Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG and Ad-Aware freeze at update, redirection from search engines


  • This topic is locked This topic is locked
26 replies to this topic

#1 fifteenand1

fifteenand1

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 01 June 2009 - 08:39 PM

Hey Guys: I'm really hoping you can help me out. Had a nasty bout of trojans a couple weeks ago. MBAM picked up trojanfake.alert, backdoor.bot, and spyware.banker among others. Thought I had finally fixed the situation, but the original symptoms have returned: slow moving computer (within browers and without); AVG anti-virus and Ad-Aware freeze when trying to update. Also, I've been redirected from a few search engines. At times, AVG will flash a "Threat" screen. The latest named a file "your-antispyware-tools.com" as a culprit. I'll paste the log below. Any help you might have would be GREATLY appreciately. Thanks!


DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Owner at 21:20:31.28 on Mon 06/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.206 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Palm\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{00cd55d6-ee5a-4570-9875-8a306628c032}\Icon3E5562ED7.ico
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.proxydc.wrlc.org/lib/udclibrary/support/plugins/ebraryRdr.cab
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup162.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-20 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-1 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-1 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-1 298776]
S0 bmcjj;bmcjj;c:\windows\system32\drivers\okxfhzx.sys --> c:\windows\system32\drivers\okxfhzx.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-20 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-20 1095560]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-06-01 20:19 <DIR> --d----- c:\program files\CCleaner
2009-06-01 19:20 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-01 19:20 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-01 19:20 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 19:20 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-01 19:20 <DIR> --d----- c:\docume~1\hp_owner\applic~1\AVGTOOLBAR
2009-06-01 19:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-01 18:23 <DIR> --d----- C:\AVGTemp
2009-05-30 13:29 50,176 a------- c:\windows\system32\proquota.exe
2009-05-30 13:29 50,176 a------- c:\windows\system32\dllcache\proquota.exe
2009-05-21 10:36 0 a------- c:\windows\system32\78.tmp
2009-05-21 10:33 82,432 a------- c:\windows\system32\dllcache\ws2_32.dll
2009-05-21 10:33 64,000 a------- c:\windows\system32\76.tmp
2009-05-20 23:00 <DIR> --d----- c:\docume~1\hp_owner\applic~1\Malwarebytes
2009-05-20 22:44 154,624 a------- c:\windows\PEV.exe
2009-05-20 22:34 <DIR> --d----- c:\program files\bleep you bleep
2009-05-20 18:54 <DIR> --d----- c:\program files\Person
2009-05-20 18:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-20 16:29 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 16:29 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 16:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 16:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-20 11:36 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-05-20 11:36 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-20 11:36 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-20 11:36 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-05-20 11:36 <DIR> --d----- c:\program files\common files\PC Tools
2009-05-20 11:36 <DIR> --d----- c:\program files\Spyware Doctor
2009-05-20 11:36 <DIR> --d----- c:\docume~1\hp_owner\applic~1\PC Tools
2009-05-20 11:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools

==================== Find3M ====================

2009-05-02 14:13 4,294 a------- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2008-10-23 09:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081020\index.dat
2008-10-23 09:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102320081024\index.dat

============= FINISH: 21:21:22.61 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 01 June 2009 - 09:52 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!



I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in training an Expert Coach will assist me in your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

**********

Let's get started.

A few questions first.

Do you use both Firefox & IE?
Are you redirected using both browsers?
I see remnants of Norton (Symantec) Antivirus software in your log. Is AVG currently your only active AV?

**********
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
**********

With your next post please provide:
* Answer to questions
* RSIT log.txt
* RSIT info.txt
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 fifteenand1

fifteenand1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 01 June 2009 - 10:02 PM

TCHBytes: Thanks so much for the help with this. I really appreciate it! Requested info:

I do use both IE and Firefox. Firefox more frequently; IE primarily because it is still set as the default for a few programs.

I have been redirected on both browsers over the past week.

AVG is my only active anti-virus.

Logfile:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Owner at 2009-06-01 22:56:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (58%) free of 68 GB
Total RAM: 702 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:20 PM, on 6/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Palm\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivirprotection.com
O1 - Hosts: 94.232.248.66 www.antivirprotection.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.proxydc.wrlc.org/li...s/ebraryRdr.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://mywebcast.cc/tvants/tvants.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8376 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-01 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-06-01 2223872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-06-01 2223872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-07 180269]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-27 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-01 1947928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-27 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-07 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-07-07 36903]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Palm\Hotsync.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
VPN Client.lnk - C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-07 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:AVG Free User Interface"
"C:\Program Files\AVG\AVG8\avgtray.exe"="C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:AVG Free Tray Icon"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-06-01 22:56:04 ----D---- C:\rsit
2009-06-01 20:19:08 ----D---- C:\Program Files\CCleaner
2009-06-01 20:18:15 ----SHD---- C:\RECYCLER
2009-06-01 19:44:05 ----D---- C:\WINDOWS\temp
2009-06-01 19:44:03 ----A---- C:\ComboFix.txt
2009-06-01 19:20:55 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-01 19:20:35 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVGTOOLBAR
2009-06-01 19:20:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-01 18:23:21 ----D---- C:\AVGTemp
2009-05-30 13:29:34 ----A---- C:\WINDOWS\system32\proquota.exe
2009-05-21 10:36:10 ----A---- C:\WINDOWS\system32\78.tmp
2009-05-21 10:33:48 ----A---- C:\WINDOWS\system32\76.tmp
2009-05-20 23:00:58 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2009-05-20 22:44:00 ----A---- C:\WINDOWS\PEV.exe
2009-05-20 22:34:22 ----D---- C:\Program Files\bleep you bleep
2009-05-20 18:54:57 ----D---- C:\Program Files\Person
2009-05-20 18:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 16:28:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-20 16:28:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-20 11:36:20 ----D---- C:\Program Files\Common Files\PC Tools
2009-05-20 11:36:15 ----D---- C:\Program Files\Spyware Doctor
2009-05-20 11:36:15 ----D---- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2009-05-20 11:36:15 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools

======List of files/folders modified in the last 1 months======

2009-06-01 22:56:05 ----D---- C:\WINDOWS\Prefetch
2009-06-01 21:39:59 ----D---- C:\Program Files\Mozilla Firefox
2009-06-01 20:21:23 ----D---- C:\WINDOWS\Debug
2009-06-01 20:21:22 ----AD---- C:\WINDOWS
2009-06-01 20:21:19 ----D---- C:\WINDOWS\Minidump
2009-06-01 20:19:08 ----D---- C:\Program Files
2009-06-01 19:49:12 ----D---- C:\WINDOWS\system32\Lang
2009-06-01 19:45:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-01 19:44:06 ----D---- C:\WINDOWS\system32
2009-06-01 19:44:06 ----AD---- C:\Qoobox
2009-06-01 19:41:41 ----A---- C:\WINDOWS\system.ini
2009-06-01 19:39:53 ----D---- C:\WINDOWS\system32\drivers
2009-06-01 19:39:53 ----D---- C:\WINDOWS\AppPatch
2009-06-01 19:39:43 ----D---- C:\Program Files\Common Files
2009-06-01 19:30:21 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-06-01 19:19:18 ----SHD---- C:\WINDOWS\Installer
2009-06-01 17:24:47 ----A---- C:\WINDOWS\WININIT.INI
2009-05-31 08:36:53 ----HD---- C:\WINDOWS\inf
2009-05-30 13:29:39 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-05-29 19:15:10 ----D---- C:\WINDOWS\system32\wbem
2009-05-28 22:50:32 ----D---- C:\Program Files\Stella
2009-05-24 13:26:02 ----D---- C:\Program Files\Apple Software Update
2009-05-24 13:22:41 ----SD---- C:\WINDOWS\Tasks
2009-05-21 08:36:24 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2009-05-20 22:51:30 ----D---- C:\Program Files\Common
2009-05-20 18:34:54 ----D---- C:\Program Files\iTunes
2009-05-20 12:15:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-12 12:44:45 ----D---- C:\Program Files\ProMash
2009-05-07 03:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-05 19:21:34 ----A---- C:\WINDOWS\cdplayer.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-01 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-01 108552]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-08-01 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-07 1480704]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-11-03 146888]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 catchme;catchme; \??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-09-03 223128]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-25 16694]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-07 405504]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-01 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-08-12 1504256]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-27 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2001-11-23 57344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-22 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


Info File:


info.txt logfile of random's system information tool 1.06 2009-06-01 22:56:24

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Abacast Client-->C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AvantGo Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x9 CP
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BreWater 3.0-->c:\brewater\Uninstal.exe
BurnOn CD&DVD, Version 3.1.0 ( Build 2005-10-26, Win32, )-->"C:\Program Files\BurnWorld\BurnOnCDDVD\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 4.7.00.0533-->MsiExec.exe /X{00CD55D6-EE5A-4570-9875-8A306628C032}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Good Sync version 4.6.10-->"C:\Program Files\Siber Systems\Good Sync\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console-->"C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Support Overview-->"C:\WINDOWS\unins000.exe"
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll"
IBE Palm SafeHold-->C:\WINDOWS\system32\pInstaller.exe /u "C:\WINDOWS\system32\IBE Palm SafeHold.un0"
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\bleep you bleep\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
Net Chess 6-->C:\Program Files\NetIntellGames\Net Chess 6\uninstall.exe
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Palm-->MsiExec.exe /X{0030188A-533E-42EE-9837-E044F10E4369}
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
ProMash-->MsiExec.exe /I{491EAC1A-8ECB-45D5-97D1-0583D5676914}
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Samsung Master-->C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Samsung USB Driver-->"C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly
SCRABBLE-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Slingo Deluxe-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
Snowy The Bears Adventure-->"C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SplashPhoto-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A96D3ED0-E7B3-41F6-8BB5-F3C63D80901D}\setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Person\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Stella 2.3.5-->"C:\Program Files\Stella\unins000.exe"
StrangeBrew-->MsiExec.exe /I{6D375D08-22BA-4965-9692-299207D99C62}
Super Granny-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
Tennis Titans-->"C:\Program Files\HP Games\Tennis Titans\Uninstall.exe"
Tornado Jockey-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
Tradewinds-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
TVAnts ActiveX Control 1.0-->C:\PROGRA~1\TVAntsX\UNWISE.EXE C:\PROGRA~1\TVAntsX\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.northernbrewer.com/ [2008-12-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-12-27]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop [2008-12-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop [2008-12-27]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2008-12-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-12-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2008-12-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-12-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2008-12-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-12-27]
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2008-12-27]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) [2008-12-27]
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-27]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-27]
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-27]
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-27]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-27]
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-27]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-27]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-27]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-27]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-20]
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-20]
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe [2009-05-20]

======Hosts File======

127.0.0.1 localhost
::1 localhost
94.232.248.66 browser-security.microsoft.com
94.232.248.66 antivirprotection.com
94.232.248.66 www.antivirprotection.com
127.0.0.1 mozilla.com
127.0.0.1 www.mozilla.com
127.0.0.1 firefox.com
127.0.0.1 www.firefox.com
127.0.0.1 www.firefox2.com

======Security center information======

AV: AVG Anti-Virus Free (outdated)

======System event log======

Computer Name: COMMODORELXIV
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Record Number: 69421
Source Name: Service Control Manager
Time Written: 20090430030114.000000-240
Event Type: error
User:

Computer Name: COMMODORELXIV
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Record Number: 69418
Source Name: Service Control Manager
Time Written: 20090430020103.000000-240
Event Type: error
User:

Computer Name: COMMODORELXIV
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Record Number: 69406
Source Name: Service Control Manager
Time Written: 20090429223043.000000-240
Event Type: error
User:

Computer Name: COMMODORELXIV
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Record Number: 69388
Source Name: Service Control Manager
Time Written: 20090429160506.000000-240
Event Type: error
User:

Computer Name: COMMODORELXIV
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Record Number: 69384
Source Name: Service Control Manager
Time Written: 20090429150039.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: COMMODORELXIV
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16791, faulting module unknown, version 0.0.0.0, fault address 0x61eb77e0.

Record Number: 25275
Source Name: Application Error
Time Written: 20090318094257.000000-240
Event Type: error
User:

Computer Name: COMMODORELXIV
Event Code: 1000
Message: Faulting application rhapsody.exe, version 4.0.4.545, faulting module rhapsody.exe, version 4.0.4.545, fault address 0x000af02e.

Record Number: 25223
Source Name: Application Error
Time Written: 20090316090121.000000-240
Event Type: error
User:

Computer Name: COMMODORELXIV
Event Code: 11722
Message: Product: Java™ 6 Update 12 -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action FilesInUseDialog, location: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\MSI10C.tmp, command: C:\Program Files\Java\jre6\

Record Number: 25142
Source Name: MsiInstaller
Time Written: 20090313075326.000000-300
Event Type: error
User: COMMODORELXIV\HP_Owner

Computer Name: COMMODORELXIV
Event Code: 1000
Message: Faulting application wordconv.exe, version 12.0.6014.5000, faulting module unknown, version 0.0.0.0, fault address 0x3134d488.

Record Number: 25126
Source Name: Application Error
Time Written: 20090312155334.000000-300
Event Type: error
User:

Computer Name: COMMODORELXIV
Event Code: 1517
Message: Windows saved user COMMODORELXIV\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 25090
Source Name: Userenv
Time Written: 20090311104406.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 01 June 2009 - 10:54 PM

Hello again,

You have run Combofix!
2009-06-01 19:44:03 ----A---- C:\ComboFix.txt

:thumbup2: This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! :)

Please provide Combofix.txt for my review. Again, please refrain from running tools without my assistance.

With your next post please provide:
* Combofix.txt
* Describe how your computer is running now.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 fifteenand1

fifteenand1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 02 June 2009 - 08:22 AM

My bad! I had used this before with some success, I thought, thinking it was just another search and destroy program. No worries. I won't do anything you don't suggest! Thanks again for taking the time with this!

Computer is still running slowly.

The hard driving starts running like crazy when I open AVG or Ad-Aware.

When I tried to update AVG it froze at the update screen, as did Ad-Aware.

No hijacking on Firefox this morning, but I did get redirected once on IE (ran just three or four random searches on each)

Combo Fix Log:

ComboFix 09-05-31.06 - HP_Owner 06/01/2009 19:37.6 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.537 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\bothers.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
PEV Error: CacheFile
PEV Error: CacheFolder
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile

((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 23:20 . 2009-06-01 23:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-01 23:20 . 2009-06-01 23:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-01 23:20 . 2009-06-01 23:20 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 23:20 . 2009-06-01 23:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-01 23:20 . 2009-06-01 23:20 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-01 23:20 . 2009-06-01 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-01 22:23 . 2009-06-01 22:24 -------- d-----w- C:\AVGTemp
2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-05-29 20:25 . 2009-05-29 20:25 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-21 14:33 . 2008-04-14 00:12 82432 ----a-w- c:\windows\system32\dllcache\ws2_32.dll
2009-05-21 02:34 . 2009-05-21 02:35 -------- d-----w- c:\program files\bleep you bleep
2009-05-20 22:54 . 2009-06-01 20:44 -------- d-----w- c:\program files\Person
2009-05-20 22:54 . 2009-06-01 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 20:29 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-20 20:29 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 20:28 . 2009-05-21 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 20:28 . 2009-05-20 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 15:36 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-05-20 15:36 . 2009-05-20 15:50 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-20 15:36 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-20 15:36 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-05-20 15:36 . 2009-05-20 16:01 -------- d-----w- c:\program files\Spyware Doctor
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 02:50 . 2006-08-19 15:14 -------- d-----w- c:\program files\Stella
2009-05-24 17:26 . 2008-04-10 19:04 -------- d-----w- c:\program files\Apple Software Update
2009-05-21 14:36 . 2009-05-21 14:36 0 ----a-w- c:\windows\system32\78.tmp
2009-05-21 14:33 . 2009-05-21 14:33 64000 ----a-w- c:\windows\system32\76.tmp
2009-05-21 02:51 . 2008-11-07 22:24 -------- d-----w- c:\program files\Common
2009-05-20 22:34 . 2008-04-10 19:08 -------- d-----w- c:\program files\iTunes
2009-05-20 16:15 . 2008-09-02 00:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-12 16:44 . 2006-08-07 00:47 -------- d-----w- c:\program files\ProMash
2009-03-06 14:22 . 2004-08-04 04:00 284160 ----a-w- c:\windows\system32\pdh.dll
.

------- Sigcheck -------

[7] 2004-08-04 04:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\system32\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-21_02.57.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 15:17 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-20 15:17 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-24 17:22 . 2009-05-24 17:22 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-01 1947928]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-01 23:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/20/2009 11:36 AM 130936]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/1/2009 7:20 PM 108552]
S0 bmcjj;bmcjj;c:\windows\system32\drivers\okxfhzx.sys --> c:\windows\system32\drivers\okxfhzx.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/1/2009 7:20 PM 325896]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/1/2009 7:20 PM 298776]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/20/2009 11:36 AM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 19:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-01 19:44
ComboFix-quarantined-files.txt 2009-06-01 23:43
ComboFix2.txt 2009-05-31 19:06
ComboFix3.txt 2009-05-30 17:33
ComboFix4.txt 2009-05-21 02:59
ComboFix5.txt 2009-06-01 23:36

Pre-Run: 41,817,575,424 bytes free
Post-Run: 41,804,075,008 bytes free

187 --- E O F --- 2009-05-31 23:26

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 02 June 2009 - 10:44 AM

Hi,
No problem. :) but.......

I need all the combofix logs please. The 1st is actually the most important! We virtually never run Combofix without a directed script a subsequent time much less 5 times. :thumbup2: Really no benefit and an almost certain guarantee of critical system file damage!!

Post those logs and give me a chance to create an appropriate fix for you with the assistance of my coach.

Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 fifteenand1

fifteenand1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 02 June 2009 - 11:10 AM

Ha! Certain system damage. Good stuff. Sorry, to have made a bad situation worse! I'm a complete idiot. Here are all the logs, which I think are in order. Thanks!

ComboFix 09-05-20.A0 - HP_Owner 05/20/2009 22:51.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.366 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\bothers.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081226101250812.log
c:\program files\Common\helper.sig
c:\windows\system32\drivers\UACkltenboduxdqjol.sys
c:\windows\system32\UACbhmtfmgiqrsrgti.log
c:\windows\system32\UACbotxvkyxetonqtj.dat
c:\windows\system32\UACibquvrkiktpjxhk.dll
c:\windows\system32\UACifyerswuachpsml.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACotlliomybchhdpa.dll
c:\windows\system32\UACpxwaukpjvqndcnk.dll
c:\windows\system32\UACrbrqowkrxnsglpo.dll
c:\windows\system32\UACvegojyuwqbuplhk.dll
c:\windows\system32\UACwlrquaiqjntbuhp.log
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 02:34 . 2009-05-21 02:35 -------- d-----w c:\program files\bleep you bleep
2009-05-20 22:54 . 2009-05-20 23:11 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 22:54 . 2009-05-20 22:57 -------- d-----w c:\program files\Person
2009-05-20 20:29 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 20:29 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 20:28 . 2009-05-20 20:28 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 20:28 . 2009-05-21 02:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 15:36 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-20 15:36 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-20 15:36 . 2009-05-20 15:50 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-20 15:36 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\documents and settings\HP_Owner\Application Data\PC Tools
2009-05-20 15:36 . 2009-05-20 16:01 -------- d-----w c:\program files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 02:51 . 2008-11-07 22:24 -------- d-----w c:\program files\Common
2009-05-20 22:34 . 2008-04-10 19:08 -------- d-----w c:\program files\iTunes
2009-05-12 16:44 . 2006-08-07 00:47 -------- d-----w c:\program files\ProMash
2009-05-09 13:13 . 2008-12-28 01:15 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-09 13:13 . 2008-12-28 01:15 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-09 13:13 . 2008-12-28 01:15 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-07 03:22 . 2006-08-19 15:14 -------- d-----w c:\program files\Stella
2009-05-02 18:13 . 2006-09-21 22:49 4294 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-03-06 14:22 . 2004-08-04 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 04:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 04:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 13:13 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/20/2009 11:36 AM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/27/2008 9:15 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/27/2008 9:15 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/27/2008 9:15 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/27/2008 9:15 PM 298776]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/20/2009 11:36 AM 348752]
.
- - - - ORPHANS REMOVED - - - -

BHO-{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - c:\program files\Common\helper.dll
BHO-{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - c:\windows\system32\iehelper.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-21 22:59
ComboFix-quarantined-files.txt 2009-05-21 02:58
ComboFix2.txt 2008-12-28 00:37
ComboFix3.txt 2008-10-24 12:44

Pre-Run: 41,065,119,744 bytes free
Post-Run: 41,277,685,760 bytes free

167 --- E O F --- 2009-05-13 07:04





ComboFix 09-05-31.06 - HP_Owner 06/01/2009 19:37.6 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.537 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\bothers.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
PEV Error: CacheFile
PEV Error: CacheFolder
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile

((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 23:20 . 2009-06-01 23:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-01 23:20 . 2009-06-01 23:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-01 23:20 . 2009-06-01 23:20 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 23:20 . 2009-06-01 23:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-01 23:20 . 2009-06-01 23:20 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-01 23:20 . 2009-06-01 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-01 22:23 . 2009-06-01 22:24 -------- d-----w- C:\AVGTemp
2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-05-29 20:25 . 2009-05-29 20:25 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-21 14:33 . 2008-04-14 00:12 82432 ----a-w- c:\windows\system32\dllcache\ws2_32.dll
2009-05-21 02:34 . 2009-05-21 02:35 -------- d-----w- c:\program files\bleep you bleep
2009-05-20 22:54 . 2009-06-01 20:44 -------- d-----w- c:\program files\Person
2009-05-20 22:54 . 2009-06-01 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 20:29 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-20 20:29 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 20:28 . 2009-05-21 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 20:28 . 2009-05-20 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 15:36 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-05-20 15:36 . 2009-05-20 15:50 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-20 15:36 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-20 15:36 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-05-20 15:36 . 2009-05-20 16:01 -------- d-----w- c:\program files\Spyware Doctor
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 02:50 . 2006-08-19 15:14 -------- d-----w- c:\program files\Stella
2009-05-24 17:26 . 2008-04-10 19:04 -------- d-----w- c:\program files\Apple Software Update
2009-05-21 14:36 . 2009-05-21 14:36 0 ----a-w- c:\windows\system32\78.tmp
2009-05-21 14:33 . 2009-05-21 14:33 64000 ----a-w- c:\windows\system32\76.tmp
2009-05-21 02:51 . 2008-11-07 22:24 -------- d-----w- c:\program files\Common
2009-05-20 22:34 . 2008-04-10 19:08 -------- d-----w- c:\program files\iTunes
2009-05-20 16:15 . 2008-09-02 00:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-12 16:44 . 2006-08-07 00:47 -------- d-----w- c:\program files\ProMash
2009-03-06 14:22 . 2004-08-04 04:00 284160 ----a-w- c:\windows\system32\pdh.dll
.

------- Sigcheck -------

[7] 2004-08-04 04:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\system32\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-21_02.57.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 15:17 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-20 15:17 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-24 17:22 . 2009-05-24 17:22 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-01 1947928]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-01 23:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/20/2009 11:36 AM 130936]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/1/2009 7:20 PM 108552]
S0 bmcjj;bmcjj;c:\windows\system32\drivers\okxfhzx.sys --> c:\windows\system32\drivers\okxfhzx.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/1/2009 7:20 PM 325896]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/1/2009 7:20 PM 298776]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/20/2009 11:36 AM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 19:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-01 19:44
ComboFix-quarantined-files.txt 2009-06-01 23:43
ComboFix2.txt 2009-05-31 19:06
ComboFix3.txt 2009-05-30 17:33
ComboFix4.txt 2009-05-21 02:59
ComboFix5.txt 2009-06-01 23:36

Pre-Run: 41,817,575,424 bytes free
Post-Run: 41,804,075,008 bytes free

187 --- E O F --- 2009-05-31 23:26








ComboFix 09-05-30.01 - HP_Owner 05/31/2009 14:53.5 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.523 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\bothers.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w c:\windows\system32\proquota.exe
2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w c:\windows\system32\dllcache\proquota.exe
2009-05-29 20:25 . 2009-05-29 20:25 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 01:14 . 2009-05-28 01:14 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-21 14:33 . 2008-04-14 00:12 82432 ----a-w c:\windows\system32\dllcache\ws2_32.dll
2009-05-21 03:00 . 2009-05-21 03:00 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-05-21 02:34 . 2009-05-21 02:35 -------- d-----w c:\program files\bleep you bleep
2009-05-20 22:54 . 2009-05-20 23:11 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 22:54 . 2009-05-20 22:57 -------- d-----w c:\program files\Person
2009-05-20 20:29 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 20:29 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 20:28 . 2009-05-21 02:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 20:28 . 2009-05-20 20:28 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 15:36 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-20 15:36 . 2009-05-20 15:50 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-20 15:36 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-20 15:36 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-20 15:36 . 2009-05-20 16:01 -------- d-----w c:\program files\Spyware Doctor
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\documents and settings\HP_Owner\Application Data\PC Tools
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-20 13:04 . 2009-05-09 13:13 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-20 13:04 . 2009-05-09 13:13 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-20 13:04 . 2009-05-09 13:13 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-20 13:04 . 2009-05-09 13:13 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-20 13:04 . 2009-05-09 13:13 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-20 13:04 . 2009-05-09 13:13 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-20 13:04 . 2009-05-09 13:13 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-20 13:04 . 2009-05-09 13:13 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-20 13:04 . 2009-05-09 13:13 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 12:33 . 2009-05-09 13:11 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 12:33 . 2009-05-09 13:11 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 02:50 . 2006-08-19 15:14 -------- d-----w c:\program files\Stella
2009-05-24 17:26 . 2008-04-10 19:04 -------- d-----w c:\program files\Apple Software Update
2009-05-21 14:36 . 2009-05-21 14:36 0 ----a-w c:\windows\system32\78.tmp
2009-05-21 14:33 . 2009-05-21 14:33 64000 ----a-w c:\windows\system32\76.tmp
2009-05-21 02:51 . 2008-11-07 22:24 -------- d-----w c:\program files\Common
2009-05-21 02:27 . 2008-12-26 17:56 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-20 22:34 . 2008-04-10 19:08 -------- d-----w c:\program files\iTunes
2009-05-20 16:15 . 2008-09-02 00:08 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 03:26 . 2008-12-28 01:15 -------- d-----w c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2009-05-12 16:44 . 2006-08-07 00:47 -------- d-----w c:\program files\ProMash
2009-05-09 13:13 . 2008-12-28 01:15 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-09 13:13 . 2008-12-28 01:15 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-09 13:13 . 2008-12-28 01:15 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-09 13:13 . 2008-12-28 01:15 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-02 18:13 . 2006-09-21 22:49 4294 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-03-13 12:35 . 2009-03-13 12:35 152576 ----a-w c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-06 14:22 . 2004-08-04 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 04:00 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-21_02.57.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-05-20 15:17 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-20 15:17 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-24 17:22 . 2009-05-24 17:22 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 13:13 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/20/2009 11:36 AM 130936]
S0 bmcjj;bmcjj;c:\windows\system32\drivers\okxfhzx.sys --> c:\windows\system32\drivers\okxfhzx.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/27/2008 9:15 PM 325896]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/27/2008 9:15 PM 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/27/2008 9:15 PM 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/27/2008 9:15 PM 298776]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/20/2009 11:36 AM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 14:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(260)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-31 15:06
ComboFix-quarantined-files.txt 2009-05-31 19:04
ComboFix2.txt 2009-05-30 17:33
ComboFix3.txt 2009-05-21 02:59
ComboFix4.txt 2008-12-28 00:37
ComboFix5.txt 2009-05-31 18:52

Pre-Run: 41,844,977,664 bytes free
Post-Run: 41,845,116,928 bytes free

191 --- E O F --- 2009-05-13 07:04








ComboFix 09-05-30.01 - HP_Owner 05/30/2009 13:25.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.340 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\bothers.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\$NtServicePackUninstall$\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w c:\windows\system32\proquota.exe
2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w c:\windows\system32\dllcache\proquota.exe
2009-05-29 20:25 . 2009-05-29 20:25 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 01:14 . 2009-05-28 01:14 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-21 14:33 . 2008-04-14 00:12 82432 ----a-w c:\windows\system32\dllcache\ws2_32.dll
2009-05-21 03:00 . 2009-05-21 03:00 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-05-21 02:34 . 2009-05-21 02:35 -------- d-----w c:\program files\bleep you bleep
2009-05-20 22:54 . 2009-05-20 23:11 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 22:54 . 2009-05-20 22:57 -------- d-----w c:\program files\Person
2009-05-20 20:29 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 20:29 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 20:28 . 2009-05-21 02:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 20:28 . 2009-05-20 20:28 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 15:36 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-20 15:36 . 2009-05-20 15:50 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-20 15:36 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-20 15:36 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-20 15:36 . 2009-05-20 16:01 -------- d-----w c:\program files\Spyware Doctor
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\documents and settings\HP_Owner\Application Data\PC Tools
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-20 13:04 . 2009-05-09 13:13 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-20 13:04 . 2009-05-09 13:13 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-20 13:04 . 2009-05-09 13:13 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-20 13:04 . 2009-05-09 13:13 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-20 13:04 . 2009-05-09 13:13 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-20 13:04 . 2009-05-09 13:13 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-20 13:04 . 2009-05-09 13:13 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-20 13:04 . 2009-05-09 13:13 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-20 13:04 . 2009-05-09 13:13 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 12:33 . 2009-05-09 13:11 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 12:33 . 2009-05-09 13:11 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 02:50 . 2006-08-19 15:14 -------- d-----w c:\program files\Stella
2009-05-24 17:26 . 2008-04-10 19:04 -------- d-----w c:\program files\Apple Software Update
2009-05-21 14:36 . 2009-05-21 14:36 0 ----a-w c:\windows\system32\78.tmp
2009-05-21 14:33 . 2009-05-21 14:33 64000 ----a-w c:\windows\system32\76.tmp
2009-05-21 02:51 . 2008-11-07 22:24 -------- d-----w c:\program files\Common
2009-05-21 02:27 . 2008-12-26 17:56 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-20 22:34 . 2008-04-10 19:08 -------- d-----w c:\program files\iTunes
2009-05-20 16:15 . 2008-09-02 00:08 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 03:26 . 2008-12-28 01:15 -------- d-----w c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2009-05-12 16:44 . 2006-08-07 00:47 -------- d-----w c:\program files\ProMash
2009-05-09 13:13 . 2008-12-28 01:15 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-09 13:13 . 2008-12-28 01:15 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-09 13:13 . 2008-12-28 01:15 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-09 13:13 . 2008-12-28 01:15 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-02 18:13 . 2006-09-21 22:49 4294 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-03-13 12:35 . 2009-03-13 12:35 152576 ----a-w c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-06 14:22 . 2004-08-04 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 04:00 826368 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[7] 2004-08-04 04:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\system32\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-21_02.57.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-29 23:17 . 2009-05-29 23:17 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
- 2009-05-20 15:17 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-20 15:17 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-24 17:22 . 2009-05-24 17:22 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 13:13 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/20/2009 11:36 AM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/27/2008 9:15 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/27/2008 9:15 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/27/2008 9:15 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/27/2008 9:15 PM 298776]
S0 bmcjj;bmcjj;c:\windows\system32\drivers\okxfhzx.sys --> c:\windows\system32\drivers\okxfhzx.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/20/2009 11:36 AM 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-30 13:33
ComboFix-quarantined-files.txt 2009-05-30 17:33
ComboFix2.txt 2009-05-21 02:59
ComboFix3.txt 2008-12-28 00:37
ComboFix4.txt 2008-10-24 12:44

Pre-Run: 40,952,664,064 bytes free
Post-Run: 41,115,160,576 bytes free

204 --- E O F --- 2009-05-13 07:04








ComboFix 09-05-20.A0 - HP_Owner 05/20/2009 22:51.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.366 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\bothers.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081226101250812.log
c:\program files\Common\helper.sig
c:\windows\system32\drivers\UACkltenboduxdqjol.sys
c:\windows\system32\UACbhmtfmgiqrsrgti.log
c:\windows\system32\UACbotxvkyxetonqtj.dat
c:\windows\system32\UACibquvrkiktpjxhk.dll
c:\windows\system32\UACifyerswuachpsml.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACotlliomybchhdpa.dll
c:\windows\system32\UACpxwaukpjvqndcnk.dll
c:\windows\system32\UACrbrqowkrxnsglpo.dll
c:\windows\system32\UACvegojyuwqbuplhk.dll
c:\windows\system32\UACwlrquaiqjntbuhp.log
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 02:34 . 2009-05-21 02:35 -------- d-----w c:\program files\bleep you bleep
2009-05-20 22:54 . 2009-05-20 23:11 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 22:54 . 2009-05-20 22:57 -------- d-----w c:\program files\Person
2009-05-20 20:29 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 20:29 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 20:28 . 2009-05-20 20:28 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 20:28 . 2009-05-21 02:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 15:36 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-20 15:36 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-20 15:36 . 2009-05-20 15:50 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-20 15:36 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w c:\documents and settings\HP_Owner\Application Data\PC Tools
2009-05-20 15:36 . 2009-05-20 16:01 -------- d-----w c:\program files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 02:51 . 2008-11-07 22:24 -------- d-----w c:\program files\Common
2009-05-20 22:34 . 2008-04-10 19:08 -------- d-----w c:\program files\iTunes
2009-05-12 16:44 . 2006-08-07 00:47 -------- d-----w c:\program files\ProMash
2009-05-09 13:13 . 2008-12-28 01:15 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-09 13:13 . 2008-12-28 01:15 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-09 13:13 . 2008-12-28 01:15 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-07 03:22 . 2006-08-19 15:14 -------- d-----w c:\program files\Stella
2009-05-02 18:13 . 2006-09-21 22:49 4294 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-03-06 14:22 . 2004-08-04 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 04:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 04:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 13:13 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/20/2009 11:36 AM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/27/2008 9:15 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/27/2008 9:15 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/27/2008 9:15 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/27/2008 9:15 PM 298776]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/20/2009 11:36 AM 348752]
.
- - - - ORPHANS REMOVED - - - -

BHO-{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - c:\program files\Common\helper.dll
BHO-{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - c:\windows\system32\iehelper.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-21 22:59
ComboFix-quarantined-files.txt 2009-05-21 02:58
ComboFix2.txt 2008-12-28 00:37
ComboFix3.txt 2008-10-24 12:44

Pre-Run: 41,065,119,744 bytes free
Post-Run: 41,277,685,760 bytes free

167 --- E O F --- 2009-05-13 07:04





ComboFix 08-10-23.08 - HP_Owner 2008-10-24 8:27:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.388 [GMT -4:00]
* Resident AV is active

.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\drivers\TDSSmxoe.sys
C:\WINDOWS\system32\TDSSbavu.dll
C:\WINDOWS\system32\TDSSehys.dll
C:\WINDOWS\system32\TDSSirry.dll
C:\WINDOWS\system32\TDSSlubs.log
C:\WINDOWS\system32\TDSSmuph.dat
C:\WINDOWS\system32\TDSSncur.dll
C:\WINDOWS\system32\TDSSnmxh.log
C:\WINDOWS\system32\TDSSotpa.dll
C:\WINDOWS\system32\TDSSqiyk.dll
C:\WINDOWS\system32\TDSSsahc.dll
C:\WINDOWS\system32\TDSSwghd.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.

2008-10-24 00:03 . 2008-10-15 12:34 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 09:22 . 2008-10-23 09:57 10,240 --a------ C:\WINDOWS\brastk.exe
2008-10-23 09:20 . 2008-10-23 09:57 10,240 --a------ C:\WINDOWS\system32\brastk.exe
2008-10-23 09:20 . 2008-10-23 09:20 114 --a------ C:\WINDOWS\system32\delself.bat
2008-10-23 09:15 . 2008-10-23 09:15 43,520 --a------ C:\WINDOWS\system32\av.dat
2008-10-20 21:46 . 2008-10-20 21:46 41,150 --a------ C:\WINDOWS\system32\msratnit.dll
2008-10-20 21:45 . 2008-10-23 09:16 5,631 --a------ C:\WINDOWS\system32\comsatac.dll
2008-10-20 11:26 . 2008-10-23 09:16 8,752 --a------ C:\WINDOWS\system32\qviexio3.dat
2008-10-20 10:48 . 2008-10-20 10:48 73,728 --a------ C:\WINDOWS\system32\mscorews.dll
2008-10-19 00:44 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-19 00:43 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-19 00:43 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-19 00:43 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-19 00:43 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-19 00:43 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-13 17:38 . 2008-10-13 17:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-13 17:38 . 2008-10-13 17:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-13 17:38 . 2008-10-13 17:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-13 17:38 . 2008-10-13 17:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-13 17:35 . 2008-10-13 17:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-13 17:26 . 2008-10-13 17:26 <DIR> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 01:56 --------- d-----w C:\Program Files\ProMash
2008-10-22 18:01 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2008-10-13 21:47 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd6205.sys
2008-10-13 21:41 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-10-13 21:41 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-10-13 21:41 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-10-13 21:41 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-10-13 21:41 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-10-13 21:41 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-10-13 21:41 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-10-13 21:41 217,088 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2008-10-13 21:41 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-10-13 17:59 3,738 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-02 23:18 --------- d-----w C:\Program Files\Stella
2008-09-21 17:15 --------- d-----w C:\Program Files\TVAntsX
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 21:03 --------- d-----w C:\Program Files\McAfee
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-02 15:04 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-09-02 14:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-02 02:22 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2008-09-02 02:15 --------- d-----w C:\Program Files\Java
2008-09-02 00:31 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-09-02 00:30 --------- d-----w C:\Program Files\Lavasoft
2008-09-02 00:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-02 00:27 --------- d-----w C:\Program Files\BeerSmith
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-13 01:26 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-13 01:26 249,856 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"brastk"="C:\WINDOWS\system32\brastk.exe" [2008-10-23 10240]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - C:\Palm\Hotsync.exe [2004-06-09 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-21 65588]
VPN Client.lnk - C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 19:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 22:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-07 18:28 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SPOLSV - C:\WINDOWS\system32\tracerts.exe
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-dvd43 - (no file)
Notify-__c0063B11 - C:\WINDOWS\system32\__c0063B11.dat
Notify-__c00C1E00 - C:\WINDOWS\system32\__c00C1E00.dat


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\DOCUME~1\HP_Owner\APPLIC~1\Mozilla\Firefox\Profiles\jkyhufl9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 08:35:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-24 8:44:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-24 12:44:23

Pre-Run: 42,421,616,640 bytes free
Post-Run: 42,699,309,056 bytes free

215 --- E O F --- 2008-10-24 07:03:03
ComboFix 08-12-26.03 - HP_Owner 2008-12-27 19:31:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.395 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\bothers.com.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common\helper.sig
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\TDSSpcuu.sys
c:\windows\system32\qviexio3.dat
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSocun.dll
c:\windows\system32\TDSSotub.dll
c:\windows\system32\TDSSqekn.dll
c:\windows\system32\TDSSqrwn.log
c:\windows\system32\TDSSrojf.dll
c:\windows\system32\TDSSwgqe.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-27 19:17 . 2008-12-27 19:17 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 12:00 . 2008-12-27 12:00 <DIR> d-------- c:\documents and settings\HP_Owner\DoctorWeb
2008-12-27 11:09 . 2008-12-27 11:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-26 12:56 . 2008-12-26 12:56 <DIR> d-------- c:\program files\AVG
2008-12-26 12:56 . 2008-12-26 13:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-26 10:12 . 2008-12-26 10:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
2008-12-12 13:41 . 2008-12-12 13:40 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-09 09:36 . 2008-12-09 09:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 00:32 --------- d-----w c:\program files\Common
2008-12-27 19:00 --------- d-----w c:\program files\music_now
2008-12-24 04:50 --------- d-----w c:\program files\Stella
2008-12-22 14:26 --------- d-----w c:\program files\Google
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 18:40 --------- d-----w c:\program files\Java
2008-12-12 16:23 --------- d-----w c:\program files\Rhapsody
2008-11-25 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-16 18:21 --------- d-----w c:\program files\BeerSmith
2008-11-11 03:45 --------- d-----w c:\program files\ProMash
2008-11-11 03:26 --------- d-----w c:\program files\strangebrew
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:16 5,631 ----a-w c:\windows\system32\comsatac.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-21 01:46 41,150 ----a-w c:\windows\system32\msratnit.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-13 21:41 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-10-13 21:41 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-10-13 21:41 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-10-13 21:41 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-10-13 21:41 341,048 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-10-13 21:41 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-10-13 21:41 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-10-13 21:41 217,088 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2008-10-13 21:41 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-10-13 17:59 3,738 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-24_ 8.43.55.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 18:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\$NtUninstallKB954459$\msxml6.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
+ 2008-04-14 00:12:01 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 18:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2008-04-13 19:17:01 456,576 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-12-09 14:37:18 10,134 ----a-r c:\windows\Installer\{36FDBE6E-6684-462B-AE98-9A39A1B200CC}\ARPPRODUCTICON.exe
+ 2008-11-12 08:01:29 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2000-08-31 12:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-24 11:18:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-27 23:51:28 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-10-24 11:18:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-27 23:51:28 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-09-04 17:15:04 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-04-13 19:17:01 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-12 18:40:50 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-12 18:40:51 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-12 18:40:51 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\msxml6.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-10-13 21:52:39 53,640 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-03 03:40:48 53,640 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-13 21:52:39 382,022 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-03 03:40:48 382,022 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-28 00:29:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2006-12-02 03:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-03-23 16:15:32 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2006-03-23 16:14:36 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2006-03-23 16:14:36 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2006-03-23 16:14:36 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-03-23 17:44:12 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2006-03-23 17:44:16 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2006-03-23 17:44:20 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2006-03-23 17:44:20 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2006-12-02 05:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-07 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-06-09 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-21 65588]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 18:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 21:23 663552 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-07 17:28 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-09-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-windpipe - c:\documents and settings\HP_Owner\Application Data\Google\fhexj6825097.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O16 -: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
c:\windows\Downloaded Program Files\SETUP.INF
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 19:35:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpcuu.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-27 19:37:52
ComboFix-quarantined-files.txt 2008-12-28 00:37:04
ComboFix2.txt 2008-10-24 12:44:37

Pre-Run: 46,899,187,712 bytes free
Post-Run: 46,899,736,576 bytes free

467 --- E O F --- 2008-12-20 08:15:21







2009-05-30 17:32:24 . 2009-05-30 17:32:24 562 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-procexp90.Sys.reg.dat
2009-05-21 14:34:08 . 2009-05-21 14:34:56 212 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\twain_32\user.ds.vir
2009-05-21 02:57:31 . 2009-05-21 02:57:31 394 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}.reg.dat
2009-05-21 02:57:31 . 2009-05-21 02:57:31 861 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}.reg.dat
2009-05-21 02:57:07 . 2005-05-25 07:48:38 102 ----a-w- C:\Qoobox\Quarantine\D\Desktop.ini.vir
2009-05-21 02:44:44 . 2009-05-21 02:44:44 1,341 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_UACd.sys.reg.dat
2009-05-20 15:17:08 . 2009-05-21 02:27:09 28,014 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwlrquaiqjntbuhp.log.vir
2009-05-20 15:17:07 . 2009-05-20 23:18:56 5,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uacinit.dll.vir
2009-05-20 15:17:06 . 2009-05-21 02:27:08 66,560 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvegojyuwqbuplhk.dll.vir
2009-05-20 15:17:01 . 2009-05-20 15:17:01 224 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbotxvkyxetonqtj.dat.vir
2009-03-06 01:11:57 . 2009-03-06 01:11:57 50,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common\helper.sig.vir
2008-12-28 00:36:08 . 2008-12-28 00:36:08 180 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-windpipe.reg.dat
2008-12-28 00:28:06 . 2008-12-28 00:28:06 10 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_TDSSserv.sys.reg.dat
2008-12-26 15:13:22 . 2008-12-27 06:01:22 6,900 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSqrwn.log.vir
2008-12-26 15:13:20 . 2008-12-27 23:47:06 2,710 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSqekn.dll.vir
2008-12-26 15:13:15 . 2008-12-27 06:01:15 441 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSwgqe.dat.vir
2008-12-26 15:12:50 . 2008-12-26 16:29:55 234 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081226101250812.log.vir
2008-10-24 12:44:06 . 2008-10-24 12:44:06 554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-__c00C1E00.reg.dat
2008-10-24 12:44:06 . 2008-10-24 12:44:06 554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-__c0063B11.reg.dat
2008-10-24 12:44:00 . 2008-10-24 12:44:00 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-dvd43.reg.dat
2008-10-24 12:44:00 . 2008-10-24 12:44:00 99 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-PCDrProfiler.reg.dat
2008-10-24 12:43:58 . 2008-10-24 12:43:59 127 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-SPOLSV.reg.dat
2008-10-24 12:30:37 . 2009-06-01 23:40:49 9,790 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-10-24 12:24:02 . 2008-10-24 12:24:02 1,155 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_TDSSserv.sys).reg.dat
2008-10-24 12:24:02 . 2008-10-24 12:24:02 10 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_TDSSserv.reg.dat
2008-10-24 12:23:21 . 2009-06-01 23:36:07 1,130 ----a-w- C:\Qoobox\Quarantine\catchme.log
2008-10-23 13:21:24 . 2008-10-23 13:21:25 2,221 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSlubs.log.vir
2008-10-23 13:16:07 . 2008-10-24 12:19:28 963,423 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnmxh.log.vir
2008-10-23 13:15:52 . 2008-10-24 11:07:42 2,760 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSqiyk.dll.vir
2008-10-23 13:15:48 . 2008-10-23 13:15:48 164 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmuph.dat.vir
2008-10-20 15:26:31 . 2008-10-23 13:16:08 8,752 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qviexio3.dat.vir
2007-09-24 19:10:12 . 2007-07-24 15:03:28 144 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\SETUP.INF.vir
2006-07-22 03:08:44 . 2006-10-12 18:39:02 246 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\IE4 Error Log.txt.vir
2004-08-04 04:00:00 . 2004-08-04 04:00:00 111,104 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 02 June 2009 - 10:07 PM

Hello, :thumbup2:
I have completed my analysis of your logs and have created a fix. I am now awaiting review and approval to proceed from my expert coach. Again I ask you to please refrain from any further changes to your computer and please be patient. Just as soon as I get approval we will proceed.
Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 02 June 2009 - 10:49 PM

Hi, :thumbup2:
I need a little bit more info in the meantime please. You had clear evidence of a rootkit on your combofix logs. Let's look a bit deeper and see what is left.

**********

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
**********

Perform an online scan with Kaspersky WebScanner.

(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.

    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.

    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:

      Viruses, Worms, Trojan Horses, Rootkits

      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):

      Archives

      Mail databases

      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.

    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
**********

With your next post please provide:

* Gmer.log
* Kaspersky log
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 fifteenand1

fifteenand1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 04 June 2009 - 12:35 PM

Hey Sorry for the Delay! Those were some long scans. Thanks again for taking the time with this! Here are the requested logs:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-03 17:22:17
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF797E514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF796D282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF796D474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF797ED00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF797EFB8]
SSDT sptd.sys ZwEnumerateKey [0xF7B23D48]
SSDT sptd.sys ZwEnumerateValueKey [0xF7B240C0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF797D3FA]
SSDT sptd.sys ZwQueryKey [0xF7B2418A]
SSDT sptd.sys ZwQueryValueKey [0xF7B24022]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF797F422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF797E7D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF796CF32]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD6205.SYS The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\brss01a.exe[172] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\brss01a.exe[172] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\spoolsv.exe[184] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\spoolsv.exe[184] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\iTunes\iTunesHelper.exe[552] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\iTunes\iTunesHelper.exe[552] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[732] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[732] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[768] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[768] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[800] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[800] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\winlogon.exe[832] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\winlogon.exe[832] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\services.exe[888] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\services.exe[888] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\lsass.exe[900] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\lsass.exe[900] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[1088] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1088] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[1168] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1168] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1212] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1212] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\System32\svchost.exe[1264] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\System32\svchost.exe[1264] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[1372] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1372] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Palm\Hotsync.exe[1416] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Palm\Hotsync.exe[1416] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1452] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Bonjour\mDNSResponder.exe[1452] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1536] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1536] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[1544] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1544] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1636] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1636] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1664] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1664] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1880] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Java\jre6\bin\jqs.exe[1880] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\Explorer.EXE[1952] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\Explorer.EXE[1952] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Java\jre6\bin\java.exe[2344] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Java\jre6\bin\java.exe[2344] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\System32\alg.exe[2836] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\System32\alg.exe[2836] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7B1FA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7B1FB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7B1FAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7B206CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7B205A2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7B42BBC] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8359DB78
Device \FileSystem\Fastfat \FatCdrom 8324EA28

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8359E450
Device \Driver\Ftdisk \Device\HarddiskVolume2 8359E450
Device \Driver\Cdrom \Device\CdRom0 831E9EB0
Device \FileSystem\Rdbss \Device\FsWrap 82F8AEB0
Device \Driver\usbstor \Device\00000074 82F89EB0
Device \Driver\usbstor \Device\00000075 82F89EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export 82F8FCD0
Device \Driver\NetBT \Device\NetbiosSmb 82F8FCD0

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Disk \Device\Harddisk0\DR0 8359DE30

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Disk \Device\Harddisk1\DR3 8359DE30
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 8359DE30
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82F78EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{57DEB8C2-D9ED-4DF1-8FAC-5D15E52A1923} 82F8FCD0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82F78EB0
Device \FileSystem\Npfs \Device\NamedPipe 82FAACD0
Device \Driver\Ftdisk \Device\FtControl 8359E450
Device \FileSystem\Msfs \Device\Mailslot 82F9BEB0
Device \FileSystem\Fastfat \Fat 8324EA28

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8340C8E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1893226462
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1258817134
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1730476945
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x47 0xA8 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x47 0xA8 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x47 0xA8 0x5C ...

---- EOF - GMER 1.0.15 ----



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, June 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 04, 2009 15:18:20
Records in database: 2306328
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 101093
Threat name: 4
Infected objects: 5
Suspicious objects: 4
Duration of the scan: 03:18:47


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F5C0796.wmf Infected: Exploit.Win32.IMG-WMF.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\407776C3.wmf Infected: Exploit.Win32.IMG-WMF.v 1
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{C420940D-6840-4048-A182-50B4D80E27A7}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 4
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvegojyuwqbuplhk.dll.vir Infected: Trojan.Win32.TDSS.adzx 1
D:\I386\APPS\APP25091\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\APPS\APP25091\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1

The selected area was scanned.

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 04 June 2009 - 03:14 PM

Hello,
Hey Sorry for the Delay! Those were some long scans. Thanks again for taking the time with this! Here are the requested logs:
No apologies necessary. Those scan's can take a while. I am constructing a script to nuke the malware I have found so far. We have one more scan to run then it's time to apply the fix! This next scan is fast.

Do this....

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.


**********

With your next post please provide:

* Gooredlog.txt

Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 fifteenand1

fifteenand1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 04 June 2009 - 03:18 PM

Cool, T, glad we (well you) are making progress. That deserves a big: :thumbup2:

Here is requested log:

GooredFix v1.92 by jpshortstuff
Log created at 16:16 on 04/06/2009 running Option #1 (HP_Owner)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 05 June 2009 - 06:47 AM

Hello again,

Let's begin,

The last time you ran Combofix you had your AVG enabled. It must be disabled prior to running this next script.
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

**********

Download a fresh copy of ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
**********

:thumbup2: Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\78.tmp
c:\windows\system32\76.tmp
D:\I386\APPS\APP25091\src\CompaqPresario_Spring06.exe
D:\I386\APPS\APP25091\src\HPPavillion_Spring06.exe

Folder::
c:\documents and settings\All Users\Application Data\TEMP

DirLook::
c:\program files\bleep you bleep
c:\program files\Person
c:\program files\Stella

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**********

With your next post please provide:

* Combofix.txt
* How is your computer running now?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 fifteenand1

fifteenand1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 05 June 2009 - 10:58 AM

Sweet! As always, thanks for your time with this! Ok- Requested Info:

How is computer running now?:

IE running searches twice as fast with no redirects. (Speed issue perhaps because link scanner is off in AVG?)
Firefox still a bit slow, but no redirects on a few searches.

Outlook suddenly will not let me "Send/Receive" email. That button is darkened and unavailable.

AVG seized up with trying to update.

Ad-Aware gave the following error message when trying to update:

"Sytem Error 1814 has occurred. Description: Could not log to server. Are you running this application as another user? Application Terminated"

Think that's about it. Note: I have not restarted my computer since the ComboFix. Not sure if this makes a difference, but I will follow your instructions to the letter, Obi Wan!


Here is ComboFix log:

ComboFix 09-06-04.09 - HP_Owner 06/05/2009 11:34.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.358 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\76.tmp"
"c:\windows\system32\78.tmp"
"d:\i386\APPS\APP25091\src\CompaqPresario_Spring06.exe"
"d:\i386\APPS\APP25091\src\HPPavillion_Spring06.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\76.tmp
c:\windows\system32\78.tmp
d:\i386\APPS\APP25091\src\CompaqPresario_Spring06.exe
d:\i386\APPS\APP25091\src\HPPavillion_Spring06.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-04 12:39 . 2009-06-04 12:41 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-03 04:12 . 2009-06-05 04:17 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-02 02:56 . 2009-06-02 02:56 -------- d-----w- C:\rsit
2009-06-02 00:19 . 2009-06-02 00:19 -------- d-----w- c:\program files\CCleaner
2009-06-01 23:20 . 2009-06-01 23:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-01 23:20 . 2009-06-01 23:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-01 23:20 . 2009-06-01 23:20 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 23:20 . 2009-06-01 23:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-01 23:20 . 2009-06-02 01:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2009-06-01 23:20 . 2009-06-01 23:20 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-01 23:20 . 2009-06-01 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-01 22:23 . 2009-06-01 22:24 -------- d-----w- C:\AVGTemp
2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-05-30 17:29 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-05-29 20:25 . 2009-05-29 20:25 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 01:14 . 2009-05-28 01:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-21 14:33 . 2008-04-14 00:12 82432 ----a-w- c:\windows\system32\dllcache\ws2_32.dll
2009-05-21 03:00 . 2009-05-21 03:00 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-05-21 02:34 . 2009-05-21 02:35 -------- d-----w- c:\program files\bleep you bleep
2009-05-20 22:54 . 2009-06-02 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-20 22:54 . 2009-06-01 20:44 -------- d-----w- c:\program files\Person
2009-05-20 20:29 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-20 20:29 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 20:28 . 2009-05-21 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 20:28 . 2009-05-20 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 15:36 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-05-20 15:36 . 2009-05-20 15:50 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-20 15:36 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-20 15:36 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-05-20 15:36 . 2009-05-20 16:01 -------- d-----w- c:\program files\Spyware Doctor
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\PC Tools
2009-05-20 15:36 . 2009-05-20 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 12:42 . 2008-12-12 18:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 12:42 . 2006-07-07 21:49 -------- d-----w- c:\program files\Java
2009-05-29 02:50 . 2006-08-19 15:14 -------- d-----w- c:\program files\Stella
2009-05-24 17:26 . 2008-04-10 19:04 -------- d-----w- c:\program files\Apple Software Update
2009-05-21 02:51 . 2008-11-07 22:24 -------- d-----w- c:\program files\Common
2009-05-20 22:34 . 2008-04-10 19:08 -------- d-----w- c:\program files\iTunes
2009-05-12 16:44 . 2006-08-07 00:47 -------- d-----w- c:\program files\ProMash
2009-05-02 18:13 . 2006-09-21 22:49 4294 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-03-13 12:35 . 2009-03-13 12:35 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\bleep you bleep ----


---- Directory of c:\program files\Person ----

2009-06-01 20:44 . 2009-03-05 20:07 2260480 ----a-w- c:\program files\Person\YSVSEFYXAJVREAP.scr
2009-06-01 20:44 . 2009-03-11 14:20 1065888 ----a-w- c:\program files\Person\Updates\teatimer166.exe
2009-06-01 20:44 . 2009-03-11 20:44 1036085 ----a-w- c:\program files\Person\Updates\teatimer166.zip
2009-06-01 20:43 . 2008-11-05 20:43 559133 ----a-w- c:\program files\Person\Updates\clsid.zip
2009-06-01 20:43 . 2009-06-01 20:43 92761 ----a-w- c:\program files\Person\Updates\online.ini
2009-06-01 20:43 . 2009-06-01 20:43 7798 ----a-w- c:\program files\Person\Updates\online.ini.uiz
2009-06-01 20:42 . 2009-06-01 20:44 3396 ----a-w- c:\program files\Person\Updates\downloaded.ini
2009-06-01 20:42 . 2008-06-24 18:31 4823580 ----a-w- c:\program files\Person\Includes\TTLASSH.sbs
2009-06-01 20:42 . 2006-09-28 21:58 21819 ----a-w- c:\program files\Person\Includes\RegXLinks.sbs
2009-06-01 20:42 . 2007-06-18 18:13 4873 ----a-w- c:\program files\Person\Includes\LSP.sbs
2009-06-01 20:42 . 2007-09-26 14:11 434 ----a-w- c:\program files\Person\Includes\X509White.sbs
2009-06-01 20:42 . 2008-10-29 11:23 558915 ----a-w- c:\program files\Person\Includes\CLSIDs.sbs
2009-06-01 20:42 . 2008-07-01 18:20 1243642 ----a-w- c:\program files\Person\Includes\Targets.nfo
2009-06-01 20:42 . 2007-09-19 17:15 3863401 ----a-w- c:\program files\Person\Includes\Startup.tnfo
2009-06-01 20:42 . 2009-03-05 20:07 2260480 ----a-w- c:\program files\Person\YRXTSNAPSBNSY.scr
2009-06-01 20:42 . 2009-01-26 19:31 5365592 ----a-w- c:\program files\Person\PWJEGHZIUTFWEWRESF.scr
2009-06-01 20:42 . 2009-01-26 19:31 1740632 ----a-w- c:\program files\Person\HRDUCUCGCWWIA.scr
2009-05-26 14:16 . 2009-05-26 14:16 994 ----a-w- c:\program files\Person\Includes\HijackersC.sbi
2009-05-26 14:16 . 2009-05-26 14:16 154702 ----a-w- c:\program files\Person\Includes\Hijackers.sbi
2009-05-26 12:35 . 2009-05-26 12:35 2176746 ----a-w- c:\program files\Person\Includes\TrojansC.sbi
2009-05-26 11:23 . 2009-05-26 11:23 5072 ----a-w- c:\program files\Person\Includes\SecurityC.sbi
2009-05-26 11:23 . 2009-05-26 11:23 3620 ----a-w- c:\program files\Person\Includes\SpywareC.sbi
2009-05-26 11:23 . 2009-05-26 11:23 122248 ----a-w- c:\program files\Person\Includes\PUPSC.sbi
2009-05-26 11:22 . 2009-05-26 11:22 1515 ----a-w- c:\program files\Person\Includes\KeyloggersC.sbi
2009-05-26 11:22 . 2009-05-26 11:22 109887 ----a-w- c:\program files\Person\Includes\MalwareC.sbi
2009-05-26 11:22 . 2009-05-26 11:22 1915 ----a-w- c:\program files\Person\Includes\AdwareC.sbi
2009-05-26 11:22 . 2009-05-26 11:22 878 ----a-w- c:\program files\Person\Includes\DialerC.sbi
2009-05-26 07:30 . 2009-05-26 07:30 504753 ----a-w- c:\program files\Person\Includes\Domains.sbs
2009-05-25 13:45 . 2009-05-25 13:45 31143 ----a-w- c:\program files\Person\Includes\Services.sbs
2009-05-20 22:57 . 2009-03-05 20:07 2260480 --sha-r- c:\program files\Person\HZIILNEGV.scr
2009-05-20 22:55 . 2009-06-01 20:42 10906 ----a-w- c:\program files\Person\unins000.msg
2009-05-20 22:55 . 2007-04-02 23:22 536 ----a-w- c:\program files\Person\Skins\Colorblind.ini
2009-05-20 22:55 . 2007-08-31 12:48 5196 ----a-w- c:\program files\Person\Help\English.license.txt
2009-05-20 22:55 . 2008-01-17 20:23 478680 ----a-w- c:\program files\Person\Help\English.chm
2009-05-20 22:55 . 2008-07-03 01:26 85374 ----a-w- c:\program files\Person\Languages\English.sbl
2009-05-20 22:55 . 2007-04-02 23:22 646 ----a-w- c:\program files\Person\Dummies\dummy.related.htm
2009-05-20 22:55 . 2007-04-02 23:22 252 ----a-w- c:\program files\Person\Dummies\dummy.default.gif
2009-05-20 22:55 . 2007-04-19 19:42 54440 ----a-w- c:\program files\Person\Dummies\dummy.cd_clint.dll
2009-05-20 22:55 . 2007-04-02 23:22 252 ----a-w- c:\program files\Person\Dummies\dummy.dap.gif
2009-05-20 22:55 . 2007-04-02 23:22 402 ----a-w- c:\program files\Person\Dummies\dummy.data.xml
2009-05-20 22:55 . 2008-02-26 15:04 717176 ----a-w- c:\program files\Person\Plugins\Mate.dll
2009-05-20 22:55 . 2008-03-05 13:34 795520 ----a-w- c:\program files\Person\Plugins\Fennel.dll
2009-05-20 22:55 . 2008-03-04 18:52 790392 ----a-w- c:\program files\Person\Plugins\Chai.dll
2009-05-20 22:55 . 2007-12-24 05:05 121344 ----a-w- c:\program files\Person\Plugins\TCPIPAddress.dll
2009-05-20 22:54 . 2009-01-26 19:30 2005504 ----a-w- c:\program files\Person\SDShred.exe
2009-05-20 22:54 . 2009-01-26 19:31 2144088 --sha-r- c:\program files\Person\EDDSWNGIIUGNVFJHTJ.scr
2009-05-20 22:54 . 2009-03-05 20:07 2260480 ------w- c:\program files\Person\TeaTimer.exe
2009-05-20 22:54 . 2009-01-26 19:31 5365592 --sha-r- c:\program files\Person\VOBATEQ.scr
2009-05-20 22:54 . 2009-01-26 19:31 5365592 ------w- c:\program files\Person\SpybotSD.exe
2009-05-20 22:54 . 2009-01-26 19:31 1740632 --sha-r- c:\program files\Person\PTIFZGEIRPUZ.scr
2009-05-20 22:54 . 2009-01-26 19:31 1740632 ------w- c:\program files\Person\SDUpdate.exe
2009-05-20 22:54 . 2007-04-02 23:22 34472 ----a-w- c:\program files\Person\aports.dll
2009-05-20 22:54 . 2008-06-19 21:35 333288 ----a-w- c:\program files\Person\sqlite3.dll
2009-05-20 22:54 . 2008-06-14 14:24 255392 ----a-w- c:\program files\Person\DelZip179.dll
2009-05-20 22:54 . 2009-01-26 19:29 1757696 ----a-w- c:\program files\Person\SDFiles.exe
2009-05-20 22:54 . 2009-01-26 19:31 464728 ----a-w- c:\program files\Person\Update.exe
2009-05-20 22:54 . 2009-01-26 19:31 1303896 ----a-w- c:\program files\Person\Tools.dll
2009-05-20 22:54 . 2009-01-26 19:31 414552 ----a-w- c:\program files\Person\SDMain.exe
2009-05-20 22:54 . 2007-04-02 23:22 2683 ----a-w- c:\program files\Person\OptOut.ini
2009-05-20 22:54 . 2009-01-26 19:31 1879896 ----a-w- c:\program files\Person\SDHelper.dll
2009-05-20 22:54 . 2007-04-02 23:22 2128 ----a-w- c:\program files\Person\Default configuration.ini
2009-05-20 22:54 . 2007-04-02 23:22 25726 ----a-w- c:\program files\Person\messages.zres
2009-05-20 22:54 . 2009-01-26 19:31 428888 ----a-w- c:\program files\Person\blindman.exe
2009-05-20 22:54 . 2009-01-26 19:30 1287000 ----a-w- c:\program files\Person\advcheck.dll
2009-05-20 22:54 . 2009-06-01 20:42 31427 ----a-w- c:\program files\Person\unins000.dat
2009-05-20 22:54 . 2009-06-01 20:40 696200 ----a-w- c:\program files\Person\unins000.exe
2009-05-20 22:54 . 2009-01-16 18:06 204160 ----a-w- c:\program files\Person\UninsSrv.dll
2009-05-19 13:43 . 2009-05-19 13:43 123099 ----a-w- c:\program files\Person\Includes\Dialer.sbi
2009-05-19 13:39 . 2009-05-19 13:39 63086 ----a-w- c:\program files\Person\Includes\Adware.sbi
2009-05-12 14:46 . 2009-05-12 14:46 525602 ----a-w- c:\program files\Person\Includes\Malware.sbi
2009-05-12 13:20 . 2009-05-12 13:20 558193 ----a-w- c:\program files\Person\Includes\Trojans.sbi
2009-05-06 11:53 . 2009-05-06 11:53 8597 ----a-w- c:\program files\Person\Includes\RegWatch.sbs
2009-05-06 07:45 . 2009-05-06 07:45 84290 ----a-w- c:\program files\Person\Includes\Keyloggers.sbi
2009-04-30 11:54 . 2009-04-30 11:54 18492 ----a-w- c:\program files\Person\Includes\URL-Blacklist.sbs
2009-04-07 14:05 . 2009-04-07 14:05 125854 ----a-w- c:\program files\Person\Includes\Spyware.sbi
2009-04-07 08:07 . 2009-04-07 08:07 34186 ----a-w- c:\program files\Person\Includes\Tracks.uti
2009-03-25 08:04 . 2009-03-25 08:04 92747 ----a-w- c:\program files\Person\Includes\PUPS.sbi
2009-01-22 08:44 . 2009-01-22 08:44 456 ----a-w- c:\program files\Person\Includes\Revision.sbi
2009-01-22 08:44 . 2009-01-22 08:44 70179 ----a-w- c:\program files\Person\Includes\HeavyDuty.sbi
2009-01-22 08:44 . 2009-01-22 08:44 1394 ----a-w- c:\program files\Person\Includes\Cookies.sbi
2009-01-13 13:30 . 2009-01-13 13:30 7746 ----a-w- c:\program files\Person\Includes\Security.sbi
2008-08-22 13:26 . 2008-08-22 13:26 6063 ----a-w- c:\program files\Person\Includes\Cookies.sbs
2008-06-03 12:54 . 2008-06-03 12:54 560 ----a-w- c:\program files\Person\Includes\Spybots.sbi
2008-06-03 12:54 . 2008-06-03 12:54 579 ----a-w- c:\program files\Person\Includes\SpybotsC.sbi
2008-02-19 09:33 . 2008-02-19 09:33 1268 ----a-w- c:\program files\Person\Includes\OperaPlugins.sbs
2006-12-05 11:44 . 2006-12-05 11:44 3132 ----a-w- c:\program files\Person\Includes\Browserpages.sbs
2006-10-10 07:04 . 2006-10-10 07:04 69456 ----a-w- c:\program files\Person\Includes\ProcWatch.sbs
2005-04-29 09:29 . 2005-04-29 09:29 167 ----a-w- c:\program files\Person\Includes\Revision.sbs
2005-04-27 12:25 . 2005-04-27 12:25 214 ----a-w- c:\program files\Person\Includes\Searchpages.sbs
2004-11-29 12:12 . 2004-11-29 12:12 372 ----a-w- c:\program files\Person\Includes\LSP.sbi
2003-01-01 18:48 . 2003-01-01 18:48 51 ----a-w- c:\program files\Person\Includes\Dialer.sbs
2003-01-01 18:48 . 2003-01-01 18:48 992 ----a-w- c:\program files\Person\Includes\Logs.uts

---- Directory of c:\program files\Stella ----

2009-04-18 14:06 . 2009-04-18 14:06 1985 ----a-w- c:\program files\Stella\Enduro (1983) (Activision) [!]_2.png
2009-04-18 14:06 . 2009-04-18 14:06 1964 ----a-w- c:\program files\Stella\Enduro (1983) (Activision) [!]_1.png
2009-04-18 14:06 . 2009-04-18 14:06 958 ----a-w- c:\program files\Stella\state\Enduro (1983) (Activision) [!].st1
2009-04-18 14:06 . 2009-04-18 14:06 2119 ----a-w- c:\program files\Stella\Enduro (1983) (Activision) [!].png
2009-04-18 14:06 . 2009-04-18 14:06 958 ----a-w- c:\program files\Stella\state\Enduro (1983) (Activision) [!].st0
2008-04-21 03:27 . 2003-12-01 03:38 4096 ----a-w- c:\program files\Stella\Atari Roms\EnhancedPitfallPlus_Hack_V.CB
2008-04-21 03:27 . 2003-12-03 04:42 4096 ----a-w- c:\program files\Stella\Atari Roms\EnhancedPitfallPlus_Hack.bin
2008-04-21 03:27 . 2003-12-01 05:46 4096 ----a-w- c:\program files\Stella\Atari Roms\EnhancedPitfallPlus_Trainer_Hack.bin
2008-04-20 15:17 . 2008-04-20 15:17 4096 ----a-w- c:\program files\Stella\Atari Roms\BottomlessPitfall_Hack.bin
2008-04-20 14:47 . 2008-04-20 14:47 3839 ----a-w- c:\program files\Stella\Pitfall II - Lost Caverns (1984) (Activision) [b3]_3.png
2008-04-17 13:56 . 2008-04-17 13:56 3839 ----a-w- c:\program files\Stella\Pitfall II - Lost Caverns (1984) (Activision) [b3]_2.png
2008-04-16 13:16 . 2008-04-20 14:47 1135 ----a-w- c:\program files\Stella\state\Pitfall II - Lost Caverns (1984) (Activision) [b3].st0
2008-04-16 13:05 . 2008-04-18 02:43 1135 ----a-w- c:\program files\Stella\state\Pitfall II - Lost Caverns (1984) (Activision) [b3].st1
2008-04-16 13:05 . 2008-04-16 13:05 3256 ----a-w- c:\program files\Stella\Pitfall II - Lost Caverns (1984) (Activision) [b3]_1.png
2007-11-30 23:59 . 2007-11-30 23:59 3965 ----a-w- c:\program files\Stella\Space Invaders (1978) (Atari) [!].png
2007-11-30 23:57 . 2007-11-30 23:59 958 ----a-w- c:\program files\Stella\state\Space Invaders (1978) (Atari) [!].st1
2007-02-04 14:45 . 2007-01-17 22:56 10642 ----a-w- c:\program files\Stella\docs\graphics\options.png
2007-02-04 14:45 . 2007-01-17 22:56 11159 ----a-w- c:\program files\Stella\docs\graphics\eventmapping_virtualdevs.png
2006-09-16 02:18 . 2006-09-16 02:18 962 ----a-w- c:\program files\Stella\state\ee8e2aa00e3a9cf1238157cbcff7de74.st1
2006-09-16 02:18 . 2006-09-16 02:18 510 ----a-w- c:\program files\Stella\Polaris (1983) (Tigervision) [a1]_3.png
2006-09-16 02:18 . 2006-09-16 02:18 510 ----a-w- c:\program files\Stella\Polaris (1983) (Tigervision) [a1]_2.png
2006-09-16 02:18 . 2006-09-16 02:18 256 ----a-w- c:\program files\Stella\Polaris (1983) (Tigervision) [a1]_1.png
2006-09-04 15:37 . 2006-09-04 15:37 521 ----a-w- c:\program files\Stella\Polaris (1983) (Tigervision) [a1].png
2006-09-04 15:37 . 2006-09-04 15:37 962 ----a-w- c:\program files\Stella\state\ee8e2aa00e3a9cf1238157cbcff7de74.st0
2006-09-02 16:22 . 2006-09-02 16:22 8192 ----a-w- c:\program files\Stella\Atari Roms\Polaris (1983) (Tigervision) [b1].a26
2006-09-02 02:53 . 2006-09-02 16:14 0 ----a-w- c:\program files\Stella\stella.cache
2006-09-02 02:52 . 2006-09-02 02:52 2911 ----a-w- c:\program files\Stella\Pitfall II - Lost Caverns (1984) (Activision) [b3].png
2006-09-02 02:52 . 2006-09-02 02:52 1135 ----a-w- c:\program files\Stella\state\6d842c96d5a01967be9680080dd5be54.st0
2006-09-01 21:34 . 2006-09-01 21:34 958 ----a-w- c:\program files\Stella\state\9ad36e699ef6f45d9eb6c4cf90475c9f.st2
2006-09-01 21:34 . 2006-09-01 21:34 2686 ----a-w- c:\program files\Stella\Atlantis (1982) (Imagic) [!]_1.png
2006-09-01 21:31 . 2006-09-01 21:31 3222 ----a-w- c:\program files\Stella\Atlantis (1982) (Imagic) [!].png
2006-09-01 21:31 . 2006-09-01 21:31 958 ----a-w- c:\program files\Stella\state\9ad36e699ef6f45d9eb6c4cf90475c9f.st0
2006-08-20 21:32 . 2006-08-20 21:32 3004 ----a-w- c:\program files\Stella\Galaga (River Raid clone) [p1].png
2006-08-20 21:32 . 2006-08-20 21:32 958 ----a-w- c:\program files\Stella\state\01b09872dcd9556427761f0ed64aa42a.st0
2006-08-20 18:52 . 2006-08-20 18:52 69632 --sha-w- c:\program files\Stella\docs\graphics\Thumbs.db
2006-08-19 15:14 . 2009-05-28 02:40 6338 ----a-w- c:\program files\Stella\stella.ini
2006-08-19 15:14 . 2007-01-17 22:56 2669 ----a-w- c:\program files\Stella\docs\graphics\secret_quest.png
2006-08-19 15:14 . 2007-01-17 22:56 3043 ----a-w- c:\program files\Stella\docs\graphics\space_invaders.png
2006-08-19 15:14 . 2007-01-17 22:56 16444 ----a-w- c:\program files\Stella\docs\graphics\rom_browser.png
2006-08-19 15:14 . 2007-01-17 22:56 3155 ----a-w- c:\program files\Stella\docs\graphics\pacman.png
2006-08-19 15:14 . 2007-01-17 22:56 12547 ----a-w- c:\program files\Stella\docs\graphics\options_video.png
2006-08-19 15:14 . 2007-01-17 22:56 11160 ----a-w- c:\program files\Stella\docs\graphics\options_help.png
2006-08-19 15:14 . 2007-01-17 22:56 11311 ----a-w- c:\program files\Stella\docs\graphics\options_gameinfo.png
2006-08-19 15:14 . 2007-01-17 22:56 10627 ----a-w- c:\program files\Stella\docs\graphics\options_audio.png
2006-08-19 15:14 . 2007-01-17 22:56 11356 ----a-w- c:\program files\Stella\docs\graphics\options_about.png
2006-08-19 15:14 . 2007-01-17 22:56 16206 ----a-w- c:\program files\Stella\docs\graphics\launcher_options_snap.png
2006-08-19 15:14 . 2007-01-17 22:56 16987 ----a-w- c:\program files\Stella\docs\graphics\launcher_options_rom.png
2006-08-19 15:14 . 2007-01-17 22:56 3133 ----a-w- c:\program files\Stella\docs\graphics\jr_pacman.png
2006-08-19 15:14 . 2007-01-17 22:56 16671 ----a-w- c:\program files\Stella\docs\graphics\launcher.png
2006-08-19 15:14 . 2007-01-17 22:56 11469 ----a-w- c:\program files\Stella\docs\graphics\eventmapping_remap.png
2006-08-19 15:14 . 2007-01-17 22:56 12487 ----a-w- c:\program files\Stella\docs\graphics\eventmapping.png
2006-08-19 15:14 . 2007-01-17 22:56 62512 ----a-w- c:\program files\Stella\docs\graphics\console.png
2006-08-19 15:14 . 2007-01-17 22:56 6397 ----a-w- c:\program files\Stella\docs\graphics\circuit.png
2006-08-19 15:14 . 2007-01-17 22:56 42104 ----a-w- c:\program files\Stella\docs\graphics\chucky_cheese.png
2006-08-19 15:14 . 2007-01-17 22:56 9631 ----a-w- c:\program files\Stella\docs\graphics\cheat.png
2006-08-19 15:14 . 2007-01-17 22:56 1519 ----a-w- c:\program files\Stella\docs\Todo.txt
2006-08-19 15:14 . 2007-01-17 22:56 395 ----a-w- c:\program files\Stella\docs\Readme.txt
2006-08-19 15:14 . 2007-01-17 22:56 17997 ----a-w- c:\program files\Stella\docs\License.txt
2006-08-19 15:14 . 2007-01-17 22:56 423 ----a-w- c:\program files\Stella\docs\README-SDL.txt
2006-08-19 15:14 . 2007-01-17 22:56 89593 ----a-w- c:\program files\Stella\docs\index.html
2006-08-19 15:14 . 2007-01-17 22:56 49747 ----a-w- c:\program files\Stella\docs\debugger.html
2006-08-19 15:14 . 2007-01-17 22:56 36836 ----a-w- c:\program files\Stella\docs\Changes.txt
2006-08-19 15:14 . 2007-01-17 22:56 1904 ----a-w- c:\program files\Stella\docs\Copyright.txt
2006-08-19 15:14 . 2007-01-17 22:56 1980 ----a-w- c:\program files\Stella\docs\Announce.txt
2006-08-19 15:14 . 2007-01-17 22:56 258048 ----a-w- c:\program files\Stella\SDL.dll
2006-08-19 15:14 . 2006-04-06 00:49 140288 ----a-w- c:\program files\Stella\libpng12.dll
2006-08-19 15:14 . 2007-01-17 22:56 74240 ----a-w- c:\program files\Stella\zlib1.dll
2006-08-19 15:14 . 2007-01-17 22:56 2732032 ----a-w- c:\program files\Stella\stella.exe
2006-08-19 15:14 . 2007-02-04 14:45 682266 ----a-w- c:\program files\Stella\unins000.exe
2006-08-19 15:14 . 2007-02-04 14:45 13598 ----a-w- c:\program files\Stella\unins000.dat
2002-02-26 02:54 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\warworm.bin
2002-02-16 00:49 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Thrust.bin
2002-02-08 14:08 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Ghostbusters2_v2.bin
2002-01-22 05:52 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\spidermz.BIN
2002-01-12 16:21 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Misspig.bin
2001-12-27 19:05 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Asterix_NTSC.bin
2001-12-03 21:05 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Pompeii.bin
2001-11-22 03:01 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Spactunl.bin
2001-11-22 02:59 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\snalsqrl.bin
2001-11-22 02:58 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\dancplat.bin
2001-11-22 02:56 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\opensesm.bin
2001-11-22 02:54 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\phantompanzer.bin
2001-11-22 02:50 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\bobbygh.bin
2001-11-22 02:48 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\misn3000.BIN
2001-11-22 02:43 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\mislcont.BIN
2001-11-22 02:04 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\surfprds.bin
2001-11-20 21:55 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Gnrlrtrt.bin
2001-11-20 21:55 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vg_steep.bin
2001-11-20 21:55 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vg_survi.bin
2001-11-20 21:55 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vg_treas.bin
2001-11-20 21:55 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Westwrdh.bin
2001-11-20 03:38 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\GUNNTSC.bin
2001-11-20 03:38 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\GUNPAL.bin
2001-11-20 02:01 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\LordOfTheRings.bin
2001-11-07 14:06 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Jammed-Demo.bin
2001-10-28 14:18 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Ewokadvn.bin
2001-10-17 02:45 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\galaxnew.bin
2001-10-05 17:02 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Cmpchess.bin
2001-10-01 16:11 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Rabbittr.bin
2001-10-01 16:11 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Squoosh.bin
2001-09-09 16:24 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\scsi132-hozer.bin
2001-08-31 19:52 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Venture2.bin
2001-08-31 04:55 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\VaultAssault.bin
2001-08-24 16:29 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Thwocker.bin
2001-08-18 15:02 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\VidLife.bin
2001-08-18 15:01 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\ElevatorAction.bin
2001-07-29 22:14 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\scsi130-cge2k1.bin
2001-06-06 04:53 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\CrazyValet.bin
2001-05-06 18:02 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Pengo.bin
2001-05-06 10:11 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Yahtzee.bin
2001-04-18 06:02 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\TimeWarp_Zellers.bin
2001-04-16 01:10 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\NightStalker_Telegames.BIN
2001-04-16 01:10 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\AdventuresOnGX12.BIN
2001-04-16 01:08 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SpaceAdventure_Zellers.BIN
2001-04-16 01:06 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Radar_Zellers.BIN
2001-04-16 01:04 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\IncaGold_Zellers.BIN
2001-04-16 01:00 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Challenge_Zellers.BIN
2001-04-13 16:49 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Atlantis2.BIN
2001-04-13 16:46 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SwordFight.BIN
2001-04-03 05:32 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\pressgge.bin
2001-04-03 05:11 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\aligator.bin
2001-03-09 02:34 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\dm.bin
2001-03-09 02:33 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\INV21.bin
2001-03-08 23:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\sinistar.BIN
2001-03-08 22:57 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\rsbasket.bin
2001-03-08 22:57 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\combat2.bin
2001-03-08 22:57 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\tempst26.bin
2001-03-08 22:57 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\stunt.bin
2001-03-08 22:57 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\sagent.bin
2001-03-08 22:57 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\savemary.bin
2001-03-08 22:56 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\magicard.bin
2001-03-08 22:55 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\kamisauc.bin
2001-03-08 22:55 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\kabobber.bin
2001-03-08 22:55 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\dukes_v2.bin
2001-03-08 22:55 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\confron.bin
2001-01-19 13:16 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\WIZARD.BIN
2000-12-24 23:48 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\moonswep.bin
2000-12-24 23:48 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Lancelot.bin
2000-12-24 23:44 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\lochjaw.bin
2000-12-24 23:42 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\bbash.bin
2000-10-21 19:17 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\telepathy.bin
2000-07-22 06:05 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Angriff der Luftflotten (PAL).bin
2000-07-16 06:28 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Tomarc the Barbarian.bin
2000-07-16 06:27 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Out of Control.bin
2000-07-16 06:26 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Pac Kong [a].bin
2000-06-23 19:48 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\tps.bin
2000-03-07 05:50 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\ikariwar.bin
2000-03-07 05:50 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Robnhood.bin
2000-03-07 05:50 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\ghost2.bin
2000-01-10 05:39 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Super Football.bin
2000-01-10 05:39 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Super Baseball.bin
2000-01-10 05:39 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Sentinel.bin
2000-01-09 23:58 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Sprintmaster.bin
2000-01-08 15:59 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Motocross Racer.bin
2000-01-08 15:54 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\James Bond 007.bin
1999-12-23 04:01 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\VideoSimon.bin
1999-12-06 00:02 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SkyPatrol.bin
1999-12-06 00:01 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\garfield.bin
1999-06-07 03:14 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\shootacd.bin
1999-03-26 02:10 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Ladywdng.bin
1999-03-20 03:45 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Berenstain Bears (Coleco).bin
1999-03-15 17:25 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\dumbo.BIN
1999-02-19 21:55 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\don_duck.bin
1999-02-19 02:05 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Quadrun.bin
1999-02-19 02:04 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Glacier Patrol.bin
1999-02-19 02:04 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Subterrenea.bin
1999-02-08 23:21 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Robin Hood.bin
1999-02-06 12:51 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\sirlance.bin
1999-01-14 02:13 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\surfs_up.bin
1997-11-27 17:26 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPIDRFTR.BIN
1997-11-03 20:58 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\OYSTR29.BIN
1997-08-29 16:06 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\elk.BIN
1997-08-26 14:19 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\3d_tic.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Tacscan.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Tanksbut.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Tapeworm.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Tapper.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Taskforc.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Taxavoid.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Taz.bin
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\Tennis.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Thrshold.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Thundgrd.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Timeplt.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\TIMEWARP.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Toothpro.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Towerinf.bin
1997-08-26 14:19 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Track.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Tricksht.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Trondead.bin
1997-08-26 14:19 . 2006-08-19 15:24 12288 ----a-w- c:\program files\Stella\Atari Roms\Tunlrunr.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Turmoil.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Tutank.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Txschain.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Univchos.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Upndown.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Vanguard.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Venture.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vidcheck.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vidchess.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vidcube.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vidjoggr.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vidpin.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Vidreflx.bin
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\Vid_olym.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Wabbit.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Wallball.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Walldfnd.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Warlords.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Warplock.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Wingwar.bin
1997-08-26 14:19 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Winterga.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Wizrdwor.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Wordzapr.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Wormwar1.bin
1997-08-26 14:19 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Xenophob.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\xevious.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Xman.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Yar_rev.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Zaxxon.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Z_tack.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SCUDIV_P.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SEAHWK_P.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SEA_HUNT.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SWARCADE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SEAQUEST.BIN
1997-08-26 14:19 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\SECRETQ.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SHARKATK.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SHOOTIN.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SHTLORBT.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SKATEBRD.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\SKEETSHT.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\SKIING.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\Sky Diver (1978).bin
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\SKYJINKS.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SKYSKIPR.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\Slot Machine.bin
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\Slot Racers - Maze (1978).bin
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\Slotrace.bin
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SMRFSAVE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SMURFRES.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SNEKPEEK.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SNOOPY.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SOLARFOX.BIN
1997-08-26 14:19 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\SOLARIS.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SOLRSTRM.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SORCAPRN.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SORCERER.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPACANYN.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPACATTK.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPACECAV.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\SPACEWAR.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPACHASE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\SPACJOCK.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPACMAST.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPCINVAD.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SPCSHUTL.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPIDRMAN.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPIDROID.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SPIKE_PK.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SPITFIRE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SPRCOBRA.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SPRINGER.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SPYHUNTR.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SQUEEZBX.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SQ_EARTH.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SQ_FIRE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\SQ_WATER.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SSSNAKE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\STAMPEDE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STAREMPR.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STARFOX.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\STARGATE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STARGN.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\saboteur.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Star Raiders.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STARMAST.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STARSTRK.BIN
1997-08-26 14:19 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\STARTREK.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STARVYGR.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Stellar Track.bin
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\STEPLCHS.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STRATGYX.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\Street Racer - Speedway II (1978).bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STRNGHLD.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\STRWBERY.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Submarine Commander.bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SUBSCAN.BIN
1997-08-26 14:19 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\SUMMERGA.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Super Breakout (1978).bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SUPRBASE.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SUPRFOOT.BIN
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SUPRMAN1.BIN
1997-08-26 14:19 . 2006-08-19 15:24 2048 ----a-w- c:\program files\Stella\Atari Roms\Surround (1978).bin
1997-08-26 14:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\SURVLRUN.BIN
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Racquetb.bin
1997-08-26 14:18 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Radarlok.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Raftridr.bin
1997-08-26 14:18 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Raiders.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Ramit.bin
1997-08-26 14:18 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Rampage.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Reactor.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Rescter1.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Revngtom.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Riddle.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Riveraid.bin
1997-08-26 14:18 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Riverp.bin
1997-08-26 14:18 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Rivraid2.bin
1997-08-26 14:18 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Roadrunr.bin
1997-08-26 14:18 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Robotank.bin
1997-08-26 14:18 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Rocnrope.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Roomdoom.bin
1997-08-26 14:18 . 2006-08-19 15:24 16384 ----a-w- c:\program files\Stella\Atari Roms\Rsboxing.bin
1997-08-26 14:18 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Rssoccer.bin
1997-08-26 14:18 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Rstennis.bin
1997-08-26 14:18 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Rs_baseb.bin
1997-08-26 14:18 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Rs_footb.bin
1997-08-26 14:18 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Rs_volly.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\OCEANCTY.BIN
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\offrocker.BIN
1997-08-26 14:17 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Ofthwall.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Oink.bin
1997-08-26 14:17 . 2006-08-19 15:23 12288 ----a-w- c:\program files\Stella\Atari Roms\Omegarac.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Oscar.bin
1997-08-26 14:17 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Othello.bin
1997-08-26 14:17 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Outerspc.bin
1997-08-26 14:17 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Outlaw.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Pacman.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\peekaboo.BIN
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Pele.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Pele_tw.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Pengo_Proto.bin
1997-08-26 14:17 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Peterose.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Philly.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Phoenix.bin
1997-08-26 14:17 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Pickpile.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Picnic.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Piececke.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Pigspace.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Pitfall.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Plantpat.bin
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Plaqattk.bin
1997-08-26 14:17 . 2006-09-02 17:19 8192 ----a-w- c:\program files\Stella\Atari Roms\Polaris.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Polepsn.bin
1997-08-26 14:17 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\polo.BIN
1997-08-26 14:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Pooyan.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Popeye.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Porkys.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Pressure.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Priveye.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\PROWREST.BIN
1997-08-26 14:17 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Qbert_pb.bin
1997-08-26 14:17 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Qbrtqube.bin
1997-08-26 14:17 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Quickstp.bin
1997-08-26 14:17 . 2006-08-19 15:24 8192 ----a-w- c:\program files\Stella\Atari Roms\Quintroo.bin
1997-08-26 14:17 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Obelix.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\LASRGATE.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\LASRVOLY.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\LOCKCHSE.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\LONDBLTZ.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\LOSTLUGG.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MALAGAI.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MANGIA.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MARAUDER.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MARINWAR.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\MARIOBRO.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\M_A_D.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\bionic.bin
1997-08-26 14:16 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\LASRBLST.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MASH.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MASTBULD.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MATH_GPX.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MAZECRZ.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MEGAFRCE.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MEGAMAN.BIN
1997-08-26 14:16 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\MIDNIGHT.BIN
1997-08-26 14:16 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\MILLIPED.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MINEMNOS.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\MINRVOL2.BIN
1997-08-26 14:16 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\MIN_GOLF.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MISSCOMM.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\MNR2049R.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MOGULMAN.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\mons.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\MONTZREV.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\MOONPTRL.BIN
1997-08-26 14:16 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\MOTOR.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MOUSETRP.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\MRDO.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\MSPACMAN.BIN
1997-08-26 14:16 . 2006-08-19 15:23 12288 ----a-w- c:\program files\Stella\Atari Roms\MTNKING.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\MUSCMACH.BIN
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\mygolf.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\NAMEGAME.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\NEXAR.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\NGHTMARE.BIN
1997-08-26 14:16 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\NIGHTDRV.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\NIGHTSTK.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\NOESCAPE.BIN
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Icehocky.bin
1997-08-26 14:16 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Indy_500.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Infiltrt.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Iwantmom.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Jawbreak.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Jediaren.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Jnglfevr.bin
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Jnglhunt.bin
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Joust.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Jrnyescp.bin
1997-08-26 14:16 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Jrpacman.bin
1997-08-26 14:16 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Kaboom.bin
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Kangaroo.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Karate.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Keystone.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Kingkong.bin
1997-08-26 14:16 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Klaxntsc.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Knightwn.bin
1997-08-26 14:16 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Koolaide.bin
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Krull.bin
1997-08-26 14:16 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Kung_fu.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Galaxian.bin
1997-08-26 14:15 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Human_cb.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Galaga.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Gangally.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Gashog.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Gauntlet.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Ghostbst.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Ghostman.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Gigolo.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Gijoe.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Glib.bin
1997-08-26 14:15 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Golf.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Gopher.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Gorf.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Grandprx.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Gravitar.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Gremlins.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Grescape.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\grover.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Guardian.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Gyruss.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Haloween.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Hangman.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Harbresc.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Haunthse.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Hero.bin
1997-08-26 14:15 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\He_man.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\holemole.bin
1997-08-26 14:15 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Homerun.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Earthdie.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Eggcatch.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Eggomana.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Eliladdr.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Encontl5.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Enduro_a.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Entombed.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Espial.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Exocet.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\E_t.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Fantcvoy.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Fastedie.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Fastfood.bin
1997-08-26 14:15 . 2006-08-19 15:23 32768 ----a-w- c:\program files\Stella\Atari Roms\Fatalrun.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Fathom.bin
1997-08-26 14:15 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Fighterp.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Finlapch.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Firefite.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Firefly.bin
1997-08-26 14:15 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Fishdrby.bin
1997-08-26 14:15 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Flagcap.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Flashgrd.bin
1997-08-26 14:15 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Football.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Frankmon.bin
1997-08-26 14:15 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Freeway.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Frntline.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Frogflys.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Frogger.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Frogger2.bin
1997-08-26 14:15 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\frogpond.bin
1997-08-26 14:15 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Frostbit.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Darkcham.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Darkcvrn.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Dbldragn.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Deadduck.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Decathln.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Defender.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Defendr2.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Demohrby.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Demonatk.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Demondim.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Dethstar.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Dethtrap.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Dicepuzl.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Digdug.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Dishastr.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Dk.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Dkjr.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Docastle.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Dodge_em.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Dolphin.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Doubdunk.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Dragster.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Drgnfire.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\dukes.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Dsrtfalc.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Cakewalk.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Califgms.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Canyonb.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Carnival.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Casino.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Cathouse.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\cattrax.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Centiped.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Chalenge.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Checkact.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Chinasyn.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Choprcmd.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Chuckick.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Chuckwgn.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Circatri.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Coconuts.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Codebrk.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\COKEWINS.BIN
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Colorbar.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Comandrd.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Combat.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Commando.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Concentr.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\CONDOR.BIN
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Congbong.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Cookmons.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Cosmcark.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Cosmcorr.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Cosmcrep.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Cosmswrm.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Crackpot.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Crazclmb.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Crosfrce.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Crossbow.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Crptchos.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Crshdive.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Crusmisl.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Cryscast.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Csmcomtr.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\cubicol.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Custerev.bin
1997-08-26 14:14 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\VultureAttack_KTel.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Bachelor.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Bachlrtt.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Backgam.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Bankhest.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Barnstrm.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Basic.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Basketbl.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Basmath.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Batlzone.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Beamride.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Beanybop.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Beatem.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Bermdtri.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Berzerk.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Black_j.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Blueprnt.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Bmx_tnt.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Bnj.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Bogyblst.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Boing.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Bowling.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Boxing.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Braingms.bin
1997-08-26 14:14 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\Breakout.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Bridge.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\Buckrog.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Bugs.bin
1997-08-26 14:14 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\bugsbun.bin
1997-08-26 14:14 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\Burgtime.bin
1997-08-26 14:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Burndesr.bin
1997-08-26 14:13 . 2006-08-19 15:23 16384 ----a-w- c:\program files\Stella\Atari Roms\aciddrop.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\actionmn.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\ADVNTRON.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\ADVNTURE.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\AIRAIDRS.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\AIRLOCK.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\AIR_RAID.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\ALIEN.BIN
1997-08-26 14:13 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\ALPHBEAM.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\AMIDAR.BIN
1997-08-26 14:13 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\aquavent.bin
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\ARMAMBSH.BIN
1997-08-26 14:13 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\ART_DUEL.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\ASSAULT.BIN
1997-08-26 14:13 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\ASTEROID.BIN
1997-08-26 14:13 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\ASTERPAL.BIN
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\ASTRBLST.BIN
1997-08-26 14:13 . 2006-08-19 15:23 8192 ----a-w- c:\program files\Stella\Atari Roms\ateam.bin
1997-08-26 14:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\ATLANTIS.BIN
1997-08-26 13:19 . 2006-08-19 15:24 4096 ----a-w- c:\program files\Stella\Atari Roms\Zoofun.bin
1997-08-26 13:14 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\Coln.bin
1997-08-26 13:13 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\ALIENRET.BIN
1997-08-25 13:17 . 2006-08-19 15:23 4096 ----a-w- c:\program files\Stella\Atari Roms\AIRSEA2.BIN
1997-07-23 12:55 . 2006-08-19 15:23 10495 ----a-w- c:\program files\Stella\Atari Roms\Pitfall2.bin
1996-12-04 17:28 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\OKIEDOKE.BIN
1996-09-06 04:00 . 2006-08-19 15:23 2048 ----a-w- c:\program files\Stella\Atari Roms\DiagnosticCartridge.bin


------- Sigcheck -------

[7] 2004-08-04 04:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\system32\ws2_32.dll
[-] 2008-04-14 00:12 82432 F30731FCBF0D19245C9BD40FEE6CEAAA c:\windows\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-21_02.57.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 12:43 . 2009-06-04 12:43 16384 c:\windows\temp\Perflib_Perfdata_100.dat
- 2009-05-20 15:17 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-20 15:17 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-04 15:43 . 2009-05-21 02:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-12-04 15:43 . 2009-05-21 14:36 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-24 17:22 . 2009-05-24 17:22 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-06-04 12:43 . 2009-06-04 12:42 148888 c:\windows\system32\javaws.exe
- 2008-12-28 01:47 . 2008-12-28 01:47 148888 c:\windows\system32\javaws.exe
+ 2009-06-04 12:43 . 2009-06-04 12:42 144792 c:\windows\system32\javaw.exe
- 2008-12-28 01:47 . 2008-12-28 01:47 144792 c:\windows\system32\javaw.exe
+ 2009-06-04 12:43 . 2009-06-04 12:42 144792 c:\windows\system32\java.exe
- 2008-12-28 01:47 . 2008-12-28 01:47 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-07 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-01 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
VPN Client.lnk - c:\windows\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-11-26 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-01 23:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/20/2009 11:36 AM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/1/2009 7:20 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/1/2009 7:20 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/1/2009 7:20 PM 298776]
S0 bmcjj;bmcjj;c:\windows\system32\drivers\okxfhzx.sys --> c:\windows\system32\drivers\okxfhzx.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/20/2009 11:36 AM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AOYPGDDJ
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - aoypgddj
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\jkyhufl9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 11:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-05 11:43
ComboFix-quarantined-files.txt 2009-06-05 15:42
ComboFix2.txt 2009-06-01 23:44
ComboFix3.txt 2009-05-31 19:06
ComboFix4.txt 2009-05-30 17:33
ComboFix5.txt 2009-06-05 15:33

Pre-Run: 40,948,588,544 bytes free
Post-Run: 41,077,792,768 bytes free

911 --- E O F --- 2009-05-31 23:26

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 05 June 2009 - 11:31 AM

Good show mate :thumbup2:
Before we proceed....please reboot and report back in relation to IE/FF/Outlook/AVG/ & AdAware.
Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users