Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Found: C:/windows/system32/cmcfg3.dll and Trojan horse downloader delf.12.an


  • This topic is locked This topic is locked
17 replies to this topic

#1 mhoji

mhoji

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 19 May 2009 - 04:02 AM

Hello

I am in dire need of technical help. My system performance has been very slow.
My virtual memory is always low and the AVG detects the viruses namely
C:/windows/system23/cmcfg3.dll and Trojan Horse Downloader Delf.12.AN but
cannot heal or remove them. I am getting virus detected pop ups whenever I
launch the Internet Explorer. The following process names are infected:
1. C:/Windows/Explorer.exe
2. C:/Program Files/Internet Explorer/Iexplorer.exe

It takes a long time to boot up my system. Everytime it boots up, the time and date
resets to 10 AM 09/05/2020. I believe that there are a lot of applications that are
automatically loaded but I rarely need. Most of the time, I will be getting a message
of low virtual memory and sometimes out of memory. And during shut down, it takes
half an hour or more to complete it.

I am attaching the HJT log of my personal laptop that I ran last 05/15/09. If you need
me to run it again or use the DSS program then kindly inform me. Thank you in advance.

Regards

mhoji

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 PM

Posted 25 May 2009 - 10:27 AM

Hello and welcome to the BleepingComputer.com! :thumbup2:

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.


Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please post back and let me know if you're still experiencing problems and post the logs from RSIT:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 mhoji

mhoji
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 26 May 2009 - 07:41 PM

Hello _temp_

I really appreciate your response. FYI, have already enabled the Immediate E-Mail notification option during my initial email. Rest assured I will be following your instructions. I will be responding to you by tomorrow since I am having a hard time using the Internet with the infected unit. I am only able to connect using the computer at my office.

Regards

mhoji

#4 mhoji

mhoji
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 27 May 2009 - 08:46 AM

Hello _temp_

I ws able to successfully run the RSIT and us the infected computer to send this email.
Here is the log.txt contents:

Logfile of random's system information tool 1.06 (written by random/random)
Run by maricar at 2009-05-27 21:33:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (49%) free of 33 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:02 PM, on 5/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\maricar\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\maricar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dlsu.edu.ph:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {F3B27A36-9875-4154-BD53-5A5513C7EB6A} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\maricar\LOCALS~1\Temp\200661821058_mcinfo.exe /insfin
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1599272856625
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12178 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DB5SSN91-maricar).job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{38A85DA2-8529-46D6-82B0-AAB83720F328}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [2009-01-16 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2020-09-05 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2020-09-05 2223872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\GoogleAFE\GoogleAE.dll [2006-01-26 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3B27A36-9875-4154-BD53-5A5513C7EB6A}]
C:\WINDOWS\system32\cmcfg3.dll [2008-03-06 98048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ACB1E670-3217-45C4-A021-6B829A8A27CB}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2020-09-05 2223872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-06 344064]
"Dell Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-11 81920]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"msci"=C:\DOCUME~1\maricar\LOCALS~1\Temp\200661821058_mcinfo.exe /insfin []
"LWBMOUSE"=C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE [2001-11-20 356352]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-02 196608]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2020-09-05 1947928]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
".NET."=C:\WINDOWS\system32\msnmgnr.exe [2008-07-13 436736]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-03-15 26112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-13 1121792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-28 342848]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]
"Steam"=C:\Valve\Steam\Steam.exe -silent []
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2020-09-05 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\softnyx\GunboundWC\GunBound.gme"="C:\Program Files\softnyx\GunboundWC\GunBound.gme:*:Disabled:GunBound"
"C:\Valve\Steam\Steam.exe"="C:\Valve\Steam\Steam.exe:*:Disabled:Steam"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Disabled:speed"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Disabled:Garena"
"C:\Program Files\softnyx\RakionIS\Bin\rakion.bin"="C:\Program Files\softnyx\RakionIS\Bin\rakion.bin:*:Disabled:rakion"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Disabled:Warcraft III"
"C:\Program Files\Warcraft DOTA\Warcraft III.exe"="C:\Program Files\Warcraft DOTA\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\Program1\GrandChase\Grand Chase PH\main.exe"="C:\Program1\GrandChase\Grand Chase PH\main.exe:*:Enabled:GrandChase"
"F:\Program1\GrandChase\Grand Chase PH\main.exe"="F:\Program1\GrandChase\Grand Chase PH\main.exe:*:Enabled:GrandChase"
"F:\Garena\Garena.exe"="F:\Garena\Garena.exe:*:Enabled:Garena"
"F:\GrandChase\Grand Chase PH\main.exe"="F:\GrandChase\Grand Chase PH\main.exe:*:Enabled:GrandChase"
"F:\Full left4dead Full game 1013 patch madwiggyNLD\Left 4 Dead\left4dead.exe"="F:\Full left4dead Full game 1013 patch madwiggyNLD\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6696c166-f535-11dc-8f19-001422f18856}]
shell\AutoRun\command - bar311.exe %1
shell\Explore\command - bar311.exe %1
shell\Open\command - bar311.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6999d250-35eb-11de-8e23-001422f18856}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b11103a-4c83-11dd-8ff9-001422f18856}]
shell\AutoRun\command - F:\
shell\explore\command - WScript.exe .\test.vbs
shell\open\command - WScript.exe .\test.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd91aeb0-cc31-11dd-90fa-001422f18856}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c33fa78c-76e2-11dc-8dfc-001422f18856}]
shell\AutoRun\command - F:\scvshosts.exe
shell\Open\command - F:\scvshosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c33fa78d-76e2-11dc-8dfc-001422f18856}]
shell\0pen\command - F:\krag.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7c352d5-9d74-11dc-8e5b-001422f18856}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe


======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 1 months======

2020-09-05 11:27:27 ----SD---- C:\Microsoft
2020-09-05 11:09:55 ----D---- C:\Program Files\Windows Defender
2020-09-05 11:02:45 ----D---- C:\Program Files\Apple Software Update
2020-09-05 11:01:31 ----D---- C:\Documents and Settings\maricar\Application Data\WildTangent
2020-09-05 11:01:10 ----D---- C:\Program Files\WildGames
2020-09-05 11:00:48 ----D---- C:\WINDOWS\wt
2020-09-05 11:00:44 ----D---- C:\Program Files\Softronics
2020-09-05 11:00:43 ----D---- C:\Program Files\Learn2.com
2020-09-05 10:59:13 ----D---- C:\Program Files\QuickTime
2020-09-05 10:21:30 ----D---- C:\Program Files\Trend Micro
2020-09-05 10:15:20 ----D---- C:\Downloads
2020-09-05 10:01:01 ----RASH---- C:\WINDOWS\system32\msnmgnr.exe
2009-05-27 21:33:08 ----D---- C:\rsit
2009-05-27 21:27:39 ----D---- C:\WINDOWS\system32\Dell
2009-05-27 21:27:34 ----D---- C:\WINDOWS\LastGood
2009-05-21 00:38:43 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-05-21 00:38:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-05-08 01:40:13 ----SHD---- C:\Config.Msi
2009-05-05 00:30:41 ----D---- C:\WINDOWS\ie8updates
2009-05-05 00:26:10 ----HDC---- C:\WINDOWS\ie8
2009-05-02 22:31:53 ----D---- C:\Program Files\Common Files\Symantec Shared

======List of files/folders modified in the last 1 months======

2020-09-05 11:10:06 ----D---- C:\WINDOWS\WinSxS
2020-09-05 11:09:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2020-09-05 11:05:52 ----D---- C:\WINDOWS\system32\config
2020-09-05 11:05:17 ----D---- C:\WINDOWS\system32\wbem
2020-09-05 11:03:33 ----SHD---- C:\WINDOWS\CSC
2020-09-05 11:03:15 ----SHD---- C:\WINDOWS\Installer
2020-09-05 11:02:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2020-09-05 11:02:37 ----D---- C:\Program Files\Neffy
2020-09-05 11:02:35 ----D---- C:\Program Files\NetWaiting
2020-09-05 11:00:49 ----D---- C:\Program Files\WildTangent
2020-09-05 11:00:43 ----D---- C:\WINDOWS\occache
2020-09-05 11:00:36 ----D---- C:\Program Files\DivX
2020-09-05 10:54:43 ----D---- C:\WINDOWS\Temp
2020-09-05 10:46:32 ----D---- C:\WINDOWS\system32\Restore
2020-09-05 10:44:06 ----D---- C:\Program Files\BitComet
2020-09-05 10:29:10 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2020-09-05 10:26:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2020-09-05 10:21:57 ----D---- C:\Program Files
2020-09-05 10:20:47 ----D---- C:\WINDOWS\system32\FxsTmp
2020-09-05 10:20:30 ----D---- C:\WINDOWS\system32\Adobe
2020-09-05 10:17:29 ----HD---- C:\$AVG8.VAULT$
2020-09-05 10:12:03 ----D---- C:\Program Files\Comprehensive Review 3e
2020-09-05 10:11:55 ----RASH---- C:\boot.ini
2020-09-05 10:11:55 ----A---- C:\WINDOWS\win.ini
2020-09-05 10:11:55 ----A---- C:\WINDOWS\system.ini
2020-09-05 10:11:54 ----D---- C:\WINDOWS\pss
2020-09-05 10:07:45 ----D---- C:\WINDOWS\system32\drivers
2020-09-05 10:04:17 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2020-09-05 10:03:26 ----D---- C:\WINDOWS\Registration
2020-09-05 10:03:20 ----D---- C:\WINDOWS\system32\inetsrv
2020-09-05 10:02:53 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2020-09-05 10:02:41 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2020-09-05 10:01:09 ----D---- C:\Program Files\DNA
2020-09-05 10:01:02 ----RSHD---- C:\RECYCLER
2020-05-07 02:10:49 ----D---- C:\Program Files\Norton Security Scan
2009-05-27 21:33:15 ----D---- C:\WINDOWS\Prefetch
2009-05-27 21:31:12 ----D---- C:\Documents and Settings\maricar\Application Data\DNA
2009-05-27 21:27:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-27 21:27:40 ----D---- C:\WINDOWS\system32
2009-05-27 21:27:39 ----HD---- C:\WINDOWS\inf
2009-05-27 21:27:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-27 21:27:34 ----D---- C:\WINDOWS
2009-05-23 09:00:24 ----D---- C:\WINDOWS\network diagnostic
2009-05-14 21:48:09 ----SD---- C:\WINDOWS\Tasks
2009-05-14 03:28:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-05-14 03:28:54 ----D---- C:\Program Files\Internet Explorer
2009-05-14 03:06:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-14 03:05:58 ----A---- C:\WINDOWS\imsins.BAK
2009-05-14 03:02:42 ----D---- C:\WINDOWS\system32\en-US
2009-05-14 02:43:11 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-08 01:59:35 ----D---- C:\Program Files\Vpeye
2009-05-08 01:48:31 ----D---- C:\Program Files\Common Files\Knowledge Adventure
2009-05-07 23:42:36 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-07 23:30:54 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-05-07 15:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-05 01:02:20 ----D---- C:\WINDOWS\Media
2009-05-05 01:02:19 ----D---- C:\WINDOWS\Help
2009-05-02 23:10:56 ----D---- C:\Program Files\AVG
2009-05-02 22:58:35 ----D---- C:\AVG
2009-05-02 22:31:53 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-04 16128]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2020-09-05 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2020-09-05 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2020-09-05 108552]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-26 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-26 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-14 17153]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-03-15 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-18 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-27 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-18 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-18 200064]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-11 273168]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-18 685056]
S3 2WIREPCP;2Wire USB; C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2005-05-13 68672]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dump_wmimmc;dump_wmimmc; \??\F:\GrandChase\Grand Chase PH\GameGuard\dump_wmimmc.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\maricar\LOCALS~1\Temp\JCC9.tmp []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 npkcrypt;npkcrypt; \??\C:\WINDOWS\system32\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\C:\WINDOWS\system32\npkcusb.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2005-11-30 392316]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2020-09-05 908568]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2020-09-05 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 npkcsvc;npkcsvc; C:\WINDOWS\system32\npkcsvc.exe [2004-03-31 172544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2009-02-25 242424]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-20 2821085]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Here is the info.txt contents:

info.txt logfile of random's system information tool 1.06 2009-05-27 21:34:10

======Uninstall list======

-->"C:\Program Files\WildGames\FATE\Uninstall.exe"
-->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 1.09-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Browser Mouse-->C:\Program Files\Browser Mouse\Browser Mouse\1.1\unins000.EXE
Canon Camera Access Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Fate of the Dragon 1.031-->"F:\(PC Games) Fate of the Dragon (ENG-PL)\Fate of the Dragon\unins000.exe"
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google-->MsiExec.exe /I{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 656c series (Remove only)-->C:\Program Files\hp deskjet 656c series\hpfiui.exe -c -vdivid=HPF -vpnum=89 -vinstport=USB: -vproduct=656c -huninstall
HP Driver Diagnostics-->MsiExec.exe /I{6314D540-E3C1-4F30-AEEB-4154C93375C3}
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Left 4 Dead Standalone Patch-->F:\Full left4dead Full game 1013 patch madwiggyNLD\Left 4 Dead\Uninstall.exe
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Logo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF149A60-8F5A-4632-B5DE-EC35BCB5ADFC}\Setup.exe"
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Neffy 1,2,0,22-->C:\Program Files\Neffy\uninst.exe
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
nProtect KeyCrypt-->C:\WINDOWS\system32\npkuninst.exe
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Saunders Comprehensive Review for the NCLEX-RNŽ Examination, 3rd Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22C2D26D-265D-4716-8261-E3F7F0639880}\setup.exe" -l0x9
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Steam-->C:\Valve\Steam\UNWISE.EXE C:\Valve\Steam\INSTALL.LOG
The Sims Makin' Magic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}\setup.exe" -l0009
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VIMICRO USB PC Camera V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Games-->"C:\Program Files\WildGames\Uninstall.exe"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Zoo Empire-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{242BCCDC-B37B-4792-A52C-BCDDB1030AF9} /l1033

======Security center information======

AV: AVG Anti-Virus Free (outdated)

======System event log======

Computer Name: WAMGAB
Event Code: 10000
Message: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%1450"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Record Number: 35639
Source Name: DCOM
Time Written: 20200905105707.000000+480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: WAMGAB
Event Code: 10000
Message: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%1455"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Record Number: 35638
Source Name: DCOM
Time Written: 20200905105705.000000+480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: WAMGAB
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll.
Reference error message: Error Message is unavailable
.

Record Number: 35637
Source Name: SideBySide
Time Written: 20200905105408.000000+480
Event Type: error
User:

Computer Name: WAMGAB
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by -358052299 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|119.95.255.112:123->207.46.197.32:123) is working properly.

Record Number: 35622
Source Name: W32Time
Time Written: 20200905111045.000000+480
Event Type: error
User:

Computer Name: WAMGAB
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 35605
Source Name: W32Time
Time Written: 20200905101700.000000+480
Event Type: warning
User:

=====Application event log=====

Computer Name: WAMGAB
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 40
Source Name: crypt32
Time Written: 20200905100605.000000+480
Event Type: error
User:

Computer Name: WAMGAB
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 38
Source Name: crypt32
Time Written: 20200905100602.000000+480
Event Type: error
User:

Computer Name: WAMGAB
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 37
Source Name: crypt32
Time Written: 20200905100601.000000+480
Event Type: error
User:

Computer Name: WAMGAB
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 34
Source Name: crypt32
Time Written: 20200905100547.000000+480
Event Type: error
User:

Computer Name: WAMGAB
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 33
Source Name: crypt32
Time Written: 20200905100547.000000+480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Thanks in advance.

Regards

mhoji

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 PM

Posted 27 May 2009 - 08:16 PM

Hello and welcome back. :thumbup2:

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitComet). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

The logs also show Viewpoint Manager installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Afterwards please run Combofix:

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • To make sure, that Combofix will work correctly, please make sure, that you have set the correct time on your machine, before executing Combofix.exe
  • Then please connect all external hard drives, usb sticks and all removable media to your PC (and keep it connected while ComboFix is running)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 mhoji

mhoji
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 28 May 2009 - 07:17 PM

Hello _temp_

I did remove the Viewpoint programs (2) as per your instruction. I believe I was able to run combofix successfully after a couple of tries because I had a tough time configuring how to disable AVG 8.5. I had a blunder, I forgot my passwrod so I just recalled via memory your instructions. I was not able to attach my usb stick while combofix was running. But I think I was able to attach my external drive and changed the time and date before running it. Please advise if I need to rerun combofix.

When combofix finished, the following abnormal activities still exist:
1) The time and date still resets to 10 AM 09/05/2020
2) Trojan Horse Downloader Delf.12.AN detection whenever I open IE or windows explorer

Also I saved the log in my usb stick and I scanned it using the Symantec antivirus program installed in my office PC. There were 2 infections (Trojan Horse: msnmgnr.exe) that were quarantined. Surprisingly, I also did an AVG scan of the same usb stick using the infected PC and it was not detected.

Here is the combofix log:

m c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
c:\windows\system32\Cache
c:\windows\system32\msnmgnr.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2020-09-05 05:36 . 2020-09-05 05:36 -------- d-sh--w c:\documents and settings\maricar\PrivacIE
2020-09-05 03:27 . 2020-09-05 03:27 -------- d-s---w C:\Microsoft
2020-09-05 03:09 . 2020-09-05 03:03 -------- d-----w c:\program files\Windows Defender
2020-09-05 03:09 . 2020-09-05 03:09 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2020-09-05 03:09 . 2020-09-05 03:09 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2020-09-05 03:09 . 2020-09-05 02:10 1057048 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2020-09-05 03:09 . 2020-09-05 02:10 582936 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\program files\Apple Software Update
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\documents and settings\maricar\Local Settings\Application Data\BVRP Software
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\documents and settings\maricar\Application Data\WildTangent
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\program files\WildGames
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\documents and settings\maricar\Local Settings\Application Data\Wildtangent
2020-09-05 03:00 . 2020-09-05 03:01 -------- d-----w c:\windows\wt
2020-09-05 03:00 . 2020-09-05 03:00 -------- d-----w c:\program files\Softronics
2020-09-05 03:00 . 2020-09-05 03:00 -------- d-----w c:\program files\Learn2.com
2020-09-05 02:59 . 2020-09-05 02:59 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2020-09-05 02:59 . 2020-09-05 02:59 -------- d-----w c:\program files\QuickTime
2020-09-05 02:21 . 2020-09-05 02:22 -------- d-----w c:\program files\Trend Micro
2020-09-05 02:15 . 2009-05-06 16:05 -------- d-----w C:\Downloads
2020-09-05 02:02 . 2020-09-05 02:11 325640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2020-09-05 02:02 . 2020-09-05 02:11 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2020-09-05 02:02 . 2020-09-05 02:11 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2020-09-05 02:02 . 2020-09-05 02:02 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-09-05 03:02 . 2008-12-28 08:51 -------- d-----w c:\program files\Neffy
2020-09-05 03:02 . 2006-03-15 14:25 -------- d-----w c:\program files\NetWaiting
2020-09-05 03:00 . 2006-03-15 14:31 -------- d-----w c:\program files\WildTangent
2020-09-05 03:00 . 2009-02-25 14:36 -------- d-----w c:\program files\DivX
2020-09-05 02:36 . 2009-02-10 13:07 -------- d-----w c:\program files\BitComet
2020-09-05 02:29 . 2006-03-15 14:37 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2020-09-05 02:12 . 2009-02-17 04:41 -------- d-----w c:\program files\Comprehensive Review 3e
2020-09-05 02:02 . 2008-06-20 00:01 11952 ----a-w c:\windows\system32\avgrsstx.dll
2020-09-05 02:02 . 2008-03-17 12:15 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2020-09-05 02:02 . 2008-06-20 00:01 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2020-09-05 02:02 . 2009-05-20 16:35 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2020-09-05 02:01 . 2008-06-20 00:01 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2020-09-05 02:01 . 2009-05-20 16:35 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2020-09-05 02:01 . 2009-05-20 16:35 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2020-09-05 02:01 . 2009-05-20 16:35 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2020-09-05 02:01 . 2009-05-20 16:35 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2020-09-05 02:01 . 2009-05-20 16:35 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2020-09-05 02:01 . 2008-12-28 08:42 -------- d-----w c:\program files\DNA
2020-09-05 02:01 . 2008-12-28 08:42 -------- d-----w c:\documents and settings\maricar\Application Data\DNA
2009-04-04 04:18 . 2006-04-16 00:49 152 --sh--r c:\windows\system32\52FEFF11E3.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3B27A36-9875-4154-BD53-5A5513C7EB6A}]
2008-03-05 23:13 98048 ----a-w c:\windows\system32\cmcfg3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-28 342848]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 356352]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2020-09-05 1947928]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-15 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-15 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2020-09-05 02:02 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15431:TCP"= 15431:TCP:BitComet 15431 TCP
"15431:UDP"= 15431:UDP:BitComet 15431 UDP

R0 fzghqsnc;fzghqsnc;c:\windows\system32\drivers\mcwqnmth.dat --> c:\windows\system32\drivers\mcwqnmth.dat [?]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2008 8:01 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2008 8:01 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 4:50 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 4:50 PM 298776]
S3 dump_wmimmc;dump_wmimmc;\??\f:\grandchase\Grand Chase PH\GameGuard\dump_wmimmc.sys --> f:\grandchase\Grand Chase PH\GameGuard\dump_wmimmc.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\maricar\LOCALS~1\Temp\PNW8.tmp --> c:\docume~1\maricar\LOCALS~1\Temp\PNW8.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [3/8/2007 4:38 AM 392316]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635618}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\User_Feed_Synchronization-{38A85DA2-8529-46D6-82B0-AAB83720F328}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Steam - c:\valve\Steam\Steam.exe
Notify-NavLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = proxy.dlsu.edu.ph:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2020-09-05 10:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fzghqsnc]
"ImagePath"="system32\drivers\mcwqnmth.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\maricar\LOCALS~1\Temp\PNW8.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-437336714-2010565466-2916841713-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2020-09-05 10:07
ComboFix-quarantined-files.txt 2020-09-05 02:06

Pre-Run: 17,504,436,224 bytes free
Post-Run: 18,706,329,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

534 --- E O F --- 2009-04-17 02:08

Hoping that you can still help me out else I will resort to restoring the OS to its factory set up. Thank you again.

Regards

mhoji

#7 mhoji

mhoji
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 28 May 2009 - 07:22 PM

Hello _temp_

I am reattaching the combofix log since the previous log top most part was unintentionally deleted.

Combofix log:

ComboFix 09-05-26.05 - maricar 05/28/2009 23:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.181 [GMT 8:00]
Running from: c:\documents and settings\maricar\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
c:\windows\system32\Cache
c:\windows\system32\msnmgnr.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2020-09-05 05:36 . 2020-09-05 05:36 -------- d-sh--w c:\documents and settings\maricar\PrivacIE
2020-09-05 03:27 . 2020-09-05 03:27 -------- d-s---w C:\Microsoft
2020-09-05 03:09 . 2020-09-05 03:03 -------- d-----w c:\program files\Windows Defender
2020-09-05 03:09 . 2020-09-05 03:09 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2020-09-05 03:09 . 2020-09-05 03:09 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2020-09-05 03:09 . 2020-09-05 02:10 1057048 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2020-09-05 03:09 . 2020-09-05 02:10 582936 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\program files\Apple Software Update
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\documents and settings\maricar\Local Settings\Application Data\BVRP Software
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\documents and settings\maricar\Application Data\WildTangent
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\program files\WildGames
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\documents and settings\maricar\Local Settings\Application Data\Wildtangent
2020-09-05 03:00 . 2020-09-05 03:01 -------- d-----w c:\windows\wt
2020-09-05 03:00 . 2020-09-05 03:00 -------- d-----w c:\program files\Softronics
2020-09-05 03:00 . 2020-09-05 03:00 -------- d-----w c:\program files\Learn2.com
2020-09-05 02:59 . 2020-09-05 02:59 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2020-09-05 02:59 . 2020-09-05 02:59 -------- d-----w c:\program files\QuickTime
2020-09-05 02:21 . 2020-09-05 02:22 -------- d-----w c:\program files\Trend Micro
2020-09-05 02:15 . 2009-05-06 16:05 -------- d-----w C:\Downloads
2020-09-05 02:02 . 2020-09-05 02:11 325640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2020-09-05 02:02 . 2020-09-05 02:11 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2020-09-05 02:02 . 2020-09-05 02:11 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2020-09-05 02:02 . 2020-09-05 02:02 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-09-05 03:02 . 2008-12-28 08:51 -------- d-----w c:\program files\Neffy
2020-09-05 03:02 . 2006-03-15 14:25 -------- d-----w c:\program files\NetWaiting
2020-09-05 03:00 . 2006-03-15 14:31 -------- d-----w c:\program files\WildTangent
2020-09-05 03:00 . 2009-02-25 14:36 -------- d-----w c:\program files\DivX
2020-09-05 02:36 . 2009-02-10 13:07 -------- d-----w c:\program files\BitComet
2020-09-05 02:29 . 2006-03-15 14:37 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2020-09-05 02:12 . 2009-02-17 04:41 -------- d-----w c:\program files\Comprehensive Review 3e
2020-09-05 02:02 . 2008-06-20 00:01 11952 ----a-w c:\windows\system32\avgrsstx.dll
2020-09-05 02:02 . 2008-03-17 12:15 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2020-09-05 02:02 . 2008-06-20 00:01 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2020-09-05 02:02 . 2009-05-20 16:35 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2020-09-05 02:01 . 2008-06-20 00:01 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2020-09-05 02:01 . 2009-05-20 16:35 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2020-09-05 02:01 . 2009-05-20 16:35 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2020-09-05 02:01 . 2009-05-20 16:35 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2020-09-05 02:01 . 2009-05-20 16:35 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2020-09-05 02:01 . 2009-05-20 16:35 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2020-09-05 02:01 . 2008-12-28 08:42 -------- d-----w c:\program files\DNA
2020-09-05 02:01 . 2008-12-28 08:42 -------- d-----w c:\documents and settings\maricar\Application Data\DNA
2009-04-04 04:18 . 2006-04-16 00:49 152 --sh--r c:\windows\system32\52FEFF11E3.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3B27A36-9875-4154-BD53-5A5513C7EB6A}]
2008-03-05 23:13 98048 ----a-w c:\windows\system32\cmcfg3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-28 342848]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 356352]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2020-09-05 1947928]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-15 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-15 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2020-09-05 02:02 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15431:TCP"= 15431:TCP:BitComet 15431 TCP
"15431:UDP"= 15431:UDP:BitComet 15431 UDP

R0 fzghqsnc;fzghqsnc;c:\windows\system32\drivers\mcwqnmth.dat --> c:\windows\system32\drivers\mcwqnmth.dat [?]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2008 8:01 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2008 8:01 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 4:50 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 4:50 PM 298776]
S3 dump_wmimmc;dump_wmimmc;\??\f:\grandchase\Grand Chase PH\GameGuard\dump_wmimmc.sys --> f:\grandchase\Grand Chase PH\GameGuard\dump_wmimmc.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\maricar\LOCALS~1\Temp\PNW8.tmp --> c:\docume~1\maricar\LOCALS~1\Temp\PNW8.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [3/8/2007 4:38 AM 392316]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635618}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\User_Feed_Synchronization-{38A85DA2-8529-46D6-82B0-AAB83720F328}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Steam - c:\valve\Steam\Steam.exe
Notify-NavLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = proxy.dlsu.edu.ph:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2020-09-05 10:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fzghqsnc]
"ImagePath"="system32\drivers\mcwqnmth.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\maricar\LOCALS~1\Temp\PNW8.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-437336714-2010565466-2916841713-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2020-09-05 10:07
ComboFix-quarantined-files.txt 2020-09-05 02:06

Pre-Run: 17,504,436,224 bytes free
Post-Run: 18,706,329,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

534 --- E O F --- 2009-04-17 02:08

Regards

mhoji

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 PM

Posted 28 May 2009 - 08:18 PM

Hi mhoji :thumbup2:

EDIT: just ignore, hadn't seen you second post. Sorry

_temp_

Edited by _temp_, 28 May 2009 - 08:23 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 PM

Posted 29 May 2009 - 06:56 AM

Hi and welcome back. :thumbup2:

you have an infection that spreads via removable media. These infections are attacked by Combofix, but this can only be successful if the infected flash drives and removable media are connected to your PC while Combofix is running.

First:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\52FEFF11E3.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


Afterwards please make sure, that you set the correct date again and connected all your external media to your PC.
Then:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

driver::
fzghqsnc

registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635618}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3B27A36-9875-4154-BD53-5A5513C7EB6A}]


file::
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe
c:\windows\system32\cmcfg3.dll
c:\windows\system32\drivers\mcwqnmth.dat


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply along with the complete results from jotti (or virustotal)

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 mhoji

mhoji
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 02 June 2009 - 12:01 PM

Hello _temp_

Sorry for the delay in my reply. I had a technical problem this past few days, I changed my email address. I did not know that I need to validate to activate my account until today (06/02/09).

I did follow your instructions last 05/30/09. I first shown the hidden files then scanned c:\windows\system32\52FEFF11E3.sys using Jotti. I am attaching the screenshot of the result of Jotti because I do not know how to get the log result. Please inform me if I need to rescan it again. Kindly refer to attached file 52FEFF11E3.doc.

Also here is the combfix.txt log:
ComboFix 09-05-26.05 - maricar 05/30/2009 13:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.267 [GMT 8:00]
Running from: c:\documents and settings\maricar\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\maricar\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\msnmgnr.exe"
"c:\windows\system32\cmcfg3.dll"
"c:\windows\system32\drivers\mcwqnmth.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cmcfg3.dll
c:\windows\system32\drivers\mcwqnmth.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FZGHQSNC
-------\Service_fzghqsnc


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2020-09-05 05:36 . 2020-09-05 05:36 -------- d-sh--w c:\documents and settings\maricar\PrivacIE
2020-09-05 03:27 . 2020-09-05 03:27 -------- d-s---w C:\Microsoft
2020-09-05 03:09 . 2020-09-05 03:03 -------- d-----w c:\program files\Windows Defender
2020-09-05 03:09 . 2020-09-05 03:09 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2020-09-05 03:09 . 2020-09-05 03:09 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2020-09-05 03:09 . 2020-09-05 02:10 1057048 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2020-09-05 03:09 . 2020-09-05 02:10 582936 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\program files\Apple Software Update
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2020-09-05 03:02 . 2020-09-05 03:02 -------- d-----w c:\documents and settings\maricar\Local Settings\Application Data\BVRP Software
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\documents and settings\maricar\Application Data\WildTangent
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\program files\WildGames
2020-09-05 03:01 . 2020-09-05 03:01 -------- d-----w c:\documents and settings\maricar\Local Settings\Application Data\Wildtangent
2020-09-05 03:00 . 2020-09-05 03:01 -------- d-----w c:\windows\wt
2020-09-05 03:00 . 2020-09-05 03:00 -------- d-----w c:\program files\Softronics
2020-09-05 03:00 . 2020-09-05 03:00 -------- d-----w c:\program files\Learn2.com
2020-09-05 02:59 . 2020-09-05 02:59 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2020-09-05 02:59 . 2020-09-05 02:59 -------- d-----w c:\program files\QuickTime
2020-09-05 02:21 . 2020-09-05 02:22 -------- d-----w c:\program files\Trend Micro
2020-09-05 02:15 . 2009-05-06 16:05 -------- d-----w C:\Downloads
2020-09-05 02:02 . 2020-09-05 02:11 325640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2020-09-05 02:02 . 2020-09-05 02:11 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2020-09-05 02:02 . 2020-09-05 02:11 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2020-09-05 02:02 . 2020-09-05 02:02 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-28 17:35 . 2009-05-28 17:35 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-27 13:33 . 2009-05-27 13:34 -------- d-----w C:\rsit
2009-05-27 13:27 . 2009-05-27 13:27 -------- d-----w c:\windows\system32\Dell
2009-05-20 16:38 . 2008-10-16 06:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-20 16:35 . 2020-09-05 02:02 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-20 16:35 . 2020-09-05 02:01 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-20 16:35 . 2020-09-05 02:01 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-20 16:35 . 2020-09-05 02:01 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-20 16:35 . 2020-09-05 02:01 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-20 16:35 . 2020-09-05 02:01 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-14 13:48 . 2009-05-14 13:48 -------- d-sh--w c:\documents and settings\maricar\IECompatCache
2009-05-13 19:06 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-04 17:03 . 2009-05-04 17:03 -------- d-sh--w c:\documents and settings\maricar\IETldCache
2009-05-04 16:30 . 2009-05-13 19:07 -------- d-----w c:\windows\ie8updates
2009-05-04 16:26 . 2009-05-13 19:05 -------- dc-h--w c:\windows\ie8
2009-05-02 14:31 . 2009-05-02 14:31 -------- d-----w c:\program files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-09-05 03:02 . 2008-12-28 08:51 -------- d-----w c:\program files\Neffy
2020-09-05 03:02 . 2006-03-15 14:25 -------- d-----w c:\program files\NetWaiting
2020-09-05 03:00 . 2006-03-15 14:31 -------- d-----w c:\program files\WildTangent
2020-09-05 03:00 . 2009-02-25 14:36 -------- d-----w c:\program files\DivX
2020-09-05 02:36 . 2009-02-10 13:07 -------- d-----w c:\program files\BitComet
2020-09-05 02:29 . 2006-03-15 14:37 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2020-09-05 02:12 . 2009-02-17 04:41 -------- d-----w c:\program files\Comprehensive Review 3e
2020-09-05 02:02 . 2008-06-20 00:01 11952 ----a-w c:\windows\system32\avgrsstx.dll
2020-09-05 02:02 . 2008-03-17 12:15 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2020-09-05 02:02 . 2008-06-20 00:01 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2020-09-05 02:01 . 2008-06-20 00:01 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2020-05-06 18:10 . 2007-09-12 09:03 -------- d-----w c:\program files\Norton Security Scan
2009-05-30 05:13 . 2008-12-28 08:42 -------- d-----w c:\program files\DNA
2009-05-30 05:13 . 2008-12-28 08:42 -------- d-----w c:\documents and settings\maricar\Application Data\DNA
2009-05-30 05:13 . 2008-06-20 00:01 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-30 05:03 . 2006-03-28 18:18 64536 ----a-w c:\documents and settings\maricar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 14:24 . 2006-03-15 14:28 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-27 13:27 . 2006-03-15 14:24 -------- d-----w c:\program files\Dell
2009-05-07 17:59 . 2007-03-07 20:20 -------- d-----w c:\program files\Vpeye
2009-05-07 17:48 . 2006-05-16 00:08 -------- d-----w c:\program files\Common Files\Knowledge Adventure
2009-05-07 15:42 . 2006-03-15 14:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 15:30 . 2007-06-16 23:37 -------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-05-02 15:10 . 2008-06-20 00:01 -------- d-----w c:\program files\AVG
2009-04-06 05:04 . 2007-10-12 02:49 1510 ----a-w c:\windows\eReg.dat
2009-04-04 04:18 . 2006-04-16 00:49 7518 ----a-w c:\windows\system32\KGyGaAvL.sys
2009-04-04 04:18 . 2006-04-16 00:49 152 --sh--r c:\windows\system32\52FEFF11E3.sys
2009-03-07 20:34 . 2005-08-16 10:18 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-07 20:34 . 2005-08-16 10:18 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 20:33 . 2005-08-16 10:18 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 20:33 . 2005-08-16 10:18 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-07 20:32 . 2005-08-16 10:18 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-07 20:32 . 2005-08-16 10:18 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 20:31 . 2005-08-16 10:18 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 20:31 . 2005-08-16 10:18 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 20:31 . 2005-08-16 10:18 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-07 20:22 . 2005-08-16 10:18 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-08-16 10:18 284160 ------w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot@2020-09-05_02.04.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-30 05:14 . 2009-05-30 05:14 16384 c:\windows\temp\Perflib_Perfdata_be0.dat
+ 2006-04-15 17:12 . 2007-04-09 05:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2006-04-15 17:12 . 2007-04-09 05:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2006-04-15 17:12 . 2007-04-09 05:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2006-04-15 17:12 . 2007-04-09 05:23 28040 c:\windows\system32\mdimon.dll
+ 2007-03-22 11:17 . 2007-03-22 11:17 35440 c:\windows\system32\FM20ENU.DLL
- 2006-04-15 17:12 . 2006-04-15 17:12 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-04-15 17:11 . 2006-04-15 17:11 64088 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-14 14:57 . 2003-07-14 14:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-05-08 13:54 . 2003-05-08 13:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-14 14:56 . 2003-07-14 14:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-14 14:57 . 2003-07-14 14:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-14 14:52 . 2003-07-14 14:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-14 14:45 . 2003-07-14 14:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-14 14:45 . 2003-07-14 14:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-14 14:46 . 2003-07-14 14:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-14 14:52 . 2003-07-14 14:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-14 14:52 . 2003-07-14 14:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-14 14:44 . 2003-07-14 14:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-14 14:52 . 2003-07-14 14:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-14 14:52 . 2003-07-14 14:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-14 14:51 . 2003-07-14 14:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-14 14:57 . 2003-07-14 14:57 87096 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-14 14:53 . 2003-07-14 14:53 34880 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\DWTRIG20.EXE
+ 2003-07-14 14:52 . 2003-07-14 14:52 39992 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\DWDCW20.DLL
+ 2003-07-14 19:18 . 2003-07-14 19:18 47160 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-14 14:53 . 2003-07-14 14:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-14 14:57 . 2003-07-14 14:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2007-04-19 06:10 . 2007-04-19 06:10 65888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-03-22 11:07 . 2007-03-22 11:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 11:07 . 2007-03-22 11:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 11:05 . 2007-03-22 11:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 05:53 . 2007-04-19 05:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-22 11:23 . 2007-03-22 11:23 17248 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2007-04-19 06:10 . 2007-04-19 06:10 80216 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-22 11:29 . 2007-03-22 11:29 44888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-19 05:57 . 2007-04-19 05:57 46432 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-03-22 11:13 . 2007-03-22 11:13 58720 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-03-22 11:13 . 2007-03-22 11:13 45408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-04-19 06:07 . 2007-04-19 06:07 36192 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-04-19 06:07 . 2007-04-19 06:07 61280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-04-19 05:56 . 2007-04-19 05:56 29024 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-03-22 11:29 . 2007-03-22 11:29 31072 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-03-22 11:29 . 2007-03-22 11:29 20824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-04-30 07:11 . 2007-04-30 07:11 89440 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2007-03-22 11:29 . 2007-03-22 11:29 39264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
+ 2007-03-22 11:29 . 2007-03-22 11:29 43360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
+ 2007-03-22 11:07 . 2007-03-22 11:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 05:55 . 2007-04-19 05:55 53088 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
+ 2007-03-22 11:29 . 2007-03-22 11:29 99160 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-04-19 06:10 . 2007-04-19 06:10 45920 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-22 11:07 . 2007-03-22 11:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2003-07-14 15:00 . 2003-07-14 15:00 99904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-14 14:53 . 2003-07-14 14:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-14 14:44 . 2003-07-14 14:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 14:43 . 2003-07-14 14:43 74288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-14 14:57 . 2003-07-14 14:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-14 14:42 . 2003-07-14 14:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-14 14:40 . 2003-07-14 14:40 51256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-07-14 19:18 . 2003-07-14 19:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-14 14:43 . 2003-07-14 14:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-14 14:43 . 2003-07-14 14:43 64056 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-14 14:44 . 2003-07-14 14:44 88128 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-14 14:41 . 2003-07-14 14:41 24640 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-14 19:14 . 2003-07-14 19:14 27192 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-06-18 09:31 . 2003-06-18 09:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-14 14:53 . 2003-07-14 14:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-14 14:52 . 2003-07-14 14:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-06-18 09:31 . 2003-06-18 09:31 35328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 09:31 . 2003-06-18 09:31 18944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 09:31 . 2003-06-18 09:31 17920 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-07-14 14:45 . 2003-07-14 14:45 58944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-07-14 14:41 . 2003-07-14 14:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-14 14:57 . 2003-07-14 14:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-14 14:56 . 2003-07-14 14:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-25 10:57 . 2003-07-25 10:57 75832 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-14 14:43 . 2003-07-14 14:43 87616 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2009-05-28 17:37 . 2009-05-28 17:37 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-05-29 02:08 . 2009-05-29 02:08 91488 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
- 2006-04-15 17:18 . 2006-04-15 17:18 4096 c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-04-15 17:18 . 2009-05-29 02:19 4096 c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-04-15 17:12 . 2007-04-09 05:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2006-04-15 17:12 . 2007-04-09 05:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2009-05-03 08:00 . 2009-05-30 05:12 214408 c:\windows\system32\inetsrv\MetaBase.bin
+ 2005-08-16 10:27 . 2009-05-29 04:50 266208 c:\windows\system32\FNTCACHE.DAT
+ 2006-04-15 17:18 . 2009-05-29 02:19 147456 c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
- 2006-04-15 17:18 . 2006-04-15 17:18 147456 c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
- 2006-04-15 17:18 . 2006-04-15 17:18 135168 c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-04-15 17:18 . 2009-05-29 02:19 135168 c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-05-28 17:35 . 2009-05-30 02:28 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-04-15 17:12 . 2006-04-15 17:12 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-05-28 19:02 . 2007-05-28 19:02 685608 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\SERCONV.DLL
+ 2007-05-28 17:48 . 2007-05-28 17:48 223152 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJSPOOL.EXE
+ 2007-05-28 17:48 . 2007-05-28 17:48 304560 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJRESC.DLL
+ 2006-01-17 07:48 . 2006-01-17 07:48 167176 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJMSGSDR.DLL
+ 2006-01-17 07:48 . 2006-01-17 07:48 146696 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJMSGMGR.DLL
+ 2007-05-28 17:48 . 2007-05-28 17:48 280496 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJ11TM11.DLL
+ 2007-05-28 19:02 . 2007-05-28 19:02 951848 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJ11OD11.DLL
+ 2007-05-28 17:48 . 2007-05-28 17:48 354224 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\MSWARP.DLL
+ 2007-05-28 19:02 . 2007-05-28 19:02 325040 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\ATLCONV.DLL
+ 2004-08-02 00:51 . 2004-08-02 00:51 719720 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\ANLYZTS.DLL
+ 2003-07-18 11:14 . 2003-07-18 11:14 346880 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\VISPRJ.DLL
+ 2003-08-15 18:47 . 2003-08-15 18:47 641760 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\SERCONV.DLL
+ 2003-08-15 17:03 . 2003-08-15 17:03 220264 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PJSPOOL.EXE
+ 2003-08-15 17:03 . 2003-08-15 17:03 301672 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PJRESC.DLL
+ 2003-08-15 17:02 . 2003-08-15 17:02 166504 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PJMSGSDR.DLL
+ 2003-08-15 17:02 . 2003-08-15 17:02 146024 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PJMSGMGR.DLL
+ 2003-08-15 17:03 . 2003-08-15 17:03 174696 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PJCALEND.DLL
+ 2003-08-15 17:03 . 2003-08-15 17:03 265320 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PJ11TM11.DLL
+ 2003-08-15 18:47 . 2003-08-15 18:47 924384 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PJ11OD11.DLL
+ 2006-04-15 17:11 . 2006-04-15 17:11 223800 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-14 15:00 . 2003-07-14 15:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-08-15 17:03 . 2003-08-15 17:03 351336 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSWARP.DLL
+ 2003-07-14 19:18 . 2003-07-14 19:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 14:57 . 2003-07-14 14:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2002-04-09 12:14 . 2002-04-09 12:14 187560 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2002-12-17 11:08 . 2002-12-17 11:08 359600 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2003-07-14 14:51 . 2003-07-14 14:51 116288 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2003-07-14 14:58 . 2003-07-14 14:58 230968 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-25 11:14 . 2003-07-25 11:14 799288 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-23 06:25 . 2003-07-23 06:25 907936 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\CPICOFF.DLL
+ 2003-08-05 11:20 . 2003-08-05 11:20 416456 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\COMPPRJ.DLL
+ 2003-08-15 18:47 . 2003-08-15 18:47 305768 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\ATLCONV.DLL
+ 2003-07-09 05:32 . 2003-07-09 05:32 719568 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\ANLYZTS.DLL
+ 2007-03-22 11:22 . 2007-03-22 11:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-06-06 04:07 . 2007-06-06 04:07 100192 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-05-10 05:34 . 2007-05-10 05:34 562528 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-05-31 05:36 . 2007-05-31 05:36 612184 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-31 05:35 . 2007-05-31 05:35 133976 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-04-19 05:53 . 2007-04-19 05:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 05:42 . 2007-05-31 05:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 05:53 . 2007-04-19 05:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 06:09 . 2007-04-19 06:09 157024 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
+ 2007-04-19 05:49 . 2007-04-19 05:49 383328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-04-19 06:10 . 2007-04-19 06:10 127840 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2005-05-03 16:06 . 2005-05-03 16:06 199408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2005-05-03 16:06 . 2005-05-03 16:06 465640 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2007-05-10 06:35 . 2007-05-10 06:35 120160 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
+ 2007-04-19 06:01 . 2007-04-19 06:01 238424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-04-19 05:54 . 2007-04-19 05:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 05:53 . 2007-04-19 05:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 06:09 . 2007-04-19 06:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 06:10 . 2007-04-19 06:10 116576 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2007-04-19 06:16 . 2007-04-19 06:16 807256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 05:53 . 2007-04-19 05:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2003-08-06 05:26 . 2003-08-06 05:26 445488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-07-21 03:46 . 2003-07-21 03:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-14 14:50 . 2003-07-14 14:50 551480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2003-07-14 14:51 . 2003-07-14 14:51 604728 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2003-07-14 14:40 . 2003-07-14 14:40 130104 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2003-07-14 19:18 . 2003-07-14 19:18 430136 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-14 14:43 . 2003-07-14 14:43 139320 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-14 14:45 . 2003-07-14 14:45 196152 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-08 03:48 . 2003-07-08 03:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-14 14:44 . 2003-07-14 14:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-14 19:14 . 2003-07-14 19:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-14 19:14 . 2003-07-14 19:14 828472 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-14 19:14 . 2003-07-14 19:14 283696 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-23 14:40 . 2003-07-23 14:40 482872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-14 14:56 . 2003-07-14 14:56 124984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-14 15:02 . 2003-07-14 15:02 627256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-06-19 08:05 . 2003-06-19 08:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-23 14:35 . 2003-07-23 14:35 127032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-14 19:14 . 2003-07-14 19:14 106552 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-14 19:14 . 2003-07-14 19:14 139328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2003-07-14 19:13 . 2003-07-14 19:13 130112 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-14 14:46 . 2003-07-14 14:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-06-18 09:31 . 2003-06-18 09:31 443904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-06-18 09:31 . 2003-06-18 09:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 09:31 . 2003-06-18 09:31 758784 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-07-23 14:32 . 2003-07-23 14:32 121400 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-07-14 14:53 . 2003-07-14 14:53 161336 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-14 14:40 . 2003-07-14 14:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-14 14:40 . 2003-07-14 14:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-14 15:36 . 2003-07-14 15:36 186424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-31 07:19 . 2003-07-31 07:19 131648 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-07-14 19:14 . 2003-07-14 19:14 350264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-14 19:13 . 2003-07-14 19:13 166456 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2009-05-28 17:37 . 2009-05-28 17:37 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-05-29 02:08 . 2009-05-29 02:08 103776 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2007-06-06 02:53 . 2007-06-06 02:53 1195888 c:\windows\system32\FM20.DLL
+ 2007-05-09 09:19 . 2007-05-09 09:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-28 19:02 . 2007-05-28 19:02 1738160 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PRJRES.DLL
+ 2007-05-28 17:48 . 2007-05-28 17:48 4323248 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJOLEDB.DLL
+ 2003-07-03 07:19 . 2003-07-03 07:19 2502656 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-15 18:47 . 2003-08-15 18:47 1735272 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PRJRES.DLL
+ 2003-08-15 17:05 . 2003-08-15 17:05 4222056 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\PJOLEDB.DLL
+ 2003-08-01 07:09 . 2003-08-01 07:09 8086072 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-04 05:19 . 2003-08-04 05:19 7330360 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-07-10 18:15 . 2003-07-10 18:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2002-12-17 11:09 . 2002-12-17 11:09 2071752 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2002-12-17 11:08 . 2002-12-17 11:08 1383592 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-25 11:00 . 2003-07-25 11:00 1157696 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-08-03 02:56 . 2003-08-03 02:56 1146184 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2007-05-09 09:19 . 2007-05-09 09:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 05:35 . 2007-05-31 05:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 05:45 . 2007-05-10 05:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 05:10 . 2007-03-14 05:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2007-05-31 05:43 . 2007-05-31 05:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-05-10 05:35 . 2007-05-10 05:35 6747480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2005-09-20 04:33 . 2005-09-20 04:33 1293008 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-05-02 05:45 . 2007-05-02 05:45 2123104 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2005-05-03 16:06 . 2005-05-03 16:06 1411816 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-05-31 05:50 . 2007-05-31 05:50 1168736 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-06-06 02:53 . 2007-06-06 02:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2003-08-03 02:52 . 2003-08-03 02:52 2808376 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-31 07:21 . 2003-07-31 07:21 1782840 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-30 04:40 . 2003-07-30 04:40 6133312 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-08-09 15:06 . 2003-08-09 15:06 7522360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-07 05:36 . 2003-07-07 05:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-14 15:05 . 2003-07-14 15:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-28 04:24 . 2003-07-28 04:24 5677112 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-06-18 09:31 . 2003-06-18 09:31 1033216 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-08-14 16:54 . 2003-08-14 16:54 6627392 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-08-01 07:07 . 2003-08-01 07:07 4815424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE
+ 2003-07-14 15:11 . 2003-07-14 15:11 2139192 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-23 15:01 . 2003-07-23 15:01 1949240 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2007-05-28 19:02 . 2007-05-28 19:02 11421704 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\WINPROJ.EXE
+ 2003-08-15 18:47 . 2003-08-15 18:47 11299520 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\WINPROJ.EXE
+ 2003-08-07 16:23 . 2003-08-07 16:23 12172336 c:\windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2007-06-18 09:16 . 2007-06-18 09:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 05:41 . 2007-05-31 05:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2003-08-06 05:24 . 2003-08-06 05:24 12037688 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2003-08-12 18:34 . 2003-08-12 18:34 10073144 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-28 342848]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 356352]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2020-09-05 1947928]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-15 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-15 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2020-09-05 02:02 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15431:TCP"= 15431:TCP:BitComet 15431 TCP
"15431:UDP"= 15431:UDP:BitComet 15431 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2008 8:01 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2008 8:01 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 4:50 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 4:50 PM 298776]
S3 dump_wmimmc;dump_wmimmc;\??\f:\grandchase\Grand Chase PH\GameGuard\dump_wmimmc.sys --> f:\grandchase\Grand Chase PH\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [3/8/2007 4:38 AM 392316]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{38A85DA2-8529-46D6-82B0-AAB83720F328}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = proxy.dlsu.edu.ph:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 13:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-437336714-2010565466-2916841713-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1700)
c:\program files\Browser Mouse\Browser Mouse\1.1\MOUDL32A.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-05-30 13:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 05:17
ComboFix2.txt 2020-09-05 02:07

Pre-Run: 17,479,270,400 bytes free
Post-Run: 17,406,480,384 bytes free

502 --- E O F --- 2009-05-30 02:28

Lastly, I did a scan of the whole computer using AVG 8.5 and it found 2 infections namely Trojan horse backDoor Ntroolkit.AH and Trojan horse Downloader Delf.12.AN which it moved to Virus Vault. The system is working much better now. I can see that all of your suggestions and recommendations are making it very healthy. Thanks again for your help. Plese let me know what else we need to do to totally clean it and what preventions I need to do to keep it virus free.

Regards

mhoji

Attached Files



#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 PM

Posted 02 June 2009 - 05:57 PM

Heya mhoji, :thumbup2:

glad to hear your PC is doing better. Can you please tell me where AVG found the infections?
Is your date back to normal on your PC or are you still having problems?

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 mhoji

mhoji
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 03 June 2009 - 12:03 PM

Hello _temp_

Here is the AVG log:
Scan "Scan whole computer" was finished.
Infections;"4";"4";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Sunday, May 31, 2009, 10:11:58 AM"
Scan finished:;"Sunday, May 31, 2009, 12:01:06 PM (1 hour(s) 49 minute(s) 7 second(s))"
Total object scanned:;"462778"
User who launched the scan:;"maricar"

Infections
File;"Infection";"Result"
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_mcwqnmth_.dat.zip:\mcwqnmth.dat;"Trojan horse BackDoor.Ntrootkit.AH";"Moved to Virus Vault"
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_mcwqnmth_.dat.zip;"Trojan horse BackDoor.Ntrootkit.AH";"Moved to Virus Vault"
C:\Qoobox\Quarantine\C\WINDOWS\system32\_cmcfg3_.dll.zip:\cmcfg3.dll;"Trojan horse Downloader.Delf.12.AN";"Moved to Virus Vault"
C:\Qoobox\Quarantine\C\WINDOWS\system32\_cmcfg3_.dll.zip;"Trojan horse Downloader.Delf.12.AN";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\maricar\Cookies\maricar@tribalfusion[2].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@tribalfusion[2].txt;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@serving-sys[1].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@serving-sys[1].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@serving-sys[1].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@serving-sys[1].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@serving-sys[1].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@serving-sys[1].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@questionmarket[2].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@questionmarket[2].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@questionmarket[2].txt;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@bs.serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@adtech[1].txt:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@adtech[1].txt;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@adbrite[1].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@adbrite[1].txt:\adbrite.com.775ee79c;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@adbrite[1].txt:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@adbrite[1].txt:\adbrite.com.557c9f74;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@adbrite[1].txt;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@fastclick[1].txt:\fastclick.net.c38980e4;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@fastclick[1].txt:\fastclick.net.94ca190b;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

Yes, the date of my system is back to normal. I do not encounter the low in virtual memory message anymore. Also the virus notification every time I open Internet Explorer or Windomw Explorer is gone. The system boots up and shuts down as fast as it was when it was virus free.

Here is the MBAM log:
Malwarebytes' Anti-Malware 1.37
Database version: 2222
Windows 5.1.2600 Service Pack 3

6/3/2009 10:15:12 PM
mbam-log-2009-06-03 (22-15-12).txt

Scan type: Quick Scan
Objects scanned: 103581
Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\maricar\favorites\MP3 Downloads.url (Rogue.Link) -> Quarantined and deleted successfully.

I also did an AVG whole computer scan afterwards and here is the log:
Scan "Scan whole computer" was finished.
No infection was found during this scan
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Wednesday, June 03, 2009, 10:27:06 PM"
Scan finished:;"Thursday, June 04, 2009, 12:23:25 AM (1 hour(s) 56 minute(s) 19 second(s))"
Total object scanned:;"463166"
User who launched the scan:;"maricar"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\maricar\Cookies\maricar@tribalfusion[1].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@tribalfusion[1].txt;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@statse.webtrendslive[1].txt;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@fastclick[2].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@fastclick[2].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@fastclick[2].txt;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@ad.yieldmanager[2].txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\maricar\Cookies\maricar@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@statse.webtrendslive[2].txt:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@statse.webtrendslive[2].txt;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@media.adrevolver[1].txt:\media.adrevolver.com.7fd89687;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@media.adrevolver[1].txt;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@adrevolver[2].txt:\adrevolver.com.f6cfcad4;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@adrevolver[2].txt:\adrevolver.com.9b9d670a;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@adrevolver[2].txt;"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\HeroBladerWam\Cookies\herobladerwam@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@statse.webtrendslive[2].txt:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@statse.webtrendslive[2].txt;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@fastclick[1].txt:\fastclick.net.c38980e4;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@fastclick[1].txt:\fastclick.net.94ca190b;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Gabrielle Hojilla~\Cookies\gabrielle_hojilla~@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

No more infections detected! Are we done? Kindly advise how to avoid getting infected again. Thank you so much.

regards

mhoji

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 PM

Posted 03 June 2009 - 12:45 PM

Hi mohji,

everything looks great from here as well. :thumbup2:

I have some suggestions to make your PC safer:

Your log indicates that you do not use a Firewall. Please Use a Firewall - I can not stress how important it is that you usea Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

They also indicate that your Acrobat Reader ist out of date. Please uninstall your version of Acrobat via Add/Remove.
If you still need Acrobat Reader please install the new version from Adobe: Adobe.com.

Please poste back a fresh Hijackthis log afterwards,
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 mhoji

mhoji
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 08 June 2009 - 10:00 AM

Hello _temp_

Sorry for the late response. I have been a bit occupied lately.
I have activated the windows firewall. Do I need to install a commercial firewall?
Also I have updated the acrobat reader to version 9.1.

Please see the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:57 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dlsu.edu.ph:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\RunOnce: [Uninstall getPlus® for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1599272856625
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12099 bytes

Regards

mhoji

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 PM

Posted 09 June 2009 - 05:31 AM

Hi mhoji,

no problem, take the time you need. :)
I would only ask you to please advise us, if you know that you are going to be away for more than 5 days. :)

I would suggest you install an software firewall. The windows firewall is only monitoring incoming traffic for Windows XP, whereas software firewalls usually monitor incoming as well as outgoing traffic.
For more information and a list of free firewalls please take a look at this tutorial: Link.
However this is still your PC, so in the end it is your decision. :thumbup2:

Your log still shows rest of the old version of Acrobat Reader. Did you uninstall from your PC?
Please go to Start->Control Panel ->Add/Remove and check which version of Adobe Acrobat Reader is installed. Is it 9 or 7?
If the number is still 7, please uninstall Acrobat 7. Reboot and install Acrobat Reader 9 once more.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users