Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Funny UST Scandle.avi-Not Deletable [RESOLVED]

Started by uptown hunk , Jan 06 2008 10:58 AM

  • This topic is locked This topic is locked

#1
uptown hunk
Posted 06 January 2008 - 10:58 AM

uptown hunk

    Member

  • Member
  • PipPip
  • 51 posts
Hello folks ;
One searching in this forum i found one resolved issue which resembles my problem but i think in my case its more complex so plzzz help me out.
I have been effected big time by this sypware..i.while browsing all tabs r closed all of a sudden specially while downloading Anti-virus and anti-spyware...Frankly i wasnt able to run the Panda Active scan because each time i tried the the site would close even before loading, the time i managed to install the Activex thing the explorer would hang while it is updating...same is the case when installing anti vurus or anti-spyware either it used to hang the download or skip the set up all of a sudden...Also i have been facing problems in yahoo messenger..The one in which some crap is typed by itself and sent to the person i'm chattin with or sending an offline it even tries to send some file..like the mouse curser goes in the other direction...Also all the time the task manager also minimizes to the tray arter a few seconds
After reading the article on BACK DOOR TROGAN on the home page i finally decide to format my pc..not all the drives but just C...but frankly the was no use..i think i should have formatted all the drives...
Well now my pc is running slow and the webpages r mostly takin a long time to load...What more is that mostly i am unable to use Opera coz it gives a warning that its already being used..So i guess my system is Hacked too
I have done everything u ppl have mentioned to do before posting a hijack this log, but none of the spywares are able to detect and heal the thing. Only AVG shows this funny UST scandle [bleep] which always reappears on deleting but i havet clicked on it yet coz in the name it suggents funny UST scandle.avi but its properties say its an application....
So folks HELP ME ASAP


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:50 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\xmss.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Free\avgvv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: Shell=explorer.exe, xmss.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF4C7533-40BA-4983-858E-F45587E5D311}: NameServer = 10.20.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6151 bytes


ComboFix 08-01-04.1 - Younus 2008-01-06 20:02:39.1 - NTFSx86
Running from: C:\Documents and Settings\Younus\Local Settings\Temporary Internet Files\Content.IE5\CDTX7W9A\ComboFix[1].exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 20:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 19:52 . 2008-01-06 19:52 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-06 19:40 . 2008-01-06 19:40 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Comodo
2008-01-06 19:40 . 2008-01-06 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-06 19:38 . 2008-01-06 19:38 <DIR> d-------- C:\log
2008-01-06 19:38 . 2007-12-08 23:18 232,707 --a------ C:\Funny UST Scandal.avi.exe
2008-01-06 19:35 . 2008-01-06 19:35 <DIR> d-------- C:\Program Files\Comodo
2008-01-06 19:35 . 2008-01-06 00:41 223 --a------ C:\boot.ini.comodofirewall
2008-01-06 18:08 . 2008-01-06 18:08 <DIR> d-------- C:\Program Files\Opera
2008-01-06 17:05 . 2008-01-06 17:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 17:05 . 2008-01-06 17:05 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-06 17:05 . 2008-01-06 17:05 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 17:05 . 2008-01-06 17:05 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-06 15:58 . 2008-01-06 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 15:50 . 2008-01-06 19:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 15:50 . 2008-01-06 15:50 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\SUPERAntiSpyware.com
2008-01-06 15:47 . 2008-01-06 19:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 15:45 . 2008-01-06 15:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 14:26 . 2008-01-06 14:26 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Grisoft
2008-01-06 14:25 . 2007-05-30 17:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-06 13:44 . 2008-01-06 13:44 <DIR> d---s---- C:\Documents and Settings\Younus\UserData
2008-01-06 13:20 . 2008-01-06 13:20 <DIR> d-------- C:\Program Files\DAP
2008-01-06 13:20 . 2008-01-06 13:20 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-01-06 13:20 . 2008-01-06 13:20 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-01-06 13:20 . 2008-01-06 13:20 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-01-06 12:57 . 2008-01-06 12:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 12:05 . 2008-01-06 19:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 10:45 . 2008-01-06 00:30 477 --a------ C:\WINDOWS\win.tmp
2008-01-06 10:45 . 2008-01-06 01:47 439 --a------ C:\WINDOWS\system.tmp
2008-01-06 04:22 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-01-06 04:18 . 2008-01-06 04:18 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-01-06 04:18 . 2008-01-06 04:18 1,024 --a------ C:\.rnd
2008-01-06 04:18 . 2008-01-06 04:18 22 --a------ C:\WINDOWS\FileName
2008-01-06 04:16 . 2008-01-06 04:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-06 04:13 . 2008-01-06 04:13 <DIR> d-------- C:\WINDOWS\Cache
2008-01-06 02:26 . 2008-01-06 02:26 12,187,343 --------- C:\AVG7QT.DAT
2008-01-06 01:47 . 2008-01-06 01:47 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-06 01:42 . 2008-01-06 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-06 01:10 . 2008-01-06 01:12 <DIR> d-------- C:\setups files
2008-01-06 01:07 . 2008-01-06 10:36 <DIR> d-------- C:\Program Files\Google
2008-01-06 01:05 . 2008-01-06 18:07 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\AVG7
2008-01-06 01:05 . 2008-01-06 01:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-06 01:05 . 2008-01-06 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 01:05 . 2008-01-06 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-06 01:05 . 2008-01-06 01:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-06 01:05 . 2008-01-06 01:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-06 01:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-06 01:01 . 2008-01-06 04:07 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 22:51 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-01-05 22:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 19:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-05 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 19:19 --------- d-----w C:\Program Files\Realtek
2008-01-05 19:12 --------- d-----w C:\Program Files\DIFX
2008-01-05 19:10 --------- d-----w C:\Documents and Settings\Younus\Application Data\InstallShield
2008-01-05 19:01 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-08 17:48 232,707 --sha-r C:\xmss.exe
2007-12-08 17:48 232,707 --sha-r C:\WINDOWS\xmss.exe
2007-12-08 17:48 232,707 ----a-w C:\WINDOWS\Funny UST Scandal.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 12:05 7634944]
"nwiz"="nwiz.exe" [2006-10-31 12:05 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 12:05 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:24 16116224 C:\WINDOWS\RTHDCPL.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-06 12:02 411648]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-01-06 13:20 4568576]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55 6731312]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-06 19:35 1115728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-06 12:02 145920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe, xmss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

*Newly Created Service* - CMDAGENT
*Newly Created Service* - CMDMON
*Newly Created Service* - INSPECT
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 20:04:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 20:05:15
ComboFix-quarantined-files.txt 2008-01-06 14:34:47
.
2008-01-06 12:31:07 --- E O F ---
  • 0

Advertisements

#2
uptown hunk
Posted 06 January 2008 - 01:15 PM

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Also that virus got in to my friends external 12GB Hard Disk...plz give instructions on removing that too ASAP....I'm waitin
  • 0

#3
uptown hunk
Posted 07 January 2008 - 11:17 AM

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hello folks...
I'm feeling much better now that i have got rid of that [bleep] funny UST scandle [bleep]...while waiting for ur reply i was still browsing for ways to remove it and finally came across this small n wonderful program specially designed to remove this funny [bleep]:) at <snip>
My sincere advice to others is to directly go to that link and download that 8kb prog (believe me it was able to do the job what even 8mb antivirus/spyware programs were unable to) which takes a fraction of second n simply run it to remove it in seconds..
Anyways my AVG scan still tells me that the few files status is CHANGED
C:\Windows\system32\kernel32.dll
C:\Windows\system32\user32.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\ntoskrnl.exe
C:\Windows\system32\drivers\etc\hosts
But it doesnt detect any threat,jus under the infection column it specifies the above paths.So i posting my hijack this n combo-fix log again for ur advice on how to proceed further...PLZZZZZ reply ASAP


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:30 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\DAP\DAP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: Shell=explorer.exe, xmss.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF4C7533-40BA-4983-858E-F45587E5D311}: NameServer = 10.20.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7060 bytes


ComboFix 08-01-07.5 - Younus 2008-01-07 21:51:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.507 [GMT 5.5:30]
Running from: C:\Documents and Settings\Younus\My Documents\My Completed Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 20:46 . 2008-01-07 21:42 <DIR> d-------- C:\Program Files\DAP
2008-01-07 20:46 . 2008-01-07 20:46 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-01-07 20:46 . 2008-01-07 20:46 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-01-07 20:46 . 2008-01-07 20:46 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-01-07 19:12 . 2008-01-07 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-07 18:15 . 2008-01-07 18:15 <DIR> d-------- C:\log
2008-01-06 20:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 19:40 . 2008-01-06 19:40 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Comodo
2008-01-06 19:40 . 2008-01-06 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-06 19:35 . 2008-01-06 19:35 <DIR> d-------- C:\Program Files\Comodo
2008-01-06 19:35 . 2008-01-06 00:41 223 --a------ C:\boot.ini.comodofirewall
2008-01-06 19:19 . 2007-10-11 05:25 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-06 19:19 . 2007-07-01 09:01 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-06 19:19 . 2007-07-01 09:06 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-06 19:19 . 2007-10-11 05:25 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-06 19:19 . 2007-10-11 05:25 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-06 19:19 . 2007-10-11 05:25 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-06 19:19 . 2007-10-11 05:25 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-06 19:19 . 2007-10-11 05:25 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-06 19:19 . 2007-10-10 16:29 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-06 18:08 . 2008-01-06 18:08 <DIR> d-------- C:\Program Files\Opera
2008-01-06 17:05 . 2008-01-06 17:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 17:05 . 2008-01-07 20:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-06 17:05 . 2008-01-07 20:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 17:05 . 2008-01-07 20:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-06 15:58 . 2008-01-06 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 15:50 . 2008-01-07 20:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 15:50 . 2008-01-06 15:50 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\SUPERAntiSpyware.com
2008-01-06 15:47 . 2008-01-07 01:20 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 15:45 . 2008-01-06 15:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 14:26 . 2008-01-06 14:26 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Grisoft
2008-01-06 14:25 . 2007-05-30 17:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-06 13:44 . 2008-01-06 13:44 <DIR> d--hs---- C:\Documents and Settings\Younus\UserData
2008-01-06 12:57 . 2008-01-06 12:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 12:05 . 2008-01-07 21:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 10:45 . 2008-01-06 00:30 477 --a------ C:\WINDOWS\win.tmp
2008-01-06 10:45 . 2008-01-06 01:47 439 --a------ C:\WINDOWS\system.tmp
2008-01-06 04:22 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-01-06 04:18 . 2008-01-06 04:18 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-01-06 04:18 . 2008-01-06 04:18 1,024 --a------ C:\.rnd
2008-01-06 04:18 . 2008-01-06 04:18 22 --a------ C:\WINDOWS\FileName
2008-01-06 04:16 . 2008-01-06 04:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-06 04:13 . 2008-01-06 04:13 <DIR> d-------- C:\WINDOWS\Cache
2008-01-06 02:26 . 2008-01-06 02:26 12,187,343 --------- C:\AVG7QT.DAT
2008-01-06 01:47 . 2008-01-06 01:47 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-06 01:42 . 2008-01-06 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-06 01:10 . 2008-01-06 01:12 <DIR> d-------- C:\setups files
2008-01-06 01:07 . 2008-01-06 10:36 <DIR> d-------- C:\Program Files\Google
2008-01-06 01:05 . 2008-01-07 21:39 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\AVG7
2008-01-06 01:05 . 2008-01-06 01:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-06 01:05 . 2008-01-06 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 01:05 . 2008-01-06 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-06 01:05 . 2008-01-06 01:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-06 01:05 . 2008-01-06 01:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-06 01:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-06 01:01 . 2008-01-06 04:07 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 22:51 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-01-05 22:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 19:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-05 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 19:19 --------- d-----w C:\Program Files\Realtek
2008-01-05 19:12 --------- d-----w C:\Program Files\DIFX
2008-01-05 19:10 --------- d-----w C:\Documents and Settings\Younus\Application Data\InstallShield
2008-01-05 19:01 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-08 17:48 232,707 ----a-w C:\WINDOWS\Funny UST Scandal.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 12:09 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_20.04.32.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-11-17 17:31:32 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
+ 2004-10-14 05:04:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
+ 2004-10-14 05:06:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
+ 2004-10-14 05:06:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
+ 2004-10-14 05:04:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
+ 2004-10-14 06:04:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll
+ 2004-10-14 06:06:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
+ 2004-10-14 06:06:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll
+ 2004-10-14 06:04:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
+ 2004-10-13 16:21:24 1,694,208 ----a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
+ 2004-10-14 06:04:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
+ 2004-10-14 06:06:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
+ 2004-10-14 06:06:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
+ 2004-10-14 06:04:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
+ 2004-12-07 19:29:19 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
+ 2004-11-30 09:16:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll
+ 2004-11-30 14:52:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
+ 2004-11-30 14:52:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll
+ 2004-11-30 09:16:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
+ 2005-04-22 05:18:52 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll
+ 2005-05-17 00:26:30 17,920 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\xpsp3res.dll
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
+ 2005-03-02 18:19:56 62,464 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll
+ 2005-03-02 01:02:13 2,135,552 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe
+ 2005-03-01 11:06:42 2,056,832 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
+ 2005-03-02 00:36:41 2,015,232 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe
+ 2005-03-02 01:04:22 2,179,456 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
+ 2005-03-02 18:19:56 577,024 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
+ 2005-03-02 01:11:25 1,836,160 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
+ 2005-03-02 18:19:56 291,328 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
+ 2005-02-25 03:53:09 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
+ 2005-02-25 03:53:09 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
+ 2005-02-25 03:53:08 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-25 03:53:09 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
+ 2005-02-25 03:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2004-11-30 09:16:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll
+ 2004-11-30 14:52:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
+ 2004-11-30 14:52:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll
+ 2004-11-30 09:16:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
+ 2005-04-28 19:35:02 1,286,144 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
+ 2005-04-28 19:35:01 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll
+ 2005-04-28 19:35:01 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
+ 2005-04-28 19:35:01 396,288 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
+ 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
+ 2005-05-27 02:08:59 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
+ 2005-05-27 02:08:59 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
+ 2005-05-27 02:08:59 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
+ 2005-05-10 23:51:10 75,776 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
+ 2005-06-10 04:06:01 139,528 ----a-w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
+ 2005-06-29 11:24:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
+ 2006-02-15 00:30:07 142,464 ----a-w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
+ 2005-09-01 01:44:04 19,968 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
+ 2005-09-23 03:18:20 8,452,608 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
+ 2005-09-02 23:53:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
+ 2005-09-01 01:44:05 291,840 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
+ 2005-09-27 00:29:45 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\xpsp3res.dll
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
+ 2005-09-26 12:06:24 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
+ 2005-09-10 01:48:47 2,068,480 ----a-w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
+ 2005-09-09 10:56:26 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
+ 2005-06-29 01:49:55 254,976 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll
+ 2005-06-29 01:49:55 73,728 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
+ 2005-07-26 04:20:23 225,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
+ 2005-07-26 04:20:23 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
+ 2005-07-26 04:20:23 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:20:24 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2005-07-26 04:20:24 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
+ 2005-07-26 04:20:24 195,072 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
+ 2005-07-26 04:20:25 97,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
+ 2005-07-26 04:20:27 1,267,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
+ 2005-07-26 04:20:28 540,160 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
+ 2005-07-26 04:20:28 243,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
+ 2005-07-25 23:42:35 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
+ 2005-07-26 04:20:29 425,472 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
+ 2005-07-26 04:20:31 945,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
+ 2005-07-26 04:20:31 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
+ 2005-07-26 04:20:39 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
+ 2005-07-26 04:20:40 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
+ 2005-07-26 04:20:40 1,285,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
+ 2005-07-26 04:20:40 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
+ 2005-07-26 04:20:40 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
+ 2005-07-26 04:20:40 398,336 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
+ 2005-07-26 04:20:40 101,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
+ 2005-07-26 04:20:40 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
+ 2005-07-25 13:51:18 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
+ 2005-08-22 18:24:55 197,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
+ 2005-02-25 03:35:05 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll
+ 2005-02-25 03:35:05 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe
+ 2005-08-19 23:50:31 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
+ 2005-02-25 03:35:05 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll
+ 2005-02-25 03:35:05 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
+ 2005-02-25 03:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll
+ 2005-08-23 03:39:54 123,392 ----a-w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
+ 2005-02-24 15:05:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
+ 2005-08-22 12:31:30 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
+ 2006-03-17 04:46:31 8,454,656 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
+ 2006-03-17 01:05:35 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
+ 2006-03-22 01:29:43 23,040 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
+ 2006-01-04 04:18:34 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
+ 2006-03-01 19:34:20 426,496 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
+ 2006-03-01 19:34:20 956,416 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll
+ 2006-03-01 19:34:20 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
+ 2006-03-01 19:34:20 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll
+ 2006-03-01 19:34:20 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll
+ 2006-03-01 19:34:20 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll
+ 2006-05-19 13:46:40 112,128 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
+ 2006-05-19 13:46:40 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll
+ 2006-05-19 13:46:40 94,720 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll
+ 2006-03-17 01:08:10 262,656 ----a-w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll
+ 2006-04-20 12:18:35 360,576 ----a-w C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll
+ 2006-11-27 15:17:10 539,136 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
+ 2006-11-27 15:17:10 433,664 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
+ 2006-06-01 19:39:42 163,840 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll
+ 2006-06-01 19:39:42 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll
+ 2006-07-13 11:43:08 202,496 ----a-w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll
+ 2006-07-21 08:26:49 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
+ 2006-06-14 08:50:19 172,416 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys
+ 2006-06-14 08:50:19 6,272 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
+ 2006-06-14 09:17:04 82,944 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll
+ 2006-10-13 12:41:38 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:41:38 142,336 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:41:38 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-08-17 12:37:49 726,528 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
+ 2006-08-17 12:37:49 337,408 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll
+ 2006-08-17 12:37:49 132,096 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
+ 2007-03-08 15:48:36 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
+ 2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
+ 2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
+ 2007-03-08 13:49:49 1,843,968 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
+ 2006-10-19 13:59:58 713,216 ----a-w C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll
+ 2006-10-16 17:14:17 122,880 ----a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
+ 2006-12-19 21:50:10 8,458,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
+ 2006-12-19 21:50:10 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
+ 2006-12-19 16:10:56 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
+ 2007-05-16 15:32:55 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:32:55 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:32:56 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:32:56 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:32:56 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
+ 2007-02-09 11:23:36 574,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
+ 2007-02-05 20:19:14 185,344 ----a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-02-28 09:53:04 2,137,600 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
+ 2007-02-28 09:15:56 2,059,392 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
+ 2007-02-28 09:15:59 2,017,280 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
+ 2007-02-28 09:55:14 2,182,144 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
+ 2007-04-16 16:07:27 986,112 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:22 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-06-26 06:06:12 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-20 10:34:32 1,523,536 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2004-08-03 19:26:50 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-03 19:26:52 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2004-08-03 19:26:42 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-03 19:26:42 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-03 19:26:42 1,016,832 -c--a-w C:\WINDOWS\ie7\browseui.dll
+ 2004-08-03 19:26:42 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2004-08-03 19:26:44 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2004-08-03 19:26:44 201,728 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2004-08-03 19:26:44 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-03 19:26:44 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-03 19:26:52 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-03 19:26:44 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-03 19:26:44 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2001-08-23 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-03 19:26:44 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2004-08-03 19:26:52 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-03 19:26:44 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2004-08-03 19:26:44 249,344 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-03 19:26:44 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-03 19:26:44 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-03 19:26:52 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-03 19:26:44 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2004-08-03 19:26:44 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2004-08-03 19:26:44 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2004-08-03 19:26:44 15,872 -c--a-w C:\WINDO

Edited by uptown hunk, 09 January 2008 - 07:16 AM.

  • 0

#4
don77
Posted 11 January 2008 - 06:54 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello and welcome
sorry for the delay just so you know when you reply to your own topic it makes it look as though someone is helping you,,, also please don't swear on the forums


  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Next
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
uptown hunk
Posted 12 January 2008 - 06:33 AM

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi don77
Firstly thanks alot for the reply..i'll definitely keep in mind not to reply to my own post n sorry for that swearing on the last post..
I ran that flash disinfector with the external HD connected and now i am able to use it like before..!!!! THNX for that.....!!!
Below r the main n extra text logs u wanted me to furnish..Do lemme know if everything is alright..

Deckard's System Scanner v20071014.68
Run by Younus on 2008-01-12 16:40:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-01-12 11:10:55 UTC - RP29 - Deckard's System Scanner Restore Point
28: 2008-01-12 09:12:15 UTC - RP28 - Installed Adobe Reader 6.0.1
27: 2008-01-12 07:02:53 UTC - RP27 - Microsoft OneCare Protection Checkpoint
26: 2008-01-11 16:00:08 UTC - RP26 - Printer Driver Send To Microsoft OneNote Driver Installed
25: 2008-01-11 15:53:24 UTC - RP25 - Installed Microsoft Office Enterprise 2007


-- First Restore Point --
1: 2008-01-07 12:48:11 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Younus.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:49 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\DAP\DAP.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Globe7\Globe7.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Younus\Desktop\dss.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Younus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: OwlForce - {37E1A9E5-00D4-4203-8E58-B91F383A3809} - C:\PROGRA~1\Globe7\Owlforce\Owlforce.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF4C7533-40BA-4983-858E-F45587E5D311}: NameServer = 10.20.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 10267 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080106-131739-118 F2 - REG:system.ini: Shell=explorer.exe, xmss.exe

-- File Associations -----------------------------------------------------------

.reg - exefile - DefaultIcon - %1
.reg - exefile - shell\open\command - "%1" %*
.reg - exefile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-12 16:37:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2007-12-12 and 2008-01-12 -----------------------------

2008-01-12 16:15:45 28672 --a------ C:\WINDOWS\system32\TraceServer.dll <Not Verified; Cisco Systems Inc.; Cisco Systems Inc. TraceServer>
2008-01-12 16:15:45 405504 --a------ C:\WINDOWS\system32\NMF.dll <Not Verified; ; CCNSMT Module>
2008-01-12 16:15:45 0 d-------- C:\Program Files\Iqara Softphone
2008-01-12 16:13:17 0 d-------- C:\Program Files\Globe7
2008-01-12 16:06:06 0 d-------- C:\Program Files\SpeedBit Video Accelerator
2008-01-12 15:59:39 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-01-12 15:59:38 0 d-------- C:\Program Files\DAP
2008-01-12 14:49:24 0 d-------- C:\Program Files\Islamasoft Solutions
2008-01-12 14:47:46 196608 --a------ C:\WINDOWS\system32\Utility.dll <Not Verified; Netsmartz; DocSmartz>
2008-01-12 14:47:44 204848 --a------ C:\WINDOWS\system32\gswin32c.exe
2008-01-12 14:47:39 0 d-------- C:\WINDOWS\system32\gs
2008-01-12 14:47:38 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-12 14:47:38 270336 --a------ C:\WINDOWS\system32\P2sodbc.dll <Not Verified; Seagate Software Information Management Group, Inc.; Seagate Crystal Reports>
2008-01-12 14:47:38 0 d-------- C:\WINDOWS\CRYSTAL
2008-01-12 14:47:29 0 d-------- C:\Program Files\TrialDocSmartz
2008-01-12 14:43:05 0 d-------- C:\Documents and Settings\Younus\Application Data\AdobeUM
2008-01-12 14:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-12 14:38:57 0 d-------- C:\ELECTRONICS-MINHAJ
2008-01-12 14:38:57 2969110 --a------ C:\Copy of eureko's toefl_setup.exe
2008-01-12 13:01:48 0 d-------- C:\Documents and Settings\Younus\Application Data\Nokia Multimedia Player
2008-01-12 12:31:41 0 drahs---- C:\autorun.inf
2008-01-12 11:27:03 0 d-------- C:\Documents and Settings\Younus\Application Data\MSNInstaller
2008-01-11 21:29:03 0 d-------- C:\Program Files\Microsoft Works
2008-01-11 21:28:47 0 d-------- C:\Program Files\MSBuild
2008-01-11 21:27:17 0 d-------- C:\Program Files\Microsoft.NET
2008-01-11 21:25:31 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-11 21:24:25 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-11 21:23:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-11 21:23:25 0 dr-h----- C:\MSOCache
2008-01-11 00:05:36 0 d-------- C:\Documents and Settings\Younus\Application Data\SoundSpectrum
2008-01-11 00:01:40 0 d-------- C:\Program Files\SoundSpectrum
2008-01-10 22:46:57 0 d-------- C:\Documents and Settings\Younus\Application Data\U3
2008-01-10 04:39:54 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-10 04:38:45 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-10 04:38:45 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-10 00:10:55 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-10 00:10:41 0 d-------- C:\Documents and Settings\Younus\Application Data\Nokia
2008-01-10 00:10:23 0 d-------- C:\Program Files\Common Files\PCSuite
2008-01-10 00:10:23 0 d-------- C:\Program Files\Common Files\Nokia
2008-01-10 00:10:13 0 d-------- C:\Documents and Settings\Younus\Application Data\PC Suite
2008-01-10 00:10:08 0 d-------- C:\Program Files\PC Connectivity Solution
2008-01-10 00:09:57 0 d-------- C:\Program Files\Nokia
2008-01-10 00:09:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-09 22:57:47 0 d-------- C:\Documents and Settings\Younus\Application Data\CyberLink
2008-01-09 22:57:46 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-09 20:51:48 0 d-------- C:\Program Files\Windows Live Favorites
2008-01-09 20:16:31 0 d-------- C:\Documents and Settings\Younus\Application Data\Ahead
2008-01-09 20:14:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-09 20:14:30 0 d-------- C:\Program Files\Nero
2008-01-09 20:14:30 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-09 20:13:49 0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-09 20:09:44 0 d-------- C:\MyWorks
2008-01-09 20:08:51 0 d-------- C:\Program Files\CyberLink
2008-01-09 02:23:23 0 d-------- C:\WINDOWS\system32\bits
2008-01-09 00:42:59 0 d-------- C:\WINDOWS\system32\appmgmt
2008-01-09 00:23:16 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-08 20:04:35 0 d-------- C:\Documents and Settings\Younus\Contacts
2008-01-08 19:01:32 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-08 18:55:51 0 d-------- C:\Documents and Settings\Younus\Application Data\Yahoo!
2008-01-08 18:55:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-08 18:37:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-08 18:11:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-01-08 17:57:13 0 d-------- C:\Program Files\Yahoo!
2008-01-08 17:54:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-01-08 17:53:52 0 d-------- C:\Program Files\Windows Live Toolbar
2008-01-08 17:52:25 0 d-------- C:\Program Files\MSN Messenger
2008-01-08 16:52:17 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-07 23:55:49 0 d-------- C:\Documents and Settings\Younus\Application Data\DivX
2008-01-07 23:53:13 0 d-------- C:\Program Files\DivX
2008-01-07 23:26:43 0 d-------- C:\Program Files\uTorrent
2008-01-07 23:26:38 0 d-------- C:\Documents and Settings\Younus\Application Data\uTorrent
2008-01-07 23:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-07 23:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-07 22:57:08 0 d-------- C:\Program Files\Common Files\Real
2008-01-07 22:57:05 0 d-------- C:\Program Files\Real
2008-01-07 22:56:29 0 d-------- C:\Documents and Settings\Younus\Application Data\Real
2008-01-07 19:12:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-07 19:11:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-07 19:11:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-07 19:11:45 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-07 19:11:45 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-07 19:11:45 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-07 19:11:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-07 19:11:45 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-07 19:11:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-07 19:11:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-07 18:15:46 0 d-------- C:\log
2008-01-07 16:10:12 0 d-------- C:\cfedaf652a3a837f5b1163540aaaca49
2008-01-06 22:42:54 0 d-------- C:\WINDOWS\network diagnostic
2008-01-06 19:40:10 0 d-------- C:\Documents and Settings\Younus\Application Data\Comodo
2008-01-06 19:40:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-06 19:35:39 0 d-------- C:\Program Files\Comodo
2008-01-06 18:21:51 0 d-------- C:\Documents and Settings\Younus\Application Data\Adobe
2008-01-06 18:08:29 0 d-------- C:\Documents and Settings\Younus\Application Data\Opera
2008-01-06 18:08:19 0 d-------- C:\Program Files\Opera
2008-01-06 17:05:41 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 15:58:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 15:50:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 15:50:30 0 d-------- C:\Documents and Settings\Younus\Application Data\SUPERAntiSpyware.com
2008-01-06 15:47:33 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-06 15:47:26 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 13:44:48 0 d--hs---- C:\Documents and Settings\Younus\UserData
2008-01-06 12:57:02 0 d-------- C:\Program Files\Trend Micro
2008-01-06 12:05:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 10:36:44 0 d-------- C:\Documents and Settings\Younus\Application Data\Google
2008-01-06 05:52:03 0 d--hs---- C:\WINDOWS\Installer
2008-01-06 05:52:02 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-06 05:51:58 0 dr------- C:\Program Files
2008-01-06 05:51:58 0 d-------- C:\Program Files\Common Files
2008-01-06 05:51:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-06 05:51:28 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-06 05:51:28 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-06 05:51:28 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-01-06 05:51:28 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-06 05:51:28 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-06 05:51:28 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-01-06 05:49:37 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-06 05:49:37 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-06 05:49:32 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-06 05:49:32 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-06 05:49:31 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-06 05:49:31 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-06 05:49:11 0 d--hs---- C:\System Volume Information
2008-01-06 05:49:11 0 d-------- C:\Documents and Settings
2008-01-06 05:42:51 0 d-------- C:\WINDOWS
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\WinSxS
2008-01-06 05:42:51 0 dr------- C:\WINDOWS\Web
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\twain_32
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\wins
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\wbem
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\usmt
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\spool
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\Setup
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\ras
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\oobe
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\npp
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\mui
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\IME
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\ias
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\export
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\drivers
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-06 05:42:51 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\config
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\3076
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\2052
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1054
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1042
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1041
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1037
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1033
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1031
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1028
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1025
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\security
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Resources
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\repair
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Provisioning
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\PeerNet
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\pchealth
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\mui
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\msapps
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\msagent
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Media
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\java
2008-01-06 05:42:51 0 d--h----- C:\WINDOWS\inf
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\ime
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Help
2008-01-06 05:42:51 0 dr--s---- C:\WINDOWS\Fonts
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\ehome
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Driver Cache
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Debug
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Cursors
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Config
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\AppPatch
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\addins
2008-01-06 04:22:11 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-01-06 04:18:19 22 --a------ C:\WINDOWS\FileName
2008-01-06 04:18:12 0 d-------- C:\Program Files\NVIDIA Corporation
2008-01-06 04:16:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-06 04:13:27 0 d-------- C:\WINDOWS\Cache
2008-01-06 02:26:49 12187343 -----n--- C:\AVG7QT.DAT
2008-01-06 01:47:03 0 d--h----- C:\WINDOWS\PIF
2008-01-06 01:42:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-06 01:10:29 0 d-------- C:\setups files
2008-01-06 01:07:20 0 d-------- C:\Documents and Settings\Younus\Application Data\Macromedia
2008-01-06 01:07:16 0 d-------- C:\Program Files\Google
2008-01-06 01:05:22 0 d-------- C:\Documents and Settings\Younus\Application Data\AVG7
2008-01-06 01:05:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-06 01:05:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 01:05:05 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-06 01:01:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-06 00:59:29 0 d-------- C:\WINDOWS\system32\Lang
2008-01-06 00:54:56 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-06 00:49:49 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-01-06 00:49:31 0 d-------- C:\Program Files\Realtek
2008-01-06 00:49:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-06 00:49:25 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-06 00:49:25 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-01-06 00:46:08 0 d-------- C:\WINDOWS\system32\RTCOM
2008-01-06 00:42:15 0 d-------- C:\Program Files\DIFX
2008-01-06 00:42:13 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-06 00:41:02 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-06 00:40:51 1732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-01-06 00:40:40 0 d-------- C:\Documents and Settings\Younus\Application Data\InstallShield
2008-01-06 00:39:16 0 d-------- C:\WINDOWS\nview
2008-01-06 00:38:47 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-06 00:35:18 0 d-------- C:\Documents and Settings\Younus\Application Data\Identities
2008-01-06 00:34:58 0 d--h----- C:\Documents and Settings\Younus\Templates
2008-01-06 00:34:58 0 dr------- C:\Documents and Settings\Younus\Start Menu
2008-01-06 00:34:58 0 dr-h----- C:\Documents and Settings\Younus\SendTo
2008-01-06 00:34:58 0 dr-h----- C:\Documents and Settings\Younus\Recent
2008-01-06 00:34:58 0 d--h----- C:\Documents and Settings\Younus\PrintHood
2008-01-06 00:34:58 3145728 --ah----- C:\Documents and Settings\Younus\NTUSER.DAT
2008-01-06 00:34:58 0 d--h----- C:\Documents and Settings\Younus\NetHood
2008-01-06 00:34:58 0 dr------- C:\Documents and Settings\Younus\My Documents
2008-01-06 00:34:58 0 d--h----- C:\Documents and Settings\Younus\Local Settings
2008-01-06 00:34:58 0 dr------- C:\Documents and Settings\Younus\Favorites
2008-01-06 00:34:58 0 d-------- C:\Documents and Settings\Younus\Desktop
2008-01-06 00:34:58 0 d--hs---- C:\Documents and Settings\Younus\Cookies
2008-01-06 00:34:58 0 dr-h----- C:\Documents and Settings\Younus\Application Data
2008-01-06 00:34:28 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-06 00:34:26 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-06 00:34:26 0 d-------- C:\WINDOWS\Prefetch
2008-01-06 00:34:25 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-06 00:34:25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-06 00:34:25 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-01-06 00:34:25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-06 00:34:25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-06 00:34:09 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-06 00:34:09 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-06 00:34:09 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-01-06 00:34:09 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-06 00:34:09 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-06 00:31:03 0 d-------- C:\WINDOWS\system32\xircom
2008-01-06 00:31:03 0 d-------- C:\Program Files\microsoft frontpage
2008-01-06 00:30:53 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-01-06 00:30:45 0 -rahs---- C:\MSDOS.SYS
2008-01-06 00:30:45 0 -rahs---- C:\IO.SYS
2008-01-06 00:30:45 0 --a------ C:\CONFIG.SYS
2008-01-06 00:30:45 0 --a------ C:\AUTOEXEC.BAT
2008-01-06 00:30:00 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-06 00:29:52 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-06 00:29:52 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-06 00:29:43 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-06 00:29:21 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-06 00:28:34 0 d---s---- C:\WINDOWS\Tasks
2008-01-06 00:28:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-06 00:28:29 0 d-------- C:\WINDOWS\srchasst
2008-01-06 00:28:28 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-06 00:28:17 0 d-------- C:\Program Files\Movie Maker
2008-01-06 00:28:04 0 d-------- C:\WINDOWS\system32\Restore
2008-01-06 00:27:30 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-06 00:27:19 0 d-------- C:\WINDOWS\Registration
2008-01-06 00:27:15 0 d-------- C:\Program Files\Online Services
2008-01-06 00:27:10 0 d-------- C:\Program Files\Messenger
2008-01-06 00:27:06 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-06 00:26:13 0 d-------- C:\Program Files\Windows NT
2008-01-06 00:26:09 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-06 00:26:07 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-01-10 00:25:53 684 --a------ C:\Documents and Settings\Younus\Application Data\NMM-MetaData.db
2008-01-06 05:51:28 62 --ahs---- C:\Documents and Settings\Younus\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37E1A9E5-00D4-4203-8E58-B91F383A3809}]
01/08/2007 05:01 PM 192512 --a------ C:\PROGRA~1\Globe7\Owlforce\Owlforce.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/31/2006 12:05 PM]
"nwiz"="nwiz.exe" [10/31/2006 12:05 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/31/2006 12:05 PM]
"SkyTel"="SkyTel.EXE" [05/16/2006 03:34 PM C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [01/30/2007 04:24 PM C:\WINDOWS\RTHDCPL.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/08/2008 04:51 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [12/11/2007 09:42 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [01/12/2008 03:59 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/08/2008 06:11 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [12/10/2007 10:12 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Younus\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{164a3fc2-bd33-11dc-8f58-001a4d7eb4cd}]
Auto\command- sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94de8dfd-bf9d-11dc-8f65-001a4d7eb4cd}]
AutoRun\command- H:\LaunchU3.exe -a

*Newly Created Service* - OSE
*Newly Created Service* - SBBOTDI
*Newly Created Service* - VIDEOACCELERATORSERVICE



-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com


-- End of Deckard's System Scanner: finished at 2008-01-12 16:42:50 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4000+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 959.48 MiB / 425.25 MiB
Pagefile Memory (total/avail): 2315.34 MiB / 1811.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.99 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 51.39 GiB total, 41.45 GiB free.
D: is Fixed (NTFS) - 32.23 GiB total, 7.16 GiB free.
E: is Fixed (NTFS) - 33.2 GiB total, 7.72 GiB free.
F: is Fixed (NTFS) - 32.23 GiB total, 1.6 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160215AS - 149.05 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 51.39 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 97.65 GiB - D: - E: - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Younus\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-0B14FB44B2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Younus
LOGONSERVER=\\HOME-0B14FB44B2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\system32\gs\gs8.13\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Younus\LOCALS~1\Temp
TMP=C:\DOCUME~1\Younus\LOCALS~1\Temp
USERDOMAIN=HOME-0B14FB44B2
USERNAME=Younus
USERPROFILE=C:\Documents and Settings\Younus
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Younus (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
Globe7 --> C:\Program Files\Globe7\Uninstal.exe
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTOneCare --> MsiExec.exe /X{EE7C954E-2356-491D-9188-D1852ADF41FE}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Iqara Softphone Ver 2.1.0.103 --> C:\PROGRA~1\IQARAS~1\UNWISE.EXE C:\PROGRA~1\IQARAS~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Protection Service --> MsiExec.exe /I{62514E51-0E57-41B8-968C-43BB55694CC6}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.0.2500.14 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{CB8410EA-A3D5-47F2-8653-D4EEA4BF8D4C}
Microsoft Windows OneCare Live v2.0.2500.14 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.14 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nero 7 Essentials --> MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1033}
Next Generation Visualisations --> MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_eng_web.exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
Opera 9.24 --> MsiExec.exe /X{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SpeedBit Video Accelerator --> C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
The Hadith Software Ver

Edited by uptown hunk, 12 January 2008 - 11:51 AM.

  • 0

#6
don77
Posted 12 January 2008 - 08:45 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Copy the contents of the Quote Box below to Notepad.
Name the file as fix.reg
Change the Save as Type to All Files
and Save it on the desktop


REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{164a3fc2-bd33-11dc-8f58-001a4d7eb4cd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94de8dfd-bf9d-11dc-8f65-001a4d7eb4cd}]


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Then double-click on the fix.reg file, and when it prompts to merge say yes,


search for sal.xls.exe once you find the location note it down
reboot to safe mode and delete it please

after you reboot to normal mode rescan with DSS and post back the log please
  • 0

#7
uptown hunk
Posted 13 January 2008 - 01:37 AM

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi don77,
i did jus as u said but when i double click on the fix.reg file on my desktop it gives a warning that "C:\Documents and Settings\Younus\Desktop\fix.reg is not a vid Win32 aplication"
What next..????
One more thing i wanna tell u is that i'm not able to use internet explorer most of the time like the window closes by itself as soon as i double click it...Opera works better in the sense that wen internet explore wont open at all this will open but any site wont...Although the icon on the bottom tray always shows Local Area Connection status:connected so i believe its not problem with the connection..I guess someone is still tryin to hack into my system..Do tell me what am i to do nxt as that fix.reg file wont open n the only prompt i get is that itsnt a valid win32 applicaton i said above.
HEY DON77 I GOT BRAKING NEWS;
i'm updating my post right now to furnish u info u could use, like it was particularly shocking to me, i was able to run the panda online scan for the first time (it really took a painfully lot of time) n i was kind of shocked to see the results..i'm pasting the results below



Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Younus\LOCALS~1\Temp\nircmd.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles\6ddu5t6i.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles\6ddu5t6i.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Younus\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Younus\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Younus\Desktop\Flash_Disinfector.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Younus\My Documents\My Completed Downloads\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Younus\My Documents\My Completed Downloads\ComboFix.exe[nircmd.cfexe]
Adware:Adware/ActiveSearch Not disinfected C:\setups files\BearShareV6.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe





Ofcourse in the report combofix.exe n flash disinfector which are given as potentially harmful tool may be a false alarm but plz do have a look at the others. Also i have tried to fun that fix.reg file but i kkep gettin the same msg as i mentined above..Also my system has become incredibly slow of late, i am using windows live one care, but the scans do not reveal anything harmful...pages r takin a lot of time to load...Downloads r gettin stuck n another problem i started experiencing from today is thatt all of a sudden the cursor of my mouse startys blinking like mad making it difficult to navigate on the page etc etc..Do get back ASAP on the future course of action...

Edited by uptown hunk, 13 January 2008 - 10:48 AM.

  • 0

#8
don77
Posted 13 January 2008 - 06:24 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
could you rescan with DSS please and post the log back for me

aside from the false positives active scan is finding cookies
  • 0

#9
uptown hunk
Posted 14 January 2008 - 02:40 AM

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi don77,
here is the DSS log u asked for..btw u didnt elaborate on why i wasnt able to run that fix.reg file..

Deckard's System Scanner v20071014.68
Run by Younus on 2008-01-14 14:01:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Younus.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:47 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Younus\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Younus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: OwlForce - {37E1A9E5-00D4-4203-8E58-B91F383A3809} - C:\PROGRA~1\Globe7\Owlforce\Owlforce.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF4C7533-40BA-4983-858E-F45587E5D311}: NameServer = 10.20.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 9456 bytes

-- Files created between 2007-12-14 and 2008-01-14 -----------------------------

2008-01-14 02:44:55 0 d-------- C:\Documents and Settings\Younus\Application Data\Uniblue
2008-01-14 02:44:46 0 d-------- C:\Program Files\Uniblue
2008-01-12 20:16:21 0 d-------- C:\Documents and Settings\Younus\Application Data\Help
2008-01-12 19:30:36 0 d-------- C:\Program Files\Ares
2008-01-12 19:09:13 0 d-------- C:\Documents and Settings\Younus\Application Data\Talkback
2008-01-12 19:08:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-12 19:08:33 0 d-------- C:\Documents and Settings\Younus\Application Data\Mozilla
2008-01-12 16:15:45 28672 --a------ C:\WINDOWS\system32\TraceServer.dll <Not Verified; Cisco Systems Inc.; Cisco Systems Inc. TraceServer>
2008-01-12 16:15:45 405504 --a------ C:\WINDOWS\system32\NMF.dll <Not Verified; ; CCNSMT Module>
2008-01-12 16:15:45 0 d-------- C:\Program Files\Iqara Softphone
2008-01-12 16:13:17 0 d-------- C:\Program Files\Globe7
2008-01-12 16:06:06 0 d-------- C:\Program Files\SpeedBit Video Accelerator
2008-01-12 15:59:39 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-01-12 15:59:38 0 d-------- C:\Program Files\DAP
2008-01-12 14:49:24 0 d-------- C:\Program Files\Islamasoft Solutions
2008-01-12 14:47:46 196608 --a------ C:\WINDOWS\system32\Utility.dll <Not Verified; Netsmartz; DocSmartz>
2008-01-12 14:47:44 204848 --a------ C:\WINDOWS\system32\gswin32c.exe
2008-01-12 14:47:39 0 d-------- C:\WINDOWS\system32\gs
2008-01-12 14:47:38 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-12 14:47:38 270336 --a------ C:\WINDOWS\system32\P2sodbc.dll <Not Verified; Seagate Software Information Management Group, Inc.; Seagate Crystal Reports>
2008-01-12 14:47:38 0 d-------- C:\WINDOWS\CRYSTAL
2008-01-12 14:47:29 0 d-------- C:\Program Files\TrialDocSmartz
2008-01-12 14:43:05 0 d-------- C:\Documents and Settings\Younus\Application Data\AdobeUM
2008-01-12 14:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-12 14:38:57 0 d-------- C:\ELECTRONICS-MINHAJ
2008-01-12 14:38:57 2969110 --a------ C:\Copy of eureko's toefl_setup.exe
2008-01-12 13:01:48 0 d-------- C:\Documents and Settings\Younus\Application Data\Nokia Multimedia Player
2008-01-12 12:31:41 0 drahs---- C:\autorun.inf
2008-01-12 11:27:03 0 d-------- C:\Documents and Settings\Younus\Application Data\MSNInstaller
2008-01-11 21:29:03 0 d-------- C:\Program Files\Microsoft Works
2008-01-11 21:28:47 0 d-------- C:\Program Files\MSBuild
2008-01-11 21:27:17 0 d-------- C:\Program Files\Microsoft.NET
2008-01-11 21:25:31 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-11 21:24:25 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-11 21:23:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-11 21:23:25 0 dr-h----- C:\MSOCache
2008-01-11 00:05:36 0 d-------- C:\Documents and Settings\Younus\Application Data\SoundSpectrum
2008-01-11 00:01:40 0 d-------- C:\Program Files\SoundSpectrum
2008-01-10 22:46:57 0 d-------- C:\Documents and Settings\Younus\Application Data\U3
2008-01-10 04:39:54 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-10 04:38:45 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-10 04:38:45 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-10 00:10:55 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-10 00:10:41 0 d-------- C:\Documents and Settings\Younus\Application Data\Nokia
2008-01-10 00:10:23 0 d-------- C:\Program Files\Common Files\PCSuite
2008-01-10 00:10:23 0 d-------- C:\Program Files\Common Files\Nokia
2008-01-10 00:10:13 0 d-------- C:\Documents and Settings\Younus\Application Data\PC Suite
2008-01-10 00:10:08 0 d-------- C:\Program Files\PC Connectivity Solution
2008-01-10 00:09:57 0 d-------- C:\Program Files\Nokia
2008-01-10 00:09:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-09 22:57:47 0 d-------- C:\Documents and Settings\Younus\Application Data\CyberLink
2008-01-09 22:57:46 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-09 20:51:48 0 d-------- C:\Program Files\Windows Live Favorites
2008-01-09 20:16:31 0 d-------- C:\Documents and Settings\Younus\Application Data\Ahead
2008-01-09 20:14:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-09 20:14:30 0 d-------- C:\Program Files\Nero
2008-01-09 20:14:30 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-09 20:13:49 0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-09 20:09:44 0 d-------- C:\MyWorks
2008-01-09 20:08:51 0 d-------- C:\Program Files\CyberLink
2008-01-09 02:23:23 0 d-------- C:\WINDOWS\system32\bits
2008-01-09 00:42:59 0 d-------- C:\WINDOWS\system32\appmgmt
2008-01-09 00:23:16 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-08 20:04:35 0 d-------- C:\Documents and Settings\Younus\Contacts
2008-01-08 19:01:32 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-08 18:55:51 0 d-------- C:\Documents and Settings\Younus\Application Data\Yahoo!
2008-01-08 18:55:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-08 18:37:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-08 18:11:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-01-08 17:57:13 0 d-------- C:\Program Files\Yahoo!
2008-01-08 17:54:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-01-08 17:53:52 0 d-------- C:\Program Files\Windows Live Toolbar
2008-01-08 17:52:25 0 d-------- C:\Program Files\MSN Messenger
2008-01-08 16:52:17 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-07 23:55:49 0 d-------- C:\Documents and Settings\Younus\Application Data\DivX
2008-01-07 23:53:13 0 d-------- C:\Program Files\DivX
2008-01-07 23:26:43 0 d-------- C:\Program Files\uTorrent
2008-01-07 23:26:38 0 d-------- C:\Documents and Settings\Younus\Application Data\uTorrent
2008-01-07 23:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-07 23:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-07 22:57:08 0 d-------- C:\Program Files\Common Files\Real
2008-01-07 22:57:05 0 d-------- C:\Program Files\Real
2008-01-07 22:56:29 0 d-------- C:\Documents and Settings\Younus\Application Data\Real
2008-01-07 19:12:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-07 19:11:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-07 19:11:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-07 19:11:45 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-07 19:11:45 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-07 19:11:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-07 19:11:45 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-07 19:11:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-07 19:11:45 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-07 19:11:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-07 19:11:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-07 18:15:46 0 d-------- C:\log
2008-01-07 16:10:12 0 d-------- C:\cfedaf652a3a837f5b1163540aaaca49
2008-01-06 22:42:54 0 d-------- C:\WINDOWS\network diagnostic
2008-01-06 19:40:10 0 d-------- C:\Documents and Settings\Younus\Application Data\Comodo
2008-01-06 19:40:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-01-06 19:35:39 0 d-------- C:\Program Files\Comodo
2008-01-06 18:21:51 0 d-------- C:\Documents and Settings\Younus\Application Data\Adobe
2008-01-06 18:08:29 0 d-------- C:\Documents and Settings\Younus\Application Data\Opera
2008-01-06 18:08:19 0 d-------- C:\Program Files\Opera
2008-01-06 17:05:41 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 15:58:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 15:50:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 15:50:30 0 d-------- C:\Documents and Settings\Younus\Application Data\SUPERAntiSpyware.com
2008-01-06 15:47:33 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-06 15:47:26 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 13:44:48 0 d--hs---- C:\Documents and Settings\Younus\UserData
2008-01-06 12:57:02 0 d-------- C:\Program Files\Trend Micro
2008-01-06 12:05:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 10:36:44 0 d-------- C:\Documents and Settings\Younus\Application Data\Google
2008-01-06 05:52:03 0 d--hs---- C:\WINDOWS\Installer
2008-01-06 05:52:02 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-06 05:51:58 0 dr------- C:\Program Files
2008-01-06 05:51:58 0 d-------- C:\Program Files\Common Files
2008-01-06 05:51:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-06 05:51:28 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-06 05:51:28 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-06 05:51:28 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-01-06 05:51:28 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-06 05:51:28 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-06 05:51:28 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-06 05:51:28 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-06 05:51:28 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-01-06 05:49:37 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-06 05:49:37 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-06 05:49:32 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-06 05:49:32 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-06 05:49:31 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-06 05:49:31 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-06 05:49:11 0 d--hs---- C:\System Volume Information
2008-01-06 05:49:11 0 d-------- C:\Documents and Settings
2008-01-06 05:42:51 0 d-------- C:\WINDOWS
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\WinSxS
2008-01-06 05:42:51 0 dr------- C:\WINDOWS\Web
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\twain_32
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\wins
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\wbem
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\usmt
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\spool
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\Setup
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\ras
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\oobe
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\npp
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\mui
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\IME
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\ias
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\export
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\drivers
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-06 05:42:51 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\config
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\3076
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\2052
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1054
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1042
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1041
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1037
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1033
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1031
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1028
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system32\1025
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\system
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\security
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Resources
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\repair
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Provisioning
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\PeerNet
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\pchealth
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\mui
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\msapps
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\msagent
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Media
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\java
2008-01-06 05:42:51 0 d--h----- C:\WINDOWS\inf
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\ime
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Help
2008-01-06 05:42:51 0 dr--s---- C:\WINDOWS\Fonts
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\ehome
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Driver Cache
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Debug
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Cursors
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\Config
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\AppPatch
2008-01-06 05:42:51 0 d-------- C:\WINDOWS\addins
2008-01-06 04:22:11 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-01-06 04:18:19 22 --a------ C:\WINDOWS\FileName
2008-01-06 04:18:12 0 d-------- C:\Program Files\NVIDIA Corporation
2008-01-06 04:16:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-06 04:13:27 0 d-------- C:\WINDOWS\Cache
2008-01-06 02:26:49 12187343 -----n--- C:\AVG7QT.DAT
2008-01-06 01:47:03 0 d--h----- C:\WINDOWS\PIF
2008-01-06 01:42:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-06 01:10:29 0 d-------- C:\setups files
2008-01-06 01:07:20 0 d-------- C:\Documents and Settings\Younus\Application Data\Macromedia
2008-01-06 01:07:16 0 d-------- C:\Program Files\Google
2008-01-06 01:05:22 0 d-------- C:\Documents and Settings\Younus\Application Data\AVG7
2008-01-06 01:05:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-06 01:05:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 01:05:05 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-06 01:01:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-06 00:59:29 0 d-------- C:\WINDOWS\system32\Lang
2008-01-06 00:54:56 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-06 00:49:49 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-01-06 00:49:31 0 d-------- C:\Program Files\Realtek
2008-01-06 00:49:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-06 00:49:25 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-06 00:49:25 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-01-06 00:46:08 0 d-------- C:\WINDOWS\system32\RTCOM
2008-01-06 00:42:15 0 d-------- C:\Program Files\DIFX
2008-01-06 00:42:13 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-06 00:41:02 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-06 00:40:51 1732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-01-06 00:40:40 0 d-------- C:\Documents and Settings\Younus\Application Data\InstallShield
2008-01-06 00:39:16 0 d-------- C:\WINDOWS\nview
2008-01-06 00:38:47 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-06 00:35:18 0 d-------- C:\Documents and Settings\Younus\Application Data\Identities
2008-01-06 00:34:58 0 d--h----- C:\Documents and Settings\Younus\Templates
2008-01-06 00:34:58 0 dr------- C:\Documents and Settings\Younus\Start Menu
2008-01-06 00:34:58 0 dr-h----- C:\Documents and Settings\Younus\SendTo
2008-01-06 00:34:58 0 dr-h----- C:\Documents and Settings\Younus\Recent
2008-01-06 00:34:58 0 d--h----- C:\Documents and Settings\Younus\PrintHood
2008-01-06 00:34:58 3407872 --ah----- C:\Documents and Settings\Younus\NTUSER.DAT
2008-01-06 00:34:58 0 d--h----- C:\Documents and Settings\Younus\NetHood
2008-01-06 00:34:58 0 dr------- C:\Documents and Settings\Younus\My Documents
2008-01-06 00:34:58 0 d--h----- C:\Documents and Settings\Younus\Local Settings
2008-01-06 00:34:58 0 dr------- C:\Documents and Settings\Younus\Favorites
2008-01-06 00:34:58 0 d-------- C:\Documents and Settings\Younus\Desktop
2008-01-06 00:34:58 0 d--hs---- C:\Documents and Settings\Younus\Cookies
2008-01-06 00:34:58 0 dr-h----- C:\Documents and Settings\Younus\Application Data
2008-01-06 00:34:28 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-06 00:34:26 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-06 00:34:26 0 d-------- C:\WINDOWS\Prefetch
2008-01-06 00:34:25 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-06 00:34:25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-06 00:34:25 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-01-06 00:34:25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-06 00:34:25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-06 00:34:09 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-06 00:34:09 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-06 00:34:09 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-01-06 00:34:09 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-06 00:34:09 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-06 00:31:03 0 d-------- C:\WINDOWS\system32\xircom
2008-01-06 00:31:03 0 d-------- C:\Program Files\microsoft frontpage
2008-01-06 00:30:53 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-01-06 00:30:45 0 -rahs---- C:\MSDOS.SYS
2008-01-06 00:30:45 0 -rahs---- C:\IO.SYS
2008-01-06 00:30:45 0 --a------ C:\CONFIG.SYS
2008-01-06 00:30:45 0 --a------ C:\AUTOEXEC.BAT
2008-01-06 00:30:00 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-06 00:29:52 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-06 00:29:52 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-06 00:29:43 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-06 00:29:21 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-06 00:28:34 0 d---s---- C:\WINDOWS\Tasks
2008-01-06 00:28:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-06 00:28:29 0 d-------- C:\WINDOWS\srchasst
2008-01-06 00:28:28 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-06 00:28:17 0 d-------- C:\Program Files\Movie Maker
2008-01-06 00:28:04 0 d-------- C:\WINDOWS\system32\Restore
2008-01-06 00:27:30 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-06 00:27:19 0 d-------- C:\WINDOWS\Registration
2008-01-06 00:27:15 0 d-------- C:\Program Files\Online Services
2008-01-06 00:27:10 0 d-------- C:\Program Files\Messenger
2008-01-06 00:27:06 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-06 00:26:13 0 d-------- C:\Program Files\Windows NT
2008-01-06 00:26:09 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-06 00:26:07 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-01-10 00:25:53 684 --a------ C:\Documents and Settings\Younus\Application Data\NMM-MetaData.db
2008-01-06 05:51:28 62 --ahs---- C:\Documents and Settings\Younus\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37E1A9E5-00D4-4203-8E58-B91F383A3809}]
01/08/2007 05:01 PM 192512 --a------ C:\PROGRA~1\Globe7\Owlforce\Owlforce.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/31/2006 12:05 PM]
"nwiz"="nwiz.exe" [10/31/2006 12:05 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/31/2006 12:05 PM]
"SkyTel"="SkyTel.EXE" [05/16/2006 03:34 PM C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [01/30/2007 04:24 PM C:\WINDOWS\RTHDCPL.exe]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [12/11/2007 09:42 AM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [01/12/2008 03:59 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"ares"="C:\Program Files\Ares\Ares.exe" [05/04/2007 06:02 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [12/05/2007 03:51 PM]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [12/10/2007 10:12 AM]

C:\Documents and Settings\Younus\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{164a3fc2-bd33-11dc-8f58-001a4d7eb4cd}]
Auto\command- sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94de8dfd-bf9d-11dc-8f65-001a4d7eb4cd}]
AutoRun\command- H:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-01-14 14:02:59 ------------
Hey don77 wheres ur reply...?? first thing in the morning i got u thinking abt ur reply..neys hope ur fine...

Edited by uptown hunk, 14 January 2008 - 09:31 PM.

  • 0

#10
don77
Posted 15 January 2008 - 10:10 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Are you certain you copied the reg fix I posted exactly the same ?
and were you able to find this file sal.xls.exe
  • 0

Advertisements

#11
uptown hunk
Posted 15 January 2008 - 02:01 PM

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi don77,
I sure did copy paste exactly the same thing ugave in the quote box..notonce i tried atleast a dozen times..but the same warning that its not a valid win32 application..Also in the start menu search, i searched for that sal.xls.exe file in all drives but it gave no results n said "search is complete. There r no results to display".
BTW i downloaded Ad-Aware 2007 n after compltely updating i did a scan which found infected all the time ( i did the scan THRICE). ofcourse at different intervals..Below is the scan result..jus in case u want to have a look..Plz do give further instructins..I'll be more than happy to oblige..

Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2008-01-1600:55:54
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:HOME-0B14FB44B2
Name of user performing scan:SYSTEM
Name of user ordering scan:Younus
Scan completed successfully

System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:2
Processor type:AMD Athlon™ 64 X2 Dual Core Processor 4000+
Memory Available:45%
Total Physical Memory:1006088192 Bytes
Available Physical Memory:442990592 Bytes
Total Page File Size:2427740160 Bytes
Available On Page File:1923887104 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1931075584 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7,0,2,6
aawservice.exe 7,0,2,6
Ad-Aware2007.exe 7.0.2.6
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Unload Browsers while scanning
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Delete Restored Items
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
Consider definitions File Outdated after x days
Proxy URL
Proxy Port
[to top]
Database Info
Version number:44
Build Number:0
Build Date and Time:2008/01/1414:52:58
[to top]
Scan Statistics
Method:Smart

Items Scanned:183256
Infections Detected:34
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 5 5
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 26 26
File Hash Scan 0 0
[to top]
Infections Found
Family Id Name Category TAI
633 Toolbar.Softo DataMiner 9
[300013737] Root: HKCR Path: typelib\{b36cb30a-6ed9-4c62-9a8a-7de9fa234608}
[300013780] Root: HKCR Path: clsid\{12f02779-6d88-4958-8ad3-83c12d86adc7}
[300013879] Root: HKU Path: S-1-5-21-1229272821-1788223648-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7}
[300013954] Root: HKLM Path: software\microsoft\internet explorer\toolbar Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7}
[300013986] Root: HKLM Path: software\classes\clsid\{12f02779-6d88-4958-8ad3-83c12d86adc7}

725 Tracking Cookie DataMiner 3
[600000112] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat live365.com SaneID /
[600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat atdmt.com AA002 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com vuday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com ih /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com crfb /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com bh /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com fl_inst /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat adbrite.com Apache /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat adbrite.com fq /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat adbrite.com b /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_403351 /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_408938 /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_403363 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com uid /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com fl_inst /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com ih /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com vuday1 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com liday1 /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt msnaccountservices.112.2o7.net s_vi /
[600000447] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt apmebf.com S /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt msnportal.112.2o7.net s_vi /
[600000201] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat adrevolver.com adrev_adpath /
[600000201] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat media.adrevolver.com BIGipServerar-slave /
[600000050] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat tribalfusion.com ANON_ID /

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Younus\Recent Count: 10
[2] MRU Registry Key: S-1-5-21-1229272821-1788223648-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 3
[3] MRU Registry Key: S-1-5-21-1229272821-1788223648-682003330-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 1


Quarantined Objects
Family Id Name Category TAI

Removed Objects
Family Id Name Category TAI
633 Toolbar.Softo DataMiner 9
[300013737] Root: HKCR Path: typelib\{b36cb30a-6ed9-4c62-9a8a-7de9fa234608}
[300013780] Root: HKCR Path: clsid\{12f02779-6d88-4958-8ad3-83c12d86adc7}
[300013879] Root: HKU Path: S-1-5-21-1229272821-1788223648-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7}
[300013954] Root: HKLM Path: software\microsoft\internet explorer\toolbar Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7}

725 Tracking Cookie DataMiner 3
[600000112] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat live365.com SaneID /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com vuday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com ih /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com crfb /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com bh /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com fl_inst /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_403351 /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_408938 /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_403363 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com uid /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com fl_inst /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com ih /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com vuday1 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com liday1 /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt msnaccountservices.112.2o7.net s_vi /
[600000447] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt apmebf.com S /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt msnportal.112.2o7.net s_vi /
[600000201] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat adrevolver.com adrev_adpath /
[600000201] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat media.adrevolver.com BIGipServerar-slave /
[600000050] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat tribalfusion.com ANON_ID /

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Younus\Recent Count: 10
[2] MRU Registry Key: S-1-5-21-1229272821-1788223648-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 3
[3] MRU Registry Key: S-1-5-21-1229272821-1788223648-682003330-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 1

[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\winmm.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\authz.dll
c:\windows\system32\oakley.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\pstorsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\psbase.dll
c:\windows\system32\dssenh.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
C:\PROGRAM FILES\MICROSOFT WINDOWS ONECARE LIVE\ANTIVIRUS\MSMPENG.EXE
c:\program files\microsoft windows onecare live\antivirus\msmpeng.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\program files\microsoft windows onecare live\antivirus\mpsvc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\program files\microsoft windows onecare live\antivirus\mpclient.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{c71eea33-4ff7-4ed3-88ae-ee807d65c310}\mpengine.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\program files\microsoft windows onecare live\antivirus\mpavrtm.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\uxtheme.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\atl.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\raschap.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\msidle.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\mpr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\sens.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\sxs.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\browser.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\colbact.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wscsvc.dll
c:\windows\system32\msi.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rastapi.dll
c:\windows\system32\unimdm.tsp
c:\windows\system32\uniplat.dll
c:\windows\system32\kmddsp.tsp
c:\windows\system32\ndptsp.tsp
c:\windows\system32\ipconf.tsp
c:\windows\system32\h323.tsp
c:\windows\system32\hidphone.tsp
c:\windows\system32\hid.dll
c:\windows\system32\rasppp.dll
c:\windows\system32\ntlsapi.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wups2.dll
c:\windows\system32\dssenh.dll
c:\windows\system32\advpack.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wups.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\wudfsvc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wudfplatform.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\webclnt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
  • 0

#12
uptown hunk
Posted 15 January 2008 - 02:02 PM

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi don77,
I sure did copy paste exactly the same thing ugave in the quote box..notonce i tried atleast a dozen times..but the same warning that its not a valid win32 application..Also in the start menu search, i searched for that sal.xls.exe file in all drives but it gave no results n said "search is complete. There r no results to display".
BTW i downloaded Ad-Aware 2007 n after compltely updating i did a scan which found infected all the time ( i did the scan THRICE). ofcourse at different intervals..Below is the scan result..jus in case u want to have a look..Plz do give further instructins..I'll be more than happy to oblige..

Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2008-01-1600:55:54
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:HOME-0B14FB44B2
Name of user performing scan:SYSTEM
Name of user ordering scan:Younus
Scan completed successfully

System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:2
Processor type:AMD Athlon™ 64 X2 Dual Core Processor 4000+
Memory Available:45%
Total Physical Memory:1006088192 Bytes
Available Physical Memory:442990592 Bytes
Total Page File Size:2427740160 Bytes
Available On Page File:1923887104 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1931075584 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7,0,2,6
aawservice.exe 7,0,2,6
Ad-Aware2007.exe 7.0.2.6
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Unload Browsers while scanning
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Delete Restored Items
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
Consider definitions File Outdated after x days
Proxy URL
Proxy Port
[to top]
Database Info
Version number:44
Build Number:0
Build Date and Time:2008/01/1414:52:58
[to top]
Scan Statistics
Method:Smart

Items Scanned:183256
Infections Detected:34
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 5 5
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 26 26
File Hash Scan 0 0
[to top]
Infections Found
Family Id Name Category TAI
633 Toolbar.Softo DataMiner 9
[300013737] Root: HKCR Path: typelib\{b36cb30a-6ed9-4c62-9a8a-7de9fa234608}
[300013780] Root: HKCR Path: clsid\{12f02779-6d88-4958-8ad3-83c12d86adc7}
[300013879] Root: HKU Path: S-1-5-21-1229272821-1788223648-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7}
[300013954] Root: HKLM Path: software\microsoft\internet explorer\toolbar Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7}
[300013986] Root: HKLM Path: software\classes\clsid\{12f02779-6d88-4958-8ad3-83c12d86adc7}

725 Tracking Cookie DataMiner 3
[600000112] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat live365.com SaneID /
[600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat atdmt.com AA002 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com vuday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com ih /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com crfb /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com bh /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com fl_inst /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat adbrite.com Apache /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat adbrite.com fq /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat adbrite.com b /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_403351 /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_408938 /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_403363 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com uid /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com fl_inst /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com ih /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com vuday1 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com liday1 /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt msnaccountservices.112.2o7.net s_vi /
[600000447] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt apmebf.com S /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt msnportal.112.2o7.net s_vi /
[600000201] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat adrevolver.com adrev_adpath /
[600000201] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat media.adrevolver.com BIGipServerar-slave /
[600000050] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat tribalfusion.com ANON_ID /

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Younus\Recent Count: 10
[2] MRU Registry Key: S-1-5-21-1229272821-1788223648-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 3
[3] MRU Registry Key: S-1-5-21-1229272821-1788223648-682003330-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 1


Quarantined Objects
Family Id Name Category TAI

Removed Objects
Family Id Name Category TAI
633 Toolbar.Softo DataMiner 9
[300013737] Root: HKCR Path: typelib\{b36cb30a-6ed9-4c62-9a8a-7de9fa234608}
[300013780] Root: HKCR Path: clsid\{12f02779-6d88-4958-8ad3-83c12d86adc7}
[300013879] Root: HKU Path: S-1-5-21-1229272821-1788223648-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7}
[300013954] Root: HKLM Path: software\microsoft\internet explorer\toolbar Value: {12F02779-6D88-4958-8AD3-83C12D86ADC7}

725 Tracking Cookie DataMiner 3
[600000112] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat live365.com SaneID /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com vuday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com ih /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com crfb /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com bh /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ad.yieldmanager.com fl_inst /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_403351 /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_408938 /
[600000513] Browser: Internet Explorer Cookie: C:\Documents and Settings\Younus\Cookies\index.dat ads.adbrite.com ihc_403363 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com uid /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com fl_inst /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com ih /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com vuday1 /
[600000460] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt ad.yieldmanager.com liday1 /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt msnaccountservices.112.2o7.net s_vi /
[600000447] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt apmebf.com S /
[600000212] Browser: Firefox Cookie: C:\Documents and Settings\Younus\Application Data\Mozilla\Firefox\Profiles/6ddu5t6i.default\cookies.txt msnportal.112.2o7.net s_vi /
[600000201] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat adrevolver.com adrev_adpath /
[600000201] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat media.adrevolver.com BIGipServerar-slave /
[600000050] Browser: Opera Cookie: C:\Documents and Settings\Younus\Application Data\Opera\Opera\Profile\cookies4.dat tribalfusion.com ANON_ID /

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Younus\Recent Count: 10
[2] MRU Registry Key: S-1-5-21-1229272821-1788223648-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 3
[3] MRU Registry Key: S-1-5-21-1229272821-1788223648-682003330-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 1

[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\winmm.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\authz.dll
c:\windows\system32\oakley.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\pstorsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\psbase.dll
c:\windows\system32\dssenh.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
C:\PROGRAM FILES\MICROSOFT WINDOWS ONECARE LIVE\ANTIVIRUS\MSMPENG.EXE
c:\program files\microsoft windows onecare live\antivirus\msmpeng.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\program files\microsoft windows onecare live\antivirus\mpsvc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\program files\microsoft windows onecare live\antivirus\mpclient.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{c71eea33-4ff7-4ed3-88ae-ee807d65c310}\mpengine.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\program files\microsoft windows onecare live\antivirus\mpavrtm.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\uxtheme.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\atl.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\raschap.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\msidle.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\mpr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\sens.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\sxs.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\browser.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\colbact.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wscsvc.dll
c:\windows\system32\msi.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rastapi.dll
c:\windows\system32\unimdm.tsp
c:\windows\system32\uniplat.dll
c:\windows\system32\kmddsp.tsp
c:\windows\system32\ndptsp.tsp
c:\windows\system32\ipconf.tsp
c:\windows\system32\h323.tsp
c:\windows\system32\hidphone.tsp
c:\windows\system32\hid.dll
c:\windows\system32\rasppp.dll
c:\windows\system32\ntlsapi.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wups2.dll
c:\windows\system32\dssenh.dll
c:\windows\system32\advpack.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wups.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\wudfsvc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wudfplatform.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\webclnt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware 2007\ceapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\program files\lavasoft\ad-aware 2007\pkarchive85u.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\program files\lavasoft\ad-aware 2007\update.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\spoolss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\localspl.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\netapi32.dll
c:\windows\system32\cnbjmon.dll
c:\windows\system32\pjlmon.dll
c:\windows\system32\msonpmon.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
c:\windows\system32\msi.dll
c:\windows\system32\tcpmon.dll
c:\windows\system32\usbmon.dll
c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\win32spl.dll
c:\windows\system32\netrap.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\inetpp.dll
c:\windows\system32\xpsp2res.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\browseui.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\progra~1\micros~3\office12\gra8e1~1.dll
c:\progra~1\micros~3\office12\grooveutil.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
c:\progra~1\micros~3\office12\groovenew.dll
c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\secur32.dll
c:\windows\system32\xpsp2res.dll
c:\progra~1\window~2\wmpband.dll
c:\windows\system32\mpr.dll
c:\windows\system32\samlib.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\progra~1\micros~3\office12\gr99d3~1.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\netshell.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\credui.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msctf.dll
c:\progra~1\micros~3\office12\gr326c~1.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\sxs.dll
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
c:\program files\dap\dapiemonitor.dll
c:\windows\system32\msvcp60.dll
c:\program files\microsoft office\office12\1033\grooveintlresource.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleacc.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\nvapi.dll
c:\windows\system32\nvshell.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\browselc.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\duser.dll
c:\windows\system32\msgina.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\odbcint.dll
c:\progra~1\nokia\nokiap~1\lang\connectionmanager_eng.nlr
c:\windows\system32\shdoclc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\mscms.dll
c:\windows\system32\l3codeca.acm
c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
c:\windows\system32\sti.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\microsoft office\office12\msohevi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\jscript.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v2.0.50727\shfusion.dll
c:\windows\microsoft.net\framework\v2.0.50727\fusion.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\microsoft.net\framework\v2.0.50727\shfusres.dll
c:\windows\system32\mstask.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\query.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\APACHE GROUP\APACHE2\BIN\APACHE.EXE
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\libapr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\libaprutil.dll
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\libapriconv.dll
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\libhttpd.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rsaenh.dll
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_access.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_actions.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_alias.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_auth.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\nv_common.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wbem\framedyn.dll
c:\windows\system32\secur32.dll
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_cgi.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_env.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_expires.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_headers.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_include.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_log_config.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_mime.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_negotiation.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_rewrite.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_setenvif.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\modules\mod_ssl.so
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\ssleay32.dll
c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\libeay32.dll
c:\windows\system32\wsock32.dll
C:\PROGRAM FILES\MICROSOFT WINDOWS ONECARE LIVE\FIREWALL\MSFWSVC.EXE
c:\program files\microsoft windows onecare live\firewall\msfwsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\esent.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\rasadhlp.dll
C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCLOG.EXE
c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\nvidia corporation\networkaccessmanager\bin\nv_common.dll
c:\windows\syst
  • 0

#13
don77
Posted 16 January 2008 - 10:17 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
I never asked for an Ad aware scan

I know you had combofix installed earlier

Please run through these instructions for it please


Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#14
uptown hunk
Posted 17 January 2008 - 06:50 AM

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
hi don77,
Below r the combo fix n HJT logs u asked for...

ComboFix 08-01-17.5 - Younus 2008-01-17 17:50:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT 5.5:30]
Running from: C:\Documents and Settings\Younus\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 20:24 . 2008-01-16 20:24 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-16 20:24 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-15 22:16 . 2008-01-15 22:16 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Rediff.com
2008-01-15 22:15 . 2008-01-15 22:15 <DIR> d-------- C:\Program Files\Rediff Toolbar
2008-01-15 22:15 . 2008-01-15 22:15 <DIR> d-------- C:\Program Files\Rediff Bol
2008-01-15 19:18 . 2008-01-15 19:18 <DIR> d-------- C:\Documents and Settings\Younus\WINDOWS
2008-01-15 15:03 . 2008-01-15 15:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-15 15:03 . 2008-01-15 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 15:03 . 2008-01-16 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-15 09:27 . 2008-01-15 21:21 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Globe7
2008-01-14 02:44 . 2008-01-14 02:44 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Uniblue
2008-01-12 19:30 . 2008-01-13 19:31 <DIR> d-------- C:\Program Files\Ares
2008-01-12 19:09 . 2008-01-12 19:09 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Talkback
2008-01-12 19:08 . 2008-01-12 19:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-12 16:40 . 2008-01-12 16:40 <DIR> d-------- C:\Deckard
2008-01-12 16:15 . 2008-01-13 13:11 <DIR> d-------- C:\Program Files\Iqara Softphone
2008-01-12 16:15 . 2005-06-28 15:29 405,504 --a------ C:\WINDOWS\system32\NMF.dll
2008-01-12 16:15 . 2000-12-06 04:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-01-12 16:15 . 2000-12-06 00:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-01-12 16:15 . 2005-06-17 18:55 28,672 --a------ C:\WINDOWS\system32\TraceServer.dll
2008-01-12 16:13 . 2008-01-15 09:27 <DIR> d-------- C:\Program Files\Globe7
2008-01-12 16:06 . 2008-01-13 19:38 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-01-12 15:59 . 2008-01-13 19:33 <DIR> d-------- C:\Program Files\DAP
2008-01-12 15:59 . 2008-01-12 15:59 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-01-12 15:59 . 2008-01-12 15:59 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-01-12 15:59 . 2008-01-12 15:59 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-01-12 15:00 . 2006-06-25 18:22 855,022 --a------ C:\IELTS Hand Book.pdf
2008-01-12 14:49 . 2008-01-12 14:49 <DIR> d-------- C:\Program Files\Islamasoft Solutions
2008-01-12 14:47 . 2008-01-12 14:47 <DIR> d-------- C:\WINDOWS\system32\gs
2008-01-12 14:47 . 2008-01-12 14:47 <DIR> d-------- C:\WINDOWS\CRYSTAL
2008-01-12 14:47 . 2008-01-13 19:38 <DIR> d-------- C:\Program Files\TrialDocSmartz
2008-01-12 14:47 . 1996-11-08 02:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-12 14:47 . 2002-01-10 15:50 270,336 --a------ C:\WINDOWS\system32\P2sodbc.dll
2008-01-12 14:47 . 2004-03-09 19:45 212,240 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-01-12 14:47 . 2002-04-23 20:38 204,848 --a------ C:\WINDOWS\system32\gswin32c.exe
2008-01-12 14:47 . 2006-08-25 13:41 196,608 --a------ C:\WINDOWS\system32\Utility.dll
2008-01-12 14:47 . 2001-03-13 12:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-01-12 14:47 . 2005-09-07 11:49 117,507 --a------ C:\WINDOWS\system32\msinet.ocx
2008-01-12 14:47 . 2005-09-07 11:49 51,604 --a------ C:\WINDOWS\system32\Adist5k.ppd
2008-01-12 14:43 . 2008-01-12 14:43 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\AdobeUM
2008-01-12 14:38 . 2008-01-15 19:19 <DIR> d-------- C:\ELECTRONICS-MINHAJ
2008-01-12 14:38 . 2007-02-12 07:26 2,969,110 --a------ C:\Copy of eureko's toefl_setup.exe
2008-01-12 13:01 . 2008-01-12 13:01 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Nokia Multimedia Player
2008-01-12 11:27 . 2008-01-12 11:27 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\MSNInstaller
2008-01-11 21:30 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-11 21:29 . 2008-01-11 21:29 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-11 21:28 . 2008-01-11 21:28 <DIR> d-------- C:\Program Files\MSBuild
2008-01-11 21:27 . 2008-01-11 21:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-11 21:25 . 2008-01-11 21:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-11 21:24 . 2008-01-11 21:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-11 21:23 . 2008-01-11 21:23 <DIR> dr-h----- C:\MSOCache
2008-01-11 21:23 . 2008-01-12 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-11 00:05 . 2008-01-11 00:06 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\SoundSpectrum
2008-01-11 00:01 . 2008-01-11 00:01 <DIR> d-------- C:\Program Files\SoundSpectrum
2008-01-10 22:46 . 2008-01-10 23:53 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\U3
2008-01-10 04:39 . 2008-01-10 04:39 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-10 04:38 . 2008-01-10 04:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-10 04:38 . 2008-01-14 17:16 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-10 00:10 . 2008-01-13 19:38 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-10 00:10 . 2008-01-10 00:10 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-01-10 00:10 . 2008-01-10 00:10 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-01-10 00:10 . 2008-01-10 00:13 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\PC Suite
2008-01-10 00:10 . 2008-01-10 00:25 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Nokia
2008-01-10 00:10 . 2008-01-14 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-10 00:10 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-10 00:10 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-10 00:10 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-10 00:10 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-10 00:09 . 2008-01-10 00:10 <DIR> d-------- C:\Program Files\Nokia
2008-01-10 00:09 . 2008-01-10 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-10 00:09 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-01-09 23:48 . 2008-01-17 17:17 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-09 22:57 . 2008-01-11 00:04 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\CyberLink
2008-01-09 22:57 . 2008-01-11 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-09 20:51 . 2008-01-13 19:38 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-09 20:16 . 2008-01-14 20:28 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Ahead
2008-01-09 20:14 . 2008-01-09 20:14 <DIR> d-------- C:\Program Files\Nero
2008-01-09 20:14 . 2008-01-16 20:14 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-09 20:14 . 2008-01-09 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-09 20:09 . 2008-01-09 20:09 <DIR> d-------- C:\MyWorks
2008-01-09 20:09 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-09 20:08 . 2008-01-09 20:09 <DIR> d-------- C:\Program Files\CyberLink
2008-01-09 16:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-09 16:20 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-09 16:20 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-09 02:23 . 2008-01-09 02:23 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-09 02:23 . 2007-09-21 10:35 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-01-09 02:23 . 2007-09-21 10:35 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-01-09 02:23 . 2007-07-06 16:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-01-09 02:23 . 2007-03-29 18:26 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-09 02:23 . 2007-03-29 18:26 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-09 00:23 . 2008-01-16 19:23 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-08 20:04 . 2008-01-08 20:05 <DIR> d-------- C:\Documents and Settings\Younus\Contacts
2008-01-08 19:01 . 2008-01-08 21:42 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-08 18:55 . 2008-01-08 21:22 <DIR> d-------- C:\Documents and Settings\Younus\Application Data\Yahoo!
2008-01-08 18:55 . 2008-01-08 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-08 18:37 . 2008-01-08 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-08 17:57 . 2008-01-08 18:36 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-08 17:54 . 2008-01-08 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-01-08 17:54 . 2008-01-08 17:54 268 --ah----- C:\sqmdata00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 15:16 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-09 18:40 --------- d-----w C:\Program Files\DIFX
2008-01-09 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 14:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 22:51 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-01-05 19:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-05 19:19 --------- d-----w C:\Program Files\Realtek
2008-01-05 19:10 --------- d-----w C:\Documents and Settings\Younus\Application Data\InstallShield
2008-01-05 19:01 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 03:50 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 12:10 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-07_21.52.51.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-01-11 15:58:57 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-01-11 15:58:56 65,536 ----a-w C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2008-01-11 15:58:58 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-01-11 15:58:55 1,215,328 ----a-w C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2008-01-11 15:58:56 82,784 ----a-w C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2008-01-11 15:58:45 31,560 ----a-w C:\WINDOWS\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2008-01-16 14:54:26 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-01-16 14:54:27 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-01-16 14:54:27 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-01-16 14:54:27 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-16 14:54:27 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-01-16 14:54:27 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-01-16 14:54:27 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-01-16 14:54:27 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-01-16 14:54:26 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-01-11 15:58:57 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-01-11 15:58:45 16,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2008-01-11 15:57:22 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-01-11 15:58:01 1,612,592 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2008-01-11 15:58:01 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-01-11 15:58:01 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-01-11 15:58:47 404,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2008-01-11 15:58:02 88,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-01-11 15:58:02 146,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2008-01-11 15:58:31 17,208 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2008-01-11 15:58:02 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-01-11 15:58:02 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-01-11 15:58:02 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-01-11 15:58:02 232,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2008-01-11 15:58:01 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-01-11 15:58:02 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-01-11 15:58:56 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-01-11 15:58:01 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-01-11 15:58:02 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-01-11 15:58:56 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-01-11 15:58:57 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-01-11 15:58:02 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-01-11 15:57:21 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2008-01-11 15:57:24 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-01-11 15:58:10 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-01-11 15:58:47 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-01-11 15:58:47 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2008-01-11 15:58:32 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-01-11 15:58:32 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-01-11 15:58:33 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-01-11 15:58:37 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2008-01-11 15:58:25 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-01-11 15:58:42 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-01-11 15:58:27 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-01-11 15:58:26 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-01-11 15:58:56 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-01-09 15:23:21 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-01-09 15:23:26 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-01-11 15:58:46 118,112 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2008-01-11 15:59:02 367,400 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2008-01-09 15:23:27 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-01-09 15:23:27 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-01-09 15:23:25 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-01-09 15:23:19 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-01-09 15:23:19 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-01-09 15:23:30 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-01-09 15:23:23 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-09 15:23:21 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-01-09 15:23:18 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-01-09 15:23:20 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-01-09 15:23:26 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-01-09 15:23:26 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-01-09 15:23:26 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-01-09 15:23:20 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-01-09 15:23:20 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-01-09 15:23:21 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-01-09 15:23:21 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-01-09 15:23:20 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-01-11 15:58:46 609,104 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2008-01-11 15:58:45 43,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2008-01-11 15:58:47 39,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2008-01-11 15:58:47 60,200 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2008-01-09 15:23:31 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-01-09 15:23:31 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-01-09 15:23:18 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-09 15:23:31 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-01-09 15:23:31 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-01-11 15:58:55 211,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2008-01-11 15:58:55 105,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2008-01-11 15:58:54 330,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2008-01-11 15:58:55 39,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2008-01-11 15:58:55 39,704 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2008-01-11 15:58:54 72,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2008-01-09 15:23:18 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-09 15:23:18 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-01-09 15:23:18 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-01-09 15:23:29 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-01-11 15:58:55 47,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2008-01-11 15:58:55 39,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
+ 2008-01-09 15:23:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-01-09 15:23:29 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-01-09 15:23:27 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-01-09 15:23:19 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-01-09 15:23:25 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-01-09 15:23:22 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-01-09 15:23:22 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-01-09 15:23:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-01-09 15:23:29 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-01-09 15:23:28 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-01-09 15:23:30 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-01-09 15:23:28 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-01-09 15:23:28 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-09 15:23:21 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-01-09 15:23:22 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-01-09 15:23:30 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-01-09 15:23:23 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-01-09 15:23:23 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-01-09 15:23:24 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-01-09 15:23:24 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-01-09 15:23:29 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-09 15:26:30 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\a9cbdd63507da5bf972ce99a0d3cf83e\Accessibility.ni.dll
+ 2008-01-09 15:26:30 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\72c5e12621a48ca07d73c8a02378bff2\AspNetMMCExt.ni.dll
+ 2008-01-09 15:26:31 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7090bcee88103335b28c84a4eb3dabb6\CustomMarshalers.ni.dll
+ 2008-01-09 15:26:31 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\3b6feafcebe87b5424716fdd1b74fef6\dfsvc.ni.exe
+ 2008-01-09 15:26:32 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\afa35200f555b662ebccd1b87a59f8e8\Microsoft.Build.Engine.ni.dll
+ 2008-01-09 15:26:32 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9d07e927a713659c30dd1cf0d5fdd37a\Microsoft.Build.Framework.ni.dll
+ 2008-01-09 15:26:34 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d47fdf0df4689c49d7c8deaa9704685\Microsoft.Build.Tasks.ni.dll
+ 2008-01-09 15:26:34 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7bd18c7721b488380b5ac901ff100f3c\Microsoft.Build.Utilities.ni.dll
+ 2008-01-09 15:26:36 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ab3a8acf60f6e410b553b9d26c1912a0\Microsoft.VisualBasic.ni.dll
+ 2008-01-09 15:24:10 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e44b2b9eaeac698233fbf295729c9a8e\mscorlib.ni.dll
+ 2008-01-09 15:26:37 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\faf60edbfa148791dd8f50d7f6338847\System.Configuration.ni.dll
+ 2008-01-09 15:24:37 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0ecb0cd2738d09a50d9ecd597b638f15\System.Data.ni.dll
+ 2008-01-09 15:26:38 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\a7f35417892c160889c57ed490550f16\System.Deployment.ni.dll
+ 2008-01-09 15:24:50 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\d6734ab03d54d7e6abe98e81e45a3d13\System.Design.ni.dll
+ 2008-01-09 15:26:40 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\00baeeb4693e760c8ac2fe2aa0145f72\System.DirectoryServices.ni.dll
+ 2008-01-09 15:26:40 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d3ef031376f4aab5e05f4d55753f1591\System.DirectoryServices.Protocols.ni.dll
+ 2008-01-09 15:24:53 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0b8f201864a4d17e457ef146f9655a1a\System.Drawing.Design.ni.dll
+ 2008-01-09 15:24:52 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\947e85a0d127663f00640818b859cad7\System.Drawing.ni.dll
+ 2008-01-09 15:26:41 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\839824f38b152a7265490c6cd231923d\System.EnterpriseServices.ni.dll
+ 2008-01-09 15:26:41 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\839824f38b152a7265490c6cd231923d\System.EnterpriseServices.Wrapper.dll
+ 2008-01-09 15:26:42 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\fec5678ed4d9fd689e75fd4f785fd1b7\System.Security.ni.dll
+ 2008-01-09 15:26:43 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5cfb0b03fa2f363369f0098e53d6f1a6\System.Transactions.ni.dll
+ 2008-01-09 15:26:59 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f77d468508114ff8b79da5a9eb014d47\System.Web.Mobile.ni.dll
+ 2008-01-09 15:27:00 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2b68c943b142af188b14f46bcd0ffc94\System.Web.RegularExpressions.ni.dll
+ 2008-01-09 15:27:01 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d1055496176480f6b07f027f2783826\System.Web.Services.ni.dll
+ 2008-01-09 15:26:56 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\fd8ced7c6c4ce9063a509bbd4204da96\System.Web.ni.dll
+ 2008-01-09 15:25:06 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\585221fb87d335d2ad0562d30c45587a\System.Windows.Forms.ni.dll
+ 2008-01-09 15:25:12 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d829fd1c28f99016cffbd27a7d19d0e5\System.Xml.ni.dll
+ 2008-01-09 15:24:25 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\00e79a3ef0cf44c48a9bfa8b8eb01f16\System.ni.dll
+ 2002-01-10 10:20:30 24,576 ----a-w C:\WINDOWS\CRYSTAL\crxlat32.dll
+ 2002-01-10 10:20:30 28,672 ----a-w C:\WINDOWS\CRYSTAL\u2dapp.dll
+ 2002-01-10 10:20:30 28,672 ----a-w C:\WINDOWS\CRYSTAL\u2ddisk.dll
+ 2002-01-10 10:20:30 40,960 ----a-w C:\WINDOWS\CRYSTAL\u2dmapi.dll
+ 2002-01-10 10:20:30 28,672 ----a-w C:\WINDOWS\CRYSTAL\u2fcr.dll
+ 2002-01-10 10:20:30 32,768 ----a-w C:\WINDOWS\CRYSTAL\u2fhtml.dll
+ 2002-01-10 10:20:30 122,880 ----a-w C:\WINDOWS\CRYSTAL\u2frtf.dll
+ 2002-01-10 10:20:30 36,864 ----a-w C:\WINDOWS\CRYSTAL\u2fsepv.dll
+ 2002-01-10 10:20:30 81,920 ----a-w C:\WINDOWS\CRYSTAL\u2ftext.dll
+ 2002-01-10 10:20:30 106,496 ----a-w C:\WINDOWS\CRYSTAL\u2fwordw.dll
+ 2002-01-10 10:20:32 208,896 ----a-w C:\WINDOWS\CRYSTAL\u2fxls.dll
+ 2000-08-31 02:30:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-17 12:20:42 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 12:20:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 12:20:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-17 12:20:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 12:20:42 4,444,160 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-17 12:20:42 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 13:24:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2004-08-03 19:26:58 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-26 16:40:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-09-15 10:55:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2008-01-09 18:40:07 3,262 ----a-r C:\WINDOWS\Installer\{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}\ARPPRODUCTICON.exe
+ 2008-01-09 18:40:39 15,086 ----a-r C:\WINDOWS\Installer\{29466F9C-7C6A-419C-B301-F440FAF78760}\ARPPRODUCTICON.exe
+ 2008-01-08 12:23:08 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2008-01-16 14:45:02 25,214 ----a-r C:\WINDOWS\Installer\{6A96F672-0D61-4857-B9CE-47EBAE811033}\ARPPRODUCTICON.exe
+ 2008-01-12 11:24:56 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-01-12 11:24:56 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-12 11:24:56 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-01-12 11:24:56 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-01-12 11:24:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-01-12 11:24:56 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-12 11:24:56 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-01-12 11:24:56 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-01-12 11:24:56 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-12 11:24:56 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-01-12 11:24:56 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-12 11:24:56 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-01-11 15:54:09 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-01-15 17:46:53 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\SC_Reader.exe
+ 2008-01-09 18:40:14 10,134 ----a-r C:\WINDOWS\Installer\{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}\ARPPRODUCTICON.exe
+ 2008-01-15 09:34:05 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-15 09:34:06 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-15 09:34:05 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-15 09:34:05 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2008-01-08 19:07:15 10,134 ----a-r C:\WINDOWS\Installer\{EE7C954E-2356-491D-9188-D1852ADF41FE}\ARPPRODUCTICON.exe
+ 2005-03-18 11:53:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 11:53:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 11:53:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2005-03-18 11:53:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 11:53:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 11:53:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 11:53:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 11:53:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2005-05-26 09:45:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-23 01:58:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2005-09-23 01:59:04 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-23 01:59:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-23 01:58:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 01:58:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 01:58:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 01:58:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 01:58:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 01:58:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 01:58:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-23 01:58:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 01:59:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 01:58:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 01:58:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 01:58:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 01:58:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-04-12 21:51:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 01:58:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-04-12 21:50:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-12 21:50:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-12 21:50:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-12 21:50:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 01:58:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-04-12 21:50:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 01:58:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-04-12 21:50:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-12 21:50:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-12 21:50:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 01:58:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-04-12 21:51:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 01:58:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 01:58:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-23 01:58:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 01:58:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 01:58:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 01:58:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 01:58:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-04-12 21:50:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 01:59:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 01:58:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 01:58:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-04-12 21:51:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 01:58:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 01:58:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 01:58:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-04-12 21:51:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-12 21:51:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 01:58:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 01:58:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 01:58:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 01:31:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 00:59:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 01:02:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 01:04:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 01:04:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 01:04:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 01:06:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-22 22:16:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 01:08:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 01:08:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 01:10:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 01:10:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 01:10:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 01:12:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 01:14:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 01:16:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 01:16:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 01:16:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 01:17:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 01:17:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 01:17:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 01:17:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 01:00:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 01:17:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 00:59:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 01:06:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 02:27:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2007-04-12 21:51:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 01:58:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-04-12 21:51:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 01:58:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-04-12 21:51:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 01:59:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 01:59:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 01:59:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 01:58:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 01:59:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 01:58:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 01:58:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 01:58:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-04-12 21:50:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 01:58:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-04-12 21:51:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 01:58:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 01:58:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-04-12 21:51:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-04-12 21:51:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 01:58:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-04-12 21:51:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-04-12 21:51:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 01:59:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 01:58:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 01:58:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-04-12 21:51:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-04-12 21:51:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 01:58:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-04-12 21:51:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 01:59:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-04-12 21:51:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-04-12 21:51:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 01:58:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-04-12 21:51:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 01:58:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 01:58:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 01:59:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 01:58:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 01:58:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 01:59:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-04-12 21:51:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-04-12 21:51:18 110,592
  • 0

#15
don77
Posted 17 January 2008 - 09:30 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Seems to have got cut off could you kindly post it again please you may need to split it in half and use 2 replies to get it all
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP