Logfile of random's system information tool 1.04 (written by random/random) Run by clare at 2008-12-17 20:34:37 Microsoft Windows XP Professional Service Pack 3 System drive C: has 90 GB (79%) free of 114 GB Total RAM: 1015 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34, on 2008-12-17 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20935) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Yahoo!\Common\YMailAdvisor.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\3\3Connect\Wilog.exe C:\Program Files\3\3Connect\AutoUpdateSrv.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ntvdm.exe C:\Documents and Settings\clare\Desktop\RSIT.exe C:\Program Files\trend micro\clare.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg2.mail.yahoo.com/dc/launch?.rand=adsjkv8mi9ufu R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Registry Fix v3] C:\Program Files\Registry Fix\Registry Fix v3 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [AliceConnect] C:\Program Files\3\3Connect\Wilog.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Global Startup: Update Agent.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.aponeesimz.com O15 - Trusted Zone: http://www.geekstogo.com O15 - Trusted Zone: http://community.webshots.com O15 - Trusted Zone: http://starlightsims.yuku.com O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229465163923&h=8d3d746df64cfe28e4e3be916bdbff84/&filename=jinstall-6u11-windows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{80B44718-F10B-4FB7-AB9E-D2DB28CC3762}: NameServer = 4.2.2.4 4.2.2.3 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 8197 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-16 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-04 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-01 737776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-16 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-16 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-04 2403392] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008-06-05 125208] "YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-16 136600] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-01 155648] "Registry Fix v3"=C:\Program Files\Registry Fix\Registry Fix v3 [] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2003-07-11 4182016] "Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856] "YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856] "igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216] "AliceConnect"=C:\Program Files\3\3Connect\Wilog.exe [2008-07-22 3727360] "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-04 1809648] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Update Agent.lnk - C:\Program Files\3\3Connect\AutoUpdateSrv.exe WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\clare\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-05-30 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableClock"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoMultiIE"=0 "LWA"=0 "LWB"=0 "LWC"=0 "LWD"=0 "LWE"=0 "LWF"=0 "LWG"=0 "LWH"=0 "LWI"=0 "LWJ"=0 "LWK"=0 "LWL"=0 "LWM"=0 "LWN"=0 "LWO"=0 "LWP"=0 "LWQ"=0 "LWR"=0 "LWS"=0 "LWT"=0 "LWU"=0 "LWV"=0 "LWW"=0 "LWX"=0 "LWY"=0 "LWZ"=0 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard" "C:\IEGD\IEGD_9_0_2\jre\bin\javaw.exe"="C:\IEGD\IEGD_9_0_2\jre\bin\javaw.exe:*:Enabled:javaw" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e93c654-1427-11d6-a92b-a52dfaae43eb}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724d87a8-8af9-11dd-a946-8ecb5f42dab6}] shell\AutoRun\command - E:\AutoRun.exe ======List of files/folders created in the last 1 months====== 2008-12-17 15:24:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-17 15:24:44 ----D---- C:\Program Files\SUPERAntiSpyware 2008-12-17 15:24:44 ----D---- C:\Documents and Settings\clare\Application Data\SUPERAntiSpyware.com 2008-12-17 15:24:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-12-17 15:19:59 ----D---- C:\Program Files\hostsprogramme 2008-12-16 22:10:22 ----A---- C:\WINDOWS\system32\javaws.exe 2008-12-16 22:10:22 ----A---- C:\WINDOWS\system32\javaw.exe 2008-12-16 22:10:22 ----A---- C:\WINDOWS\system32\java.exe 2008-12-16 22:10:22 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-12-16 21:46:08 ----SHD---- C:\RECYCLER 2008-12-16 03:22:24 ----D---- C:\WINDOWS\temp 2008-12-16 03:19:42 ----A---- C:\Boot.bak 2008-12-16 03:19:37 ----RASHD---- C:\cmdcons 2008-12-16 03:17:10 ----D---- C:\WINDOWS\ERDNT 2008-12-15 22:05:04 ----D---- C:\Documents and Settings\clare\Application Data\WinRAR 2008-12-15 21:54:25 ----D---- C:\WINDOWS\ERUNT 2008-12-15 21:52:51 ----A---- C:\WINDOWS\ntbtlog.txt 2008-12-15 20:36:05 ----D---- C:\Program Files\trend micro 2008-12-15 20:36:04 ----D---- C:\rsit 2008-12-11 02:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-11 02:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-11 02:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-11 02:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-10 14:07:16 ----HD---- C:\WINDOWS\system32\GroupPolicy 2008-12-10 08:40:01 ----D---- C:\Program Files\lspfix 2008-12-10 06:36:22 ----D---- C:\Program Files\Avira 2008-12-10 06:36:22 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2008-12-10 05:55:10 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7 2008-12-10 05:37:45 ----D---- C:\Documents and Settings\clare\Application Data\Malwarebytes 2008-12-10 05:37:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-10 05:37:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-08 13:08:14 ----D---- C:\Program Files\Registry Fix 2008-12-02 19:19:07 ----D---- C:\Program Files\Acclaim 2008-12-01 11:11:55 ----D---- C:\REBEL2 2008-12-01 11:11:19 ----A---- C:\BOOTDISK.BAT 2008-12-01 10:48:38 ----D---- C:\Program Files\LucasArts 2008-12-01 10:42:18 ----D---- C:\Polaris 2008-11-27 19:46:25 ----D---- C:\Program Files\MilkShape 3D 1.8.2 2008-11-27 19:39:00 ----D---- C:\Program Files\MilkShape.3D.v1.8.2.Incl.Keymaker-EMBRACE 2008-11-24 02:12:26 ----D---- C:\Documents and Settings\clare\Application Data\Opera 2008-11-19 14:09:03 ----D---- C:\Program Files\simenchancer 2008-11-19 03:23:40 ----D---- C:\Program Files\Paint Shop Pro 5 2008-11-19 01:54:29 ----D---- C:\Program Files\pshoppro2 2008-11-18 23:38:59 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems ======List of files/folders modified in the last 1 months====== 2008-12-17 20:34:43 ----D---- C:\WINDOWS\Prefetch 2008-12-17 20:33:58 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2008-12-17 15:38:38 ----RD---- C:\Program Files 2008-12-17 15:26:14 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-17 15:24:47 ----SHD---- C:\WINDOWS\Installer 2008-12-17 15:24:29 ----D---- C:\Program Files\Common Files 2008-12-17 15:10:56 ----D---- C:\WINDOWS\system32\Lang 2008-12-17 15:10:34 ----SHD---- C:\System Volume Information 2008-12-17 15:10:34 ----D---- C:\WINDOWS\system32\Restore 2008-12-17 15:09:04 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-17 15:08:37 ----D---- C:\WINDOWS 2008-12-17 15:08:31 ----D---- C:\WINDOWS\system32 2008-12-17 01:25:27 ----D---- C:\Program Files\MSN Messenger 2008-12-16 22:10:40 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-16 22:10:02 ----D---- C:\Program Files\Java 2008-12-16 21:40:59 ----D---- C:\Program Files\DarkLegions 2008-12-16 03:27:10 ----D---- C:\WINDOWS\system32\drivers 2008-12-16 03:24:31 ----A---- C:\WINDOWS\system.ini 2008-12-16 03:22:46 ----D---- C:\WINDOWS\system32\config 2008-12-16 03:22:03 ----D---- C:\WINDOWS\AppPatch 2008-12-16 03:21:33 ----D---- C:\Program Files\Internet Explorer 2008-12-16 03:19:42 ----RASH---- C:\boot.ini 2008-12-15 22:44:14 ----D---- C:\Program Files\Maxis 2008-12-15 22:43:50 ----A---- C:\WINDOWS\SimPose7.ini 2008-12-15 21:56:08 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-11 12:56:23 ----HD---- C:\WINDOWS\inf 2008-12-11 02:33:22 ----D---- C:\WINDOWS\security 2008-12-11 02:33:03 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-11 02:33:01 ----A---- C:\WINDOWS\imsins.BAK 2008-12-10 14:36:48 ----D---- C:\WINDOWS\Help 2008-12-10 07:10:53 ----D---- C:\Program Files\Fashion Star 2008-12-10 05:55:06 ----D---- C:\WINDOWS\system 2008-12-10 05:54:25 ----SD---- C:\Documents and Settings\clare\Application Data\Microsoft 2008-12-09 23:24:37 ----A---- C:\WINDOWS\system32\MRT.exe 2008-12-09 18:25:43 ----D---- C:\Program Files\Diablo II 2008-12-08 01:17:45 ----RSD---- C:\WINDOWS\Fonts 2008-12-07 17:14:05 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-11-27 19:44:42 ----D---- C:\Documents and Settings\clare\Application Data\MilkShape 3D 1.x.x 2008-11-24 02:12:27 ----A---- C:\WINDOWS\win.ini 2008-11-19 00:06:11 ----D---- C:\Program Files\blueprint 2008-11-18 23:39:16 ----D---- C:\Documents and Settings\clare\Application Data\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 mdvrmng;Mobile IP Route Manager; \??\C:\WINDOWS\system32\drivers\mdvrmng.sys [] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys [] R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-05-30 62336] R2 V7;V7; \??\C:\WINDOWS\system32\Drivers\V7.SYS [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712] R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904] R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-05-30 138752] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 mgau;mgau; C:\WINDOWS\system32\DRIVERS\mgaum.sys [2001-08-17 320384] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB; C:\WINDOWS\system32\DRIVERS\MRVW23B.sys [2006-12-22 231040] S3 s3m;s3m; C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 166720] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-05-30 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-05-30 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-16 152984] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-17 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-19 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF-----------------