Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

referred to this forum form the xp forum


  • This topic is locked This topic is locked
12 replies to this topic

#1 movinginslomo

movinginslomo

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 13 February 2009 - 02:17 PM

garmanma from the xp forum said it's time for the big guns. I have a compaq presario with intel celeron. 512k memory and just added an additional 512k to double it. Windows is running slow, firefox and (and IE though I rarely use it) aren't running, apple safari (decent browser) runs but slow, and all other windows applications run slow. Cakewalk homestudio for example and Adobe Illustrator struggle. We've run through the basics then through a host of anti-virus, anti-malwarebytes, super anti-spyware, and SDfix. Last thing he suggested was to run DDS and post the log here.

DDS log is as follows:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 13:18:02.22 on Fri 02/13/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.568 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: avast! antivirus 4.8.1296 [VPS 090212-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\ALCXMNTR.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;localhost
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
mRun: [\MIKEY\EPSON Stylus CX5800F Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiala.exe /p35 "\\mikey\EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus

CX5800F"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Auto EPSON Stylus CX5800F Series on DELL] c:\windows\system32\spool\drivers\w32x86\3\e_fatiala.exe /p40 "auto epson stylus cx5800f series on dell" /o34 "\\dell\EPSON

Stylus CX5800F Series" /M "Stylus CX5800F"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvd@cc~1.lnk - c:\program files\apple computer\dvd@ccess\DVDAccess.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: vintagesynth.com\www
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - hxxp://redirect.hp.com/presario/hp.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71}
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144111007406
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144110986312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://encarta.msn.com/encnet/external/MSSurVid.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup152.cab
TCP: {C421E6F0-1846-4054-9A64-6E3ED475A516} = 192.168.2.1,192.160.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WB - c:\progra~1\stardock\object~1\window~1\fastload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ucsxmdym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=
FF - prefs.js: network.proxy.ftp - 67.15.56.52
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 67.15.56.52
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 67.15.56.52
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 67.15.56.52
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 67.15.56.52
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-9-6 12936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-29 111184]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-6 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-6 26824]
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [2005-1-20 53412]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-8-7 300736]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-8-7 35008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-29 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-29 155160]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-6 76040]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2007-12-25 29156]
R2 sbbotdi;sbbotdi;c:\progra~1\speedb~1\sbbotdi.sys [2008-11-6 35584]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-26 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-29 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-29 352920]
R3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2004-6-30 95232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040707.008\NAVENG.Sys [2004-7-10 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040707.008\NavEx15.Sys [2004-7-10 600264]
S2 mrtRate;mrtRate; [x]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [2004-6-30 78720]
S3 emuumidi;E-MU USB-MIDI Driver;c:\windows\system32\drivers\emuumidi.sys [2007-3-14 36736]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [2005-10-6 21984]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-9-6 38496]
S3 NvnUsbAudio;NvnUsbAudio;c:\windows\system32\drivers\nvnusbaudio.sys [2007-12-25 22784]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;c:\windows\system32\PCAND5BK.SYS [2004-6-27 15104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-2-27 228400]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-6 875288]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-6 231704]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-7-10 255136]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-7-10 87200]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-7-10 234656]
S4 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2003-8-18 158376]
S4 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-8-10 193816]
S4 UnoInstallerService;Uno Installer;c:\program files\m-audio uno\UnoInst.exe [2005-10-6 106496]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -

scm [?]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-02-08 13:56 <DIR> --d----- c:\windows\ERUNT
2009-02-08 13:45 <DIR> --d----- C:\SDFix
2009-02-06 17:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-06 16:58 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-06 16:58 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-01-28 17:26 <DIR> --d----- C:\ComboFix
2009-01-28 17:26 388,608 a------- c:\windows\system32\CF26007.exe
2009-01-28 16:01 52,592 a---h--- c:\windows\system32\mlfcache.dat
2009-01-25 21:40 <DIR> --d----- C:\looperman
2009-01-23 23:56 <DIR> --d----- c:\program files\Amazon
2009-01-20 16:02 <DIR> --d----- c:\docume~1\owner\applic~1\ImTOO Software Studio
2009-01-20 16:01 <DIR> --d----- c:\program files\ImTOO
2009-01-19 21:14 274,432 a------- c:\windows\system32\FFTIFF16.dll
2009-01-19 21:14 208,896 a------- c:\windows\system32\FFRafShellEx.dll
2009-01-19 21:14 155,648 a------- c:\windows\system32\FFRAFLIB.DLL
2009-01-15 00:39 421,888 a------- c:\windows\system32\RealMediaSplitter.ax

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-12 12:33 3,060,224 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 06:57 333,184 a------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 13:24:17.83 ===============

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 13 February 2009 - 05:38 PM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,movinginslomo. :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
In the meantime, please refrain from making any changes to your computer, and please do in the following:

Step1
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step2

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "GRS.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


In your next reply, please post back:

1.RSIT log.txt and info.txt.
2.GRS.txt Thanks

#3 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 14 February 2009 - 10:21 PM

log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-02-14 22:14:58
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 65 GB (34%) free of 191 GB
Total RAM: 1015 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:13 PM, on 2/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\windows\ALCXMNTR.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [\MIKEY\EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P35 "\\MIKEY\EPSON Stylus CX5800F Series" /O6 "USB001" /M

"Stylus CX5800F"
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5800F Series on DELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P40 "Auto EPSON Stylus CX5800F Series on DELL" /O34

"\\DELL\EPSON Stylus CX5800F Series" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://redirect.hp.com/presario/hp.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144111007406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144110986312
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E6F0-1846-4054-9A64-6E3ED475A516}: NameServer = 192.168.2.1,192.160.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10846 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\Norton AntiVirus - Scan my computer.job
C:\windows\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-06 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton AntiVirus\NavShExt.dll [2003-08-18 103592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton AntiVirus\NavShExt.dll [2003-08-18 103592]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-06 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"\MIKEY\EPSON Stylus CX5800F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE [2005-05-10 98304]
"UpdReg"=C:\windows\UpdReg.EXE [2000-05-11 90112]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-08-20 118784]
"AlcxMonitor"=C:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Auto EPSON Stylus CX5800F Series on DELL"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE [2005-05-10 98304]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-06 1235736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
C:\Program Files\HistoryKill\histkill.exe [2003-10-10 257024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
C:\Program Files\SightSpeed\SightSpeed.exe [2008-07-18 4770616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [2008-11-06 2705008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2003-05-16 851968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-03 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE [2004-01-26 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iPodder.lnk]
C:\PROGRA~1\iPodder\iPodder.exe [2005-06-20 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe [2003-07-07 557056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"VideoAcceleratorService"=2
"UnoInstallerService"=2
"SAVScan"=3
"navapsvc"=2
"ccSetMgr"=2
"ccPwdSvc"=3
"ccEvtMgr"=2
"Bonjour Service"=2
"avg8wd"=2
"avg8emc"=2
"Apple Mobile Device"=2
"aawservice"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"_NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe"="C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp"="C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\DOSBox-0.61\dosbox.exe"="C:\Program Files\DOSBox-0.61\dosbox.exe:*:Enabled:dosbox"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\ZDaemon\zlauncher.exe"="C:\Program Files\ZDaemon\zlauncher.exe:*:Enabled:ZDaemon Browser"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Skulltag\IdeSE.exe"="C:\Program Files\Skulltag\IdeSE.exe:*:Enabled:IdeSE"
"C:\Program Files\Skulltag\skulltag.exe"="C:\Program Files\Skulltag\skulltag.exe:*:Enabled:Skulltag"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the

Windows Live Messenger addon"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe"="C:\Program Files\SpeedBit Video

Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\HPZNUI01.EXE"="E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe"
"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-02-14 22:14:58 ----D---- C:\rsit
2009-02-08 14:52:34 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2009-02-08 13:56:06 ----D---- C:\windows\ERUNT
2009-02-08 13:45:14 ----D---- C:\SDFix
2009-02-07 17:36:41 ----A---- C:\newlog.txt
2009-02-06 17:00:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-06 16:58:55 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-06 16:58:54 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2009-01-29 20:50:36 ----A---- C:\windows\system32\aswBoot.exe
2009-01-29 20:50:32 ----D---- C:\Program Files\Alwil Software
2009-01-28 17:26:54 ----D---- C:\ComboFix
2009-01-28 17:26:51 ----A---- C:\windows\system32\CF26007.exe
2009-01-28 17:11:57 ----A---- C:\Bug.txt
2009-01-25 21:40:15 ----D---- C:\looperman
2009-01-24 00:05:20 ----D---- C:\Documents and Settings\Owner\Application Data\Amazon
2009-01-23 23:56:39 ----D---- C:\Program Files\Amazon
2009-01-20 16:02:28 ----D---- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio
2009-01-20 16:01:30 ----D---- C:\Program Files\ImTOO
2009-01-19 21:15:42 ----D---- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2009-01-19 21:14:25 ----A---- C:\windows\system32\FFTIFF16.dll
2009-01-19 21:14:25 ----A---- C:\windows\system32\FFRafShellEx.dll
2009-01-19 21:14:24 ----D---- C:\Program Files\FinePixViewer
2009-01-19 21:14:24 ----A---- C:\windows\system32\FFRAFLIB.DLL
2009-01-19 21:13:42 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-01-18 03:04:51 ----HDC---- C:\windows\$NtUninstallKB958687$
2009-01-15 00:39:00 ----A---- C:\windows\system32\rmoc3260.dll
2009-01-15 00:38:56 ----A---- C:\windows\system32\pncrt.dll

======List of files/folders modified in the last 1 months======

2009-02-14 22:15:10 ----D---- C:\windows\Prefetch
2009-02-14 21:39:20 ----D---- C:\windows\temp
2009-02-14 20:17:00 ----A---- C:\windows\SchedLgU.Txt
2009-02-13 23:34:13 ----A---- C:\windows\NeroDigital.ini
2009-02-13 22:12:30 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-02-13 21:54:17 ----D---- C:\CHRIS
2009-02-13 21:50:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-13 12:47:49 ----A---- C:\windows\ModemLog_Agere Systems PCI Soft Modem.txt
2009-02-13 00:17:05 ----D---- C:\windows\Debug
2009-02-09 13:48:41 ----D---- C:\windows\system32\FxsTmp
2009-02-09 11:40:39 ----D---- C:\windows\system32\CatRoot2
2009-02-09 07:47:23 ----A---- C:\windows\ntbtlog.txt
2009-02-08 13:56:06 ----D---- C:\WINDOWS
2009-02-07 17:36:57 ----SHD---- C:\RECYCLER
2009-02-07 08:17:46 ----D---- C:\Program Files\Mozilla Firefox
2009-02-06 16:59:14 ----SHD---- C:\windows\Installer
2009-02-06 16:59:10 ----HD---- C:\Config.Msi
2009-02-06 16:58:55 ----RD---- C:\Program Files
2009-02-06 16:55:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-05 18:02:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-05 18:01:50 ----D---- C:\windows\system32\drivers
2009-02-04 19:20:03 ----D---- C:\windows\system32
2009-02-03 13:30:10 ----D---- C:\BTtracks
2009-02-03 12:23:35 ----D---- C:\32788R22FWJFW
2009-01-30 12:59:43 ----D---- C:\Program Files\Google
2009-01-29 22:08:52 ----SD---- C:\windows\Tasks
2009-01-29 21:10:27 ----D---- C:\windows\system32\config
2009-01-28 17:56:38 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-01-28 17:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-28 17:11:56 ----A---- C:\windows\system32\cmd.execf
2009-01-23 02:11:12 ----D---- C:\windows\Minidump
2009-01-20 16:04:40 ----D---- C:\temp
2009-01-19 22:41:15 ----HD---- C:\windows\inf
2009-01-19 21:16:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-18 03:04:59 ----RSHD---- C:\windows\system32\dllcache
2009-01-18 03:04:19 ----HD---- C:\windows\$hf_mig$
2009-01-16 20:01:19 ----A---- C:\windows\win.ini
2009-01-16 15:29:36 ----D---- C:\Program Files\Soulseek

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AFS2K;AFS2k; C:\windows\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\windows\System32\Drivers\avgldx86.sys [2008-09-06 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\windows\System32\Drivers\avgmfx86.sys [2008-09-06 26824]
R1 GearAspiSys;GearAspiSys; C:\windows\System32\drivers\gearaspisys.sys [2002-06-24 53412]
R1 intelppm;Intel Processor Driver; C:\windows\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\c:\Program Files\Norton AntiVirus\SAVRT.SYS []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 SiSkp;SiSkp; C:\windows\System32\DRIVERS\srvkp.sys [2003-12-05 11392]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 AvgTdiX;AVG8 Network Redirector; C:\windows\System32\Drivers\avgtdix.sys [2008-09-06 76040]
R2 DVDAccss;DVDAccss; C:\windows\system32\drivers\DVDAccss.sys [2003-11-21 29156]
R2 sbbotdi;sbbotdi; \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\System32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 DCamUSBVeo532;Veo Web Camera; C:\windows\System32\Drivers\ubVeo532.sys [2002-07-01 95232]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\windows\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 MxlW2k;MxlW2k; C:\windows\system32\drivers\MxlW2k.sys [2004-01-26 28256]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040707.008\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040707.008\NavEx15.Sys []
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2003-04-28 9856]
R3 Ps2;PS2; C:\windows\System32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\windows\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 AmdK7;AMD K7 Processor Driver; C:\windows\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
S2 mrtRate;mrtRate; C:\windows\system32\drivers\mrtRate.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\windows\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\windows\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\windows\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2); C:\windows\System32\DRIVERS\BEL6001P.sys [2002-11-06 78720]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 emuumidi;E-MU USB-MIDI Driver; C:\windows\system32\drivers\emuumidi.sys [2005-04-26 36736]
S3 EVOLUSB;%EVOL_USB_SvcDesc%; C:\windows\system32\drivers\evolusb.sys [2004-10-20 21984]
S3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 NvnUsbAudio;NvnUsbAudio; C:\windows\system32\drivers\nvnusbaudio.sys [2006-12-22 22784]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\pcand5bk.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SiS315;SiS315; C:\windows\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 viagfx;viagfx; C:\windows\System32\DRIVERS\vtmini.sys [2003-10-17 117760]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2004-08-04 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2004-08-04 14336]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2003-05-16 299008]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-08-08 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Fax;Fax; C:\windows\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-16 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-04 14336]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-05 611664]
S4 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]
S4 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-11-10 255136]
S4 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-11-10 87200]
S4 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2003-11-10 234656]
S4 navapsvc;Norton AntiVirus Auto Protect Service; c:\Program Files\Norton AntiVirus\navapsvc.exe [2003-08-18 158376]
S4 SAVScan;SAVScan; c:\Program Files\Norton AntiVirus\SAVScan.exe [2003-08-10 193816]
S4 UnoInstallerService;Uno Installer; C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 106496]
S4 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-11-06 292472]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.05

2009-02-14 22:15:24

======Uninstall list======

-->"C:\Program Files\Creative Professional\E-MU

Xboard\Program\SETUP.EXE" /S /U /W
-->"C:\Program Files\InstallShield Installation

Information\{F37167DD-4436-4641-90B6-329D60632DDA}

\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-

329D60632DDA}
-->C:\Program Files\Common

Files\Real\Update_OB\r1puninst.exe

RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe

/CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-

AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-

8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{39DA87A1-0B26-4562-A70C-

2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{4475840A-BEB5-4F64-808D-

EA73D20ECA35}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{9F765BD0-B900-4EDE-A90B-

61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{BAD59025-5B73-4E12-B789-

0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1

\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{34AF8F17-2C77

-43FC-8462-FB29900E4882}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1

\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{42A85BB6-491C

-418A-8FFC-F778FB7E618A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1

\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{42A85BB6-491C

-418A-8FFC-F778FB7E618A}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection

DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client-->C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1

\Abacast\client.LOG
AC3 Decoder-->C:\Program Files\Mediatwins software\AC3

Decoder\uninstall.exe
Access Manager 2-->MsiExec.exe /I{5EAC343C-9920-44EE-B572-

4AAE3B0BE52C}
Ad Muncher-->C:\WINDOWS\System32\AM-Install.exe /die
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-

D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program

Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -

c"C:\Program Files\Common Files\Adobe\Acrobat 5.0

\NT\Uninst.dll"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-

4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-

4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-

D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-

4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-

9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-

9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-

44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-

E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-

6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I

{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-

4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-

4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392

-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\windows\system32

\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\windows\system32

\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\windows\system32

\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-

9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-

8B76-991F6AB66245}
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common

Files\InstallShield\Professional\RunTime\0701\Intel32

\ctor.dll",LaunchSetup "C:\Program Files\InstallShield

Installation Information\{91A4AD99-69CE-4745-97B7-

0E0DFBECFDE5}\setup.exe"
Adobe Illustrator CS3-->C:\Program Files\Common

Files\Adobe\Installers\a04a925a57548091300ada368235fc6

\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-

9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-

ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48

-81BB-F492BAA9C48C}
Adobe Photoshop 5.5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program

Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program

Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Photoshop Album Starter Edition-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{483616D1-867E-46F8-BEC7-

3C6475933908}\apxp.ex_" -l0x9
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-

000000000001}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-

1EE2D190CDA9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-

B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common

Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -

fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0

\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2

-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-

485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E

-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-

7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-

ACF7-1450E523C923}
Agere Systems PCI Soft Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games-->C:\Program Files\Tencent\QQ

Games\Plugin\Uninstall.EXE
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3

Downloader\Uninstall.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -

LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-

4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-

BA0B-8F495BE32033}
Arcade@Home v0.37b-->C:\WINDOWS\st6unst.exe -n "C:\Program

Files\Arcade@Home\ST6UNST.LOG"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4

\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4

\Setup\setiface.dll",RunSetup
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Belkin 11Mbps Wireless Desktop Network Card -->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{1D2B8719-8BD8-40BB-9377-

1CAD8AD548F4}\Setup.exe"
BitTornado 0.3.7-->C:\Program Files\BitTornado\uninst.exe
Blackhawk Striker from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\F07504C6-20C5-4BFE

-83A0-523FB2455E72\Uninstall.exe"
Blasterball 2 from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E

-BA7C-045B7DC6A712\Uninstall.exe"
Bojo Impulse VSTi v1.03-->C:\PROGRA~1\VSTPLU~1\BOJOIM~1

\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\BOJOIM~1\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-

C15DDC5B0959}
Bounce Symphony from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1

-9D5E-E0F3A58012C6\Uninstall.exe"
Cakewalk Audio Finder Tool-->C:\WINDOWS\uninst.exe -

f"C:\Program Files\Cakewalk\CWAF\DeIsL1.isu"
Cakewalk Pyro 1.5-->C:\PROGRA~1\Cakewalk\CAKEWA~1.5

\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1.5\INSTALL.LOG
Cakewalk VST Adapter 4-->C:\PROGRA~1\Cakewalk\CAKEWA~1

\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Canon ScanGear Toolbox CS 2.2-->C:\windows\IsUninst.exe -

f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -

c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-

546ED863F35B}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-

8BAA25BA02DB}
CesSynth.2.VST2.Instrument.v1.3-ZONE-->C:\PROGRA~1

\Cakewalk\SHARED~1\VSTPLU~1\VSTPLU~1\UNWISE.EXE C:\PROGRA~1

\Cakewalk\SHARED~1\VSTPLU~1\VSTPLU~1\INSTALL.LOG
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-

CF9390AF1CCB}
Compaq Connections-->C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId

1940576
Compaq Instant Support-->C:\PROGRA~1\COMPAQ~2\UNWISE.EXE

C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{D0122362-6333

-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-

B53AC96FFE03}
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield

Installation Information\{2BF2E31F-B8BB-40A7-B650-

98D28E0F7D47}\Setup.exe" /z-uninstall
DeadAIM-->MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-

D8390444B127}
DFX for Windows Media Player-->MsiExec.exe /I{dae48d01-7a19

-4759-b015-96eee3b7360f}
Digidesign Pro Tools® FREE-->RunDll32 C:\PROGRA~1\COMMON~1

\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{3FA0EA26-CA46

-11D4-B1B3-0050DAB93BD0}\Setup.exe" FromUninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe

/CODEC
DivX Content Uploader-->C:\Program

Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program

Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe

/PLAYER
DivX Web Player-->C:\Program

Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DOOM Collector's Edition-->C:\WINDOWS\IsUninst.exe -

fc:\doom_se\DC.isu
DreamStation DXi2-->C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM

FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Drumsite 1.3 (demo)-->"C:\Program

Files\Drumsite\Uninstall.exe" "C:\Program

Files\Drumsite\install.log"
DVD@ccess 2.0.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{2B34414C-14FB

-11D6-A329-0050045C24B2}\Setup.exe" -l0x9
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1

\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-

1F3DD79FB927} /l1033
eKeys-->C:\PROGRA~1\EVOLUT~1\UNINSTAL.EXE C:\PROGRA~1

\EVOLUT~1\MUSCREAT.LOG
E-MU Xboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{91108AD9-F983-4FDA-A089-ED269C75F21B}

\SETUP.EXE" -l0x9 /remove
E-MU Xboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{D925601D-25E3-4E95-A456-FBD8C2995289}

\setup.exe" -l0x9 /remove
Excavation from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\C679AA5F-C2C8-4EA8

-9CD1-504A39AEC264\Uninstall.exe"
FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\un_FU

-Setup_14333.exe"
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{E3B3AB03-8ABC

-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource-->C:\Program Files\InstallShield

Installation Information\{B44529FF-501E-47CD-A06D-

223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.5-->C:\Program Files\InstallShield

Installation Information\{24ED4D80-8294-11D5-96CD-

0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Five Card Frenzy from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\2FDCC229-354D-4279

-ABEF-CE17E355BFFA\Uninstall.exe"
GoldWave v5.08-->"C:\Program Files\GoldWave\unstall.exe"

"GoldWave v5.08" "C:\Program Files\GoldWave\unstall.log"
got password-->C:\WINDOWS\IsUninst.exe -f"C:\Program

Files\Edash\got password\Uninst.isu"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5

\unins000.exe"
Gus Verdun's RX-Plugin-->C:\Program Files\Gus

Verdun\uninstallrxplugin.exe
HammerHead Rhythm Station-->C:\Program

Files\HammerHead\Uninstall.exe
HendrixSS Screen Saver-->C:\WINDOWS\System32\HENDRI~1.SCR /U
HijackThis 2.0.2-->"C:\Documents and

Settings\Owner\Desktop\HijackThis.exe" /uninstall
HistoryKill-->C:\WINDOWS\iun6002.exe "C:\Program

Files\HistoryKill\irunin.ini"
Home Studio 2-->C:\PROGRA~1\Cakewalk\HOMEST~1\UNWISE.EXE

C:\PROGRA~1\Cakewalk\HOMEST~1\INSTALL.LOG
Hotfix for Windows XP (KB952287)--

>"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)--

>"C:\windows\$NtUninstallKB954708$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X

{F419D20A-7719-4639-8E30-C073A040D878}
HP Photo & Imaging 3.5 - HP Devices-->C:\Program

Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-

848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital

Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}

\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52

-44AE91B73F1C}
IconPackager-->C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1

\iconpackager.exe /uninstallwise
ImTOO MP4 Video Converter-->C:\Program Files\ImTOO\MP4 Video

Converter\Uninstall.exe
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program

Files\Intel\Indeo\Uninst.isu" -c"C:\Program

Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE

C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx

PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1

\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{14589F05-C658-4594-9429-D437BA688686}

\Setup.exe" -l0x9
InterActual Player-->C:\Program

Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2005-03-23-->C:\Program Files\Common

Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M

{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2005-09-06-->C:\Program Files\Common

Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M

{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033
iPod Updater 2004-07-15-->C:\Program Files\Common

Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M

{5AD92ED9-5C88-46B1-AA65-E46A459E7C60} /l1033
iPodder 2.1-->C:\Program Files\iPodder\uninst.exe
ISO Recorder-->MsiExec.exe /I{0F6A7971-0F11-4A79-A0E9-

133D0963A570}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-

CB3BF748D371}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I

{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I

{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I

{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I

{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kazaa Lite K++ v2.4.3-->"C:\Program Files\Kazaa Lite

K++\unins000.exe"
KBD-->C:\HP\KBD\KBD.EXE uninstalled
leafdigital leafDrums 2.1-->C:\Program Files\leafDrums2

\Uninstall.exe C:\Program

Files\leafDrums2,Software\leafdigital\leafDrums2,Software\Mi

crosoft\Windows\CurrentVersion\Uninstall\leafDrums2,.leafDru

ms2,leafDrums2.Document,C:\Documents and

Settings\Owner\Start Menu\Programs\leafDrums 2.lnk,
Led Zeppelin Screen Saver-->C:\WINDOWS\System32\LEDZEP~1.SCR

/U
Line 6 Edit (remove only)-->"C:\Program Files\Line6\Line 6

Edit\Uninstall.exe"
Live 4.1.2-->C:\PROGRA~1\Ableton\LIVE41~1.2

\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE41~1.2

\Install\INSTALL.LOG
LiveReg (Symantec Corporation)-->C:\Program Files\Common

Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program

Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player-->C:\WINDOWS\system32

\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32

\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1

\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes'

Anti-Malware\unins000.exe"
MaxBlast 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{639858DD-4966

-40F3-A706-7C838BCF3A2B}\setup.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-

48D4-A899-1D13B9D189FA}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus!

Live\Uninstall.exe"
MessengerDiscovery Live 1.4.5408-->"C:\Program

Files\MessengerDiscovery\unins001.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-

9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F

-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0--

>C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft

.NET Framework 2.0\install.exe
Microsoft Data Access Components KB870669--

>C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-

54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-

A4E0-000874180BB3}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I

{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-

6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I

{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft SQL Server 2005 Compact Edition [ENU]--

>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X

{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-

A1C8-D9E9380F8A84}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program

Files\mIRC
MixMeister BPM Analyzer 1.0-->"C:\Program Files\MixMeister

BPM Analyzer\unins000.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla

Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection

C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-

1254E0662B5A}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-

9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-

4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-

434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-

4B8E-BD72-8C5DCDC52A71}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1

\unmatch.exe
Musicnotes Player-->C:\Program

Files\MusicNotes\Player\Musnotes.exe /u
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Native Instruments - Traktor 1.06-->C:\Audio\NATIVE~1

\Traktor\UNINST~1\106\UNWISE.EXE C:\Audio\NATIVE~1

\Traktor\UNINST~1\106\INSTALL.LOG
Native Instruments FM7-->C:\PROGRA~1\NATIVE~1\FM7\UNWISE.EXE

C:\PROGRA~1\NATIVE~1\FM7\INSTALL.LOG
Native Instruments Kontakt v1.01-->C:\PROGRA~1\NATIVE~1

\Kontakt\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Kontakt\INSTALL.LOG
Native Instruments Reaktor - Premium Library--

>C:\Audio\NATIVE~1\REAKTO~1.0\UNINST~1\PREMIUM\UNWISE.EXE

C:\Audio\NATIVE~1\REAKTO~1.0\UNINST~1\PREMIUM\INSTALL.LOG
Nero 6 Demo-->C:\Program

Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetObjects Fusion 8-->RunDll32 C:\PROGRA~1\COMMON~1

\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{E4460160-8486-4205-923E-CD20C69FC430}

\setup.exe" -l0x9 anything -uninst
News Rover-->C:\WINDOWS\IsUninst.exe -f"C:\Program

Files\NewsRover\Uninst.isu" -c"C:\Program

Files\NewsRover\RoverUninstall.dll"
Norton AntiVirus 2004 (Symantec Corporation)-->C:\Program

Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-

428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2004-->MsiExec.exe /X{C6F5B6CF-609C-428E-

876F-CA83176C021B}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-

4DE2-8023-5C49E16A4F43}
Novation USB Audio Driver 1.0-->"C:\Program Files\Novation

USB Audio Driver\unins000.exe"
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe

Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Ohm Force OhmBoyz VST2 v1.02 PRO-->C:\PROGRA~1\VSTPLU~1

\OHMFOR~1\OHMBOY~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\OHMFOR~1

\OHMBOY~1\OhmBoyzVST2_102.log
OLYMPUS CAMEDIA Master 2.5-->RunDll32 C:\PROGRA~1\COMMON~1

\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{06230E02-2B7E

-11D2-92D0-0040051BD005}\setup.exe" -uninst
Orbital from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\26DC0ED6-93A7-43C1

-8DC5-EC16079580F9\Uninstall.exe"
Otto from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\8A225900-C06D-41DD

-B66C-43840D472758\Uninstall.exe"
Overball from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711

-BD82-7DFFB08CB518\Uninstall.exe"
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1

\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{1F7CCFA3-D926

-4882-B2A5-A0217ED25597}\Setup.exe"
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-

410ECF7F70A5}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2

\unins000.exe"
PFConfig 1.0.119-->C:\Program Files\PFConfig\uninst.exe
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program

Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}

\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF

-BBDA-95205F4EA40A\Uninstall.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Proteus X LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{4475840A-BEB5

-4F64-808D-EA73D20ECA35}\SETUP.EXE" -l0x9 /remove
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE

-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
QQ Games-->C:\Program Files\Tencent\QQ Games\Uninstall.EXE
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7

\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-

1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-

258729456EE4}
RealPlayer-->C:\Program Files\Common

Files\Real\Update_OB\r1puninst.exe

RealNetworks|RealPlayer|6.0
ReBirth ModPacker-->C:\PROGRA~1\PROPEL~1\MODPAC~1\UNWISE.EXE

C:\PROGRA~1\PROPEL~1\MODPAC~1\INSTALL.LOG
ReBirth RB-338 2.0-->C:\PROGRA~1\PROPEL~1\REBIRT~1.0

\UNWISE.EXE C:\PROGRA~1\PROPEL~1\REBIRT~1.0\INSTALL.LOG
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-

EF57EF622F19}
rgc:audio sfz VSTi v1.96-->"C:\Program Files\Cakewalk\Shared

Plugins\Vstplugins\unins000.exe"
rgc:audio Triangle II-->"C:\Program Files\Cakewalk\Shared

Dxi\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-

AF66-C9A1EB4EBB31}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-

43C1AB36B907}
Sample Tank XL-->C:\PROGRA~1\Cakewalk\SHARED~1\VSTPLU~1

\IKMULT~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SHARED~1\VSTPLU~1

\IKMULT~1\sampletank.LOG
SampleTank 2 Free-->C:\PROGRA~1\SAMPLE~1\UNWISE.EXE

C:\PROGRA~1\SAMPLE~1\INSTALL.LOG
Security Update for Step By Step Interactive Training

(KB898458)-->"C:\WINDOWS\$NtUninstallKB898458

$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training

(KB923723)-->"C:\WINDOWS\$NtUninstallKB923723

$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)--

>"C:\windows\$NtUninstallKB952069_WM9

$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)--

>"C:\windows\$NtUninstallKB954154_WM11

$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)--

>"C:\windows\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)--

>"C:\windows\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)--

>"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)--

>"C:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)--

>"C:\windows\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)--

>"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)--

>"C:\windows\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)--

>"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)--

>"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)--

>"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)--

>"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)--

>"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)--

>"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)--

>"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)--

>"C:\windows\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)--

>"C:\windows\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)--

>"C:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)--

>"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)--

>"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)--

>"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)--

>"C:\windows\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)--

>"C:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)--

>"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)--

>"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)--

>"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)--

>"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)--

>"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)--

>"C:\windows\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)--

>"C:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)--

>"C:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)--

>"C:\windows\$NtUninstallKB960714$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-

16F8D1E69FB7}
Semagic (remove only)-->"C:\Program

Files\Semagic\uninstall.exe"
sfArk SoundFont Compression-->C:\WINDOWS\uninst.exe -

f"C:\Program Files\MelodyMachine\sfArk\DeIsL1.isu"
sfArkXTc-->C:\Program Files\sfArkXTc\uninstall.exe
SFPack-->C:\PROGRA~1\SFPACK\SFPACK.EXE /uninstall
Shareaza 2.4.0.0-->"C:\Program

Files\Shareaza\Uninstall\unins000.exe"
SightSpeed (remove only)-->C:\Program

Files\SightSpeed\uninst.exe
Slyder from Compaq (remove only)-->"C:\Program

Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F

-95F8-E34F8BD8AA4E\Uninstall.exe"
Sonic Foundry ACID-->C:\WINDOWS\SF97UNIN.EXE /A C:\PROGRA~1

\SONICF~1\SFACID.LOG
Sonic Foundry Sound Forge XP 4.5-->C:\PROGRA~1\SOUNDF~1

\UEX_FGXP.EXE Sound Forge XP
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-

AB8C-6BC740096DE3}
Sonik Synth 2 Free-->C:\PROGRA~1\SONIKS~1\UNWISE.EXE

C:\PROGRA~1\SONIKS~1\INSTALL.LOG
Sony ACID XPress 5.0a-->MsiExec.exe /X{12F4BE69-6614-41D3-

BB3B-DF7F921DF2BB}
Soulseek Client 152-->C:\WINDOWS\UnGins.exe "C:\Program

Files\Soulseek\install.log"
SoulSeek Client 156c-->"C:\Program

Files\Soulseek\uninstall.exe"
Sound Designers pack VST remove-->"C:\Program

Files\Cakewalk\Shared Plugins\Vstplugins\Sound Designers

VST\uninstall.exe"
SpamSubtract-->C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U

C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
SpeedBit Video Accelerator-->C:\PROGRA~1\SPEEDB~1\UNWISE.EXE

C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
Spy Sweeper-->"C:\Program Files\Webroot\Spy

Sweeper\unins000.exe"
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot -

Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot -

Search & Destroy\unins001.exe"
Steinberg HALion VSTi v1.11-->C:\PROGRA~1\Cakewalk\SHARED~1

\VSTPLU~1\STEINB~1.11\Log\UNWISE.EXE C:\PROGRA~1

\Cakewalk\SHARED~1\VSTPLU~1\STEINB~1.11\Log\INSTALL.LOG
Steinberg LM-4 MarkII-->C:\PROGRA~1\VSTPLU~1\LM-4MA~1

\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\LM-4MA~1\INSTALL.LOG
Steinberg Loudness Maximizer v1.20-->C:\Audio\STEINB~1

\Loudness\UNWISE.EXE C:\Audio\STEINB~1\Loudness\INSTALL.LOG
Steinberg Ultravoice v1.02-->C:\PROGRA~1\Cakewalk\SHARED~1

\VSTPLU~1\ULTRAV~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SHARED~1

\VSTPLU~1\ULTRAV~1\INSTALL.LOG
Steinberg Voice Designer v1.03-->C:\PROGRA~1

\Cakewalk\SHARED~1\VSTPLU~1\VSTPLU~1\VOICED~1\UNWISE.EXE

C:\PROGRA~1\Cakewalk\SHARED~1\VSTPLU~1\VSTPLU~1\VOICED~1

\INSTALL.LOG
Steinberg VoiceMachine v1.0-->C:\PROGRA~1\VSTPLU~1\STEINB~1

\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\STEINB~1\INSTALL.LOG
Style Enhancer Micro 2.0-->C:\WINDOWS\IsUninst.exe -

f"C:\Program Files\NTONYX\SEM20\SEM20.isu"
StyleXP (remove only)-->"C:\Program

Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-

2703-46BC-938B-BCC81A1EEAAA}
SymNet-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-

4E2851B18A6A}
Time Calculator v1.1 (Free)-->C:\Program Files\Time

Calculator v1.1\Uninstal.exe
tinySpell 1.3-->"C:\Program Files\tinySpell\unins000.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
UltraISO V7.55 ME-->"C:\Program Files\UltraISO\unins000.exe"
Uno-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1

\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{F8E28912-A7B8

-488C-B259-33F9014B9D09}\setup.exe" -l0x9
Update for Windows XP (KB951072-v2)--

>"C:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)--

>"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
VeloMaster Lite CW-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{9E34B40D-CFF3

-11D3-8302-00A024A89C17}\setup.exe"
Veo Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{099B096F-A916

-4ECE-8EF2-A6E5F7C4D113}\Setup.exe" -l0x9
Veo Digital Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{45AEEA61-04F8

-11D6-8B35-0080C8F5C4AA}\Setup.exe" -l0x9
VideoLAN VLC media player 0.8.2-->C:\Program

Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program

Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Sound Canvas DXi-->RunDll32 C:\PROGRA~1\COMMON~1

\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{4E10E7FC-36CD

-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
Visual Pinball-->MsiExec.exe /I{B36C4994-A563-4339-8754-

CCCE51314A4C}
WAD Mangle 2.0.0-->C:\DOOM_SE\WAD Mangle\uninst.exe
Waldorf Attack VSTi v1.0-->C:\PROGRA~1\Cakewalk\SHARED~1

\VSTPLU~1\VSTPLU~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SHARED~1

\VSTPLU~1\VSTPLU~1\INSTALL.LOG
WaveSurgeon (Evaluation) 2.8.1-->"C:\Program Files\Square

Circle Software\WaveSurgeon (Evaluation)\unins000.exe"
WhackEd2-->"C:\Program Files\Skulltag\WhackEd2\unins000.exe"
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1

\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1

\INSTALL.LOG
Windows Imaging Component--

>"C:\windows\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Beta (all programs)-->C:\Program Files\Windows

Live\Installer\wlarp.exe
Windows Live Beta (all programs)-->MsiExec.exe /I{5D4A033A-

A286-44BE-A0F0-B05FAC25D07F}
Windows Live Call-->MsiExec.exe /I{78AC782A-C708-4B21-A3A0-

ECD4A3284588}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-

B03D-35A14BB5939F}
Windows Live Photo Gallery Beta-->MsiExec.exe /X{F6D0986F-

D9A8-479B-A80F-61D53CDF65BA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-

171B-47B4-8CE7-50D7806360D7}
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-

6C93-427C-A3B9-AD92472FDCA0}
Windows Live Writer-->MsiExec.exe /X{AC5568AB-C3E3-490E-

BE40-50977C12288D}
Windows Media Format 11 runtime--

>"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows

Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media

Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11

$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885884--

>C:\windows\$NtUninstallKB885884$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wise-FTP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6

\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{F22C63FE-DBA4

-4FDA-9306-55AA627CE6C7}\Setup.exe" -l0x9
XioSynth Editor-->"C:\Program Files\Novation\XioSynth

Editor\unins000.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!

\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\windows\system32\regsvr32 /u

C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\windows\system32\regsvr32 /u /s

C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U

C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
You've Got Gmail!-->"C:\Program Files\YGG\unins000.exe"
ZDaemon (remove only)-->"C:\Program

Files\ZDaemon\uninstall.exe"
Zone Deluxe Games-->MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-

1DC1B21FBDFF}
ZoneAlarm Pro-->C:\Program Files\Zone

Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=dns&bd=presario&pf=desktop
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312

-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8

\avgssie.dll
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51

-7695ECA05670} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn\yt.dll
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL = http://srch-

qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://google.daemonsearch.com/intl/
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-

94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!

\Common\yiesrvc.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-

892F-0090271D4F88} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn\yt.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Bar = http://srch-qus10.hpwis.com/
O4 - HKCU\..\Run: [actdscsys] C:\windows\system32

\tmtmvqjq.exe
O4 - HKCU\..\Run: [brastk] C:\windows\system32\brastk.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus (disabled) (outdated)
AV: avast! antivirus 4.8.1296 [VPS 090214-0] (disabled)

System event log

Computer Name: CHRIS
Event Code: 7000
Message: The mrtRate service failed to start due to the

following error:
The system cannot find the file specified.


Record Number: 5
Source Name: Service Control Manager
Time Written: 20090203215247.000000-300
Event Type: error
User:

Computer Name: CHRIS
Event Code: 10
Message: This drive has not been shown to support digital

audio playback.

Record Number: 4
Source Name: redbook
Time Written: 20090203215222.000000-300
Event Type: information
User:

Computer Name: CHRIS
Event Code: 4
Message: Driver detected an internal error in its data

structures for .

Record Number: 3
Source Name: sptd
Time Written: 20090203215222.000000-300
Event Type: error
User:

Computer Name: CHRIS
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090203215202.000000-300
Event Type: information
User:

Computer Name: CHRIS
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2

Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090203215202.000000-300
Event Type: information
User:

Application event log

Computer Name: CHRIS
Event Code: 1025
Message: Product: Apple Software Update. The file C:\Program

Files\Apple Software Update\SoftwareUpdate.exe is being held

in use by the following process Name: SoftwareUpdate , Id

1444.

Record Number: 12658
Source Name: MsiInstaller
Time Written: 20081020165106.000000-240
Event Type: information
User: CHRIS\Owner

Computer Name: CHRIS
Event Code: 102
Message: msnmsgr (1368) \\.\C:\Documents and

Settings\Owner\Local Settings\Application

Data\Microsoft\Messenger\placebo766@hotmail.com\SharingMetad

ata\Working\database_E2B8_E27E_B8E2_5099\dfsr.db: The

database engine started a new instance (0).

Record Number: 12657
Source Name: ESENT
Time Written: 20081020131505.000000-240
Event Type: information
User:

Computer Name: CHRIS
Event Code: 100
Message: msnmsgr (1368) The database engine 5.01.2600.2180

started.

Record Number: 12656
Source Name: ESENT
Time Written: 20081020131505.000000-240
Event Type: information
User:

Computer Name: CHRIS
Event Code: 101
Message: msnmsgr (2628) The database engine stopped.

Record Number: 12655
Source Name: ESENT
Time Written: 20081020011552.000000-240
Event Type: information
User:

Computer Name: CHRIS
Event Code: 103
Message: msnmsgr (2628) \\.\C:\Documents and

Settings\Owner\Local Settings\Application

Data\Microsoft\Messenger\placebo766@hotmail.com\SharingMetad

ata\Working\database_E2B8_E27E_B8E2_5099\dfsr.db: The

database engine stopped the instance (0).

Record Number: 12654
Source Name: ESENT
Time Written: 20081020011552.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%

\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for

Windows\services;C:\Program

Files\QuickTime\QTSystem;C:\Program

Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9,

GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"Veo_532_PRODUCT_VER"=1.1.0.0
"Veo_532_INSTALL_DIR"=C:\Program Files\Veo Connect\Driver
"Veo_532_INF_PATH"=C:\WINDOWS\INF\oem78.inf
"Veo_532_PNF_PATH"=C:\WINDOWS\INF\oem78.pnf
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10

\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10

\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 14 February 2009 - 10:43 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-14 22:42:11
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEDA02576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEDA02432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEDA02910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEDA0200A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEDA0250C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEDA01F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEDA01FAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEDA0262C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEDA025EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEDA0276C]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x25 0xAE 0x4D 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x25 0xAE 0x4D 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x25 0xAE 0x4D 0xDA ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs wbsys.dll,avgrsstx.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{2E5A65BB-B055-C0DD-0118-09975F2EE086}\InprocServer32@ C:\Program Files\uqbjlwd\DscSysUtil.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{2E5A65BB-B055-C0DD-0118-09975F2EE086}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{53699353-0C4C-57EE-A7D0-099BF33A1E62}\InprocServer32@ C:\Program Files\kvldqtb\admutil.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{53699353-0C4C-57EE-A7D0-099BF33A1E62}\InprocServer32@ThreadingModel Apartment

---- EOF - GMER 1.0.14 ----

#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 20 February 2009 - 12:17 AM

Hi movinginslomo,



I notice there is sign of one P2P (Person to Person) File Sharing Program on your computer. Even if you are using a "safe" P2P program, it is only the program that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
You are well advised to remove it via Control Panel > Add/Remove Programs.

Azureus
BitTornado 0.3.7
Kazaa Lite K++ v2.4.3
Shareaza 2.4.0.0


I also notice you have AVG8 and Norton AntiVirus leftovers. Please go to Here and Here to download AVG Uninstaller and Norton Removal Tool to remove the leftovers.

After that, Please do the following:

Step1

I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system. Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent.

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546


Click Start > Settings > Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight (If found)

Viewpoint Media Player
WildTangent


and click on Change/Remove to remove it.


Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time. Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.Combofix log
2.New RIST log

Tell me how your pc is running now.


**Make sure you have unchecked "Word Wrap" in your text file. While posting the logs, please press Preview Post button to ensure the format is right, then press Add Reply. Thanks.

#6 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 20 February 2009 - 02:27 PM

combofix log

ComboFix 09-02-19.01 - Owner 2009-02-20 14:05:54.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.624 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090219-0] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 )))))))))))))))))))))))))))))))
.

2009-02-14 22:27 . 2009-02-14 22:27 250 --a------ c:\windows\gmer.ini
2009-02-14 22:14 . 2009-02-14 22:15 <DIR> d-------- C:\rsit
2009-02-08 13:56 . 2009-02-08 13:56 <DIR> d-------- c:\windows\ERUNT
2009-02-08 13:45 . 2009-02-09 07:57 <DIR> d-------- C:\SDFix
2009-02-06 17:17 . 2009-02-06 17:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-06 17:12 . 2009-02-06 17:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-06 17:00 . 2009-02-06 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-06 16:58 . 2009-02-06 16:59 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-06 16:58 . 2009-02-06 16:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-01-29 20:50 . 2009-01-29 20:50 <DIR> d-------- c:\program files\Alwil Software
2009-01-28 16:01 . 2009-01-28 16:01 52,592 --ah----- c:\windows\system32\mlfcache.dat
2009-01-25 21:40 . 2009-01-25 22:14 <DIR> d-------- C:\looperman
2009-01-24 00:05 . 2009-01-24 00:05 <DIR> d-------- c:\documents and settings\Owner\Application Data\Amazon
2009-01-23 23:56 . 2009-01-23 23:56 <DIR> d-------- c:\program files\Amazon
2009-01-20 16:02 . 2009-01-20 16:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\ImTOO Software Studio
2009-01-20 16:01 . 2009-01-20 16:01 <DIR> d-------- c:\program files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 19:00 --------- d-----w c:\program files\Trillian
2009-02-20 18:59 --------- d-----w c:\program files\Sonic Foundry ACID
2009-02-20 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-20 18:14 --------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-02-06 21:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-05 23:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-30 17:59 --------- d-----w c:\program files\Google
2009-01-28 00:42 --------- d-----w c:\program files\FinePixViewer
2009-01-20 03:37 --------- d-----w c:\documents and settings\Owner\Application Data\FUJIFILM
2009-01-20 02:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 02:13 --------- d-----w c:\documents and settings\Owner\Application Data\InstallShield
2009-01-16 20:29 --------- d-----w c:\program files\Soulseek
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-14 03:28 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-09 19:30 --------- d-----w c:\documents and settings\Owner\Application Data\Canon
2009-01-02 22:50 --------- d-----w c:\program files\MSN Messenger
2009-01-02 22:50 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-12 17:33 3,060,224 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2008-12-08 18:58 23,040 ----a-w c:\windows\Internet Logs\xDB57.tmp
2008-12-08 18:45 5,020,160 ----a-w c:\windows\Internet Logs\xDB56.tmp
2008-11-25 17:02 4,917,248 ----a-w c:\windows\Internet Logs\xDB54.tmp
2008-11-25 00:02 30,208 ----a-w c:\windows\Internet Logs\xDB55.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-10-08_11.43.13.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-28 07:52:53 74,752 ----a-w c:\windows\$hf_mig$\KB953155\SP2QFE\msw3prt.dll
+ 2008-08-28 07:52:53 104,960 ----a-w c:\windows\$hf_mig$\KB953155\SP2QFE\win32spl.dll
+ 2008-08-28 07:46:02 74,752 ----a-w c:\windows\$hf_mig$\KB953155\SP3GDR\msw3prt.dll
+ 2008-08-28 07:46:02 104,960 ----a-w c:\windows\$hf_mig$\KB953155\SP3GDR\win32spl.dll
+ 2008-08-28 07:30:20 74,752 ----a-w c:\windows\$hf_mig$\KB953155\SP3QFE\msw3prt.dll
+ 2008-08-28 07:30:20 104,960 ----a-w c:\windows\$hf_mig$\KB953155\SP3QFE\win32spl.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB953155\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB953155\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB953155\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB953155\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB953155\update\updspapi.dll
+ 2008-09-15 12:17:07 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-10-03 09:57:49 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP2QFE\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3GDR\strmdll.dll
+ 2008-10-03 09:49:31 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-09-04 16:32:52 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP2QFE\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3GDR\msxml3.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 18:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-08-20 05:33:19 1,024,000 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\browseui.dll
+ 2008-08-20 05:33:17 151,040 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\cdfview.dll
+ 2008-08-20 05:33:18 1,054,208 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\danim.dll
+ 2008-08-20 05:33:18 357,888 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\dxtmsft.dll
+ 2008-08-20 05:33:18 205,312 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\dxtrans.dll
+ 2008-08-20 05:33:18 55,808 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\extmgr.dll
+ 2008-08-19 09:38:57 18,432 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\iedw.exe
+ 2008-08-20 05:33:18 251,904 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\iepeers.dll
+ 2008-08-20 05:33:18 96,256 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\inseng.dll
+ 2008-08-20 05:33:19 16,384 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\jsproxy.dll
+ 2008-08-20 05:33:20 3,067,392 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
+ 2008-08-20 05:33:19 449,024 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mshtmled.dll
+ 2008-08-20 05:33:18 146,432 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\msrating.dll
+ 2008-08-20 05:33:18 532,480 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mstime.dll
+ 2008-08-20 05:33:18 39,424 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\pngfilt.dll
+ 2008-08-20 05:33:19 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\shdocvw.dll
+ 2008-08-20 05:33:19 474,112 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\shlwapi.dll
+ 2008-08-20 05:33:19 619,008 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\urlmon.dll
+ 2008-08-20 05:33:19 667,648 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
+ 2008-08-19 09:20:32 351,744 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\xpsp3res.dll
+ 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
+ 2008-08-20 05:30:51 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\shdocvw.dll
+ 2008-08-20 05:30:52 619,520 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\urlmon.dll
+ 2008-08-20 05:30:51 666,112 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
+ 2008-08-20 04:58:54 3,067,904 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
+ 2008-08-20 04:58:47 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
+ 2008-08-20 04:58:50 620,032 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\urlmon.dll
+ 2008-08-20 04:58:48 666,624 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956390\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956390\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956390\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956390\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956390\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlmp.exe
+ 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrpamp.exe
+ 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 19:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 20:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-08-28 10:35:33 333,056 ----a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-16 10:20:52 1,024,000 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\browseui.dll
+ 2008-10-16 10:20:42 151,040 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\cdfview.dll
+ 2008-10-16 10:20:45 1,054,208 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\danim.dll
+ 2008-10-16 10:20:45 357,888 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\dxtmsft.dll
+ 2008-10-16 10:20:45 205,312 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\dxtrans.dll
+ 2008-10-16 10:20:46 55,808 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\extmgr.dll
+ 2008-10-15 14:18:21 18,432 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\iedw.exe
+ 2008-10-16 10:20:46 251,904 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\iepeers.dll
+ 2008-10-16 10:20:46 96,256 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\inseng.dll
+ 2008-10-16 10:20:50 16,384 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\jsproxy.dll
+ 2008-10-16 10:20:56 3,067,392 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
+ 2008-10-16 10:20:50 449,024 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\mshtmled.dll
+ 2008-10-16 10:20:46 146,432 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\msrating.dll
+ 2008-10-16 10:20:46 532,480 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\mstime.dll
+ 2008-10-16 10:20:46 39,424 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\pngfilt.dll
+ 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\shdocvw.dll
+ 2008-10-16 10:20:51 474,112 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\shlwapi.dll
+ 2008-10-16 10:20:53 619,008 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\urlmon.dll
+ 2008-10-16 10:20:49 667,648 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
+ 2008-10-15 14:00:41 351,744 ----a-w c:\windows\$hf_mig$\KB958215\SP2QFE\xpsp3res.dll
+ 2008-10-16 01:00:11 3,067,904 ----a-w c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
+ 2008-10-16 01:00:10 1,499,136 ----a-w c:\windows\$hf_mig$\KB958215\SP3GDR\shdocvw.dll
+ 2008-10-16 01:00:11 619,520 ----a-w c:\windows\$hf_mig$\KB958215\SP3GDR\urlmon.dll
+ 2008-10-16 01:00:11 666,112 ----a-w c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
+ 2008-10-16 11:34:08 3,067,904 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
+ 2008-10-16 01:04:06 1,499,136 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\shdocvw.dll
+ 2008-10-16 01:04:06 620,032 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\urlmon.dll
+ 2008-10-16 01:04:06 667,136 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958215\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958215\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958215\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB958215\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958215\update\updspapi.dll
+ 2008-10-15 16:53:28 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2008-12-11 10:24:44 333,184 ----a-w c:\windows\$hf_mig$\KB958687\SP2QFE\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3GDR\srv.sys
+ 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
+ 2008-12-12 17:27:54 3,067,392 ----a-w c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
+ 2008-12-12 17:14:50 3,067,904 ----a-w c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB960714\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB960714\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB960714\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB960714\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB960714\update\updspapi.dll
+ 2005-01-28 17:44:28 96,768 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
+ 2007-07-27 14:41:48 231,288 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
+ 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
+ 2005-01-28 17:44:28 1,027,072 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
+ 2006-12-07 05:29:34 2,374,472 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
+ 2004-08-04 12:00:00 72,704 -c----w c:\windows\$NtUninstallKB953155$\msw3prt.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB953155$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB953155$\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 101,888 -c----w c:\windows\$NtUninstallKB953155$\win32spl.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 1,835,904 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 246,302 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
+ 2004-08-04 12:00:00 1,236,480 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 18:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
+ 2008-07-14 11:09:18 62,976 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
+ 2008-06-23 15:38:28 1,023,488 -c----w c:\windows\$NtUninstallKB956390$\browseui.dll
+ 2008-06-23 15:38:29 151,040 -c----w c:\windows\$NtUninstallKB956390$\cdfview.dll
+ 2008-06-23 15:38:30 1,054,208 -c----w c:\windows\$NtUninstallKB956390$\danim.dll
+ 2008-06-23 15:38:30 357,888 -c----w c:\windows\$NtUninstallKB956390$\dxtmsft.dll
+ 2008-06-23 15:38:30 205,312 -c----w c:\windows\$NtUninstallKB956390$\dxtrans.dll
+ 2008-06-23 15:38:30 55,808 -c----w c:\windows\$NtUninstallKB956390$\extmgr.dll
+ 2008-06-23 09:49:29 18,432 -c----w c:\windows\$NtUninstallKB956390$\iedw.exe
+ 2008-06-23 15:38:31 251,392 -c----w c:\windows\$NtUninstallKB956390$\iepeers.dll
+ 2008-06-23 15:38:31 96,256 -c----w c:\windows\$NtUninstallKB956390$\inseng.dll
+ 2008-06-23 15:38:31 16,384 -c----w c:\windows\$NtUninstallKB956390$\jsproxy.dll
+ 2008-06-23 15:38:33 3,059,712 -c----w c:\windows\$NtUninstallKB956390$\mshtml.dll
+ 2008-06-23 15:38:33 449,024 -c----w c:\windows\$NtUninstallKB956390$\mshtmled.dll
+ 2008-06-23 15:38:33 146,432 -c----w c:\windows\$NtUninstallKB956390$\msrating.dll
+ 2008-06-23 15:38:33 532,480 -c----w c:\windows\$NtUninstallKB956390$\mstime.dll
+ 2008-06-23 15:38:33 39,424 -c----w c:\windows\$NtUninstallKB956390$\pngfilt.dll
+ 2008-06-23 15:38:34 1,494,528 -c----w c:\windows\$NtUninstallKB956390$\shdocvw.dll
+ 2008-06-23 15:38:34 474,112 -c----w c:\windows\$NtUninstallKB956390$\shlwapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956390$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956390$\spuninst\updspapi.dll
+ 2008-06-23 15:38:34 615,936 -c----w c:\windows\$NtUninstallKB956390$\urlmon.dll
+ 2008-06-23 15:38:34 659,456 -c----w c:\windows\$NtUninstallKB956390$\wininet.dll
+ 2008-07-03 09:14:02 351,744 -c----w c:\windows\$NtUninstallKB956390$\xpsp3res.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 278,016 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 2,056,832 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2004-08-04 12:00:00 2,180,992 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 336,256 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2004-08-04 12:00:00 451,456 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2008-08-20 05:38:45 1,023,488 -c----w c:\windows\$NtUninstallKB958215$\browseui.dll
+ 2008-08-20 05:38:39 151,040 -c----w c:\windows\$NtUninstallKB958215$\cdfview.dll
+ 2008-08-20 05:38:40 1,054,208 -c----w c:\windows\$NtUninstallKB958215$\danim.dll
+ 2008-08-20 05:38:40 357,888 -c----w c:\windows\$NtUninstallKB958215$\dxtmsft.dll
+ 2008-08-20 05:38:40 205,312 -c----w c:\windows\$NtUninstallKB958215$\dxtrans.dll
+ 2008-08-20 05:38:40 55,808 -c----w c:\windows\$NtUninstallKB958215$\extmgr.dll
+ 2008-08-19 09:30:39 18,432 -c----w c:\windows\$NtUninstallKB958215$\iedw.exe
+ 2008-08-20 05:38:41 251,392 -c----w c:\windows\$NtUninstallKB958215$\iepeers.dll
+ 2008-08-20 05:38:41 96,256 -c----w c:\windows\$NtUninstallKB958215$\inseng.dll
+ 2008-08-20 05:38:44 16,384 -c----w c:\windows\$NtUninstallKB958215$\jsproxy.dll
+ 2008-08-20 05:38:47 3,060,224 -c----w c:\windows\$NtUninstallKB958215$\mshtml.dll
+ 2008-08-20 05:38:43 449,024 -c----w c:\windows\$NtUninstallKB958215$\mshtmled.dll
+ 2008-08-20 05:38:41 146,432 -c----w c:\windows\$NtUninstallKB958215$\msrating.dll
+ 2008-08-20 05:38:41 532,480 -c----w c:\windows\$NtUninstallKB958215$\mstime.dll
+ 2008-08-20 05:38:41 39,424 -c----w c:\windows\$NtUninstallKB958215$\pngfilt.dll
+ 2008-08-20 05:38:42 1,494,528 -c----w c:\windows\$NtUninstallKB958215$\shdocvw.dll
+ 2008-08-20 05:38:44 474,112 -c----w c:\windows\$NtUninstallKB958215$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958215$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB958215$\spuninst\updspapi.dll
+ 2008-08-20 05:38:45 615,936 -c----w c:\windows\$NtUninstallKB958215$\urlmon.dll
+ 2008-08-20 05:38:43 659,456 -c----w c:\windows\$NtUninstallKB958215$\wininet.dll
+ 2008-08-19 09:20:32 351,744 -c----w c:\windows\$NtUninstallKB958215$\xpsp3res.dll
+ 2004-08-04 12:00:00 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll
+ 2008-08-28 10:04:17 333,056 -c----w c:\windows\$NtUninstallKB958687$\srv.sys
+ 2008-10-16 10:37:05 3,059,712 -c----w c:\windows\$NtUninstallKB960714$\mshtml.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB960714$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB960714$\spuninst\updspapi.dll
+ 2007-08-16 09:16:39 65,536 ----a-w c:\windows\carrier\scrub2k.exe
- 2008-02-26 18:47:48 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2008-11-27 00:51:01 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2008-08-07 20:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-02-09 01:21:26 7,319,552 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-02-09 01:21:26 204,800 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-02-08 18:56:24 1,011,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-02-08 18:56:24 8,192 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-02-15 03:27:53 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 02:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2007-09-20 14:51:04 15,977 ----a-w c:\windows\hpwscr05.dat
+ 2007-07-05 03:42:19 1,132,120 ----a-w c:\windows\hpzmsi01.exe
+ 2007-07-05 03:42:23 1,275,480 ----a-w c:\windows\hpzshl01.exe
+ 2008-12-08 18:57:54 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-12-04 00:10:12 307,200 ----a-r c:\windows\Installer\{582D2A53-F426-4C5E-A2E6-43C1AB36B907}\SafariIco.exe
+ 2008-10-20 20:51:17 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-11-16 08:00:31 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-10-20 21:16:49 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2009-02-06 21:59:10 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-02-06 21:59:10 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1352\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1484\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1652\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1888\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1932\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2056\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2396\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2444\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2456\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2460\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2904\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2992\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3276\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3508\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3600\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3768\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3856\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3952\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW408\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW480\_PerfCounter.dll
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW680\_PerfCounter.dll
- 2000-08-31 12:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2008-11-12 05:41:00 249,856 ------w c:\windows\Setup1.exe
+ 2008-11-12 05:40:56 73,216 ----a-w c:\windows\ST6UNST.EXE
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
- 2008-06-23 15:38:28 1,023,488 ----a-w c:\windows\system32\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\system32\browseui.dll
- 2008-06-23 15:38:29 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-06-23 15:38:30 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2007-07-05 02:48:27 309,760 ----a-r c:\windows\system32\difxapi.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
- 2008-06-23 15:38:28 1,023,488 ----a-w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\system32\dllcache\browseui.dll
- 2008-06-23 15:38:29 151,040 ----a-w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ----a-w c:\windows\system32\dllcache\cdfview.dll
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
- 2008-06-23 15:38:30 1,054,208 ----a-w c:\windows\system32\dllcache\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\system32\dllcache\danim.dll
- 2008-06-23 15:38:30 357,888 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 15:38:30 205,312 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 15:38:30 55,808 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 10:37:02 55,808 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 278,016 ----a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-06-23 09:49:29 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-10-15 09:45:01 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
- 2008-06-23 15:38:31 251,392 ----a-w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-06-23 15:38:31 96,256 ----a-w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\dllcache\inseng.dll
- 2008-06-23 15:38:31 16,384 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 10:37:03 16,384 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2005-01-28 17:44:28 96,768 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 10:52:04 96,768 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 15:38:33 449,024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:37:03 449,024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 15:38:33 146,432 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 15:38:33 532,480 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 72,704 ----a-w c:\windows\system32\dllcache\msw3prt.dll
+ 2008-08-28 08:00:38 74,752 ----a-w c:\windows\system32\dllcache\msw3prt.dll
- 2004-08-04 12:00:00 1,236,480 ----a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
- 2004-08-04 12:00:00 332,288 ----a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 15:38:33 39,424 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2001-08-17 18:53:32 6,784 ----a-w c:\windows\system32\dllcache\serscan.sys
- 2008-06-23 15:38:34 1,494,528 ----a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 ----a-w c:\windows\system32\dllcache\shdocvw.dll
- 2008-06-23 15:38:34 474,112 ----a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 ----a-w c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00:00 246,302 ----a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-06-23 15:38:34 615,936 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 04:01:26 25,856 ----a-w c:\windows\system32\dllcache\usbprint.sys
- 2004-08-04 12:00:00 1,835,904 ----a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00:00 101,888 ----a-w c:\windows\system32\dllcache\win32spl.dll
+ 2008-08-28 08:00:38 104,448 ----a-w c:\windows\system32\dllcache\win32spl.dll
- 2008-06-23 15:38:34 659,456 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 10:37:03 659,456 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2005-01-28 17:44:28 1,027,072 ----a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 11:28:36 1,028,096 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-10 12:07:24 2,376,760 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
- 2006-02-28 17:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-08-29 14:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2006-02-28 17:41:22 53,248 ----a-w c:\windows\system32\dnssd.dll
+ 2008-08-29 13:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2006-09-19 20:44:04 15,664 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 17:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2009-02-15 03:27:53 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2004-08-04 12:00:00 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2001-08-17 18:53:32 6,784 ----a-w c:\windows\system32\drivers\serscan.sys
- 2004-08-04 12:00:00 336,256 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
+ 2004-08-04 04:01:26 25,856 ----a-w c:\windows\system32\drivers\usbprint.sys
+ 2008-04-17 17:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 17:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2007-07-05 02:48:27 309,760 -c--a-r c:\windows\system32\DRVSTORE\hpwscu01_CCBE06AEE7E53CE6F5DEB908CABFAB9568F9657B\drivers\dot4\Win2000\difxapi.dll
+ 2007-07-05 02:48:27 364,544 -c--a-r c:\windows\system32\DRVSTORE\hpwscu01_CCBE06AEE7E53CE6F5DEB908CABFAB9568F9657B\drivers\dot4\Win2000\hppldcoi.dll
+ 2007-07-05 02:49:17 294,912 -c--a-r c:\windows\system32\DRVSTORE\hpwscu01_CCBE06AEE7E53CE6F5DEB908CABFAB9568F9657B\drivers\scanner\x32\hpovst11.dll
+ 2007-07-05 02:49:16 892,928 -c--a-r c:\windows\system32\DRVSTORE\hpwscu01_CCBE06AEE7E53CE6F5DEB908CABFAB9568F9657B\drivers\scanner\x32\hpwtiop2.dll
+ 2007-07-05 02:49:17 229,376 -c--a-r c:\windows\system32\DRVSTORE\hpwscu01_CCBE06AEE7E53CE6F5DEB908CABFAB9568F9657B\drivers\scanner\x32\hpwtusd1.dll
+ 2007-07-05 02:49:16 675,840 -c--a-r c:\windows\system32\DRVSTORE\hpwscu01_CCBE06AEE7E53CE6F5DEB908CABFAB9568F9657B\drivers\scanner\x32\hpwwiax2.dll
+ 2007-07-05 02:48:28 49,920 -c--a-r c:\windows\system32\DRVSTORE\hpzid413_89101DC656B45EB5E7113D67E131C2D3F9C6850B\drivers\dot4\Win2000\HPZid412.sys
+ 2007-07-05 02:48:28 16,496 -c--a-r c:\windows\system32\DRVSTORE\hpzipr13_A275DE1AD61E15BE9C9FCF2FC1622FFC86901375\drivers\dot4\Win2000\HPZipr12.sys
+ 2007-07-05 02:48:27 309,760 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_FCCD55A0DA523395EFDC7223FE625915174BFE50\drivers\dot4\Win2000\difxapi.dll
+ 2007-07-05 02:48:27 364,544 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_FCCD55A0DA523395EFDC7223FE625915174BFE50\drivers\dot4\Win2000\hppldcoi.dll
+ 2007-07-05 02:48:28 49,920 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_FCCD55A0DA523395EFDC7223FE625915174BFE50\drivers\dot4\Win2000\hpzid412.sys
+ 2007-07-05 02:48:28 16,496 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_FCCD55A0DA523395EFDC7223FE625915174BFE50\drivers\dot4\Win2000\hpzipr12.sys
+ 2007-07-05 02:48:28 21,568 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_FCCD55A0DA523395EFDC7223FE625915174BFE50\drivers\dot4\Win2000\HPZius12.sys
+ 2007-07-05 02:48:26 16,800 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_FCCD55A0DA523395EFDC7223FE625915174BFE50\drivers\dot4\WinxP\Hppaufd0.sys
+ 2007-07-05 02:48:28 286,720 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_FCCD55A0DA523395EFDC7223FE625915174BFE50\HPZc3212.dll
+ 2008-10-01 17:01:28 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2008-06-23 15:38:30 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 15:38:30 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 15:38:30 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:37:02 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2004-07-25 02:28:04 155,648 ----a-w c:\windows\system32\FFRAFLIB.DLL
+ 2006-07-12 19:39:00 208,896 ----a-w c:\windows\system32\FFRafShellEx.dll
+ 2003-09-03 21:45:42 274,432 ----a-w c:\windows\system32\FFTIFF16.dll
- 2008-10-03 00:37:52 1,563,136 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-19 07:16:15 1,561,224 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00:00 278,016 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2006-10-03 23:47:52 109,360 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 17:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2005-08-26 01:19:49 258,122 ----a-r c:\windows\system32\hpovst09.dll
+ 2007-07-05 02:49:17 294,912 ----a-r c:\windows\system32\hpovst11.dll
+ 2007-07-05 02:48:27 364,544 ----a-r c:\windows\system32\hppldcoi.dll
+ 2005-12-23 18:11:02 102,400 ----a-w c:\windows\system32\HPTcpMib.dll
+ 2005-12-23 18:12:22 155,648 ----a-w c:\windows\system32\HPTcpMon.dll
+ 2005-12-23 18:14:44 233,472 ----a-w c:\windows\system32\HPTcpMUI.dll
+ 2006-04-02 07:41:03 835,072 ----a-r c:\windows\system32\hpwtiop1.dll
+ 2007-07-05 02:49:16 892,928 ----a-r c:\windows\system32\hpwtiop2.dll
+ 2006-06-27 07:58:01 876,544 ----a-r c:\windows\system32\hpwwiax1.dll
+ 2007-07-05 02:49:16 675,840 ----a-r c:\windows\system32\hpwwiax2.dll
+ 2006-07-03 16:54:22 38,400 ----a-w c:\windows\system32\hpz3l4sa.dll
+ 2007-08-18 02:29:36 118,272 ----a-w c:\windows\system32\hpz3l4x6.dll
+ 2006-03-20 00:48:35 286,720 ----a-r c:\windows\system32\HPZc3212.dll
- 2003-05-17 01:54:38 266,296 ----a-w c:\windows\system32\hpzidr12.dll
+ 2006-11-08 21:35:38 49,152 ----a-w c:\windows\system32\HPZidr12.dll
+ 2007-07-05 03:42:25 258,048 ----a-r c:\windows\system32\hpzids01.dll
+ 2006-11-08 21:35:36 43,520 ----a-w c:\windows\system32\HPZinw12.dll
+ 2006-11-08 21:35:38 53,248 ----a-w c:\windows\system32\HPZipm12.dll
- 2003-05-17 01:54:40 196,608 ----a-w c:\windows\system32\hpzipr12.dll
+ 2006-11-08 21:35:40 33,280 ----a-w c:\windows\system32\HPZipr12.dll
- 2003-05-17 01:54:42 94,208 ----a-w c:\windows\system32\hpzipt12.dll
+ 2006-11-08 21:35:40 29,696 ----a-w c:\windows\system32\hpzipt12.dll
- 2003-05-17 01:54:44 57,344 ----a-w c:\windows\system32\hpzisn12.dll
+ 2006-11-08 21:35:40 20,480 ----a-w c:\windows\system32\hpzisn12.dll
+ 2004-01-27 13:56:20 28,672 ----a-w c:\windows\system32\hpzjfw01.dll
- 2003-07-23 00:12:34 49,152 ----a-r c:\windows\system32\hpzjrd01.dll
+ 2006-01-26 20:06:52 139,264 ----a-w c:\windows\system32\hpzjrd01.dll
- 2008-06-23 15:38:31 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2008-06-23 15:38:31 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\inseng.dll
- 2008-06-23 15:38:31 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:37:03 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2005-01-28 17:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 10:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-11-07 04:37:22 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-08-05 15:11:02 15,888,504 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2008-06-23 15:38:33 3,059,712 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 15:38:33 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:37:03 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 15:38:33 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 15:38:33 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\mstime.dll
- 2004-08-04 12:00:00 72,704 ----a-w c:\windows\system32\msw3prt.dll
+ 2008-08-28 08:00:38 74,752 ----a-w c:\windows\system32\msw3prt.dll
- 2004-08-04 12:00:00 1,236,480 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 19:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2004-08-04 12:00:00 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2004-08-04 12:00:00 2,056,832 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 12:00:00 2,180,992 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 1999-01-11 18:59:54 265,216 ----a-w c:\windows\system32\NViewLib.dll
+ 1999-02-08 02:55:24 383,488 ----a-w c:\windows\system32\PaintX.dll
- 2008-10-03 00:19:16 63,856 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-07 04:35:48 63,856 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-03 00:19:16 403,840 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-07 04:35:48 403,840 ----a-w c:\windows\system32\perfh009.dat
- 2007-12-04 01:18:07 278,528 ------w c:\windows\system32\pncrt.dll
+ 2009-01-15 05:38:56 278,528 ----a-w c:\windows\system32\pncrt.dll
- 2008-06-23 15:38:33 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2007-12-04 01:18:52 185,688 ----a-w c:\windows\system32\rmoc3260.dll
+ 2009-01-15 05:39:00 181,736 ----a-w c:\windows\system32\rmoc3260.dll
- 2008-06-23 15:38:34 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
- 2008-06-23 15:38:34 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-07-04 05:13:04 320,927 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpaiofax.dll
+ 2005-12-12 11:20:45 1,662,976 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzuifax.dll
- 2004-08-04 07:56:46 264,704 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2004-08-04 17:26:48 264,704 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
- 2004-08-04 07:56:46 197,120 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2004-08-04 17:26:48 197,120 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
- 2004-08-04 07:56:34 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2004-08-04 17:26:36 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2007-03-07 20:16:54 2,856,960 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpbcfgre.dll
+ 2006-11-29 22:26:42 671,816 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpcdmc32.dll
+ 2006-08-22 07:32:24 314,880 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpfie4x6.dll
+ 2006-08-22 07:33:00 7,019,008 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpfig4x6.dll
+ 2006-08-22 07:34:12 106,496 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpfrs4x6.dll
+ 2007-08-18 01:42:36 977,920 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpz3c4x6.dll
+ 2007-08-18 02:29:28 1,737,728 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpz3r4x6.dll
+ 2007-08-18 02:28:04 437,248 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpzev4x6.dll
+ 2007-08-18 02:28:48 200,192 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpzpr4x6.dll
+ 2007-08-18 01:40:12 5,513,216 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpzst4x6.dll
+ 2007-08-18 02:28:00 3,217,920 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpzui4x6.dll
+ 2007-08-18 01:42:32 3,333,632 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\hpzur4x6.dll
+ 2004-08-04 17:26:48 264,704 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\UNIDRV.DLL
+ 2004-08-04 17:26:48 197,120 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\UNIDRVUI.DLL
+ 2004-08-04 17:26:36 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\officejet_pro_l7600_hpslp_ip_print\UNIRES.DLL
+ 2006-07-03 16:54:12 91,648 ----a-w c:\windows\system32\spool\prtprocs\w32x86\hpzpp4sa.dll
+ 2007-08-18 02:27:36 273,920 ----a-w c:\windows\system32\spool\prtprocs\w32x86\hpzpp4x6.dll
- 2004-08-04 12:00:00 246,302 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-06-23 15:38:34 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\urlmon.dll
- 2004-08-04 12:00:00 1,835,904 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
- 2004-08-04 12:00:00 101,888 ----a-w c:\windows\system32\win32spl.dll
+ 2008-08-28 08:00:38 104,448 ----a-w c:\windows\system32\win32spl.dll
- 2008-06-23 15:38:34 659,456 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 10:37:03 659,456 ----a-w c:\windows\system32\wininet.dll
- 2005-01-28 17:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 11:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 12:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
- 2008-07-03 09:14:02 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-10-15 14:00:41 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2009-02-09 16:16:06 16,384 ----atw c:\windows\temp\Perflib_Perfdata_504.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\MIKEY\EPSON Stylus CX5800F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Auto EPSON Stylus CX5800F Series on DELL"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-30 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-30 110592]
DVD@ccess.lnk - c:\program files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-12-25 888832]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-01-19 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= evolusbn.dll
"midi3"= evolusbn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iPodder.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iPodder.lnk
backup=c:\windows\pss\iPodder.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=c:\windows\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
--a------ 2003-10-10 03:27 257024 c:\program files\HistoryKill\histkill.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 19:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
--a------ 2008-07-18 12:48 4770616 c:\program files\SightSpeed\SightSpeed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 2008-11-06 22:55 2705008 c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 17:41 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-03 20:17 185632 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 08:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VideoAcceleratorService"=2 (0x2)
"UnoInstallerService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\DOSBox-0.61\\dosbox.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\ZDaemon\\zlauncher.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skulltag\\IdeSE.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3500:TCP"= 3500:TCP:k-lite
"10001:TCP"= 10001:TCP:BT
"10000:TCP"= 10000:TCP:BT
"10002:UDP"= 10002:UDP:BT
"10003:TCP"= 10003:TCP:BT
"10004:UDP"= 10004:UDP:BT
"10005:TCP"= 10005:TCP:BT
"10006:TCP"= 10006:TCP:BT
"10007:TCP"= 10007:TCP:BT
"10008:TCP"= 10008:TCP:BT
"10009:UDP"= 10009:UDP:BT
"10010:TCP"= 10010:TCP:BT
"3689:TCP"= 3689:TCP:itunes

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-29 111184]
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [2005-01-20 53412]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-29 20560]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2007-12-25 29156]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [2008-11-06 35584]
R3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2004-06-30 95232]
S2 mrtRate;mrtRate; [x]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [2004-06-30 78720]
S3 emuumidi;E-MU USB-MIDI Driver;c:\windows\system32\drivers\emuumidi.sys [2007-03-14 36736]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [2005-10-06 21984]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-06 38496]
S3 NvnUsbAudio;NvnUsbAudio;c:\windows\system32\drivers\nvnusbaudio.sys [2007-12-25 22784]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;c:\windows\system32\PCAND5BK.SYS [2004-06-27 15104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 UnoInstallerService;Uno Installer;c:\program files\M-Audio Uno\UnoInst.exe [2005-10-06 106496]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - StyleXPHelper

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-AVG7_EMC - c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-STYLEXP - c:\program files\TGTSoft\StyleXP\StyleXP.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;localhost
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Semagic - c:\program files\Semagic\link.htm
Trusted Zone: vintagesynth.com\www
TCP: {C421E6F0-1846-4054-9A64-6E3ED475A516} = 192.168.2.1,192.160.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ucsxmdym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=
FF - prefs.js: network.proxy.ftp - 67.15.56.52
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 67.15.56.52
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 67.15.56.52
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 67.15.56.52
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 67.15.56.52
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 14:10:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1860137305-4189371457-3005294613-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2E5A65BB-B055-C0DD-0118-09975F2EE086}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\uqbjlwd\\DscSysUtil.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53699353-0C4C-57EE-A7D0-099BF33A1E62}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\kvldqtb\\admutil.dll"
"ThreadingModel"="Apartment"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
.
Completion time: 2009-02-20 14:16:22
ComboFix-quarantined-files.txt 2009-02-20 19:15:04
ComboFix2.txt 2008-10-13 00:17:41
ComboFix3.txt 2008-10-12 23:40:56
ComboFix4.txt 2008-10-12 15:26:33
ComboFix5.txt 2009-02-20 19:05:05

Pre-Run: 69,915,316,224 bytes free
Post-Run: 69,920,129,024 bytes free

1127 --- E O F --- 2009-02-15 08:07:46

RSIT log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-02-20 14:23:35
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 67 GB (35%) free of 191 GB
Total RAM: 1015 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:38 PM, on 2/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\windows\ALCXMNTR.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [\MIKEY\EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P35 "\\MIKEY\EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5800F Series on DELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P40 "Auto EPSON Stylus CX5800F Series on DELL" /O34 "\\DELL\EPSON Stylus CX5800F Series" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://redirect.hp.com/presario/hp.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144111007406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144110986312
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E6F0-1846-4054-9A64-6E3ED475A516}: NameServer = 192.168.2.1,192.160.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9963 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll []
{A057A204-BACC-4D26-9990-79A187E2698E}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"\MIKEY\EPSON Stylus CX5800F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE [2005-05-10 98304]
"UpdReg"=C:\windows\UpdReg.EXE [2000-05-11 90112]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-08-20 118784]
"AlcxMonitor"=C:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Auto EPSON Stylus CX5800F Series on DELL"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE [2005-05-10 98304]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
C:\Program Files\HistoryKill\histkill.exe [2003-10-10 257024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
C:\Program Files\SightSpeed\SightSpeed.exe [2008-07-18 4770616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [2008-11-06 2705008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-03 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE [2004-01-26 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iPodder.lnk]
C:\PROGRA~1\iPodder\iPodder.exe [2005-06-20 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe [2003-07-07 557056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"VideoAcceleratorService"=2
"UnoInstallerService"=2
"SAVScan"=3
"navapsvc"=2
"ccSetMgr"=2
"ccPwdSvc"=3
"ccEvtMgr"=2
"Bonjour Service"=2
"avg8wd"=2
"avg8emc"=2
"Apple Mobile Device"=2
"aawservice"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"_NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe"="C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\DOSBox-0.61\dosbox.exe"="C:\Program Files\DOSBox-0.61\dosbox.exe:*:Enabled:dosbox"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\ZDaemon\zlauncher.exe"="C:\Program Files\ZDaemon\zlauncher.exe:*:Enabled:ZDaemon Browser"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Skulltag\IdeSE.exe"="C:\Program Files\Skulltag\IdeSE.exe:*:Enabled:IdeSE"
"C:\Program Files\Skulltag\skulltag.exe"="C:\Program Files\Skulltag\skulltag.exe:*:Enabled:Skulltag"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-02-20 14:16:28 ----A---- C:\ComboFix.txt
2009-02-20 14:04:54 ----D---- C:\ComboFix
2009-02-15 03:01:01 ----HDC---- C:\windows\$NtUninstallKB960715$
2009-02-14 22:27:54 ----A---- C:\windows\gmer.ini
2009-02-14 22:27:53 ----A---- C:\windows\gmer_uninstall.cmd
2009-02-14 22:27:53 ----A---- C:\windows\gmer.exe
2009-02-14 22:27:53 ----A---- C:\windows\gmer.dll
2009-02-14 22:14:58 ----D---- C:\rsit
2009-02-08 14:52:34 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2009-02-08 13:56:06 ----D---- C:\windows\ERUNT
2009-02-08 13:45:14 ----D---- C:\SDFix
2009-02-07 17:36:41 ----A---- C:\newlog.txt
2009-02-06 17:00:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-06 16:58:55 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-06 16:58:54 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2009-01-29 20:50:36 ----A---- C:\windows\system32\aswBoot.exe
2009-01-29 20:50:32 ----D---- C:\Program Files\Alwil Software
2009-01-25 21:40:15 ----D---- C:\looperman
2009-01-24 00:05:20 ----D---- C:\Documents and Settings\Owner\Application Data\Amazon
2009-01-23 23:56:39 ----D---- C:\Program Files\Amazon

======List of files/folders modified in the last 1 months======

2009-02-20 14:16:38 ----D---- C:\windows\system32
2009-02-20 14:16:38 ----D---- C:\QooBox
2009-02-20 14:16:32 ----D---- C:\WINDOWS
2009-02-20 14:16:29 ----D---- C:\windows\temp
2009-02-20 14:11:02 ----A---- C:\windows\system.ini
2009-02-20 14:08:33 ----D---- C:\windows\system32\drivers
2009-02-20 14:08:33 ----D---- C:\windows\AppPatch
2009-02-20 14:08:21 ----D---- C:\Program Files\Common Files
2009-02-20 14:05:48 ----D---- C:\windows\system32\CatRoot2
2009-02-20 14:05:25 ----A---- C:\windows\SchedLgU.Txt
2009-02-20 14:00:51 ----D---- C:\Program Files\Trillian
2009-02-20 13:59:46 ----D---- C:\Program Files\Sonic Foundry ACID
2009-02-20 13:58:53 ----RD---- C:\Program Files
2009-02-20 13:53:06 ----D---- C:\windows\system32\CatRoot_bak
2009-02-20 13:53:06 ----D---- C:\windows\system32\CatRoot
2009-02-20 13:53:02 ----HD---- C:\windows\inf
2009-02-20 13:52:18 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-02-20 13:42:05 ----A---- C:\windows\ModemLog_Agere Systems PCI Soft Modem.txt
2009-02-20 13:26:23 ----SD---- C:\windows\Tasks
2009-02-20 13:20:54 ----D---- C:\windows\Prefetch
2009-02-20 13:14:38 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2009-02-20 01:29:47 ----A---- C:\windows\NeroDigital.ini
2009-02-17 23:53:39 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-02-17 23:53:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-17 22:48:23 ----D---- C:\CHRIS
2009-02-15 03:00:30 ----HD---- C:\windows\$hf_mig$
2009-02-13 00:17:05 ----D---- C:\windows\Debug
2009-02-11 23:56:17 ----A---- C:\windows\system32\MRT.exe
2009-02-09 13:48:41 ----D---- C:\windows\system32\FxsTmp
2009-02-09 07:47:23 ----A---- C:\windows\ntbtlog.txt
2009-02-07 08:17:46 ----D---- C:\Program Files\Mozilla Firefox
2009-02-06 16:59:14 ----SHD---- C:\windows\Installer
2009-02-06 16:59:10 ----HD---- C:\Config.Msi
2009-02-06 16:55:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-05 18:02:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-03 13:30:10 ----D---- C:\BTtracks
2009-01-30 12:59:43 ----D---- C:\Program Files\Google
2009-01-29 21:10:27 ----D---- C:\windows\system32\config
2009-01-28 17:56:38 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-01-27 19:42:50 ----D---- C:\Program Files\FinePixViewer
2009-01-23 02:11:12 ----D---- C:\windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AFS2K;AFS2k; C:\windows\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 GearAspiSys;GearAspiSys; C:\windows\System32\drivers\gearaspisys.sys [2002-06-24 53412]
R1 intelppm;Intel Processor Driver; C:\windows\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 SiSkp;SiSkp; C:\windows\System32\DRIVERS\srvkp.sys [2003-12-05 11392]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 DVDAccss;DVDAccss; C:\windows\system32\drivers\DVDAccss.sys [2003-11-21 29156]
R2 sbbotdi;sbbotdi; \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\System32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 DCamUSBVeo532;Veo Web Camera; C:\windows\System32\Drivers\ubVeo532.sys [2002-07-01 95232]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\windows\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 MxlW2k;MxlW2k; C:\windows\system32\drivers\MxlW2k.sys [2004-01-26 28256]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2003-04-28 9856]
R3 Ps2;PS2; C:\windows\System32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\windows\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 AmdK7;AMD K7 Processor Driver; C:\windows\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
S2 mrtRate;mrtRate; C:\windows\system32\drivers\mrtRate.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\windows\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\windows\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\windows\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2); C:\windows\System32\DRIVERS\BEL6001P.sys [2002-11-06 78720]
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 emuumidi;E-MU USB-MIDI Driver; C:\windows\system32\drivers\emuumidi.sys [2005-04-26 36736]
S3 EVOLUSB;%EVOL_USB_SvcDesc%; C:\windows\system32\drivers\evolusb.sys [2004-10-20 21984]
S3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 NvnUsbAudio;NvnUsbAudio; C:\windows\system32\drivers\nvnusbaudio.sys [2006-12-22 22784]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\pcand5bk.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SiS315;SiS315; C:\windows\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 viagfx;viagfx; C:\windows\System32\DRIVERS\vtmini.sys [2003-10-17 117760]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2004-08-04 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2004-08-04 14336]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-08-08 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\windows\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-16 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-04 14336]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-05 611664]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 UnoInstallerService;Uno Installer; C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 106496]
S4 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-11-06 292472]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

My Computer is functioning now! I would like to create a system restore point, but I've had issues doing it before.

Edited by movinginslomo, 20 February 2009 - 03:05 PM.


#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 20 February 2009 - 10:55 PM

Hi movinginslomo,

My Computer is functioning now! I would like to create a system restore point, but I've had issues doing it before.


That sounds good. :thumbup2: We will purge system restore point in our final stage. Until then, You will get new one. For more info, you can go to Here for your reference.


Step1


Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Reboot your pc.

You should show all files and use Windows Explorer to navigate to the following filepath to delete this file:

c:\windows\system32\mlfcache.dat


Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • Java 2 Runtime Environment, SE v1.4.2_03
      J2SE Runtime Environment 5.0 Update 6
      J2SE Runtime Environment 5.0 Update 10
      J2SE Runtime Environment 5.0 Update 4
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.

Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.KAS Scan Report
2.Fresh HJT log

Tell me how your pc is behaving now.

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 22 February 2009 - 11:27 PM

Hi movinginslomo,


How things went? Still with us? :thumbup2:

#9 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 23 February 2009 - 11:39 AM

Yea life is busy.. My computer is running fairly normal, no major issues. I wasn't able to get kapersky to scan with firefox, it would sit idle at 0%. howeer here's a fresh HJT as requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:51 PM, on 2/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\windows\system32\wuauclt.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [\MIKEY\EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P35 "\\MIKEY\EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5800F Series on DELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P40 "Auto EPSON Stylus CX5800F Series on DELL" /O34 "\\DELL\EPSON Stylus CX5800F Series" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5800F Series on MIKEY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P41 "Auto EPSON Stylus CX5800F Series on MIKEY" /O16 "\\MIKEY\Printer3" /M "Stylus CX5800F"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://redirect.hp.com/presario/hp.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144111007406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144110986312
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E6F0-1846-4054-9A64-6E3ED475A516}: NameServer = 192.168.2.1,192.160.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9690 bytes

Edited by movinginslomo, 23 February 2009 - 11:41 AM.


#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 23 February 2009 - 12:18 PM

Hi movinginslomo,

Please try F-Secure online scanner instead. Thanks.
  • Please run the F-Secure Online Scanner
  • Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#11 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 24 February 2009 - 03:07 PM

Scanning Report
Tuesday, February 24, 2009 12:12:33 - 14:37:54

Computer name: CHRIS
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 58 malware found
Client-IRC.Win32.mIRC (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

Trojan-Downloader.JS.Agent.cnn (virus)

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[12].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[13].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[15].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[2].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[3].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[4].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[5].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[7].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\AC[9].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\MYCOUPONS[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\PGP@BOTTOM[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\PGP@TOPRIGHT[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OT2Z0TUF\SHOWS[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[10].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[2].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[3].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[4].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[5].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[6].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[8].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\AC[9].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\JUMP1[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EF1OHRCR\MEDIALIST[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\AC[11].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\AC[12].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\AC[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\AC[2].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\AC[3].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\AC[4].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\AC[5].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\AC[9].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\CACXYZS5.HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\CAOXI7SL.HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\GETPAGEINFO[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D0OLLMZF\MEVIO[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[15].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[16].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[17].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[18].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[2].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[3].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[4].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[5].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[6].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\AC[8].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\DUGOSEARCH[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\EVTV1_ADS[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\HOMEPAGE@X01[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\JUMP1[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\LISTINGS[1].HTM (Renamed & Submitted)
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\A7SPOW54\YPWCREDIR[1].HTM (Renamed & Submitted)

W32/Packed_FSG.D (virus)

* C:\PROGRAM FILES\TRILLIAN\TRILLIAN PRO 3.1 PATCH.EXE (Submitted)

W32/Packed_Mew.C (virus)

* C:\DOOM_SE\ZDL.EXE (Submitted)

Statistics
Scanned:

* Files: 58716
* System: 5357
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 54
* Deleted: 0
* None: 4
* Submitted: 56

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ETILQS_ROGOBRLCG1495HYAZ2YH

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.6.8511, 2009-02-24
* F-Secure AVP: 7.0.171, 2009-02-24
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 25 February 2009 - 07:23 PM

Hi movinginslomo,


All the suspicious files in F-Secure online scan were renamed and submitted. It seemed that it helps to clean some leftovers though.

Now you are all clean. :thumbup2: Any issue left? If not, Let's do some tidy up.

Step1

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2

Click Start>Run>Type or Copy/paste the following command in the run box, then hit Enter to uninstall gmer.

%systemroot%\gmer_uninstall.cmd

Step3
  • Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Remember to delete DDS, and RSIT including the folder in C:\rsit and all the logs we have been used.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update your Your Adobe Acrobat Reader

    Old versions may render vulnerabilities that malware can use to infect your system. Please download Adobe Reader 9 to your desktop.
    Uninstall the old Adobe Reader from Start > Control Panel > Add/Remove Programs. Install the new one.

  • Update SP3

    Microsoft has released the latest upgrades to the XP OS platform, which can be referenced HERE. It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems. Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system. I recommend that you visit the link above and apply the SP3 patch.


  • Keep your system updated

    Visit Microsoft's Windows Update Site Frequently.

  • Make your Internet Explorer more secure


    For Internet Explorer 6
    • Open Internet Explorer. Click on Tools > Options.
    • Click on the Security tab.
    • Click on the Internet icon.
    • Click on the Custom Level button.
    • Under Download signed ActiveX controls, select Prompt.
    • Under Download unsigned ActiveX controls, select Disable.
    • Under Initialize and script ActiveX controls not marked as safe, select Disable.
    • Under Installation of desktop items, select Prompt.
    • Under Launching programs and files in an IFRAME, select Prompt.
    • Under Navigate sub-frames across different domains, select Prompt.
    • Under Allow paste operations via script, select Disable.
    • Click OK to apply these settings.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Press OK to exit the Internet Properties page.
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:10 PM

Posted 26 February 2009 - 09:02 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users