Need Help removing BackDoor.Turkojan [CLOSED] [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Need Help removing BackDoor.Turkojan [CLOSED] [RESOLVED]

Options

chich View Member Profile	Aug 21 2008, 03:31 AM Post #1
Member Posts: 25 OS: XP	Recently discovered that my PC was infected with this back door trojan. Ran Malwarebytes which fixed the bulk of the problem. I also have a free version of Spyware Doctor which detected a same/similar infection in the Registry, I wont touch it for obvious reasons. - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\perfmons, ImagePath = C:\WINDOWS\system32\perfs.exe Malwarebytes cannot detect this infection. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:09:16 PM, on 21/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB001" /M "Stylus C87" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing) -- End of file - 8997 bytes Malwarebytes' Anti-Malware 1.25 Database version: 1062 Windows 5.1.2600 Service Pack 2 8:28:59 PM 21/08/2008 mbam-log-08-21-2008 (20-28-59).txt Scan type: Full Scan (C:\\|) Objects scanned: 74826 Time elapsed: 26 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\macidwe (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nobicyt (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sobicyt (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdxdowkc (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully. Any help is appreciated This post has been edited by chich: Aug 21 2008, 05:06 AM

Egwene View Member Profile	Aug 26 2008, 06:18 AM Post #2
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello chich ! Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me. Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer: To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis� Logs Go Here. Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry! When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format \| Uncheck Word Wrap) Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know. NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! Make sure you reply to this thread using the Add Reply button: Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Egwene View Member Profile	Aug 26 2008, 07:00 AM Post #3
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hey Chich, Your Hijackthis log looks good but there are some things to do and we need to check about this : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\perfmons, ImagePath = C:\WINDOWS\system32\perfs.exe 1) Disable real-time protection : --> While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. --> Please disable AVG8 : more help here : http://www.bleepingcomputer.com/forums/topic114351.html 2) Update Java : Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. 3) Update Adobe acrobate Reader : Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here : http://www.adobe.com/products/acrobat/readstep2.html 4) Run OTviewIT : Download OTViewIt to your desktop. Close all windows and open it Click Run Scan and let the program run uninterrupted It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You may need to use two posts to get it all on the forum Regards, Egwene.

Egwene View Member Profile	Aug 28 2008, 10:24 AM Post #5
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hey chich, 1) Backing up the registry : The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first. Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding. Backing Up Your Registry Download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.) Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT* to the start-up folder, if you like you can enable this option later)* Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup) Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable). Make sure that at least the first two check boxes are ticked Press OK Press YES to create the folder. 2) Run OTmoveIT2 : Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): [kill explorer] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015} purity emptytemp [start explorer] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. 3) Run Kaspersky Online : Please do an online scan with Kaspersky WebScanner Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Regards, Egwene.

Rorschach112 View Member Profile	Aug 31 2008, 04:04 PM Post #6
GeekU Teacher Posts: 35,079 From: Dublin OS: XP	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

chich View Member Profile	Sep 3 2008, 05:00 AM Post #7
Member Posts: 25 OS: XP	Hi Egwene, sorry for the late reply, have been busy the past few days Explorer killed successfully < HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015} > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015}\\ deleted successfully. < HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000} > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000}\\ deleted successfully. < HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015} > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015}\\ deleted successfully. < HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000} > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000}\\ deleted successfully. < HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015} > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015}\\ deleted successfully. < HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2} > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2}\\ deleted successfully. < HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015} > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015}\\ deleted successfully. < HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015} > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015}\\ deleted successfully. < purity > < emptytemp > File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\etilqs_47tu0g4bN9bxiNXphYDN scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbad.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbcm.log scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08312008_183711 Files moved on Reboot... File C:\DOCUME~1\Family\LOCALS~1\Temp\etilqs_47tu0g4bN9bxiNXphYDN not found! C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbad.log moved successfully. C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbcm.log moved successfully. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, September 1, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, September 01, 2008 08:14:17 Records in database: 1172431 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 52500 Threat name: 3 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 01:12:13 File name / Threat name / Threats count C:\WINDOWS\system32\ceswxfst.sys Infected: Trojan-Clicker.Win32.VB.bjh 1 C:\WINDOWS\system32\cfexfst.sys Infected: Trojan-Clicker.Win32.VB.bna 1 C:\WINDOWS\system32\sxtsyctd.sys Infected: Trojan.Win32.Delf.dsu 1 The selected area was scanned. My system was infected by another virus, which i have dealt with, however, im not sure if these "threats" are from this virus or the original infection. Should I post another HijackThis?

Egwene View Member Profile	Sep 3 2008, 06:35 AM Post #8
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hey chich, No problem Let's go on with the removal so. 1) Run OTmoveIT2 : Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): [kill explorer] C:\WINDOWS\system32\ceswxfst.sys C:\WINDOWS\system32\cfexfst.sys C:\WINDOWS\system32\sxtsyctd.sys purity emptytemp [start explorer] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. 2) Run RSIT : Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) Regards, Egwene.

chich View Member Profile	Sep 4 2008, 02:15 AM Post #9
Member Posts: 25 OS: XP	OTMoveit2 Explorer killed successfully C:\WINDOWS\system32\ceswxfst.sys moved successfully. C:\WINDOWS\system32\cfexfst.sys moved successfully. C:\WINDOWS\system32\sxtsyctd.sys moved successfully. < purity > < emptytemp > File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\etilqs_JAFhF8PUNAQAZ3Cw4IMD scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbcm.log scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_175650 Files moved on Reboot... File C:\DOCUME~1\Family\LOCALS~1\Temp\etilqs_JAFhF8PUNAQAZ3Cw4IMD not found! C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbcm.log moved successfully. RSIR log Logfile of random's system information tool (written by random/random) Run by Family at 2008-09-04 18:10:34 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 59 GB (77%) free of 76 GB Total RAM: 510 MB (28% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:11:00 PM, on 4/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\notepad.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Family\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Family.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB001" /M "Stylus C87" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing) -- End of file - 8335 bytes Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-01 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}] ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-17 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85}] BigPond Wireless Broadband 2.0 Auto Dial - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll [2008-02-26 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-17 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248] "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] "EPSON Stylus C87 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE [2005-01-27 98304] "MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696] "BigPondWirelessBroadbandCM"=C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe [2008-05-07 2162688] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-01 1235736] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus C87 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE [2005-01-27 98304] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-05-28 95800] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 "NoDispCPL"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe::Enabled:avginet.exe" "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe::Enabled:avgamsvr.exe" "C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe::Enabled:avgcc.exe" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe::Enabled:Soldat" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe::Enabled:avgemc.exe" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" File associations .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* List of files/folders created in the last three months 2008-09-04 18:10:34 ----D---- C:\rsit 2008-08-31 20:32:47 ----D---- C:\Documents and Settings\Family\Application Data\TmpRecentIcons 2008-08-31 20:30:53 ----A---- C:\WINDOWS\eaxf.exe 2008-08-31 18:37:11 ----D---- C:\_OTMoveIt 2008-08-28 19:15:26 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-08-28 19:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-08-28 19:12:40 ----D---- C:\Program Files\Common Files\Adobe 2008-08-28 18:27:43 ----A---- C:\WINDOWS\system32\javaws.exe 2008-08-28 18:27:43 ----A---- C:\WINDOWS\system32\javaw.exe 2008-08-28 18:27:43 ----A---- C:\WINDOWS\system32\java.exe 2008-08-28 18:00:11 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-08-28 17:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-08-27 08:34:47 ----D---- C:\WINDOWS\Prefetch 2008-08-26 20:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-26 20:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-26 20:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-08-26 20:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-08-26 20:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-08-26 20:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-08-26 20:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-08-26 20:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-26 20:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-08-26 20:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-26 20:07:58 ----D---- C:\WINDOWS\system32\scripting 2008-08-26 20:07:58 ----D---- C:\WINDOWS\l2schemas 2008-08-26 20:07:57 ----D---- C:\WINDOWS\system32\en 2008-08-26 20:07:56 ----D---- C:\WINDOWS\system32\bits 2008-08-26 20:04:19 ----D---- C:\WINDOWS\ServicePackFiles 2008-08-26 19:57:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-08-26 19:57:21 ----D---- C:\WINDOWS\EHome 2008-08-26 19:13:35 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-08-26 19:13:27 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-08-26 19:13:21 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-08-26 19:13:21 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-08-26 19:12:53 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-08-26 19:12:52 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-08-26 19:12:33 ----N---- C:\WINDOWS\system32\spupdwxp.exe 2008-08-26 19:12:31 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2008-08-26 19:12:24 ----N---- C:\WINDOWS\system32\slserv.exe 2008-08-26 19:12:24 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-08-26 19:12:24 ----N---- C:\WINDOWS\slrundll.exe 2008-08-26 19:12:23 ----N---- C:\WINDOWS\system32\slgen.dll 2008-08-26 19:12:23 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-08-26 19:12:23 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-08-26 19:12:09 ----N---- C:\WINDOWS\system32\setupn.exe 2008-08-26 19:12:00 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-08-26 19:11:56 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-08-26 19:11:52 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-08-26 19:11:50 ----N---- C:\WINDOWS\system32\qutil.dll 2008-08-26 19:11:43 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-08-26 19:11:42 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-08-26 19:11:42 ----N---- C:\WINDOWS\system32\qagent.dll 2008-08-26 19:11:34 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-08-26 19:11:23 ----N---- C:\WINDOWS\system32\onex.dll 2008-08-26 19:10:45 ----N---- C:\WINDOWS\system32\napstat.exe 2008-08-26 19:10:44 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-08-26 19:10:42 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-08-26 19:10:40 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-08-26 19:10:35 ----N---- C:\WINDOWS\system32\msxml6r.dll 2008-08-26 19:10:35 ----N---- C:\WINDOWS\system32\msxml6.dll 2008-08-26 19:10:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-08-26 19:10:25 ----N---- C:\WINDOWS\system32\mssha.dll 2008-08-26 19:09:31 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-08-26 19:09:29 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-08-26 19:09:29 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-08-26 19:09:28 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-08-26 19:08:30 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-08-26 19:08:06 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-08-26 19:08:02 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-08-26 19:08:02 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-08-26 19:08:02 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-08-26 19:08:01 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-08-26 19:07:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-08-26 19:06:48 ----N---- C:\WINDOWS\system32\faxpatch.exe 2008-08-26 19:06:48 ----A---- C:\WINDOWS\002709_.tmp 2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-08-26 19:06:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-08-26 19:06:39 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-08-26 19:06:24 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-08-26 19:06:24 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-08-26 19:06:23 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-08-26 19:06:16 ----N---- C:\WINDOWS\system32\credssp.dll 2008-08-26 19:05:56 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-08-26 19:05:54 ----N---- C:\WINDOWS\system32\azroles.dll 2008-08-26 19:05:50 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-08-26 19:05:50 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-08-26 19:05:48 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-08-26 19:05:47 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-08-26 19:05:47 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-08-26 19:05:46 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-08-26 19:05:46 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-08-26 19:05:26 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-08-21 20:00:10 ----D---- C:\Documents and Settings\Family\Application Data\Malwarebytes 2008-08-21 20:00:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-21 20:00:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-21 19:58:53 ----D---- C:\Program Files\Common Files\Download Manager 2008-08-21 19:55:24 ----D---- C:\WINDOWS\ERDNT 2008-08-21 19:54:37 ----D---- C:\Program Files\ERUNT 2008-08-21 18:48:20 ----HD---- C:\$AVG8.VAULT$ 2008-08-17 21:24:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2008-08-17 21:24:03 ----D---- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR 2008-08-17 21:17:52 ----D---- C:\Program Files\Trend Micro 2008-08-17 20:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-17 19:08:16 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-14 09:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$ 2008-08-14 09:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$ 2008-08-14 09:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-14 09:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$ 2008-08-14 09:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-14 09:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$ 2008-08-14 09:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$ 2008-08-13 17:42:13 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-13 17:40:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-13 15:52:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-03 18:26:09 ----D---- C:\WINDOWS\system32\Adobe 2008-08-03 13:43:10 ----D---- C:\Program Files\AVG 2008-08-02 14:22:23 ----RHD---- C:\Documents and Settings\Family\Application Data\SecuROM 2008-08-02 14:22:22 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2008-07-28 21:35:23 ----A---- C:\WINDOWS\impborl.dll 2008-07-28 21:35:23 ----A---- C:\WINDOWS\flashax.exe 2008-07-09 16:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$ 2008-06-20 17:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$ 2008-06-12 20:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$ 2008-06-12 09:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$ 2008-06-12 09:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2008-06-12 09:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$ 2008-06-09 17:39:33 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 068 USB WMC Modem.txt 2008-06-09 17:39:33 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 068 USB WMC Data Modem.txt List of drivers R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys [] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-01-22 8552] R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys [] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R3 cmusbnet;WAN Driver @ 3GPP (6280); C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2007-06-22 87424] R3 cmusbser;%CMUSBSER%; C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-13 87040] R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2002-02-05 28396] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-07-13 27072] S3 SE2Cbus;Sony Ericsson Device 044 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys [2006-11-10 61600] S3 SE2Cmdfl;Sony Ericsson Device 044 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys [2006-11-10 9360] S3 SE2Cmdm;Sony Ericsson Device 044 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys [2006-11-10 97184] S3 SE2Cmgmt;Sony Ericsson Device 044 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys [2006-11-10 88688] S3 se2Cnd5;Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys [2006-11-10 18704] S3 SE2Cobex;Sony Ericsson Device 044 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys [2006-11-10 86560] S3 se2Cunic;Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se2Cunic.sys [2006-11-10 90800] S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys [] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys [] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys [] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys [] S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys [] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys [] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys [] List of services R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-01 875288] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776] S2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 2008-09-04 18:11:04 Uninstall list -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log AOL Australia-->C:\Program Files\Common Files\aolshare\Aolunins_au.exe AOL\|7 Broadband Demo-->C:\PROGRA~1\AOL7\BBDEMO~1\UNWISE.EXE C:\PROGRA~1\AOL7\BBDEMO~1\INSTALL.LOG Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL BigPond Wireless Broadband 2.10.6-->MsiExec.exe /I{52842271-922C-4907-8573-9F57A546509A} Canon MP170-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x0009 Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC} Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" ESC87 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESC87\USE_G\DOCUNINS.EXE Free Mp3 Wma Converter V 1.6.3-->"C:\Program Files\Free Audio Pack\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel® PRO Network Adapters and Drivers-->Prounstl.exe Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7} iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText OLYMPUS Master 2-->MsiExec.exe /X{CBC85F2E-1981-4C55-9418-908D08D2C6E8} OLYMPUS muvee theaterPack-->MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A} OpenOffice.org 2.0-->MsiExec.exe /I{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0} PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks\|RealPlayer\|6.0 Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Smart PDF Converter-->"C:\Program Files\Smart PDF Converter\unins000.exe" Soldat 1.4.2-->"c:\Soldat\unins000.exe" Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" UltraISO Premium V8.51-->"C:\Program Files\UltraISO\unins000.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Hosts File 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com Security center information AV: AVG Anti-Virus Free Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip -----------------EOF-----------------

Egwene View Member Profile	Sep 4 2008, 06:41 AM Post #10
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hey chich, There are still some bad junks on your computer and we will remove it now Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. Regards, Egwene.

chich View Member Profile	Sep 5 2008, 01:56 AM Post #11
Member Posts: 25 OS: XP	ComboFix 08-09-04.08 - Family 2008-09-05 17:18:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.196 [GMT 10:00] Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Family\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Install.txt C:\WINDOWS\system32\Install.txt C:\WINDOWS\system32\rtl60.bpl . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFINDING -------\Legacy_MACIDWE -------\Legacy_PERFMONS -------\Legacy_ROUTING -------\Legacy_SOBICYT -------\Legacy_TDSSSERV -------\Legacy_TDXDOWKC -------\Legacy_WSERVING -------\Service_TDSSserv ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-04 18:10 . 2008-09-04 18:11 <DIR> d-------- C:\rsit 2008-08-31 20:30 . 2008-08-31 19:10 139,264 --a------ C:\WINDOWS\eaxf.exe 2008-08-31 18:37 . 2008-08-31 18:37 <DIR> d-------- C:\_OTMoveIt 2008-08-28 19:15 . 2008-08-28 19:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-08-28 19:12 . 2008-08-28 19:13 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-08-28 18:27 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-28 18:00 . 2008-08-28 18:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-26 20:04 . 2008-08-26 20:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-26 19:57 . 2008-08-26 19:57 <DIR> d-------- C:\WINDOWS\EHome 2008-08-26 19:12 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2008-08-26 19:11 . 2008-04-14 10:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll 2008-08-26 19:10 . 2008-04-14 10:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-08-26 19:09 . 2008-04-14 10:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll 2008-08-26 19:09 . 2008-04-14 10:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-08-26 19:09 . 2008-04-14 10:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll 2008-08-26 19:09 . 2008-04-14 10:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe 2008-08-26 19:08 . 2008-04-14 10:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll 2008-08-26 19:08 . 2008-04-14 10:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll 2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll 2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll 2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll 2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll 2008-08-26 19:07 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-26 19:07 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-08-26 19:07 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-08-26 19:07 . 2008-04-14 02:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-08-26 19:07 . 2008-04-14 04:36 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys 2008-08-26 19:07 . 2008-04-14 10:11 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2008-08-26 19:07 . 2008-04-14 04:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys 2008-08-26 19:07 . 2008-04-14 04:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys 2008-08-26 19:07 . 2007-09-17 18:48 1,261 --------- C:\WINDOWS\system32\pid.inf 2008-08-26 19:05 . 2008-04-14 10:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Malwarebytes 2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-21 20:00 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-21 20:00 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-21 19:58 . 2008-08-21 19:58 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-08-21 19:54 . 2008-08-31 18:34 <DIR> d-------- C:\Program Files\ERUNT 2008-08-21 18:48 . 2008-08-21 18:48 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-17 21:24 . 2008-09-03 20:39 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-17 21:24 . 2008-08-21 17:16 <DIR> d-------- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR 2008-08-17 21:24 . 2008-09-01 20:40 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-17 21:24 . 2008-08-17 21:24 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-17 21:24 . 2008-08-17 21:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-17 21:17 . 2008-08-17 21:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-17 20:54 . 2008-08-28 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-17 19:08 . 2008-08-17 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-13 21:55 . 2008-05-02 00:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 21:49 . 2008-04-12 05:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 17:42 . 2008-08-13 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-13 17:40 . 2008-08-17 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-13 15:52 . 2008-08-22 21:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-03 11:37 --------- d-----w C:\Program Files\Lavasoft 2008-08-28 12:21 --------- d-----w C:\Program Files\MSN Messenger 2008-08-28 08:27 --------- d-----w C:\Program Files\Java 2008-08-21 06:05 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-08-13 07:43 --------- d-----w C:\Documents and Settings\Family\Application Data\Lavasoft 2008-08-11 01:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-03 03:43 --------- d-----w C:\Program Files\AVG 2008-08-02 04:22 --------- d--h--r C:\Documents and Settings\Family\Application Data\SecuROM 2008-07-28 11:35 606,848 ----a-w C:\WINDOWS\flashax.exe 2008-07-28 11:35 12,288 ----a-w C:\WINDOWS\impborl.dll 2006-02-11 07:27 30,080 ----a-w C:\Documents and Settings\Family\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus C87 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE" [2005-01-27 98304] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688] "EPSON Stylus C87 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE" [2005-01-27 98304] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "BigPondWirelessBroadbandCM"="C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-05-07 2162688] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-01 1235736] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe [2006-01-22 32842] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-01-22 24576] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Soldat\\Soldat.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-01 97928] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-01 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-17 76040] S3 cmusbnet;WAN Driver @ 3GPP (6280);C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2007-06-22 87424] S3 cmusbser;%CMUSBSER%;C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-13 87040] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-07-13 27072] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\flfbopbd.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au/ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 17:41:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-09-05 17:47:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-05 07:47:04 Pre-Run: 61,710,413,824 bytes free Post-Run: 61,600,575,488 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 199 --- E O F --- 2008-08-28 07:56:40 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:49:38 PM, on 5/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB001" /M "Stylus C87" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing) -- End of file - 7547 bytes

Egwene View Member Profile	Sep 5 2008, 06:09 AM Post #12
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hey chich, 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Sysrst:: File:: C:\WINDOWS\eaxf.exe Registry:: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Regards, Egwene.

chich View Member Profile	Sep 7 2008, 05:41 AM Post #13
Member Posts: 25 OS: XP	ComboFix 08-09-04.08 - Family 2008-09-07 21:29:45.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.238 [GMT 10:00] Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Family\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\eaxf.exe . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-04 18:10 . 2008-09-04 18:11 <DIR> d-------- C:\rsit 2008-08-31 18:37 . 2008-08-31 18:37 <DIR> d-------- C:\_OTMoveIt 2008-08-28 19:15 . 2008-08-28 19:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-08-28 19:12 . 2008-08-28 19:13 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-08-28 18:27 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-28 18:00 . 2008-08-28 18:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-26 20:04 . 2008-08-26 20:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-26 19:57 . 2008-08-26 19:57 <DIR> d-------- C:\WINDOWS\EHome 2008-08-26 19:12 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2008-08-26 19:11 . 2008-04-14 10:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll 2008-08-26 19:10 . 2008-04-14 10:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-08-26 19:09 . 2008-04-14 10:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll 2008-08-26 19:09 . 2008-04-14 10:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-08-26 19:09 . 2008-04-14 10:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll 2008-08-26 19:09 . 2008-04-14 10:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe 2008-08-26 19:08 . 2008-04-14 10:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll 2008-08-26 19:08 . 2008-04-14 10:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll 2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll 2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll 2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll 2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll 2008-08-26 19:07 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-26 19:07 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-08-26 19:07 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-08-26 19:07 . 2008-04-14 02:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-08-26 19:07 . 2008-04-14 04:36 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys 2008-08-26 19:07 . 2008-04-14 10:11 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2008-08-26 19:07 . 2008-04-14 04:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys 2008-08-26 19:07 . 2008-04-14 04:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys 2008-08-26 19:07 . 2007-09-17 18:48 1,261 --------- C:\WINDOWS\system32\pid.inf 2008-08-26 19:05 . 2008-04-14 10:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-21 20:00 . 2008-09-05 17:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Malwarebytes 2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-21 20:00 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-21 20:00 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-21 19:58 . 2008-08-21 19:58 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-08-21 19:54 . 2008-08-31 18:34 <DIR> d-------- C:\Program Files\ERUNT 2008-08-21 18:48 . 2008-08-21 18:48 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-17 21:24 . 2008-09-07 16:38 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-17 21:24 . 2008-08-21 17:16 <DIR> d-------- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR 2008-08-17 21:24 . 2008-09-01 20:40 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-17 21:24 . 2008-08-17 21:24 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-17 21:24 . 2008-08-17 21:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-17 21:17 . 2008-08-17 21:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-17 20:54 . 2008-08-28 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-17 19:08 . 2008-08-17 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-13 21:55 . 2008-05-02 00:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 21:49 . 2008-04-12 05:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 17:42 . 2008-08-13 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-13 17:40 . 2008-08-17 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-13 15:52 . 2008-08-22 21:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-03 11:37 --------- d-----w C:\Program Files\Lavasoft 2008-08-28 12:21 --------- d-----w C:\Program Files\MSN Messenger 2008-08-28 08:27 --------- d-----w C:\Program Files\Java 2008-08-21 06:05 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-08-13 07:43 --------- d-----w C:\Documents and Settings\Family\Application Data\Lavasoft 2008-08-11 01:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-03 03:43 --------- d-----w C:\Program Files\AVG 2008-08-02 04:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-02 04:22 --------- d--h--r C:\Documents and Settings\Family\Application Data\SecuROM 2008-07-28 11:35 606,848 ----a-w C:\WINDOWS\flashax.exe 2008-07-28 11:35 12,288 ----a-w C:\WINDOWS\impborl.dll 2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 00:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2006-02-11 07:27 30,080 ----a-w C:\Documents and Settings\Family\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((((( System Restore ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegBHO-Global.reg 2008-08-21 19:50 1404 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005677.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDPF-Global.reg 2008-08-21 19:50 884 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005676.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDummy-Family.reg 2008-08-21 19:50 60 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005687.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtBat-Global.reg 2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005661.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtCmd-Global.reg 2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005657.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtCom-Global.reg 2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005660.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtExe-Global.reg 2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005659.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtPif-Global.reg 2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005658.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtReg-Global.reg 2008-08-21 19:50 86 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005638.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtScr-Global.reg 2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005637.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBME-Global.reg 2008-08-21 19:50 81 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005672.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP1-Global.reg 2008-08-21 19:50 116 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005666.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2a-Global.reg 2008-08-21 19:50 352 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005665.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2b-Global.reg 2008-08-21 19:50 464 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005664.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP3-Global.reg 2008-08-21 19:50 277 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005663.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP4-Global.reg 2008-08-21 19:50 83 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005662.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB1-Global.reg 2008-08-21 19:50 184 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005678.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB2-Global.reg 2008-08-21 19:50 399 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005674.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGCP-Global.reg 2008-08-21 19:50 87 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005655.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGIESH-Global.reg 2008-08-21 19:50 88 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005643.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGNTCVW-Global.reg 2008-08-21 19:50 244 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005653.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGNTCVWL-Global.reg 2008-08-21 19:50 337 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005651.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1-Global.reg 2008-08-21 19:50 1827 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005634.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1SM-Global.reg 2008-08-21 19:50 232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005648.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2-Global.reg 2008-08-21 19:50 86 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005682.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2SM-Global.reg 2008-08-21 19:50 81 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005647.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS3-Global.reg 2008-08-21 19:50 90 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005681.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS3SM-Global.reg 2008-08-21 19:50 232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005646.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS4-Global.reg 2008-08-21 19:50 94 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005680.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGSS-Global.reg 2008-08-21 19:50 13861 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005641.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGSSODL-Global.reg 2008-08-21 19:50 383 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005649.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGWLN-Global.reg 2008-08-21 19:50 6065 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005642.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBME-Family.reg 2008-08-21 19:50 262 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005673.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP1-Family.reg 2008-08-21 19:50 115 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005671.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2a-Family.reg 2008-08-21 19:50 254 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005670.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Family.reg 2008-08-21 19:50 407 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005669.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP3-Family.reg 2008-08-21 19:50 79 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005668.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP4-Family.reg 2008-08-21 19:50 115 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005667.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBTB1-Family.reg 2008-08-21 19:50 5933 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005679.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBTB2-Family.reg 2008-08-21 19:50 694 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005675.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUCP-Family.reg 2008-08-21 19:50 113 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005656.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUDesk-Family.reg 2008-08-21 19:50 136 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005645.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUIESH-Family.reg 2008-08-21 19:50 132 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005644.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUNTCVW-Family.reg 2008-08-21 19:50 208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005654.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUNTCVWL-Family.reg 2008-08-21 19:50 390 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005652.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS1-Family.reg 2008-08-21 19:50 569 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005686.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS2-Family.reg 2008-08-21 19:50 85 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005685.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS3-Family.reg 2008-08-21 19:50 89 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005684.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS4-Family.reg 2008-08-21 19:50 93 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005683.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUSSODL-Family.reg 2008-08-21 19:50 105 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005650.reg C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\_003050_.tmp.dll 2004-08-10 15:04 1487 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006644.dll 2008-08-28 19:12 1304576 C:\Documents and Settings\Family\Desktop\OTViewIt.exe 2008-08-28 19:12 524288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009179.exe C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIR\Adobe AIR Installer.exe 2008-06-12 20:10 6848789 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009190.exe C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIR\nosso_air.exe 2008-06-12 20:09 211784 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009191.exe C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIRShareInstaller.exe 2008-06-12 17:10 198032 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009192.exe C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\READER9\Setup.exe 2008-06-12 17:10 341352 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009195.exe C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\Setup.exe 2008-06-12 17:10 308584 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009197.exe 2004-08-04 07:00 25600 C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2004-08-04 07:00 25600 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005845.dll 2008-04-14 10:12 741376 C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll 2004-08-04 07:00 741376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007674.dll 2008-04-14 10:12 153088 C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll 2004-08-04 07:00 153088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007676.DLL 2008-04-14 10:11 618605 C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\fp4autl.dll 2003-03-24 18:52 618605 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007635.dll 2008-04-14 10:11 86528 C:\Program Files\Common Files\System\directdb.dll 2007-05-17 01:12 86528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007619.dll 2008-05-02 00:33 331776 C:\Program Files\Common Files\System\msadc\msadce.dll 2008-05-02 00:30 331776 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008043.dll 2008-04-14 03:25 20480 C:\Program Files\Common Files\System\msadc\msadcer.dll 2004-08-04 07:00 20480 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006832.dll 2008-04-14 10:11 61440 C:\Program Files\Common Files\System\msadc\msadcf.dll 2004-08-04 07:00 61440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006831.dll 2008-04-14 03:25 16384 C:\Program Files\Common Files\System\msadc\msadcfr.dll 2004-08-04 07:00 16384 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006830.dll 2008-04-14 10:11 143360 C:\Program Files\Common Files\System\msadc\msadco.dll 2006-03-23 15:44 143360 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006829.dll 2008-04-14 03:25 16384 C:\Program Files\Common Files\System\msadc\msadcor.dll 2004-08-04 07:00 16384 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006828.dll 2008-04-14 10:11 53248 C:\Program Files\Common Files\System\msadc\msadcs.dll 2004-08-04 07:00 53248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006827.dll 2008-04-14 10:11 155648 C:\Program Files\Common Files\System\msadc\msadds.dll 2004-08-04 07:00 155648 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006826.dll 2008-04-14 03:25 24576 C:\Program Files\Common Files\System\msadc\msaddsr.dll 2004-08-04 07:00 24576 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006825.dll 2008-04-14 03:25 16384 C:\Program Files\Common Files\System\msadc\msdaprsr.dll 2004-08-04 07:00 16384 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006824.dll 2008-04-14 10:11 200704 C:\Program Files\Common Files\System\msadc\msdaprst.dll 2004-08-04 07:00 200704 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006823.dll 2008-04-14 10:11 118784 C:\Program Files\Common Files\System\msadc\msdarem.dll 2004-08-04 07:00 118784 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006822.dll 2008-04-14 03:25 16384 C:\Program Files\Common Files\System\msadc\msdaremr.dll 2004-08-04 07:00 16384 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006821.dll 2008-04-14 10:11 36864 C:\Program Files\Common Files\System\msadc\msdfmap.dll 2004-08-04 07:00 36864 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006820.dll 2008-04-14 10:12 510976 C:\Program Files\Common Files\System\wab32.dll 2007-05-17 01:12 510976 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007618.dll 2008-04-14 02:21 249856 C:\Program Files\Common Files\System\wab32res.dll 2004-08-04 07:00 249856 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007617.dll 2005-10-20 12:04 38912 C:\Program Files\ERUNT\AUTOBACK.EXE 2005-10-20 12:04 38912 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0009263.EXE 2005-10-20 12:00 157696 C:\Program Files\ERUNT\ERUNT.EXE 2005-10-20 12:00 157696 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0009264.EXE 2005-10-20 12:03 140288 C:\Program Files\ERUNT\NTREGOPT.EXE 2005-10-20 12:03 140288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0009265.EXE 2004-06-27 01:00 77257 C:\Program Files\ERUNT\unins000.exe 2004-06-27 01:00 77257 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0009271.exe 2008-04-14 10:11 61440 C:\Program Files\Internet Explorer\Connection Wizard\icwconn.dll 2004-08-04 07:00 61440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007648.dll 2008-04-14 10:12 214528 C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe 2004-08-04 07:00 214528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007647.exe 2008-04-14 10:12 86016 C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe 2004-08-04 07:00 86016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007646.exe 2008-04-14 10:11 32768 C:\Program Files\Internet Explorer\Connection Wizard\icwdl.dll 2004-08-04 07:00 32768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007645.dll 2008-04-14 10:11 172032 C:\Program Files\Internet Explorer\Connection Wizard\icwhelp.dll 2004-08-04 07:00 172032 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007644.dll 2008-04-14 10:12 24576 C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe 2004-08-04 07:00 24576 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007643.exe 2008-04-14 10:11 49152 C:\Program Files\Internet Explorer\Connection Wizard\icwutil.dll 2004-08-04 07:00 49152 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007642.dll 2008-04-14 10:12 20480 C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe 2004-08-04 07:00 20480 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007641.exe 2008-09-02 00:16 1244848 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 2008-08-17 15:01 1195640 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009573.exe 2008-09-02 00:16 110256 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 2008-08-17 15:01 110200 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009577.exe 2008-09-02 00:16 372400 C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe 2008-08-17 15:01 372344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009576.exe 2008-09-05 17:59 688816 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe 2008-08-21 19:59 688760 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009582.exe 2008-09-02 00:16 78000 C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll 2008-08-17 15:01 77944 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009575.dll 2008-04-14 10:11 33792 C:\Program Files\Messenger\custsat.dll 2004-08-04 07:00 28672 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007906.dll 2008-05-03 00:01 83968 C:\Program Files\Messenger\msgsc.dll 2008-05-03 00:22 83968 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007905.dll 2008-04-14 03:30 180224 C:\Program Files\Messenger\msgslang.dll 2004-08-04 03:06 180224 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007904.dll 2008-04-14 10:12 1695232 C:\Program Files\Messenger\msmsgs.exe 2004-10-14 02:24 1694208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007903.exe 2008-04-14 10:12 3558912 C:\Program Files\Movie Maker\moviemk.exe 2004-08-04 07:00 3555328 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007712.exe 2008-04-14 10:12 167936 C:\Program Files\Movie Maker\wmm2ae.dll 2004-08-04 07:00 167936 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007775.dll 2008-04-14 10:12 4096 C:\Program Files\Movie Maker\wmm2eres.dll 2004-08-04 07:00 4096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007774.dll 2008-04-14 10:12 7680 C:\Program Files\Movie Maker\wmm2ext.dll 2004-08-04 07:00 7680 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007773.dll 2008-04-14 10:12 402432 C:\Program Files\Movie Maker\wmm2filt.dll 2004-08-04 07:00 402432 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007772.dll 2008-04-14 10:12 502272 C:\Program Files\Movie Maker\wmm2fxa.dll 2004-08-04 07:00 502272 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007771.dll 2008-04-14 10:12 325632 C:\Program Files\Movie Maker\wmm2fxb.dll 2004-08-04 07:00 325632 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007770.dll 2008-04-14 10:12 4256768 C:\Program Files\Movie Maker\wmm2res.dll 2004-08-04 07:00 4256768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007769.dll 2008-04-14 10:12 5632 C:\Program Files\Movie Maker\wmm2res2.dll 2004-08-04 07:00 5632 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007768.dll 2008-08-26 19:20 17408 C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll 2008-07-20 20:24 13952 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006296.dll C:\Program Files\Mozilla Firefox\components\jar50.dll 2008-07-20 20:24 67696 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006336.dll C:\Program Files\Mozilla Firefox\components\jsd3250.dll 2008-07-20 20:24 54376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006337.dll C:\Program Files\Mozilla Firefox\components\myspell.dll 2008-07-20 20:24 34952 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006340.dll C:\Program Files\Mozilla Firefox\components\spellchk.dll 2008-07-20 20:24 46720 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006341.dll C:\Program Files\Mozilla Firefox\components\xpinstal.dll 2008-07-20 20:24 172144 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006338.dll 2008-08-26 19:20 307712 C:\Program Files\Mozilla Firefox\firefox.exe 2008-07-20 20:24 7667312 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006305.exe 2008-08-26 19:20 233472 C:\Program Files\Mozilla Firefox\freebl3.dll 2008-07-20 20:24 200829 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006306.dll 2008-08-26 19:20 695296 C:\Program Files\Mozilla Firefox\js3250.dll 2008-07-20 20:24 458856 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006307.dll 2008-08-26 19:20 198144 C:\Program Files\Mozilla Firefox\nspr4.dll 2008-07-20 20:24 161392 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006308.dll 2008-08-26 19:20 697856 C:\Program Files\Mozilla Firefox\nss3.dll 2008-07-20 20:24 382568 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006309.dll 2008-08-26 19:20 304640 C:\Program Files\Mozilla Firefox\nssckbi.dll 2008-07-20 20:24 276080 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006310.dll 2008-08-26 19:20 20480 C:\Program Files\Mozilla Firefox\plc4.dll 2008-07-20 20:24 34424 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006312.dll 2008-08-26 19:20 17408 C:\Program Files\Mozilla Firefox\plds4.dll 2008-07-20 20:24 30320 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006313.dll 2008-08-26 19:20 65536 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll 2008-07-20 20:24 22664 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006314.dll 2008-08-26 19:20 103936 C:\Program Files\Mozilla Firefox\smime3.dll 2008-07-20 20:24 112232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006328.dll 2008-08-26 19:20 151552 C:\Program Files\Mozilla Firefox\softokn3.dll 2008-07-20 20:24 254060 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006329.dll 2008-08-26 19:20 136704 C:\Program Files\Mozilla Firefox\ssl3.dll 2008-07-20 20:24 136808 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006330.dll 2008-08-26 19:20 507568 C:\Program Files\Mozilla Firefox\uninstall\helper.exe 2008-07-20 20:24 450936 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006331.exe 2008-08-26 19:20 241664 C:\Program Files\Mozilla Firefox\updater.exe 2008-07-20 20:24 132232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006332.exe 2008-08-26 19:20 17920 C:\Program Files\Mozilla Firefox\xpcom.dll 2008-07-20 20:24 13416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006334.dll C:\Program Files\Mozilla Firefox\xpcom_compat.dll 2008-07-20 20:24 73848 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006351.dll C:\Program Files\Mozilla Firefox\xpcom_core.dll 2008-07-20 20:24 422000 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006335.dll C:\Program Files\Mozilla Firefox\xpicleanup.exe 2008-07-20 20:24 73336 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006352.exe C:\Program Files\Mozilla Firefox\xpistub.dll 2008-07-20 20:24 12400 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006339.dll 2008-04-14 10:10 229376 C:\Program Files\MSN\MSNCoreFiles\OOBE\obelog.dll 2004-08-04 07:00 229376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007786.dll 2008-04-14 10:10 966656 C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll 2004-08-04 07:00 966656 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007785.dll 2007-04-03 04:44 77824 C:\Program Files\MSN\MSNCoreFiles\OOBE\obemtllc.dll 2004-08-04 07:00 77824 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007784.dll 2008-04-14 10:10 86016 C:\Program Files\MSN\MSNCoreFiles\OOBE\obepopc.dll 2004-08-04 07:00 86016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007783.dll 2008-04-14 10:11 385024 C:\Program Files\NetMeeting\callcont.dll 2004-08-04 07:00 385024 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007667.dll 2008-04-14 10:12 1032192 C:\Program Files\NetMeeting\conf.exe 2004-08-04 07:00 1032192 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007666.exe 2008-04-14 10:11 45056 C:\Program Files\NetMeeting\confmrsl.dll 2004-08-04 07:00 45056 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007665.dll 2008-04-14 10:11 40960 C:\Program Files\NetMeeting\dcap32.dll 2004-08-04 07:00 40960 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007664.dll 2008-04-14 10:11 57344 C:\Program Files\NetMeeting\h323cc.dll 2004-08-04 07:00 57344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007663.dll 2008-04-14 10:12 274432 C:\Program Files\NetMeeting\mst120.dll 2004-08-04 07:00 274432 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007662.DLL 2008-04-14 10:12 57344 C:\Program Files\NetMeeting\mst123.dll 2004-08-04 07:00 57344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007661.DLL 2008-04-14 10:12 221184 C:\Program Files\NetMeeting\nac.dll 2004-08-04 07:00 221184 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007660.dll 2008-04-14 10:12 229376 C:\Program Files\NetMeeting\nmas.dll 2004-08-04 07:00 229376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007659.dll 2008-04-14 10:12 28672 C:\Program Files\NetMeeting\nmasnt.dll 2004-08-04 07:00 28672 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007658.dll 2008-04-14 10:12 81920 C:\Program Files\NetMeeting\nmchat.dll 2004-08-04 07:00 81920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007657.dll 2008-04-14 10:12 77824 C:\Program Files\NetMeeting\nmcom.dll 2004-08-04 07:00 77824 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007656.dll 2008-04-14 10:12 151552 C:\Program Files\NetMeeting\nmft.dll 2004-08-04 07:00 151552 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007655.dll 2008-04-14 10:12 172032 C:\Program Files\NetMeeting\nmoldwb.dll 2004-08-04 07:00 172032 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007654.dll 2008-04-14 10:12 188416 C:\Program Files\NetMeeting\nmwb.dll 2004-08-04 07:00 188416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007653.dll 2008-04-14 10:12 61440 C:\Program Files\NetMeeting\rrcm.dll 2004-08-04 07:00 61440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007652.dll 2008-04-14 10:12 60416 C:\Program Files\Outlook Express\msimn.exe 2004-08-04 07:00 60416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007633.exe 2008-04-14 10:12 1314816 C:\Program Files\Outlook Express\msoe.dll 2007-05-17 01:12 1314816 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007632.dll 2008-04-14 02:23 2479616 C:\Program Files\Outlook Express\msoeres.dll 2004-08-04 07:00 2479616 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007631.dll 2008-04-14 10:12 104448 C:\Program Files\Outlook Express\oeimport.dll 2004-08-04 07:00 104448 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007630.dll 2008-04-14 10:12 60416 C:\Program Files\Outlook Express\oemig50.exe 2004-08-04 07:00 60416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007629.exe 2008-04-14 10:12 35328 C:\Program Files\Outlook Express\oemiglib.dll 2004-08-04 07:00 35328 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007628.dll 2008-04-14 10:12 73216 C:\Program Files\Outlook Express\setup50.exe 2004-08-04 07:00 73216 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007627.exe 2008-04-14 10:12 46080 C:\Program Files\Outlook Express\wab.exe 2004-08-04 07:00 46080 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007626.exe 2008-04-14 10:12 32768 C:\Program Files\Outlook Express\wabfind.dll 2004-08-04 07:00 32768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007625.dll 2008-04-14 10:12 85504 C:\Program Files\Outlook Express\wabimp.dll 2007-05-17 01:12 85504 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007624.dll 2008-04-14 10:12 30208 C:\Program Files\Outlook Express\wabmig.exe 2004-08-04 07:00 30208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007623.exe 2008-07-07 09:41 939344 C:\Program Files\Spybot - Search & Destroy\advcheck.dll 2008-07-07 09:41 939344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005769.dll 2007-04-02 20:22 34472 C:\Program Files\Spybot - Search & Destroy\aports.dll 2007-04-02 20:22 34472 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005760.dll 2008-07-07 09:41 428880 C:\Program Files\Spybot - Search & Destroy\blindman.exe 2008-07-07 09:41 428880 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005768.exe C:\Program Files\Spybot - Search & Destroy\BQEVUFSVUMKWOCYDV.scr 2008-07-07 09:42 1429840 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005774.scr C:\Program Files\Spybot - Search & Destroy\CBDHQIKXN.scr 2008-07-07 09:42 4891472 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005775.scr 2008-06-14 11:24 255392 C:\Program Files\Spybot - Search & Destroy\DelZip179.dll 2008-06-14 11:24 255392 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005761.dll 2007-04-19 16:42 54440 C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll 2007-04-19 16:42 54440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005752.dll 2008-03-04 15:52 790392 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll 2008-03-04 15:52 790392 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005755.dll 2008-03-05 10:34 795520 C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll 2008-03-05 10:34 795520 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005754.dll 2008-02-26 12:04 717176 C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll 2008-02-26 12:04 717176 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005753.dll 2007-12-24 02:05 121344 C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll 2007-12-24 02:05 121344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005756.dll 2008-07-07 09:36 1430016 C:\Program Files\Spybot - Search & Destroy\SDFiles.exe 2008-07-07 09:36 1430016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005758.exe 2008-07-07 09:41 1562448 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 2008-07-07 09:41 1562448 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005782.dll 2008-07-07 09:42 414544 C:\Program Files\Spybot - Search & Destroy\SDMain.exe 2008-07-07 09:42 414544 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005765.exe 2008-07-07 09:37 958976 C:\Program Files\Spybot - Search & Destroy\SDShred.exe 2008-07-07 09:37 958976 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005757.exe 2008-07-07 09:42 1429840 C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe 2008-07-07 09:42 1429840 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005778.exe 2008-07-07 09:42 809296 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 2008-07-07 09:42 809296 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005764.exe 2008-07-07 09:42 4891472 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 2008-07-07 09:42 4891472 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005777.exe 2008-06-19 18:35 333288 C:\Program Files\Spybot - Search & Destroy\sqlite3.dll 2008-06-19 18:35 333288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005759.dll 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 2008-07-07 09:42 2156368 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005779.exe 2008-07-07 09:42 835920 C:\Program Files\Spybot - Search & Destroy\Tools.dll 2008-07-07 09:42 835920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005763.dll 2008-08-28 17:57 696200 C:\Program Files\Spybot - Search & Destroy\unins000.exe 2008-08-17 20:50 696200 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005773.exe 2008-07-07 09:42 464720 C:\Program Files\Spybot - Search & Destroy\Update.exe 2008-07-07 09:42 464720 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005762.exe C:\Program Files\Spybot - Search & Destroy\XIPECPCJHPDTUKHDKU.scr 2008-07-07 09:42 2156368 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005776.scr C:\Program Files\Spyware Doctor\avengine\PCTAVEng.dll 2008-06-02 15:18 956296 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005694.dll C:\Program Files\Spyware Doctor\avengine\SDAVgate.dll 2008-06-02 15:18 186248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005693.dll C:\Program Files\Spyware Doctor\BH.dll 2008-06-02 15:18 419208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005723.dll C:\Program Files\Spyware Doctor\cdialogs.dll 2008-07-03 18:07 670088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005722.dll C:\Program Files\Spyware Doctor\commhlpr.dll 2008-06-02 15:18 298888 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005721.dll C:\Program Files\Spyware Doctor\commlib.dll 2008-06-02 15:23 923528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005733.dll C:\Program Files\Spyware Doctor\commom.dll 2008-07-16 09:16 1021832 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005732.dll C:\Program Files\Spyware Doctor\drvctl.exe 2008-06-02 15:18 28040 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005730.exe C:\Program Files\Spyware Doctor\filehlpr.dll 2008-06-02 15:18 319368 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005720.dll C:\Program Files\Spyware Doctor\ikdll.dll 2008-06-02 15:19 119688 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005719.dll C:\Program Files\Spyware Doctor\inethlpr.dll 2008-06-02 15:19 379272 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005718.dll C:\Program Files\Spyware Doctor\InnoHelpers.dll 2008-07-08 16:07 241664 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005735.dll C:\Program Files\Spyware Doctor\msvcp71.dll 2007-12-07 13:30 499712 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005704.dll C:\Program Files\Spyware Doctor\msvcr71.dll 2007-12-07 13:30 348160 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005703.dll C:\Program Files\Spyware Doctor\msvcr80.dll 2008-07-08 16:07 626688 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005734.dll C:\Program Files\Spyware Doctor\NetworkLayer\Driver.exe 2008-07-08 16:31 165768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005702.exe C:\Program Files\Spyware Doctor\NetworkLayer\InterfaceDLL.dll 2008-06-02 15:19 497544 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005695.dll C:\Program Files\Spyware Doctor\NetworkLayer\msvcp71.dll 2007-12-07 13:30 499712 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005697.dll C:\Program Files\Spyware Doctor\NetworkLayer\msvcr71.dll 2007-12-07 13:30 348160 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005696.dll C:\Program Files\Spyware Doctor\NetworkLayer\PCTCFFix.exe 2008-06-02 15:19 71560 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005699.exe C:\Program Files\Spyware Doctor\NetworkLayer\PCTCFHook.dll 2008-06-02 15:19 104328 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005701.dll C:\Program Files\Spyware Doctor\NetworkLayer\pctfw2.sys 2008-07-28 11:29 160792 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005698.sys C:\Program Files\Spyware Doctor\NetworkLayer\PCTLsp.dll 2008-06-02 15:20 190344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005700.dll C:\Program Files\Spyware Doctor\pctsAuxs.exe 2008-06-13 15:29 356920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005724.exe C:\Program Files\Spyware Doctor\pctsGui.exe 2008-07-16 09:16 2871688 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005726.exe C:\Program Files\Spyware Doctor\pctsSvc.exe 2008-08-07 12:12 1073544 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005725.exe C:\Program Files\Spyware Doctor\pctsTray.exe 2008-07-16 09:16 1166216 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005727.exe C:\Program Files\Spyware Doctor\PCTWSC.dll 2008-06-02 15:20 182152 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005717.dll C:\Program Files\Spyware Doctor\PWindow.dll 2008-06-02 15:21 194440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005716.dll C:\Program Files\Spyware Doctor\RegHelper.dll 2008-06-02 15:22 286088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005715.dll C:\Program Files\Spyware Doctor\sdcore.dll 2008-06-02 15:22 126856 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005714.dll C:\Program Files\Spyware Doctor\sdinvoker.exe 2008-06-02 15:22 289160 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005729.exe C:\Program Files\Spyware Doctor\sdloader.exe 2008-07-03 18:07 333704 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005728.exe C:\Program Files\Spyware Doctor\sdwvhlp.dll 2008-06-02 15:22 59272 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005713.dll C:\Program Files\Spyware Doctor\SH.dll 2008-06-02 15:22 398728 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005712.dll C:\Program Files\Spyware Doctor\smumhook.dll 2008-06-02 15:22 146312 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005711.dll C:\Program Files\Spyware Doctor\SysAccess.dll 2008-06-02 15:22 135560 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005710.dll C:\Program Files\Spyware Doctor\unins000.exe 2008-08-13 15:51 707976 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005740.exe C:\Program Files\Spyware Doctor\Update.exe 2008-07-03 18:08 1857416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005731.exe C:\Program Files\Spyware Doctor\Upgrade.exe 2008-06-02 15:22 1560968 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005709.exe 2008-04-14 10:12 4639 C:\Program Files\Windows Media Player\mplayer2.exe 2004-08-04 07:00 4639 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007639.exe 2008-04-14 10:12 226816 C:\Program Files\Windows Media Player\npdrmv2.dll 2004-08-04 07:00 226816 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007638.dll 2008-04-14 10:12 364544 C:\Program Files\Windows Media Player\npdsplay.dll 2005-11-29 15:27 364544 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007637.dll 2008-04-14 10:12 10240 C:\Program Files\Windows Media Player\npwmsdrm.dll 2004-08-04 07:00 10240 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007636.dll 2008-04-14 10:12 214528 C:\Program Files\Windows NT\Accessories\wordpad.exe 2004-08-04 07:00 214528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007710.exe 2008-04-14 10:12 539136 C:\Program Files\Windows NT\dialer.exe 2004-08-04 07:00 539136 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007634.exe 2008-04-14 10:12 281088 C:\Program Files\Windows NT\Pinball\pinball.exe 2004-08-04 07:00 281088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007711.EXE C:\system32\dsprpres.dll 2004-08-04 07:00 4096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007859.dll 2004-08-04 07:00 4096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007859.dll C:\system32\p2pgasvc.dll 2004-08-04 07:00 86016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007817.dll C:\WINDOWS\_000006_.tmp.dll 2008-05-03 01:01 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007995.dll 2008-05-02 01:30 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008042.dll C:\WINDOWS\_000007_.tmp.dll 2008-05-03 01:01 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007997.dll 2008-05-02 01:30 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008046.dll C:\WINDOWS\_000008_.tmp.dll 2008-05-09 07:25 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008003.dll 2008-06-17 06:12 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008026.dll C:\WINDOWS\_000010_.tmp.dll 2008-06-21 20:36 18785 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008034.dll C:\WINDOWS\_000012_.tmp.dll 2008-06-19 19:25 15271 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0009085.dll C:\WINDOWS\_000014_.tmp.dll 2008-06-21 20:36 18785 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008039.dll C:\WINDOWS\_002711_.tmp.dll 2004-08-04 07:00 7334 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006364.dll C:\WINDOWS\_002712_.tmp.dll 2008-04-14 12:04 1088840 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006365.dll C:\WINDOWS\_002713_.tmp.dll 2008-04-14 12:04 2144487 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006366.dll C:\WINDOWS\_002714_.tmp.dll 2008-04-14 12:04 10027 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006367.dll C:\WINDOWS\_002715_.tmp.dll 2008-04-14 12:04 14433 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006368.dll C:\WINDOWS\_002716_.tmp.dll 2008-04-14 12:04 26991 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006369.dll C:\WINDOWS\_002717_.tmp.dll 2008-04-14 12:04 12363 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006370.dll C:\WINDOWS\_002718_.tmp.dll 2008-04-14 12:04 16535 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006371.dll C:\WINDOWS\_002719_.tmp.dll 2008-04-14 12:04 34063 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006372.dll C:\WINDOWS\_002720_.tmp.dll 2008-04-14 07:40 1296669 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006373.dll C:\WINDOWS\_002721_.tmp.dll 2008-04-14 12:04 171588 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006374.dll C:\WINDOWS\_002722_.tmp.dll 2008-04-14 12:04 402264 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006375.dll C:\WINDOWS\_003266_.tmp.dll 2008-04-14 12:04 1088840 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007960.dll C:\WINDOWS\_003267_.tmp.dll 2008-04-14 12:04 402264 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007962.dll C:\WINDOWS\_003268_.tmp.dll 2008-04-14 12:04 171588 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007964.dll C:\WINDOWS\_003269_.tmp.dll 2008-04-14 12:04 10027 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007966.dll C:\WINDOWS\_003270_.tmp.dll 2008-04-14 12:04 16535 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007968.dll C:\WINDOWS\_003271_.tmp.dll 2008-04-14 12:04 14433 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007970.dll C:\WINDOWS\_003272_.tmp.dll 2008-04-14 12:04 12363 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007972.dll C:\WINDOWS\_003273_.tmp.dll 2008-04-14 12:04 26991 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007974.dll C:\WINDOWS\_003274_.tmp.dll 2008-04-14 12:04 2144487 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007976.dll C:\WINDOWS\_003275_.tmp.dll 2004-08-04 07:00 7334 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007978.dll C:\WINDOWS\_003276_.tmp.dll 2008-04-14 12:04 34063 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007980.dll C:\WINDOWS\AppPatch\_003244_.tmp.dll 2004-08-04 07:00 9424 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006799.dll 2008-04-14 10:11 39424 C:\WINDOWS\AppPatch\acadproc.dll 2006-10-05 00:05 39424 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007882.dll C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll 2008-09-03 21:37 42248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0009441.dll C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll 2008-09-03 21:37 27912 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0009442.dll C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll 2008-09-03 21:37 73728 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0009443.dll C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll 2008-09-03 21:37 83296 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0009444.dll C:\WINDOWS\Driver Cache\i386\_002729_.tmp.dll 2006-06-14 19:00 82944 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006382.dll C:\WINDOWS\Driver Cache\i386\_002759_.tmp.dll 2006-06-14 18:47 6400 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006412.dll C:\

chich View Member Profile	Sep 7 2008, 06:06 AM Post #14
Member Posts: 25 OS: XP	AVG also just detected another threat Infection Type: "PUP" Virus name: Potentially harmful program HideExec.EV Located: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009550.exe

Egwene View Member Profile	Sep 7 2008, 06:24 AM Post #15
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hey Chich, Look at your CF repport, it's incomplete. Could you please post me what is missing in a next reply ? Thanks. Regards, Egwene. This post has been edited by Egwene: Sep 7 2008, 06:24 AM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Need help removing backdoor.tidserv!inf PLEASE! [Solved]	10 / 536	29th January 2009 - 07:41 PM 3kgt97 started - last by Rorschach112
Virus, Spyware and Trojan Removal Troj/Rustok-N need help removing it please [Closed] 12	16 / 398	3rd May 2009 - 11:29 AM awakenedsleepingbeauty started - last by Rorschach112
Virus, Spyware and Trojan Removal Need help removing Troj/Rustok-N [Closed]	11 / 420	15th May 2009 - 02:24 PM Nacram started - last by SpySentinel
Virus, Spyware and Trojan Removal VirtuMonde.Trojan : Need help removing it! [Closed]	2 / 229	7th June 2009 - 12:33 PM Aloysius_Jr started - last by skate_punk_21