contents in your next reply.
You can go to Here for your reference.

In your next reply, please post back:

1.MRT log
2.RSIT log.txt and info.txt. Thanks

Edited by sundavis, 07 February 2009 - 11:15 AM.


#3 Barr

Barr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 07 February 2009 - 03:19 PM

Sundavis!
Am I glad to see you!!
And thank you SO much for helping me.

I pasted here the MRT logs, log.txt and info.txt logs.

I could not find mrt.log, only mrt. Looks like there are lots of errors. Not sure if that is what you are looking for. Let me know!


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.2, March 2005
Started On Thu Mar 10 03:00:15 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 10 03:00:21 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.3, April 2005
Started On Wed Apr 13 03:01:44 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 13 03:01:51 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.4, May 2005
Started On Fri May 13 02:38:13 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 13 02:38:24 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.5, June 2005
Started On Tue Jun 14 22:28:48 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 14 22:28:57 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.6, July 2005
Started On Wed Jul 13 07:44:25 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 13 07:44:35 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.7, August 2005
Started On Thu Aug 11 00:37:26 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 11 00:37:37 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.8, September 2005
Started On Wed Sep 14 00:21:50 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 14 00:22:02 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.9, October 2005
Started On Fri Oct 14 02:26:11 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 14 02:26:23 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.10, November 2005
Started On Wed Nov 09 03:00:44 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 09 03:00:59 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.11, December 2005
Started On Thu Dec 15 16:00:26 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 15 16:00:48 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.12, January 2006
Started On Tue Jan 10 18:00:59 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 10 18:01:15 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.13, February 2006
Started On Tue Feb 14 18:00:28 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 14 18:00:44 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.14, March 2006
Started On Wed Mar 15 20:05:36 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 15 20:05:50 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.15, April 2006
Started On Thu Apr 13 01:01:27 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 13 01:01:36 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.16, May 2006
Started On Wed May 10 01:01:48 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 10 01:01:58 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.17, June 2006
Started On Thu Jun 15 18:01:16 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 15 18:01:31 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.18, July 2006
Started On Wed Jul 12 02:21:55 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 12 02:22:04 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.19, August 2006
Started On Fri Aug 11 20:14:10 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 11 20:14:20 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.20, September 2006
Started On Fri Sep 15 18:00:25 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 15 18:00:41 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.21, October 2006
Started On Sat Oct 14 18:00:46 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 14 18:01:04 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.22, November 2006
Started On Wed Nov 15 22:37:58 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 15 22:38:09 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.23, December 2006
Started On Sat Dec 16 10:07:48 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 16 10:08:00 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Sat Jan 13 18:00:28 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 13 18:00:43 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Sat Jan 20 09:14:34 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 20 09:15:04 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.25, February 2007
Started On Thu Feb 15 08:01:09 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 15 08:01:22 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
Started On Wed Mar 14 18:00:51 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 14 18:01:07 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
Started On Thu Apr 12 17:22:19 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 12 17:22:44 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Wed May 09 18:00:42 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 09 18:02:13 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Mon Jun 18 18:02:13 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jun 18 18:03:18 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.31, July 2007
Started On Mon Jul 16 18:05:35 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 16 18:07:05 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.32, August 2007
Started On Tue Aug 14 18:03:16 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 14 18:46:02 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Tue Sep 11 18:01:31 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 11 18:02:30 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
Started On Wed Oct 10 18:27:21 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 18:28:43 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.35, November 2007
Started On Tue Nov 13 23:09:58 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 13 23:11:01 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Wed Dec 12 11:30:17 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 11:31:24 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
Started On Tue Jan 08 18:01:32 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 08 18:02:39 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Tue Feb 12 18:05:55 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 12 18:07:29 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
Started On Tue Mar 11 18:02:04 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 11 18:03:22 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Tue Apr 08 22:40:24 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 08 22:41:33 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.41, May 2008
Started On Thu May 15 22:37:21 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 22:38:38 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.42, June 2008
Started On Wed Jun 11 18:03:41 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 18:04:59 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.0, July 2008
Started On Fri Jul 18 18:07:07 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 18 18:08:53 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.1, August 2008
Started On Wed Aug 13 18:11:19 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 18:13:23 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.2, September 2008
Started On Wed Sep 10 07:38:32 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 07:39:55 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.3, October 2008
Started On Wed Oct 15 23:02:04 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 23:03:16 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
Started On Tue Nov 11 14:10:17 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 11 14:12:28 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.5, December 2008
Started On Fri Dec 12 18:24:33 2008
->Scan ERROR: resource service://TDSSserv.sys (code 0x0000054F (1359))

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
Started On Wed Jan 14 21:41:19 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 21:42:59 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
Started On Thu Jan 29 21:10:25 2009
->Scan ERROR: resource process://pid:6968 (code 0x00000057 (87))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 29 21:25:53 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
Started On Sat Feb 07 10:51:58 2009

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000005 (5))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\system.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\software.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\default.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\SAM.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\SECURITY.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\DEFAULT (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\SECURITY (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\SOFTWARE (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\SYSTEM (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\config\SAM (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\CatRoot2\edb.log (code 0x00000020 (32))
->Scan ERROR: resource file://C:\WINDOWS\system32\CatRoot2\tmp.edb (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\NetworkService\ntuser.dat.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\NetworkService\NTUSER.DAT (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\LocalService\ntuser.dat.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\LocalService\NTUSER.DAT (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\ntuser.dat.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\ntuser.dat (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\Local Settings\Temp\etilqs_rXpNRBdUGTdtXYajD6CI (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\Local Settings\Temp\TMP00000001F331A4FA762AB79A (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\Application Data\Mozilla\Firefox\Profiles\q2frtvjm.default\parent.lock (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\Application Data\Mozilla\Firefox\Profiles\q2frtvjm.default\places.sqlite-journal (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\Isabel Barr\Application Data\Shutterfly\Studio\app_log--02-07-09--12-10-14.log (code 0x00000020 (32))
No infection found as part of the extended scan

Results Summary:
----------------
No infection found.



log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Isabel Barr at 2009-02-07 10:47:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 60 GB (54%) free of 112 GB
Total RAM: 479 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:21 AM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UP.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\avg.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\avast4.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msnmsgr_.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Isabel Barr\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Isabel Barr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\ISABEL BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ISABEL BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Extensão do Navegador - {A6AF2014-BBD7-4E5D-91EE-26CCC37A3DDE} - C:\WINDOWS\system32\wgaX3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Windows Defender] VSFPNC
O4 - HKLM\..\RunOnce: [Windows Update SP3] C:\WINDOWS\system32\UP03.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User 'Default user')
O4 - Global Startup: UP.exe
O4 - Global Startup: avg.exe
O4 - Global Startup: avast4.exe
O4 - Global Startup: msnmsgr_.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180573363875
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wisc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wisc.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wisc.edu
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

--
End of file - 8570 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Isabel Barr.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Isabel Barr.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}]
MySearch Search Assistant BHO - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6AF2014-BBD7-4E5D-91EE-26CCC37A3DDE}]
Extensão do Navegador - C:\WINDOWS\system32\wgaX3.dll [2009-02-07 1006592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2004-08-21 708608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"=C:\WINDOWS\System32\sistray.EXE [2002-11-17 303104]
"UMonit"=C:\WINDOWS\System32\umonit.exe [2003-04-21 49152]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]
"Windows Defender"=VSFPNC []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows Update SP3"=C:\WINDOWS\system32\UP03.exe [2009-02-07 232448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ShutterflyStudio"=C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe [2008-05-06 2500096]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3DMouse]
C:\PROGRA~1\3DMouse\3DMouse.EXE [2002-03-27 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ansjgcds]
C:\WINDOWS\System32\xaocjr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atari Launcher 2]
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe [2001-05-22 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe [2001-05-22 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxvankhb]
C:\WINDOWS\System32\emtvvjpq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW ControlCenter]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2003-03-12 836096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LapLink Scheduler]
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe [2003-07-28 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe [2003-06-13 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-03-07 5181440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvid]
C:\WINDOWS\System32\ronkhnjg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
C:\WINDOWS\system32\pctspk.exe [2002-07-09 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe [2003-05-28 394240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
C:\WINDOWS\System32\bridge.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shicoxp]
C:\WINDOWS\shicoxp.exe [2003-05-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\System32\khooker.exe [2002-09-24 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
c:\freescan\freescan.exe -FastScan []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray]
C:\WINDOWS\System32\a.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
C:\Program Files\Common files\updmgr\updmgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp3\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-04-03 777424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe [2004-08-06 2502656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
C:\PROGRA~1\Quicken\billmind.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe [2003-04-10 1450047]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Lifeline.lnk]
C:\PROGRA~1\DIGITA~1\bin\mpbtn.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
C:\PROGRA~1\COMMON~1\GMT\GMT.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-03-26 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE [2002-10-21 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Backup Scheduler.lnk]
C:\PROGRA~1\Iomega\IOMEGA~2\dtiom98.exe /sc []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Icons.lnk]
C:\PROGRA~1\Iomega\Tools\IMGICON.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Startup Options.lnk]
C:\PROGRA~1\Iomega\Tools\IMGSTART.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IomegaWare.lnk]
C:\PROGRA~1\Iomega\IOMEGA~1\COMMAN~1.EXE /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iSchedule-it.lnk]
C:\PROGRA~1\INSIGH~1\NETKNO~1\Common\ISCHED~1.EXE /Silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
C:\lotus\organize\easyclip.exe [2001-07-25 87040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
C:\lotus\wordpro\ltsstart.exe [2001-08-14 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
C:\lotus\smartctr\SMARTCTR.EXE [2000-04-25 203776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
C:\lotus\smartctr\SUITEST.EXE [1999-04-23 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetMedia.lnk]
C:\PROGRA~1\NetMedia\Versato.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaDisk+ Schedule Service Controller.lnk]
C:\PROGRA~1\NOVADI~1\SCHEDU~1\schengd.exe [2000-06-09 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaDisk+ Scheduler Tray Control.lnk]
C:\PROGRA~1\NOVADI~1\schtrayd.exe [2000-04-07 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
C:\PROGRA~1\BRODER~1\MAVISB~1\MINIMA~1.EXE [2002-08-30 2392064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
C:\PROGRA~1\Quicken\QWDLLS.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuikSync.lnk]
C:\PROGRA~1\Iomega\QuikSync\QUIKSYNC.EXE NoStartUp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Video Professor.lnk]
C:\PROGRA~1\lesson\FREELE~1.EXE [2003-03-05 2250074]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabel Barr^Start Menu^Programs^Startup^OpenOffice.org 1.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabel Barr^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2004-10-28 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabel Barr^Start Menu^Programs^Startup^Psi.lnk]
C:\PROGRA~1\Psi\psi.exe [2007-10-14 8699392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabel Barr^Start Menu^Programs^Startup^Registration-INSDVD.lnk]
C:\PROGRA~1\Pinnacle\INSTAN~1\SHARED~1\Pixie\RegTool.exe [2002-09-26 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabel Barr^Start Menu^Programs^Startup^SflyMon.lnk]
C:\PROGRA~1\SHUTTE~2\SflyMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
UP.exe
avg.exe
avast4.exe
msnmsgr_.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-04-03 81616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=00040000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\wjview.exe"="C:\WINDOWS\System32\wjview.exe:*:Disabled:Microsoft® VM Command Line Interpreter"
"C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe"="C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe:*:Disabled:WebSavingsfromEbates"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"="C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Netscape\Netscape\Netscp.exe"="C:\Program Files\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape"
"C:\Program Files\Rio\Rio Music Manager\riomm.exe"="C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager"
"C:\WINDOWS\System32\RUNDLL32.EXE"="C:\WINDOWS\System32\RUNDLL32.EXE:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Psi\psi.exe"="C:\Program Files\Psi\psi.exe:*:Enabled:psi"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Polycom\PVX\vvsys.exe"="C:\Program Files\Polycom\PVX\vvsys.exe:*:Enabled:vvsys Application"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2102-12-31 22:00:39 ----A---- C:\WINDOWS\3DMHook.INI
2102-12-31 21:52:57 ----A---- C:\WINDOWS\system32\WINKRNME.DLL
2102-12-31 21:35:16 ----D---- C:\Program Files\v2 Premier
2102-12-31 21:32:36 ----D---- C:\Program Files\3DMouse
2102-12-31 21:31:44 ----D---- C:\3DMouseTemp
2102-12-31 21:28:57 ----A---- C:\WINDOWS\system32\umonit.exe
2102-12-31 21:28:57 ----A---- C:\WINDOWS\system32\geneicon.dll
2102-12-31 21:28:54 ----HD---- C:\Program Files\InstallShield Installation Information
2102-12-31 21:27:55 ----D---- C:\Program Files\VideoProfessor
2102-12-31 21:26:15 ----D---- C:\Program Files\lesson
2102-12-31 21:23:55 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2102-12-31 21:23:55 ----A---- C:\WINDOWS\system32\msyuv.dll
2102-12-31 21:23:55 ----A---- C:\WINDOWS\system32\ksuser.dll
2102-12-31 21:23:55 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2102-12-31 21:18:29 ----A---- C:\WINDOWS\ModemLog_HSP56 MR.txt
2102-12-31 21:16:25 ----SHD---- C:\Recycled
2102-12-31 21:14:19 ----A---- C:\WINDOWS\system32\csamsp.dll
2102-12-31 21:14:17 ----RA---- C:\WINDOWS\system32\ptuninst.exe
2102-12-31 21:14:17 ----RA---- C:\WINDOWS\system32\ptsetup.dll
2102-12-31 21:11:02 ----HD---- C:\WINDOWS\$NtUninstallQ312370$
2102-12-31 21:10:55 ----RA---- C:\WINDOWS\UnSiSUSB.exe
2102-12-31 21:09:04 ----D---- C:\Program Files\SiSLan
2102-12-31 21:06:45 ----A---- C:\WINDOWS\CMISETUP.INI
2102-12-31 21:06:45 ----A---- C:\WINDOWS\CMCDPLAY.INI
2102-12-31 21:06:43 ----A---- C:\WINDOWS\system32\a3d.dll
2102-12-31 21:06:39 ----A---- C:\WINDOWS\CMIUninstall.exe
2102-12-31 21:06:36 ----A---- C:\WINDOWS\CMIRmDriver.dll
2102-12-31 21:04:24 ----RA---- C:\WINDOWS\system32\IDEproperty.dll
2102-12-31 21:01:00 ----A---- C:\WINDOWS\system32\sunistlog.ini
2102-12-31 21:01:00 ----A---- C:\WINDOWS\system32\schecklog.txt
2102-12-31 21:01:00 ----A---- C:\WINDOWS\system32\1_ssetup.ini
2102-12-31 21:00:46 ----D---- C:\Program Files\SiSVGA
2102-12-31 21:00:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2102-12-31 21:00:14 ----A---- C:\WINDOWS\system32\khooker.exe
2102-12-31 21:00:13 ----D---- C:\WINDOWS\system32\trayres
2102-12-31 21:00:11 ----A---- C:\WINDOWS\system32\sistray.exe
2102-12-31 21:00:11 ----A---- C:\WINDOWS\system32\SiSParse.dll
2102-12-31 21:00:11 ----A---- C:\WINDOWS\system32\SiSInst.dll
2102-12-31 21:00:11 ----A---- C:\WINDOWS\system32\sisgl.dll
2102-12-31 21:00:11 ----A---- C:\WINDOWS\system32\SiSApCom.dll
2102-12-31 21:00:10 ----D---- C:\WINDOWS\SiSInf
2102-12-31 21:00:10 ----D---- C:\Program Files\SiS Compatible VGA V2.16a
2102-12-31 21:00:10 ----A---- C:\WINDOWS\system32\sisgrv.dll
2102-12-31 21:00:01 ----N---- C:\WINDOWS\system32\InstFunc.dll
2102-12-31 21:00:01 ----A---- C:\WINDOWS\system32\waitwnd.exe
2102-12-31 21:00:00 ----A---- C:\WINDOWS\system32\setuplib.dll
2102-12-31 20:59:59 ----A---- C:\WINDOWS\IsUninst.exe
2102-12-31 20:59:35 ----D---- C:\WINDOWS\system32\Tools
2102-12-31 20:59:28 ----D---- C:\Program Files\Common Files\InstallShield
2102-12-31 20:56:44 ----SHD---- C:\WINDOWS\Installer
2102-12-31 20:56:36 ----HD---- C:\Program Files\Uninstall Information
2102-12-31 20:56:25 ----SHD---- C:\System Volume Information
2102-12-31 20:56:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2102-12-31 20:53:16 ----D---- C:\WINDOWS\system32\xircom
2102-12-31 20:53:16 ----D---- C:\Program Files\xerox
2102-12-31 20:53:15 ----D---- C:\Program Files\microsoft frontpage
2102-12-31 20:52:57 ----A---- C:\WINDOWS\OEWABLog.txt
2102-12-31 20:52:54 ----A---- C:\WINDOWS\system32\mapi32.dll
2102-12-31 20:52:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2102-12-31 20:52:01 ----RD---- C:\WINDOWS\Offline Web Pages
2102-12-31 20:52:01 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2102-12-31 20:51:55 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2102-12-31 20:51:41 ----D---- C:\WINDOWS\srchasst
2102-12-31 20:51:37 ----D---- C:\WINDOWS\system32\Macromed
2102-12-31 20:51:37 ----D---- C:\WINDOWS\system32\DirectX
2102-12-31 20:51:34 ----D---- C:\Program Files\Movie Maker
2102-12-31 20:51:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2102-12-31 20:51:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2102-12-31 20:51:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2102-12-31 20:51:28 ----A---- C:\WINDOWS\system32\racpldlg.dll
2102-12-31 20:51:28 ----A---- C:\WINDOWS\system32\atrace.dll
2102-12-31 20:51:27 ----A---- C:\WINDOWS\system32\desktop.ini
2102-12-31 20:51:27 ----A---- C:\WINDOWS\desktop.ini
2102-12-31 20:51:25 ----D---- C:\WINDOWS\system32\Restore
2102-12-31 20:51:25 ----D---- C:\Program Files\Windows Media Player
2102-12-31 20:51:25 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2102-12-31 20:51:25 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2102-12-31 20:51:25 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2102-12-31 20:51:24 ----D---- C:\WINDOWS\PCHEALTH
2102-12-31 20:51:24 ----D---- C:\Program Files\NetMeeting
2102-12-31 20:51:24 ----D---- C:\Program Files\Common Files\Services
2102-12-31 20:51:24 ----A---- C:\WINDOWS\system32\acctres.dll
2102-12-31 20:51:22 ----SD---- C:\WINDOWS\Tasks
2102-12-31 20:51:22 ----D---- C:\Program Files\Outlook Express
2102-12-31 20:51:22 ----A---- C:\WINDOWS\system32\isign32.dll
2102-12-31 20:51:22 ----A---- C:\WINDOWS\system32\inetcfg.dll
2102-12-31 20:51:22 ----A---- C:\WINDOWS\system32\icwphbk.dll
2102-12-31 20:51:22 ----A---- C:\WINDOWS\system32\icwdial.dll
2102-12-31 20:51:21 ----D---- C:\Program Files\Common Files\MSSoap
2102-12-31 20:51:21 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2102-12-31 20:51:19 ----D---- C:\Program Files\Internet Explorer
2102-12-31 20:51:19 ----D---- C:\Program Files\Common Files\System
2102-12-31 20:50:56 ----D---- C:\Program Files\ComPlus Applications
2102-12-31 20:50:54 ----A---- C:\WINDOWS\vbaddin.ini
2102-12-31 20:50:54 ----A---- C:\WINDOWS\vb.ini
2102-12-31 20:50:51 ----D---- C:\WINDOWS\Registration
2102-12-31 20:50:24 ----HD---- C:\Program Files\WindowsUpdate
2102-12-31 20:50:24 ----D---- C:\Program Files\Online Services
2102-12-31 20:50:18 ----D---- C:\Program Files\Messenger
2102-12-31 20:50:14 ----D---- C:\Program Files\MSN Gaming Zone
2102-12-31 20:50:14 ----A---- C:\WINDOWS\system32\write.exe
2102-12-31 20:50:10 ----D---- C:\Program Files\Windows NT
2102-12-31 20:50:10 ----A---- C:\WINDOWS\system32\winchat.exe
2102-12-31 20:50:10 ----A---- C:\WINDOWS\system32\sndvol32.exe
2102-12-31 20:50:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
2102-12-31 20:50:10 ----A---- C:\WINDOWS\system32\hypertrm.dll
2102-12-31 20:50:10 ----A---- C:\WINDOWS\system32\hticons.dll
2102-12-31 20:50:10 ----A---- C:\WINDOWS\system32\avwav.dll
2102-12-31 20:50:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2102-12-31 20:50:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2102-12-31 20:50:07 ----A---- C:\WINDOWS\system32\winmine.exe
2102-12-31 20:50:07 ----A---- C:\WINDOWS\system32\sol.exe
2102-12-31 20:50:07 ----A---- C:\WINDOWS\system32\getuname.dll
2102-12-31 20:50:07 ----A---- C:\WINDOWS\system32\charmap.exe
2102-12-31 20:50:07 ----A---- C:\WINDOWS\system32\calc.exe
2102-12-31 20:50:07 ----A---- C:\WINDOWS\mslog.tmp
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\tslabels.ini
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\tskill.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\tscon.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\shadow.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\rwinsta.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\reset.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\regini.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\rdshost.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\mshearts.exe
2102-12-31 20:50:06 ----A---- C:\WINDOWS\system32\freecell.exe
2102-12-31 20:50:05 ----D---- C:\WINDOWS\system32\MsDtc
2102-12-31 20:50:05 ----D---- C:\WINDOWS\system32\Com
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\xolehlp.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\stclient.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\qwinsta.exe
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\qprocess.exe
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\qappsrv.exe
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\mtxex.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\mtxdm.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\msg.exe
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\msdtclog.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\msdtc.exe
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\logoff.exe
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\comrepl.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\comaddin.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\cdmodem.dll
2102-12-31 20:50:05 ----A---- C:\WINDOWS\system32\catsrvps.dll
2102-12-31 20:50:04 ----A---- C:\WINDOWS\system32\comsnap.dll
2102-12-31 20:50:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2102-12-31 20:50:01 ----A---- C:\WINDOWS\system32\servdeps.dll
2102-12-31 20:50:01 ----A---- C:\WINDOWS\system32\mmfutil.dll
2102-12-31 20:50:01 ----A---- C:\WINDOWS\system32\cmprops.dll
2102-12-31 20:49:04 ----A---- C:\WINDOWS\system32\h323log.txt
2102-12-31 20:48:11 ----A---- C:\WINDOWS\system32\usbui.dll
2102-12-31 20:47:16 ----A---- C:\WINDOWS\imsins.BAK
2102-12-31 20:47:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2102-12-31 20:47:11 ----D---- C:\Program Files\Common Files\ODBC
2102-12-31 20:47:11 ----A---- C:\WINDOWS\ODBCINST.INI
2102-12-31 20:47:10 ----D---- C:\Program Files\Common Files\SpeechEngines
2102-12-31 20:47:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2102-12-31 20:47:09 ----D---- C:\Program Files\Common Files
2102-12-31 20:47:09 ----AD---- C:\Program Files
2102-12-31 20:47:06 ----A---- C:\WINDOWS\system32\spxcoins.dll
2102-12-31 20:47:06 ----A---- C:\WINDOWS\system32\irclass.dll
2102-12-31 20:47:06 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2102-12-31 20:47:06 ----A---- C:\WINDOWS\system32\dgsetup.dll
2102-12-31 20:47:06 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2102-12-31 20:47:05 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2102-12-31 20:47:05 ----A---- C:\WINDOWS\TASKMAN.EXE
2102-12-31 20:47:05 ----A---- C:\WINDOWS\notepad.exe
2102-12-31 20:46:59 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2102-12-31 20:46:48 ----D---- C:\WINDOWS\system32\CatRoot2
2102-12-31 20:46:48 ----D---- C:\WINDOWS\system32\CatRoot
2102-12-31 20:46:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2102-12-31 20:46:35 ----A---- C:\WINDOWS\setuplog.txt
2102-12-31 20:46:31 ----D---- C:\Documents and Settings
2102-12-31 20:44:43 ----D---- C:\WINDOWS\WinSxS
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\usmt
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\inetsrv
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\IME
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\3com_dmi
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\3076
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\2052
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\1054
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\1042
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\1041
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\1037
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\1033
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\1031
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\1028
2102-12-31 20:44:43 ----D---- C:\WINDOWS\system32\1025
2102-12-31 20:44:43 ----D---- C:\WINDOWS\mui
2102-12-31 20:44:43 ----D---- C:\WINDOWS\ime
2102-12-31 20:44:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2102-12-31 20:44:42 ----RSD---- C:\WINDOWS\Fonts
2102-12-31 20:44:42 ----RD---- C:\WINDOWS\Web
2102-12-31 20:44:42 ----HD---- C:\WINDOWS\inf
2102-12-31 20:44:42 ----D---- C:\WINDOWS\twain_32
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\wins
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\wbem
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\spool
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\ShellExt
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\Setup
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\ras
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\oobe
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\npp
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\mui
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\icsxml
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\ias
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\export
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\drivers
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\dhcp
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32\config
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system32
2102-12-31 20:44:42 ----D---- C:\WINDOWS\system
2102-12-31 20:44:42 ----D---- C:\WINDOWS\security
2102-12-31 20:44:42 ----D---- C:\WINDOWS\Resources
2102-12-31 20:44:42 ----D---- C:\WINDOWS\repair
2102-12-31 20:44:42 ----D---- C:\WINDOWS\msapps
2102-12-31 20:44:42 ----D---- C:\WINDOWS\msagent
2102-12-31 20:44:42 ----D---- C:\WINDOWS\Media
2102-12-31 20:44:42 ----D---- C:\WINDOWS\java
2102-12-31 20:44:42 ----D---- C:\WINDOWS\Help
2102-12-31 20:44:42 ----D---- C:\WINDOWS\Driver Cache
2102-12-31 20:44:42 ----D---- C:\WINDOWS\Debug
2102-12-31 20:44:42 ----D---- C:\WINDOWS\Cursors
2102-12-31 20:44:42 ----D---- C:\WINDOWS\Connection Wizard
2102-12-31 20:44:42 ----D---- C:\WINDOWS\Config
2102-12-31 20:44:42 ----D---- C:\WINDOWS\AppPatch
2102-12-31 20:44:42 ----D---- C:\WINDOWS\addins
2102-12-31 20:44:42 ----D---- C:\WINDOWS
2102-12-31 20:44:42 ----AD---- C:\WINDOWS\Temp
2102-12-31 20:42:51 ----RASH---- C:\boot.ini
2102-12-31 20:42:50 ----A---- C:\WINDOWS\system32\oeminfo.ini
2102-12-31 20:42:46 ----A---- C:\WINDOWS\vmmreg32.dll
2102-12-31 20:42:46 ----A---- C:\WINDOWS\system32\vga64k.dll
2102-12-31 20:42:46 ----A---- C:\WINDOWS\system32\vga256.dll
2102-12-31 20:42:46 ----A---- C:\WINDOWS\system32\osuninst.exe
2102-12-31 20:42:44 ----RASH---- C:\NTDETECT.COM
2102-12-31 20:42:44 ----A---- C:\WINDOWS\system32\pentnt.exe
2102-12-31 20:42:44 ----A---- C:\WINDOWS\system32\odtext32.dll
2102-12-31 20:42:44 ----A---- C:\WINDOWS\system32\odpdx32.dll
2102-12-31 20:42:44 ----A---- C:\WINDOWS\system32\odfox32.dll
2102-12-31 20:42:44 ----A---- C:\WINDOWS\system32\odexl32.dll
2102-12-31 20:42:44 ----A---- C:\WINDOWS\system32\oddbse32.dll
2102-12-31 20:42:43 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2102-12-31 20:42:43 ----A---- C:\WINDOWS\system32\msrecr40.dll
2102-12-31 20:42:43 ----A---- C:\WINDOWS\system32\msrclr40.dll
2102-12-31 20:42:43 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2102-12-31 20:42:43 ----A---- C:\WINDOWS\system32\msr2c.dll
2102-12-31 20:42:42 ----A---- C:\WINDOWS\system32\migpwd.exe
2102-12-31 20:42:42 ----A---- C:\WINDOWS\system32\lnkstub.exe
2102-12-31 20:42:42 ----A---- C:\WINDOWS\system32\krnl386.exe
2102-12-31 20:42:41 ----A---- C:\WINDOWS\system32\d3dramp.dll
2102-12-31 20:42:41 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2102-12-31 20:42:40 ----A---- C:\WINDOWS\system32\edit.com
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\xcopy.exe
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wstdecod.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wsock32.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\WshRm.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wshisn.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wshext.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wshcon.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wshatm.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wscript.exe
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\ws2help.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\ws2_32.dll
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wpabaln.exe
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wowexec.exe
2102-12-31 20:42:35 ----A---- C:\WINDOWS\system32\wowdeb.exe
2102-12-31 20:42:34 ----A---- C:\WINDOWS\system32\wmiprop.dll
2102-12-31 20:42:34 ----A---- C:\WINDOWS\system32\wmi.dll
2102-12-31 20:42:34 ----A---- C:\WINDOWS\system32\wmdmps.dll
2102-12-31 20:42:34 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2102-12-31 20:42:33 ----N---- C:\WINDOWS\system32\_006053_.tmp.dll
2102-12-31 20:42:33 ----N---- C:\WINDOWS\system32\_006052_.tmp.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\winhelp.exe
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winver.exe
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\wintrust.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winstrm.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winsrv.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winspool.exe
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winsock.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winscard.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winrnr.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winntbbu.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winnls.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winmsd.exe
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winlogon.exe
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winipsec.dll
2102-12-31 20:42:33 ----A---- C:\WINDOWS\system32\winhlp32.exe
2102-12-31 20:42:32 ----N---- C:\WINDOWS\system32\_006055_.tmp.dll
2102-12-31 20:42:32 ----N---- C:\WINDOWS\system32\_006054_.tmp.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\win.ini
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\winfax.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\win87em.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\win.com
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\wifeman.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\wiavusd.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\wiavideo.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\wiashext.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\wiascr.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\wiadefui.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\webhits.dll
2102-12-31 20:42:32 ----A---- C:\WINDOWS\system32\wdigest.dll
2102-12-31 20:42:31 ----A---- C:\WINDOWS\system32\wavemsp.dll
2102-12-31 20:42:31 ----A---- C:\WINDOWS\system32\w32topl.dll
2102-12-31 20:42:31 ----A---- C:\WINDOWS\system32\w32tm.exe
2102-12-31 20:42:31 ----A---- C:\WINDOWS\system32\vssvc.exe
2102-12-31 20:42:31 ----A---- C:\WINDOWS\system32\vssadmin.exe
2102-12-31 20:42:31 ----A---- C:\WINDOWS\system32\vss_ps.dll
2102-12-31 20:42:31 ----A---- C:\WINDOWS\system32\vjoy.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\twunk_32.exe
2102-12-31 20:42:30 ----A---- C:\WINDOWS\twunk_16.exe
2102-12-31 20:42:30 ----A---- C:\WINDOWS\twain_32.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\twain.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\vga.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\vfpodbc.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\version.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\verifier.exe
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\verifier.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\ver.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\vcdex.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\utildll.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\userenv.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\user32.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\user.exe
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\usbmon.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\ureg.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\upnpcont.exe
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\unlodctr.exe
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\uniplat.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\unimdmat.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\ufat.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\typelib.dll
2102-12-31 20:42:30 ----A---- C:\WINDOWS\system32\osuninst.dll
2102-12-31 20:42:29 ----A---- C:\WINDOWS\system32\tsddd.dll
2102-12-31 20:42:29 ----A---- C:\WINDOWS\system32\tsd32.dll
2102-12-31 20:42:29 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2102-12-31 20:42:29 ----A---- C:\WINDOWS\system32\tree.com
2102-12-31 20:42:29 ----A---- C:\WINDOWS\system32\traffic.dll
2102-12-31 20:42:29 ----A---- C:\WINDOWS\system32\tracert6.exe
2102-12-31 20:42:29 ----A---- C:\WINDOWS\system32\toolhelp.dll
2102-12-31 20:42:29 ----A---- C:\WINDOWS\system32\tftp.exe
2102-12-31 20:42:28 ----N---- C:\WINDOWS\system32\storage.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\termmgr.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tcpmon.ini
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tcpmon.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tcpmib.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\taskman.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tapiui.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tapiperf.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tapi3.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\tapi.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\t2embed.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\systray.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\syskey.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\sysinv.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\sysedit.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\syncui.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\synceng.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\syncapp.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\swprv.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\svcpack.dll
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\svchost.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\subst.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system32\stimon.exe
2102-12-31 20:42:28 ----A---- C:\WINDOWS\system.ini
2102-12-31 20:42:27 ----N---- C:\WINDOWS\system32\_006062_.tmp.dll
2102-12-31 20:42:27 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2102-12-31 20:42:27 ----A---- C:\WINDOWS\system32\sqlwid.dll
2102-12-31 20:42:27 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2102-12-31 20:42:27 ----A---- C:\WINDOWS\system32\sprestrt.exe
2102-12-31 20:42:27 ----A---- C:\WINDOWS\system32\spoolsv.exe
2102-12-31 20:42:26 ----N---- C:\WINDOWS\system32\_006064_.tmp.dll
2102-12-31 20:42:26 ----N---- C:\WINDOWS\system32\_006063_.tmp.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\sort.exe
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\softpub.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\slbiop.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\slbcsp.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\skdll.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\sisbkup.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\shutdown.exe
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\shscrap.dll
2102-12-31 20:42:26 ----A---- C:\WINDOWS\system32\shrpubw.exe
2102-12-31 20:42:25 ----N---- C:\WINDOWS\system32\_006067_.tmp.dll
2102-12-31 20:42:25 ----N---- C:\WINDOWS\system32\_006065_.tmp.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\shell.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\shdoclc.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\share.exe
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\sfmapi.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\sfc.exe
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\sfc.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\setver.exe
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\setupdll.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\sethc.exe
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\services.msc
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\serialui.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\senscfg.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\sendmail.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\security.dll
2102-12-31 20:42:25 ----A---- C:\WINDOWS\system32\seclogon.dll
2102-12-31 20:42:24 ----N---- C:\WINDOWS\system32\_006072_.tmp.dll
2102-12-31 20:42:24 ----N---- C:\WINDOWS\system32\_006071_.tmp.dll
2102-12-31 20:42:24 ----N---- C:\WINDOWS\system32\_006068_.tmp.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\sdpblb.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\scrrun.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\scrobj.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\scripto.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\scredir.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\scardssp.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\scarddlg.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\sc.exe
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rundll32.exe
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\runas.exe
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rtutils.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rtm.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsvp.ini
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsvp.exe
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsmui.exe
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsmsink.exe
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsmps.dll
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsm.exe
2102-12-31 20:42:24 ----A---- C:\WINDOWS\system32\rsh.exe
2102-12-31 20:42:23 ----N---- C:\WINDOWS\system32\_006078_.tmp.dll
2102-12-31 20:42:23 ----N---- C:\WINDOWS\system32\_006076_.tmp.dll
2102-12-31 20:42:23 ----N---- C:\WINDOWS\system32\_006075_.tmp.dll
2102-12-31 20:42:23 ----N---- C:\WINDOWS\system32\_006074_.tmp.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rpcns4.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\routetab.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\routemon.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\route.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rnr20.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\riched32.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rexec.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\resutils.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\replace.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rend.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\regwizc.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\regwiz.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\regsvr32.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\regsvc.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\regedt32.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\recover.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rcp.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasser.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasrad.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasphone.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasmxs.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasmontr.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasdial.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasctrs.ini
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasctrs.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasautou.exe
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\qosname.dll
2102-12-31 20:42:23 ----A---- C:\WINDOWS\system32\drprov.dll
2102-12-31 20:42:22 ----R---- C:\WINDOWS\system32\perfmon.msc
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\qedwipes.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\qdv.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\qasf.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\pubprn.vbs
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\pstorec.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\psnppagn.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\pschdprf.ini
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\pschdprf.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\proquota.exe
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\progman.exe
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\profmap.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\prodspec.ini
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\print.exe
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\powrprof.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\polstore.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\pmspl.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\plustab.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\ping6.exe
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\pifmgr.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\photowiz.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perfwci.ini
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perfts.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perfproc.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perfos.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perfnet.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perfmon.exe
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perffilt.ini
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perfdisk.dll
2102-12-31 20:42:22 ----A---- C:\WINDOWS\system32\perfci.ini
2102-12-31 20:42:21 ----N---- C:\WINDOWS\system32\_006082_.tmp.dll
2102-12-31 20:42:21 ----N---- C:\WINDOWS\system32\_006081_.tmp.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\pathping.exe
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\panmap.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\olethk32.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\olesvr32.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\olesvr.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\olepro32.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\oledlg.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\olecli32.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\olecli.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\oleacc.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\ole2nls.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\ole2disp.dll
2102-12-31 20:42:21 ----A---- C:\WINDOWS\system32\ole2.dll
2102-12-31 20:42:20 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2102-12-31 20:42:20 ----A---- C:\WINDOWS\system32\odbcji32.dll
2102-12-31 20:42:20 ----A---- C:\WINDOWS\system32\odbcint.dll
2102-12-31 20:42:20 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2102-12-31 20:42:20 ----A---- C:\WINDOWS\system32\ocmanage.dll
2102-12-31 20:42:20 ----A---- C:\WINDOWS\system32\occache.dll
2102-12-31 20:42:20 ----A---- C:\WINDOWS\system32\objsel.dll
2102-12-31 20:42:19 ----N---- C:\WINDOWS\system32\_006087_.tmp.dll
2102-12-31 20:42:19 ----N---- C:\WINDOWS\system32\_006086_.tmp.dll
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntsdexts.dll
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntsd.exe
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntlanui.dll
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2102-12-31 20:42:19 ----A---- C:\WINDOWS\system32\notepad.exe
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netui2.dll
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netui1.dll
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netui0.dll
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netstat.exe
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netsh.exe
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netrap.dll
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netmsg.dll
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netid.dll
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\neth.dll
2102-12-31 20:42:18 ----A---- C:\WINDOWS\system32\netevent.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\netapi.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\nddeapir.exe
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\nddeapi.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\nbtstat.exe
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\narrhook.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\mydocs.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\mycomput.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\msxmlr.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\msxml3r.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\msxml2r.dll
2102-12-31 20:42:17 ----A---- C:\WINDOWS\system32\msxml.dll
2102-12-31 20:42:16 ----N---- C:\WINDOWS\system32\_006089_.tmp.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\mswsock.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\mswmdm.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msw3prt.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msvideo.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msvidc32.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msvcp50.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msvcirt.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msswchx.exe
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msswch.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\mssip32.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\mssign32.dll
2102-12-31 20:42:16 ----A---- C:\WINDOWS\system32\msratelc.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msprivs.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msports.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\mspatcha.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msorc32r.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msobjs.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msls31.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msisip.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msimsg.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msidntld.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\msidle.dll
2102-12-31 20:42:15 ----A---- C:\WINDOWS\system32\mshta.exe
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msgina.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msencode.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msdmo.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\mscpxl32.dLL
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\mscat32.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msaudite.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msasn1.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msapsspc.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msafd.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msacm32.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msacm.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\system32\msaatext.dll
2102-12-31 20:42:14 ----A---- C:\WINDOWS\msdfmap.ini
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mrinfo.exe
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mprui.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mprmsg.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mprdim.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mprddm.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mprapi.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mpr.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mpnotify.exe
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mountvol.exe
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\more.com
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\modex.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\modemui.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mode.com
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mobsync.exe
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mmutilse.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mmsystem.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mmdrv.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mmcshext.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mmcbase.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mmc.exe
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mll_qic.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mll_hp.dll
2102-12-31 20:42:13 ----A---- C:\WINDOWS\system32\mlang.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\mimefilt.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\miglibnt.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\midimap.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\mfc42u.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\mfc42.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\mfc40u.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\mfc40.dll
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\mem.exe
2102-12-31 20:42:12 ----A---- C:\WINDOWS\system32\mdminst.dll
2102-12-31 20:42:11 ----N---- C:\WINDOWS\system32\_006095_.tmp.dll
2102-12-31 20:42:11 ----N---- C:\WINDOWS\system32\_006094_.tmp.dll
2102-12-31 20:42:11 ----N---- C:\WINDOWS\system32\_006092_.tmp.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mdhcp.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mciwave.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mciseq.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mciole32.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mciole16.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mcicda.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mciavi32.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mcd32.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mcastmib.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mapistub.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\makecab.exe
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\mag_hook.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lzexpand.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lz32.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lsass.exe
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lprmonui.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lprhelp.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lpr.exe
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lpq.exe
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lpk.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\loghours.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\lodctr.exe
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\localsec.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\loadperf.dll
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\loadfix.com
2102-12-31 20:42:11 ----A---- C:\WINDOWS\system32\keymgr.dll
2102-12-31 20:42:10 ----N---- C:\WINDOWS\system32\_006097_.tmp.dll
2102-12-31 20:42:10 ----N---- C:\WINDOWS\system32\_006096_.tmp.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\linkinfo.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\lights.exe
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\langwrbk.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\label.exe
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kdcom.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdycl.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdycc.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbduzb.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdusx.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdusr.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdusl.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdus.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdur.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbduk.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdtuq.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdtuf.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdtat.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdsw.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdsp.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdsl.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdsg.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdsf.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdru1.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdru.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdro.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdpo.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdpl.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdno.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdnec.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdne.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdmon.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdmac.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdlv1.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdlv.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdlt1.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdlt.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdla.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdkyr.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdkaz.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdit142.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdit.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdir.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdic.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdhu.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdhept.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdhela3.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdhela2.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdhe319.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdhe220.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdhe.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdgr1.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdgr.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdgkl.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdgae.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdfr.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdfo.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdfi.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdfc.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdest.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdes.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbddv.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdda.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdcz2.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdcz1.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdcz.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdcr.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdcan.dll
2102-12-31 20:42:10 ----A---- C:\WINDOWS\system32\kbdca.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\kbdbu.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\kbdbr.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\kbdblr.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\kbdbene.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\kbdbe.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\kbdazel.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\kbdaze.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\kb16.com
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jsproxy.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jobexec.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jgsh400.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jgsd400.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jgpl400.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jgmd400.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jgdw400.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jgaw400.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\jet500.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ir32_32.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipxwan.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipxsap.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipxroute.exe
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipxrip.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipsec6.exe
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\iprtprio.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\iprop.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\ipmontr.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\iologmsg.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\initpki.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\infosoft.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\inetppui.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\inetpp.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\inetmib1.dll
2102-12-31 20:42:09 ----A---- C:\WINDOWS\system32\inetcplc.dll
2102-12-31 20:42:08 ----N---- C:\WINDOWS\system32\_006098_.tmp.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\ifsutil.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\ifmon.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iexpress.exe
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iernonce.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\ieakui.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\icmui.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\icmp.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iccvid.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iassvcs.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iassdo.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iassam.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iasrecst.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iasrad.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iasnap.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iashlpr.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iasads.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\iasacct.dll
2102-12-31 20:42:08 ----A---- C:\WINDOWS\system32\htui.dll
2102-12-31 20:42:07 ----A---- C:\WINDOWS\system32\hotplug.dll
2102-12-31 20:42:07 ----A---- C:\WINDOWS\system32\hostname.exe
2102-12-31 20:42:07 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2102-12-31 20:42:07 ----A---- C:\WINDOWS\system32\hnetmon.dll
2102-12-31 20:42:07 ----A---- C:\WINDOWS\system32\hlink.dll
2102-12-31 20:42:07 ----A---- C:\WINDOWS\system32\help.exe
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\grpconv.exe
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\graphics.com
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\graftabl.com
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\glu32.dll
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\glmf32.dll
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\gdi32.dll
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\gdi.exe
2102-12-31 20:42:06 ----A---- C:\WINDOWS\system32\gcdef.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\ftsrch.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fsutil.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fsusd.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\forcedos.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fontsub.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fontext.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fmifs.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fixmapi.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\finger.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\findstr.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\find.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\filemgmt.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\feclient.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fc.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\fastopen.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\exts.dll
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\extrac32.exe
2102-12-31 20:42:05 ----A---- C:\WINDOWS\system32\expand.exe
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\exe2bin.exe
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\eventvwr.msc
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\eventvwr.exe
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\eventcls.dll
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\eula.txt
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\esentutl.exe
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\esentprf.ini
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\esentprf.dll
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\esent97.dll
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\esent.dll
2102-12-31 20:42:04 ----A---- C:\WINDOWS\system32\edlin.exe
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dx8vb.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dx7vb.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dswave.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dsuiext.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dssec.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dsound3d.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dsound.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dskquoui.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dskquota.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dsdmo.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\dsauth.dll
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2102-12-31 20:42:03 ----A---- C:\WINDOWS\system32\drwatson.exe
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpwsock.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpvvox.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpvacm.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpserial.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2102-12-31 20:41:58 ----A---- C:\WINDOWS\system32\dplay.dll
2102-12-31 20:41:57 ----N---- C:\WINDOWS\system32\_006102_.tmp.dll
2102-12-31 20:41:57 ----N---- C:\WINDOWS\system32\_006101_.tmp.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dosx.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\doskey.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\docprop.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmsynth.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmserver.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmremote.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmocx.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmintf.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmdskres.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmconfig.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dmadmin.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dllhost.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dispex.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\diskperf.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\diskpart.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\diskcopy.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\diskcopy.com
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\diskcomp.com
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dimap.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\diantz.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\diactfrm.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dfrgres.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dfrg.msc
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\devmgmt.msc
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\devenum.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\deskperf.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\deskmon.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\deskadp.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\debug.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\ddrawex.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\ddeshare.exe
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\ddeml.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dciman32.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dbgeng.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\davclnt.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\datime.dll
2102-12-31 20:41:57 ----A---- C:\WINDOWS\system32\dataclen.dll
2102-12-31 20:41:56 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
2102-12-31 20:41:56 ----N---- C:\WINDOWS\system32\_006103_.tmp.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\d3dxof.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\d3drm.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\d3dim700.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\d3dim.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\csseqchk.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\csrss.exe
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\cscript.exe
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\cscdll.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\cryptnet.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\cryptext.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\cryptdll.dll
2102-12-31 20:41:56 ----A---- C:\WINDOWS\system32\crtdll.dll
2102-12-31 20:41:55 ----N---- C:\WINDOWS\system32\comcat.dll
2102-12-31 20:41:55 ----N---- C:\WINDOWS\system32\_006105_.tmp.dll
2102-12-31 20:41:55 ----N---- C:\WINDOWS\system32\_006104_.tmp.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\corpol.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\convert.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\control.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\console.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\confmsp.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\comres.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\compstui.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\compobj.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\compmgmt.msc
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\compact.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\comp.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\commdlg.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\command.com
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cnvfat.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cmutil.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cmstp.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cmmon32.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\clipsrv.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cliconfg.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cliconfg.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\clb.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\ckcnv.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cisvc.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cidaemon.exe
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\cic.dll
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\ciadv.msc
2102-12-31 20:41:55 ----A---- C:\WINDOWS\system32\ciadmin.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\tourstart.exe
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\shellstyle.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\chkntfs.exe
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\chkdsk.exe
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\chcp.com
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\certmgr.msc
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\certmgr.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\cdosys.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\cdfview.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\cards.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\capesnpn.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\camocx.dll
2102-12-31 20:41:54 ----A---- C:\WINDOWS\system32\cabview.dll
2102-12-31 20:41:53 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2102-12-31 20:41:53 ----A---- C:\WINDOWS\system32\bootvid.dll
2102-12-31 20:41:53 ----A---- C:\WINDOWS\system32\bootok.exe
2102-12-31 20:41:53 ----A---- C:\WINDOWS\system32\blackbox.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\bidispl.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\batmeter.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\basesrv.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\avifile.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\avicap32.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\avicap.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\autofmt.exe
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\autodisc.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\authz.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\attrib.exe
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\atmlib.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\atmfd.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\atmadm.exe
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\atkctrs.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\asycfilt.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\arp.exe
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\append.exe
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\apcups.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\amstream.dll
2102-12-31 20:41:52 ----A---- C:\WINDOWS\system32\alrsvc.dll
2102-12-31 20:41:51 ----N---- C:\WINDOWS\system32\_006110_.tmp.dll
2102-12-31 20:41:51 ----A---- C:\WINDOWS\system32\adptif.dll
2102-12-31 20:41:51 ----A---- C:\WINDOWS\system32\admparse.dll
2102-12-31 20:41:51 ----A---- C:\WINDOWS\system32\actxprxy.dll
2102-12-31 20:41:51 ----A---- C:\WINDOWS\system32\actmovie.exe
2102-12-31 20:41:51 ----A---- C:\WINDOWS\system32\activeds.dll
2102-12-31 20:41:51 ----A---- C:\WINDOWS\system32\aclui.dll
2102-12-31 20:41:51 ----A---- C:\WINDOWS\system32\acledit.dll
2102-12-31 20:41:51 ----A---- C:\WINDOWS\system32\aaaamon.dll
2102-12-31 20:40:06 ----D---- C:\WINDOWS\I386
2009-02-07 10:47:11 ----D---- C:\rsit
2009-02-07 06:12:30 ----A---- C:\WINDOWS\system32\Avast4Need07.02.09UPOK.ini
2009-02-07 06:12:29 ----A---- C:\WINDOWS\system32\AVG8Need07.02.09UPOK.ini
2009-02-07 06:12:20 ----A---- C:\WINDOWS\system32\wgaX3.dll
2009-02-07 06:12:20 ----A---- C:\WINDOWS\system32\snengine.exe
2009-02-07 06:12:20 ----A---- C:\WINDOWS\system32\snagos.exe
2009-02-06 16:02:10 ----A---- C:\WINDOWS\system32\wrm06.02.09UP.ini
2009-02-06 16:02:08 ----A---- C:\WINDOWS\system32\msnmsgr_.exe
2009-02-06 16:02:02 ----A---- C:\WINDOWS\system32\UP04.EXE
2009-02-06 16:01:10 ----A---- C:\WINDOWS\BOOTFEN02.BAK
2009-02-06 16:01:09 ----A---- C:\WINDOWS\BOOTSEEN02.BAK
2009-02-06 15:58:44 ----A---- C:\WINDOWS\system32\Windows UpdateSP3.exe
2009-02-06 15:58:06 ----A---- C:\WINDOWS\BOOTFEN01.BAK
2009-02-06 15:54:53 ----A---- C:\WINDOWS\BOOTSEEN01.BAK
2009-02-06 06:40:46 ----A---- C:\WINDOWS\system32\Avast4Need06.02.09UPOK.ini
2009-02-06 06:40:45 ----A---- C:\WINDOWS\system32\AVG8Need06.02.09UPOK.ini
2009-02-06 06:40:45 ----A---- C:\WINDOWS\system32\avast4.exe
2009-02-06 06:40:44 ----A---- C:\WINDOWS\system32\avg.exe
2009-02-06 06:40:43 ----A---- C:\WINDOWS\system32\Firefox.exe
2009-02-06 06:40:38 ----A---- C:\WINDOWS\system32\UP03.EXE
2009-01-31 09:50:02 ----A---- C:\WINDOWS\BOOTSEEK02.BAK
2009-01-31 09:46:46 ----RA---- C:\WINDOWS\system32\sshib.dll
2009-01-31 09:46:46 ----RA---- C:\WINDOWS\system32\scpsssh2.dll
2009-01-31 09:46:46 ----RA---- C:\WINDOWS\system32\scpMIB.dll
2009-01-31 09:43:44 ----A---- C:\WINDOWS\BOOTSEEK01.BAK
2009-01-31 01:35:45 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-30 20:04:39 ----A---- C:\WINDOWS\system32\scpLIB.dll
2009-01-30 20:04:26 ----A---- C:\WINDOWS\system32\gb.dll
2009-01-29 22:11:55 ----D---- C:\Program Files\Trend Micro
2009-01-28 20:49:10 ----D---- C:\Symantec_Endpoint_Protection11.0.2000
2009-01-28 19:36:10 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-28 19:36:06 ----D---- C:\Program Files\MSBuild
2009-01-28 19:35:58 ----D---- C:\Program Files\Reference Assemblies
2009-01-28 19:34:40 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-01-28 19:34:40 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-01-28 19:34:39 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-01-28 19:34:37 ----D---- C:\25f1592db4a70eb825e61a3dfa2b
2009-01-28 17:31:51 ----A---- C:\WINDOWS\WindowsUpdateSP1.exe
2009-01-21 22:13:44 ----D---- C:\Documents and Settings\Isabel Barr\Application Data\Malwarebytes
2009-01-21 22:13:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-21 22:13:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-15 21:39:42 ----D---- C:\Documents and Settings\All Users\Application Data\2A35B
2009-01-14 21:43:20 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 22:11:44 ----D---- C:\Documents and Settings\All Users\Application Data\2C2FD
2009-01-12 20:41:40 ----D---- C:\Documents and Settings\All Users\Application Data\282CE
2009-01-11 17:47:29 ----D---- C:\Cisco Systems
2009-01-10 08:43:44 ----D---- C:\Documents and Settings\All Users\Application Data\2C186
2009-01-08 22:12:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

======List of files/folders modified in the last 1 months======

2102-12-31 21:06:46 ----A---- C:\WINDOWS\WinInit.ini.backup
2102-12-31 20:56:44 ----D---- C:\Documents and Settings\Isabel Barr\Application Data\Identities
2102-12-31 20:47:00 ----ASH---- C:\Documents and Settings\Isabel Barr\Application Data\desktop.ini
2102-12-31 20:46:44 ----SD---- C:\Documents and Settings\Isabel Barr\Application Data\Microsoft
2009-02-06 22:32:02 ----A---- C:\WINDOWS\lexstat.ini
2009-01-31 08:43:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-25 20:38:54 ----A---- C:\WINDOWS\iPlayer.INI
2009-01-11 13:09:34 ----A---- C:\WINDOWS\nprk32.INI
2009-01-09 19:35:28 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-01-01 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-01-01 23436]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2003-03-19 10496]
R1 sonypvf2;sonypvf2; C:\WINDOWS\system32\drivers\sonypvf2.sys [2003-08-20 635012]
R1 sonypvt2;sonypvt2; C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 431236]
R1 vobcom;vobcom; C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 9728]
R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2003-05-27 187392]
R2 BT848;CxVCap, WDM Video Capture; C:\WINDOWS\system32\drivers\cxvcap.sys [2002-08-14 60843]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 CXTUNER;CxTuner, WDM TvTuner; C:\WINDOWS\system32\drivers\CXTUNER.sys [2002-08-14 25421]
R2 CXXBAR;CxXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\CXXBAR.sys [2002-08-14 8203]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 PMEM;PMEM; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2002-04-17 11264]
R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2002-12-13 64000]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2002-08-26 138916]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\System32\DRIVERS\ptserial.sys [2002-07-08 131676]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-03-27 390144]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys []
S1 sonypvd2;sonypvd2; C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-04-10 5088]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2003-04-21 6016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 plcmusb;Polycom ViaVideo; C:\WINDOWS\System32\Drivers\plcmusb.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2003-04-10 1413184]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-07-17 307200]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-14 170640]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 ZipToA;ZipToA; C:\WINDOWS\System32\ZipToA.exe [2000-01-13 348160]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.05 2009-02-07 10:47:29

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D-Mouse-->C:\WINDOWS\UnInst32.exe 3DMouse.UNI
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atari Anniversary Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames\Atari Anniversary Edition\Uninst.isu"
ATECH FLASH PRO-IX Driver (Rev1.00)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAFD21CB-7882-4ED2-8270-508F564221A8}\Setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CasProg-->C:\WINDOWS\System32\uinst_cp.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Citrix ICA Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Finding Nemo: Nemo's Underwater World of Fun Special Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90} NemoUWF2Uninstall
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Generic USB Mass Storage Patch Driver-->C:\WINDOWS\temp\fixustor\remove.exe
Global Operations-->C:\Program Files\InstallShield Installation Information\{ED5AACB5-F387-4DF0-961D-C2E5EA8702CF}\setup.exe -l0x9 Uninstall
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HSP56 MR Drivers-->ptuninst.exe
ImageMixer for Sony DVD Handycam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD350FC2-A972-427D-800B-A2D200ACFF41}\Setup.exe" -l0x9
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_02-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142020}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 3100 Series-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBRUN5C.EXE -dLexmark 3100 Series
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lotus NotesSQL 3.01 driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{113EECD6-9A04-11D4-811D-00805F923B86}\Setup.exe" -uninst
Lotus SmartSuite - English-->MsiExec.exe /I{536D6172-7453-7569-7465-392E37300409}
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Blaster Ages 9-12-->E:\setup.exe -funMb9_12.ins
Mavis Beacon Teaches Typing 15-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}\SETUP.EXE" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Excel Viewer 97-->C:\Program Files\XLView\setup\setup.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Zoo Tycoon-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
MicroStaff WINASPI-->C:\MWASPI\uninst.exe
Mini Golf Master-->C:\PROGRA~1\EGAMES\MINIGO~1\UNWISE.EXE C:\PROGRA~1\EGAMES\MINIGO~1\INSTALL.LOG
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Monopoly Casino-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames\Monopoly Casino\ScouUnin.isu"
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Muppets Inside Muppetizer-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
Muppets Inside-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Starwave\Muppets Inside\DeIsL1.isu"
My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NASCAR Heat-->"C:\Program Files\Hasbro Interactive\NASCAR Heat\NHeat.exe" -uninstall
Netscape (7.2)-->C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
NovaDisk+ - AntiVirus Update-->C:\Program Files\NovaDisk+\UNINSTALL.EXE
NovaDisk-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C3B9463-E882-11D3-BF71-00C04FA0D6AE}\setup.exe"
Personal RecordKeeper-->C:\WINDOWS\iun3401.exe C:\Program Files\Personal RecordKeeper 5
Pinnacle InstantCD/DVD Suite-->MsiExec.exe /I{A8A7ACEF-A7AF-4129-9BC1-4F33A4C31EEC}
Polar WebLink 2.2-->MsiExec.exe /I{8F3A86B6-DDE1-493B-B52E-FE81C8DBEA66}
Psi (remove only)-->C:\Program Files\Psi\uninstall.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Reading Blaster 2000-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Davidson\RB2000\DeIsL1.isu"
Roll-->C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Roxio PhotoSuite 5-->MsiExec.exe /I{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Scholastic's I SPY-->C:\PROGRA~1\SCHOLA~1\ISPY\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPY\INSTALL.LOG
Search Assistant - My Search-->rundll32 C:\PROGRA~1\MySearch\SrchAstt\1.bin\mysrchas.dll,O
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Shrek Activity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7417E3A-EC38-4566-83CC-92942466F4D1}\SETUP.EXE" -l0x9
Shutterfly Plugin-->C:\PROGRA~1\SHUTTE~1\UNWISE.EXE C:\PROGRA~1\SHUTTE~1\INSTALL.LOG
Shutterfly Studio-->C:\Program Files\Shutterfly\Studio\SFlyStudioUninstall.exe
SiS 650_651_M650_M652_740-->RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.16A\DeIsL1.isu"&P.U 4 xvga.in&-1
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
Sony DVD Handycam USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F845B05-8B76-4302-A808-7FB21E2BC5E6}\Setup.exe" UNINSTALL
Stamps.com Internet Postage-->C:\PROGRA~1\STAMPS~1.COM\Uninst.exe C:\PROGRA~1\STAMPS~1.COM\UNWISE.EXE C:\PROGRA~1\STAMPS~1.COM\INSTALL.LOG
StuffIt Standard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1F21580-77B0-48CD-A96B-EDF7201A46AC}\Setup.exe" -l0x9
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB EHCI Driver-->C:\WINDOWS\UnSiSUSB.exe PCI\VEN_1039&DEV_7002
vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
VanDyke Software SecureCRT 5.0-->C:\PROGRA~1\SECURE~1\UNINSTAL.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
Vorton Financial Power Tools-->C:\WINDOWS\uninst.exe -fC:\Vorton\finance\DeIsL1.isu
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinDVR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}\setup.exe" REMOVEALL
Yahoo! Address AutoComplete-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! Messenger Explorer Bar-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

System event log

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 30204
Source Name: Service Control Manager
Time Written: 20090130200713.000000-360
Event Type: error
User:

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 30203
Source Name: Service Control Manager
Time Written: 20090130200713.000000-360
Event Type: information
User:

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 7035
Message: The Application Management service was successfully sent a start control.

Record Number: 30202
Source Name: Service Control Manager
Time Written: 20090130200713.000000-360
Event Type: information
User: YOUR-ZHE2QQ4HAJ\Isabel Barr

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 30201
Source Name: Service Control Manager
Time Written: 20090130200713.000000-360
Event Type: error
User:

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 30200
Source Name: Service Control Manager
Time Written: 20090130200713.000000-360
Event Type: information
User:

Application event log

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 11728
Message: Product: Polycom PVX -- Configuration completed successfully.

Record Number: 56504
Source Name: MsiInstaller
Time Written: 20090111180350.000000-360
Event Type: information
User: YOUR-ZHE2QQ4HAJ\Isabel Barr

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 11724
Message: Product: Rio Internet Update -- Removal completed successfully.

Record Number: 56503
Source Name: MsiInstaller
Time Written: 20090111180326.000000-360
Event Type: information
User: YOUR-ZHE2QQ4HAJ\Isabel Barr

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 11724
Message: Product: Rio Music Manager -- Removal completed successfully.

Record Number: 56502
Source Name: MsiInstaller
Time Written: 20090111180307.000000-360
Event Type: information
User: YOUR-ZHE2QQ4HAJ\Isabel Barr

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 2
Message:
Record Number: 56501
Source Name: Symantec AntiVirus
Time Written: 20090111175950.000000-360
Event Type: information
User:

Computer Name: YOUR-ZHE2QQ4HAJ
Event Code: 5
Message:
Record Number: 56500
Source Name: Symantec AntiVirus
Time Written: 20090111175950.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\SecureCRT\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PS5ROOT"=C:\Program Files\Roxio\PhotoSuite\
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:22 PM

Posted 11 February 2009 - 11:30 AM

Hi Barr,


I notice you have not any antivirus program installed in your system. it's somewhat suicidal in this digital world nowadays.
Please get ONE antivirus and install it. Restart the computer for changes to take effect and update your virus definitions.

avast! 4 Home Edition
AntiVir Free Edition
AVG Free 8.0 for Windows


Step1

Search Assistant that came preloaded with Dell computers. There were concerns over this toolbar as it was difficult to remove and anonymously reports your surfing activity when on a myway or myway affiliated site.
You are well adivised to remove it.

Click Start > Settings > Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight (If found)
Search Assistant
and click on Change/Remove to remove it.


Step2


Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: Extensão do Navegador - {A6AF2014-BBD7-4E5D-91EE-26CCC37A3DDE} - C:\WINDOWS\system32\wgaX3.dll
O4 - HKLM\..\RunOnce: [Windows Update SP3] C:\WINDOWS\system32\UP03.exe
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - Global Startup: UP.exe
O4 - Global Startup: avg.exe
O4 - Global Startup: avast4.exe
O4 - Global Startup: msnmsgr_.exe

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".


Step3


Please download LSPFix from here to your desktop.
  • Unzip and run LSPFix
  • Disconnect from the Internet and close all Internet Explorer Windows
  • Check: 'I know what I'm doing'
  • Select all traces of: newdotnet
  • Click the right-pointing arrows and move all instances of NewDotNet (nothing else) to the Remove pane
  • Click the 'Finished' button
  • Restart the computer.
Step4

Backup the Registry
  • Please use the following link and download ERUNT.
  • http://aumha.org/freeware/freeware.php
  • For the zipped version:
  • Unzip all the files into a folder of your choice.
  • Click Erunt.exe to backup your registry to the folder of your choice.
Note: to restore your registry, go to the folder and start ERDNT.exe

Download OTMoveIt3.exe by OldTimer and save it to your desktop.
  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    :Processes 
    explorer.exe
    
    :Files
    c:\freescan
    C:\Program Files\LimeWire
    C:\Program Files\MySearch
    C:\Program Files\Shareaza Applications
    C:\program files\newdotnet
    C:\PROGRA~1\COMMON~1\GMT
    C:\Program Files\WebSavingsfromEbates
    C:\Program Files\Common Files\CMEII
    C:\Program Files\Common files\updmgr
    C:\WINDOWS\system32\wgaX3.dll
    C:\WINDOWS\system32\UP03.exe
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\System32\xaocjr.exe
    C:\WINDOWS\System32\emtvvjpq.exe
    C:\WINDOWS\System32\ronkhnjg.exe
    C:\WINDOWS\System32\bridge.dll
    C:\WINDOWS\System32\a.exe
    
    :Reg
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa] 
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe"=-
    "C:\WINDOWS\System32\RUNDLL32.EXE"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ansjgcds]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxvankhb]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvid]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.
You can refer to this thread for your reference.


Step5

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply, please post back:

1.OTMoveIT log
2.DrWeb.cvs
3.New HJT log

Tell me how things are going now.

#5 Barr

Barr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 February 2009 - 07:53 AM

Hi Sundavis,

I followed your instructions the best I could.
Here are the
1) OTMoveIT log
2)DrWeb.cvc
3)New HJT log

Things seem to be working now :thumbup2: . The unusual behavior that I noticed on some things seem to have disappeared.
I am really at loss as to how I got this thing. I pretty much follow all the protocol you know? I guess I thought I did

I will wait for your clear signal.
Thank you SO much

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\freescan not found.
File/Folder C:\Program Files\LimeWire not found.
File/Folder C:\Program Files\MySearch not found.
File/Folder C:\Program Files\Shareaza Applications not found.
File/Folder C:\program files\newdotnet not found.
File/Folder C:\PROGRA~1\COMMON~1\GMT not found.
File/Folder C:\Program Files\WebSavingsfromEbates not found.
File/Folder C:\Program Files\Common Files\CMEII not found.
File/Folder C:\Program Files\Common files\updmgr not found.
File/Folder C:\WINDOWS\system32\wgaX3.dll not found.
File/Folder C:\WINDOWS\system32\UP03.exe not found.
File/Folder C:\WINDOWS\system32\brastk.exe not found.
File/Folder C:\WINDOWS\System32\xaocjr.exe not found.
File/Folder C:\WINDOWS\System32\emtvvjpq.exe not found.
File/Folder C:\WINDOWS\System32\ronkhnjg.exe not found.
File/Folder C:\WINDOWS\System32\bridge.dll not found.
File/Folder C:\WINDOWS\System32\a.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\RUNDLL32.EXE not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ansjgcds\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxvankhb\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvid\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk\\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp\etilqs_moPs72HMOuA2sXTSLgyD scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp\etilqs_SLhORX0O1QplMMCTEiFg-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp\etilqs_SLhORX0O1QplMMCTEiFg scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Isabel Barr\Local Settings\Application Data\Mozilla\Firefox\Profiles\q2frtvjm.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Isabel Barr\Local Settings\Application Data\Mozilla\Firefox\Profiles\q2frtvjm.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Isabel Barr\Local Settings\Application Data\Mozilla\Firefox\Profiles\q2frtvjm.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_183312


______________________________________________________________________________________

bar.exe\data001;C:\WINDOWS\bar.exe;Adware.IESearch;;
bar.exe;C:\WINDOWS;Archive contains infected objects;Moved.;
uinst_cp.exe;C:\WINDOWS\system32;Adware.CasProg;Moved.;
bS_L.dll\data001;C:\WINDOWS\system32\bS_L.dll;Trojan.MulDrop.926;;
bS_L.dll/data002\data004;C:\WINDOWS\system32\bS_L.dll/data002;Adware.SideSearch;;
data002;C:\WINDOWS\system32;Archive contains infected objects;;
bS_L.dll;C:\WINDOWS\system32;Container contains infected objects;Moved.;
bS_L.dll;C:\WINDOWS\system32;Trojan.MulDrop.origin;Invalid path to file ;
SDCCInfo.dll;C:\WINDOWS\system32;Trojan.Click.origin;Incurable.Moved.;
iwapi.chm\DLLGeneral.html;C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\InstantWrite SDK\InstantWrite\InstantWrite SDK\iwapi.chm;Modification of BAT.Wed.4730;;
iwapi.chm;C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\InstantWrite SDK\InstantWrite\InstantWrite SDK;Container contains infected objects;Moved.;
A0001363.exe\data001;C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19\A0001363.exe;Adware.IESearch;;
A0001363.exe;C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19;Archive contains infected objects;Moved.;
A0001364.dll\data001;C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19\A0001364.dll;Trojan.MulDrop.926;;
A0001364.dll/data002\data004;C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19\A0001364.dll/data002;Adware.SideSearch;;
data002;C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19;Archive contains infected objects;;
A0001364.dll;C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19;Container contains infected objects;Moved.;
A0001364.dll;C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19;Trojan.MulDrop.origin;Invalid path to file ;
A0001365.dll;C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19;Trojan.Click.origin;Incurable.Moved.;
____________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:50 AM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\ISABEL BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ISABEL BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] VSFPNC
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180573363875
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wisc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wisc.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wisc.edu
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

--
End of file - 8008 bytes

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:22 PM

Posted 13 February 2009 - 01:21 PM

Hi Barr,


I notice you have Symantec leftovers in your system since this program is no more needed. Please go to Here to download Norton Removal Tool and clean up the leftovers.
I also notice you have Window Defender installed in your system. Do you have any problem to run this program? From HJT, I see this entry is different from that should be.
In your case, This entry is O4 - HKLM\..\Run: [Windows Defender] VSFPNC . but the formal one should be --O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide.
Please specify that info in you next reply. Thanks.



Step1

Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • J2SE Runtime Environment 5.0 Update 3
      Java 2 Runtime Environment, SE v1.4.2_02
      Javaâ„¢ 6 Update 2
      Javaâ„¢ 6 Update 3
      Javaâ„¢ SE Runtime Environment 6 Update 1
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
Step2

I also notice you have installed MBAM in your system. Please update the virus definitions and do the following:
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.MBAM log
2.KAS Scan Report
3.Fresh HJT log

Tell me how your pc is running now.

#7 Barr

Barr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 14 February 2009 - 12:17 AM

Hi Sundavis,

Computer is running better but sadly it appears that it is still infected.

Here are the logs

1)MABM
2) KAS
3) Fresh HJT log

I run the Norton Removal Tool and I think I cleaned up the Norton leftovers.
As far as the Window Defender, I don't remember installing it :thumbup2: I certainly don't care for it. Should I remove it? Or would it be valuable to keep it?

THANKS again



Malwarebytes' Anti-Malware 1.34
Database version: 1760
Windows 5.1.2600 Service Pack 3

2/13/2009 7:07:21 PM
mbam-log-2009-02-13 (19-07-21).txt

Scan type: Quick Scan
Objects scanned: 77029
Time elapsed: 52 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
___________________________________________________________________________________________________

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 13, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, February 14, 2009 01:24:43
Records in database: 1794550
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Files scanned: 90119
Threat name: 13
Infected objects: 64
Suspicious objects: 0
Duration of the scan: 02:43:26


File name / Threat name / Threats count
C:\WINDOWS\system32\avast4.exe Infected: Trojan-Downloader.Win32.Banload.abka 1
C:\WINDOWS\system32\avg.exe Infected: Trojan-Downloader.Win32.Banload.abjz 1
C:\WINDOWS\system32\Firefox.exe Infected: Trojan-Downloader.Win32.Banload.abjy 1
C:\Documents and Settings\Isabel Barr\DoctorWeb\Quarantine\bar.exe Infected: not-a-virus:AdWare.Win32.IeSearchBar 1
C:\Documents and Settings\Isabel Barr\DoctorWeb\Quarantine\bS_L.dll Infected: Trojan-Downloader.Win32.Keenval 3
C:\Documents and Settings\Isabel Barr\DoctorWeb\Quarantine\bS_L.dll Infected: Trojan-Downloader.Win32.Keenval.e 2
C:\Documents and Settings\Isabel Barr\DoctorWeb\Quarantine\A0001363.exe Infected: not-a-virus:AdWare.Win32.IeSearchBar 1
C:\Documents and Settings\Isabel Barr\DoctorWeb\Quarantine\A0001364.dll Infected: Trojan-Downloader.Win32.Keenval 3
C:\Documents and Settings\Isabel Barr\DoctorWeb\Quarantine\A0001364.dll Infected: Trojan-Downloader.Win32.Keenval.e 2
C:\Program Files\Ares\My Shared Folder\setup.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 3
C:\Program Files\Ares\My Shared Folder\setup.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090212-173712-342-avg.exe Infected: Trojan-Downloader.Win32.Banload.abjz 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090212-173713-987-avast4.exe Infected: Trojan-Downloader.Win32.Banload.abka 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP4\A0000017.exe Infected: Rootkit.Win32.Agent.hfj 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000948.EXE Infected: Rootkit.Win32.Agent.hfj 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000951.EXE Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000952.exe Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000959.EXE Infected: Rootkit.Win32.Agent.hfj 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000968.EXE Infected: Rootkit.Win32.Agent.hfj 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000970.EXE Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000971.exe Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000979.EXE Infected: Rootkit.Win32.Agent.hfj 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000982.EXE Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000983.exe Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000990.EXE Infected: Rootkit.Win32.Agent.hfj 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000992.EXE Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000994.exe Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP10\A0001066.EXE Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP10\A0001067.EXE Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001069.exe Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001070.exe Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001081.EXE Infected: Rootkit.Win32.Agent.hfj 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001088.dll Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001089.exe Infected: Trojan-Downloader.Win32.Banload.abjz 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001091.exe Infected: Trojan-Downloader.Win32.Banload.abka 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001101.exe Infected: Trojan-Downloader.Win32.Banload.abjy 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001161.exe Infected: Trojan-Downloader.Win32.Banload.abjz 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001163.exe Infected: Trojan-Downloader.Win32.Banload.abka 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001178.exe Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001179.exe Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP12\A0001185.exe Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP12\A0001186.exe Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP13\A0001197.exe Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP13\A0001198.exe Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19\A0001334.EXE Infected: Trojan-Downloader.Win32.Banload.abjw 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19\A0001335.EXE Infected: Trojan-Downloader.Win32.Banload.abjz 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19\A0001336.EXE Infected: Trojan-Downloader.Win32.Banload.abka 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP19\A0001342.EXE Infected: Trojan-Downloader.Win32.Banload.abjx 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002177.dll Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002178.dll Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002179.dll Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002180.EXE Infected: Trojan-Downloader.Win32.Agent.bftn 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002181.exe Infected: Trojan-Downloader.Win32.Banload.abjw 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002182.dll Infected: Trojan-Banker.Win32.Banker.zxr 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002183.exe Infected: Trojan-Downloader.Win32.Banload.abjx 1
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002184.DLL Infected: Trojan-Banker.Win32.Banker.zxr 1

The selected area was scanned.

____________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:48 PM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\ISABEL BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ISABEL BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] VSFPNC
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180573363875
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wisc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wisc.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wisc.edu
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

--
End of file - 8367 bytes

Edited by Barr, 14 February 2009 - 12:20 AM.


#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:22 PM

Posted 14 February 2009 - 11:43 AM

Hi Barr,


The entry of Windows Defender is abnormal. The best way to clear the doubt is uninstall it and reinstall this program if you want to keep it. Please go to Here for your reference.
The Kas online scan detects some offending objects. We will clean it up. Other than that, The offending objects in Dr.Web Quarantine folder, HJT backups and System Volume Information would be addressed in our ending speech.
We need to do the final check to ensure you're virus-free. Until then, you should be good to go. Please be patient and do the following:


Step1

Please run OTMoveIt3 from your desktop.
  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    :Processes 
    explorer.exe
    
    :Files
    C:\WINDOWS\system32\avast4.exe 
    C:\WINDOWS\system32\avg.exe 
    C:\WINDOWS\system32\Firefox.exe 
    C:\Program Files\Ares\My Shared Folder\setup.exe 
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.
You can refer to this thread for your reference.


Step2


1.Please run HijackThis! and click "Do a system scan only." Place check next to the following entry,(if present):

O4 - HKLM\..\Run: [Windows Defender] VSFPNC

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Reboot your pc.


Step3


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.

Please post back the logs in your next reply.

1.OTMoveIT log
2.ESET Scan Report
3.Fresh HJT log

Tell me how your pc is running now.

#9 Barr

Barr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 14 February 2009 - 03:53 PM

Hi Sundavis

I was not able to run the ESET scan. The Internet Explorer blocked it saying the publisher was not authorized (online scanner.cab) I tried to play around with the settings in Internet Explorer to try to unblock it but then I realized this could actually be a bad thing so I stopped. Let me know what to do next!

I have added

1) OTMoveIT log
2) Fresh HJT log

I also removed Windows Defender.

Thanks!

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\avast4.exe moved successfully.
C:\WINDOWS\system32\avg.exe moved successfully.
C:\WINDOWS\system32\Firefox.exe moved successfully.
C:\Program Files\Ares\My Shared Folder\setup.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp\Perflib_Perfdata_608.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ISABEL~1\LOCALS~1\Temp\etilqs_r8jfKgwKiAEuceheBX6t scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e64.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Isabel Barr\Local Settings\Application Data\Mozilla\Firefox\Profiles\q2frtvjm.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Isabel Barr\Local Settings\Application Data\Mozilla\Firefox\Profiles\q2frtvjm.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_135405




---------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:01 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage",

"http://www.v2premier.com"); (C:\Documents and Settings\ISABEL

BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csear

chplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ISABEL

BARR\Application Data\Mozilla\Profiles\default\uqr3f2i8.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program

Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program

Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program

Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 1.0.lnk = C:\Program

Files\OpenOffice.org1.0\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Registration-INSDVD.lnk = C:\Program

Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User

'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 1.0.lnk = C:\Program

Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Registration-INSDVD.lnk = C:\Program

Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User

'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.0.lnk = C:\Program

Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: Registration-INSDVD.lnk = C:\Program

Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe (User

'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -

file://C:\Program

Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing)

(HKCU)
O16 - DPF: JT's Blocks -

http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -

http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://www.update.microsoft.com/microsoftu...rols/en/x86/cli

ent/muweb_site.cab?1180573363875
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =

wisc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList =

wisc.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =

wisc.edu
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler

(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir

PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard

(AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir

PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems,

Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ZipToA - Iomega Corporation -

C:\WINDOWS\System32\ZipToA.exe

--
End of file - 8398 bytes

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:22 PM

Posted 14 February 2009 - 04:31 PM

Hi Barr,


Try F-Secure instead. Thanks

  • Please run the F-Secure Online Scanner
  • Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#11 Barr

Barr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 15 February 2009 - 12:11 AM

Sundavis,

Done!

Here is the F-SEcure Scan Report

Thanks again!

Scanning Report
Saturday, February 14, 2009 19:37:20 - 23:08:37

Computer name: YOUR-ZHE2QQ4HAJ
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 25 malware found
Trojan-Banker.Win32.Banker.zxr (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002177.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002178.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002179.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002182.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002184.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP13\A0001197.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP13\A0001198.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP12\A0001185.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP12\A0001186.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001069.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001070.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001088.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001178.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP11\A0001179.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Agent.bftn (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP28\A0002180.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP10\A0001066.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP10\A0001067.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000951.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000952.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000970.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000971.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000982.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000983.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000992.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP5\A0000994.EXE (Renamed & Submitted)

Statistics
Scanned:

* Files: 36051
* System: 4285
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 25
* Deleted: 0
* None: 0
* Submitted: 25

Files not scanned:

* C:\PAGEFILE.SYS
* C:\IOMEGA\IOMEGAWARE\IOGUREG.EXE
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.6.8511, 2009-02-13
* F-Secure AVP: 7.0.171, 2009-02-13
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:22 PM

Posted 15 February 2009 - 10:13 AM

Hi Barr,


You're doing well. :thumbup2: The logs look good. F-Secure detects the infected files just in SYSTEM VOLUME INFORMATION only. Flush system restore points will clean it up. Any issue left? If not, Let's do some tidy up.

Step1

1. Double click OTMoveIt3.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes.
5. When finished. OT will remove itself. If not, delete it by youself.

Remember to delete DrWeb, LSPFix and RSIT including the folder in C:\rsit and all the logs we have been used.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  • Flush system restore---Don't skip this step

    Please go to Windows XP System Restore Guide

    Flush system restore points as instructed on Windows XP System Restore Guide. The infected files would be removed automatically

    NOTE: only do this ONCE,not on a regular basis

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update your Your Adobe Acrobat Reader

    Old versions may render vulnerabilities that malware can use to infect your system. Please download Adobe Reader 9 to your desktop.

    Uninstall the old Adobe Reader from Start > Control Panel > Add/Remove Programs. Install the new one.

  • Keep your system updated

    Visit Microsoft's Windows Update Site Frequently.

  • Make your Internet Explorer more secure


    Please referring this thread to configure Internet Explorer 7 properly.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#13 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 16 February 2009 - 07:45 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users