Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Application Error 0xc000005 [CLOSED]

Started by kingviper , Mar 16 2008 04:51 PM

  • This topic is locked This topic is locked

#1
kingviper
Posted 16 March 2008 - 04:51 PM

kingviper

    Member

  • Member
  • PipPip
  • 37 posts
Been getting this code recently when I try to open games like Battlefield Vietnam, 1942 and AvP. Unreal and other games are working properly for me. Is this a trojan problem?

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:50 AM, on 1/2/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\swinsndv.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
c:\windows\system32\dwdsregt.exe
C:\OPLIMIT\ocrawr32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [{4D-D7-7C-C9-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\swinsndv.exe GID003
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\swinsndv.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\vdsreg.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comne...iveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Bryan\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - Winlogon Notify: comink - comink.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11021 bytes


Thanks,

Bryan
  • 0

Advertisements

#2
kingviper
Posted 18 March 2008 - 07:30 PM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Any luck on anything so far?
  • 0

#3
Essexboy
Posted 21 March 2008 - 11:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay - the application error may be to do with badly installed creative labs sound drivers, is that your version ?

You do have a couple of meanies showing

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

THEN

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
kingviper
Posted 22 March 2008 - 03:31 PM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks for your reply EssexBoy. Please disregard times that are displayed on my computer as my clock has never been able to keep time correctly. As for my sound drivers, I'm not sure what I have. If that is the case, is there an easy fix for it? Here are the logs:

MALWAREBYTES:

Malwarebytes' Anti-Malware 1.09
Database version: 521

Scan type: Quick Scan
Objects scanned: 33063
Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 27
Files Infected: 597

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

DECKARDS LOG INFO:

Deckard's System Scanner v20071014.68
Run by Bryan on 2002-01-01 02:24:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2002-01-01 07:24:17 UTC - RP122 - Deckard's System Scanner Restore Point
44: 2002-01-01 04:43:16 UTC - RP121 - System Checkpoint
43: 2008-03-17 22:57:47 UTC - RP120 - Removed Star Wars®: Knights of the Old Republic ™
42: 2008-03-17 02:56:42 UTC - RP119 - Software Distribution Service 3.0
41: 2002-01-02 03:59:06 UTC - RP118 - Configured iTunes


-- First Restore Point --
1: 2008-01-05 13:04:26 UTC - RP78 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bryan.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:56 AM, on 1/1/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\windows\system32\dwdsregt.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Documents and Settings\Bryan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bryan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [{4D-D7-7C-C9-ZN}] C:\windows\system32\dwdsregt.exe GID003
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\vdsreg.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - Winlogon Notify: comink - comink.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10370 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20020102-015926-144 O2 - BHO: (no name) - {41FC491C-88AE-475F-82F4-A8402E741F87} - (no file)
backup-20020102-015926-216 O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyh.../stream/mmp.cab
backup-20020102-015926-360 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20020102-015926-410 O2 - BHO: (no name) - {185CF3CA-A2C9-4B91-81EC-91C0B79101EA} - (no file)
backup-20020102-015926-484 O2 - BHO: (no name) - {9FD1D53F-6A93-4817-BEB6-1EAFD4807B64} - (no file)
backup-20020102-015926-531 O2 - BHO: (no name) - {70D91AD6-8738-4D0D-951B-84C79B8BFF5D} - (no file)
backup-20020102-015926-548 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
backup-20020102-015926-588 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
backup-20020102-015926-611 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20020102-015926-644 O2 - BHO: (no name) - {CECF8612-A876-4648-897C-BBBFF87C9312} - (no file)
backup-20020102-015926-677 O2 - BHO: (no name) - {2CB14060-BF99-4959-B06D-693C3D850A2A} - (no file)
backup-20020102-015926-726 O2 - BHO: (no name) - {a9d189de-861e-47ef-8d28-b52ea59fbdf9} - (no file)
backup-20020102-015926-773 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20020102-015926-794 O2 - BHO: (no name) - {6ED7C054-E02E-4244-871B-75DDF66CE50D} - (no file)
backup-20020102-015926-807 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
backup-20020102-015926-813 O2 - BHO: (no name) - {5107ADAF-460F-423D-84F5-404AEF00FFC9} - (no file)
backup-20020102-020133-728 O1 - Hosts: 64.12.152.18 search.netscape.com
backup-20020102-020318-359 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
backup-20020102-020318-466 O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
backup-20020102-020318-583 O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
backup-20020102-020318-633 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
backup-20020102-020318-861 O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe"%1" %*
.scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SI3112r (Silicon Image SiI 3112 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; Medley>
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Accelerator Driver>
R1 ANVIOCTL - c:\windows\system32\drivers\anvioctl.sys <Not Verified; ASUSTeK; ASUS VGA Driver for Windows 2000/XP>
R1 asuskbnt - c:\windows\system32\drivers\asuskbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Hot-Key filter driver.>
R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera Driver>
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 DCFS2K (Kodak DCFS2K Driver) - c:\windows\system32\drivers\dcfs2k.sys <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (NT)>
R2 tcaicchg - c:\windows\system32\tcaicchg.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic/Configuration>
R2 TCAITDI (TCAITDI Protocol) - c:\windows\system32\drivers\tcaitdi.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic TDI Driver>
R3 EL90Xbc (3Com 3C90X-BC Family PCI EtherLink Adapter) - c:\windows\system32\drivers\el90xbc5.sys <Not Verified; 3Com Corporation; 3Com EtherLink PCI>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 Exportit - c:\windows\system32\drivers\exportit.sys <Not Verified; Eastman Kodak Company; Kodak DC File System driver>
S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera FP Driver>
S3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera LPS Driver>
S3 DcPTP - c:\windows\system32\drivers\dcptp.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera PTP Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ScsiAccess - c:\windows\system32\scsiaccess.exe

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-17 22:03:03 342 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2007-06-07 21:17:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2002-01-01 03:30:00 410 --a------ C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
2002-01-01 03:00:00 496 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2002-01-01 00:04:35 426 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job


-- Files created between 2001-12-01 and 2002-01-01 -----------------------------

2008-03-17 17:51:29 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 17:51:29 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-17 17:51:29 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-17 17:51:29 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-17 17:51:29 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 17:51:28 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-17 17:51:28 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-17 17:38:03 0 dr-hs---- C:\WINDOWS\pnpasn32.exe
2008-03-17 17:38:03 230 -r-h----- C:\Program Files\zsearch
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\winupie.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\winmuschi.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\updatewinlocator.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\zp.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\zeropopupbar.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\wuauclt.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winwsl.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\wintft.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\wintbpx.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\wintbp.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winshow.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winsb.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winrvl.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winpup32.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winpup.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winlocatorhelper.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winlocator.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\winksl.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\update.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\systemout.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\sysdll32.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\servises.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\rx.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\regperf.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\pup.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\pnp.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\per.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\nvctrl.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\norton update.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\mssearchnet.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\msmsgs.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\mscornet.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\issearch.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\isnotify.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\ismon.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\ishost.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\[bleep].exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\dfrgsrv.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\dfe1.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\df_kme.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\dcomcfg.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\csm.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\bridge.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\botzor.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\axconfig.dll
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\a.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\system32\4ccc3cea.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\hpsv.exe
2008-03-17 17:38:02 0 dr-hs---- C:\WINDOWS\cdproxyserv.exe
2008-03-17 17:38:02 240 -r-h----- C:\Program Files\zeropopupbar
2008-03-17 17:38:02 226 -r-h----- C:\Program Files\zangoclient
2008-03-17 17:38:02 226 -r-h----- C:\Program Files\zango
2008-03-17 17:38:02 226 -r-h----- C:\Program Files\zango programs
2008-03-17 17:38:02 226 -r-h----- C:\Program Files\zango games
2008-03-17 17:38:02 238 -r-h----- C:\Program Files\yoursitebar
2008-03-17 17:38:02 228 -r-h----- C:\Program Files\xsoftware
2008-03-17 17:38:02 228 -r-h----- C:\Program Files\xpcspy
2008-03-17 17:38:02 232 -r-h----- C:\Program Files\winfixer_2006
2008-03-17 17:38:02 232 -r-h----- C:\Program Files\winfixer 2005
2008-03-17 17:38:02 240 -r-h----- C:\Program Files\winfavorites
2008-03-17 17:38:02 246 -r-h----- C:\Program Files\windows adtools
2008-03-17 17:38:02 250 -r-h----- C:\Program Files\windows adcontrol
2008-03-17 17:38:02 238 -r-h----- C:\Program Files\mmediacodec
2008-03-17 17:38:02 232 -r-h----- C:\Program Files\Common Files\wintools
2008-03-17 17:38:02 232 -r-h----- C:\Program Files\Common Files\winsoftware
2008-03-17 17:38:02 232 -r-h----- C:\Program Files\Common Files\winfixer 2006
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\windowsupd4.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\windowsupd2.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\windowsupd1.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\vx2.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\winntcreate.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\vx2.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\vwix32.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\uninmyad.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\tps108.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\sysmonnt.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\spwgoc.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\rvreg.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\rulesak.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\myad.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\msview.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\msnavc32.exe
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\lspak.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\localnrd.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\host.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\gdu.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\dad.bat
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\cidrules.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\system32\6fo4svc.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\psapi.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\kernellos.dll
2008-03-17 17:38:01 222 -r-h----- C:\WINDOWS\isrvs
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\iehelper.dll
2008-03-17 17:38:01 0 dr-hs---- C:\WINDOWS\cleanhistories.dll
2008-03-17 17:38:01 230 -r-h----- C:\Program Files\win comm
2008-03-17 17:38:01 234 -r-h----- C:\Program Files\whinstall
2008-03-17 17:38:01 226 -r-h----- C:\Program Files\whenusearch
2008-03-17 17:38:01 226 -r-h----- C:\Program Files\whenu
2008-03-17 17:38:01 234 -r-h----- C:\Program Files\webhancer
2008-03-17 17:38:01 236 -r-h----- C:\Program Files\web_rebates
2008-03-17 17:38:01 236 -r-h----- C:\Program Files\web_cpr
2008-03-17 17:38:01 236 -r-h----- C:\Program Files\web buying
2008-03-17 17:38:01 224 -r-h----- C:\Program Files\vvsn
2008-03-17 17:38:01 226 -r-h----- C:\Program Files\vvsdl
2008-03-17 17:38:01 226 -r-h----- C:\Program Files\vomba
2008-03-17 17:38:01 238 -r-h----- C:\Program Files\vmntoolbar
2008-03-17 17:38:01 232 -r-h----- C:\Program Files\ts trial
2008-03-17 17:38:01 222 -r-h----- C:\Program Files\hpdll
2008-03-17 17:38:01 226 -r-h----- C:\Program Files\Common Files\whenu
2008-03-17 17:38:01 226 -r-h----- C:\Program Files\Common Files\ucontrol
2008-03-17 17:38:01 222 -r-h----- C:\Program Files\autoupdate
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\zlbw.dll
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\wincom32.sys
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\tisa.dll
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\tisa.cnf
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\tips.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\tippcls.dat
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\tipp.dat
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\timesrv.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\ticont.dll
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\ticads.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\tconini.dat
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\se.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\ppl.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\nordsys.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\messenger.lib.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\lut.dat
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\lcch.dat
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\ladchkr.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\hook2.dll
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\hook1.dll
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\google.png.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\game3.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\game2.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\game1.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\alsys.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\system32\adchkr.exe
2008-03-17 17:38:00 0 dr-hs---- C:\WINDOWS\ads.js
2008-03-17 17:38:00 230 -r-h----- C:\Program Files\trustin search
2008-03-17 17:38:00 230 -r-h----- C:\Program Files\trustin popups
2008-03-17 17:38:00 230 -r-h----- C:\Program Files\trustin contextual
2008-03-17 17:38:00 230 -r-h----- C:\Program Files\trustin bar
2008-03-17 17:38:00 232 -r-h----- C:\Program Files\topmoxie
2008-03-17 17:38:00 236 -r-h----- C:\Program Files\toolbar888
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\t2serv.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\t2serv.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\wshtlprh.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\wshnseri.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\winftsap.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\winftsap.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\w3sskbda.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\vsxmpgpc.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\vnetsmme.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\vb5dmspo.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\v4pbpt51.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\trafracp.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\snmpmssw.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\slbrmqtr.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\slbipsch.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\slbipsch.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\shfoxpob.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\secumsje.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\sd16win.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\scp3jgaw.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\rdpwmsjt.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\rcbdwmpd.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\system32\qdvtscf.dll
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\sserrvv.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\serrv.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\reggserv.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\msupdtwiz.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\cserv32.exe
2008-03-17 17:37:59 0 dr-hs---- C:\WINDOWS\ccsserv.exe
2008-03-17 17:37:59 234 -r-h----- C:\temp_kl
2008-03-17 17:37:59 244 -r-h----- C:\Program Files\sys detective+
2008-03-17 17:37:59 240 -r-h----- C:\Program Files\surfsidekick
2008-03-17 17:37:59 240 -r-h----- C:\Program Files\surfsidekick 3
2008-03-17 17:37:59 240 -r-h----- C:\Program Files\surfsidekick 2
2008-03-17 17:37:59 240 -r-h----- C:\Program Files\surfaccuracy
2008-03-17 17:37:59 232 -r-h----- C:\Program Files\superbar
2008-03-17 17:37:59 232 -r-h----- C:\Program Files\netmeting
2008-03-17 17:37:59 234 -r-h----- C:\archivos de programa
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\oebdfc.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\msstersv.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\msnsxole.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\msnsxole.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\mslsicwd.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\msexcred.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\msafiasn.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\mqoacdmo.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\mqadscp3.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\mgmtmtxc.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\mcd3mscm.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\lmrtatkc.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\kbdpkbdr.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\kbdfwshe.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\jgsdrpcn.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\jgsdrpcn.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\jgdwadsn.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\jgdwadsn.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\iuennwcf.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\ir32racp.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\ipxwshel.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\ipxrmfc4.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\imesrdch.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\icmpdx3j.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\iaspdpus.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\i4n27vl.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\hhselz32.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\fltlauto.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\fileserv.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\e1.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\dsseds32.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\dsseds32.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\dpugmswe.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\dnsrxpob.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\deskmcd3.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\ddemdmco.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\davctool.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\davctool.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\confbrw.dll
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\comrkbdd.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\chkmfdep.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\camodpnm.exe
2008-03-17 17:37:58 0 dr-hs---- C:\WINDOWS\system32\brwstat.dll
2008-03-17 17:37:57 236 -r-h----- C:\WINDOWS\winsecurity
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\xkrdk.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\wiatwain.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\unsocul.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\sodahk.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\socul.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\smdnn05.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\searchupdate33.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\searchupdate31.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\searchsquire33.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\searchsquire3.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\searchsquire2.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\searchsquire.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\replmap.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\mslspcg.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\higehsg.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\comploader.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\brwprf32.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\brwperf.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\brwmgr32.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\brwconf.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\avifipxr.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\admeiolo.dll
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\system32\actidmoc.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\ssmsgr.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\ssls.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\ssdgt.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\sscrg.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\cssswd.exe
2008-03-17 17:37:57 0 dr-hs---- C:\WINDOWS\csssupd.exe
2008-03-17 17:37:57 236 -r-h----- C:\WINDOWS\connectionstatus
2008-03-17 17:37:57 234 -r-h----- C:\spedia
2008-03-17 17:37:57 244 -r-h----- C:\Program Files\swagent
2008-03-17 17:37:57 244 -r-h----- C:\Program Files\stealthwatcher200
2008-03-17 17:37:57 232 -r-h----- C:\Program Files\starware
2008-03-17 17:37:57 242 -r-h----- C:\Program Files\spywarestrike
2008-03-17 17:37:57 246 -r-h----- C:\Program Files\spyware stormer
2008-03-17 17:37:57 230 -r-h----- C:\Program Files\spytech software
2008-03-17 17:37:57 234 -r-h----- C:\Program Files\spyonthis
2008-03-17 17:37:57 230 -r-h----- C:\Program Files\spydawn
2008-03-17 17:37:57 232 -r-h----- C:\Program Files\spyblast
2008-03-17 17:37:57 256 -r-h----- C:\Program Files\spamblockerutility
2008-03-17 17:37:57 234 -r-h----- C:\Program Files\softomate
2008-03-17 17:37:57 232 -r-h----- C:\Program Files\sidefind
2008-03-17 17:37:57 244 -r-h----- C:\Program Files\shopperreports
2008-03-17 17:37:57 248 -r-h----- C:\Program Files\selectrebates
2008-03-17 17:37:57 228 -r-h----- C:\Program Files\seekmo
2008-03-17 17:37:57 226 -r-h----- C:\Program Files\p4p
2008-03-17 17:37:57 234 -r-h----- C:\Program Files\ietoolbar
2008-03-17 17:37:57 226 -r-h----- C:\Program Files\Common Files\sogou pxp
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\waladhpr.exe
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\wzhelper.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\webalize.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\somatic.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\servehost.exe
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\seqsb.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\seantb.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\s4helper.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\reg2.exe
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\pqhelper.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\mygeek.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\msqsb.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\mgeekremove.exe
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\ifsomatic.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\ifhelper.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\iebrw.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\hotlink.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\homepage.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\hmepge.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\gsim.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\system32\barbho.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\svrmgr.exe
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\gsim.dll
2008-03-17 17:37:56 0 dr-hs---- C:\WINDOWS\adrsb.exe
2008-03-17 17:37:56 232 -r-h----- C:\Program Files\valintines day card
2008-03-17 17:37:56 234 -r-h----- C:\Program Files\searchnet
2008-03-17 17:37:56 240 -r-h----- C:\Program Files\searchlocate
2008-03-17 17:37:56 236 -r-h----- C:\Program Files\screenview
2008-03-17 17:37:56 242 -r-h----- C:\Program Files\dynamic toolbar
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\speeder.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\shnlog.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\rlvknlg.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\rkinstaller.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\rk.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\msplus4.dll
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\msplus3.dll
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\msplus2.dll
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\msplus1.dll
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\msplus.dll
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\mrkscr.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\system32\intmon.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\skynetave.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\napatch.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\lsasss.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\lansas.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\cfg32s.dll
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\cfg32r.dll
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\cfg32o.dll
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\cfg32.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\avserve3.exe
2008-03-17 17:37:55 0 dr-hs---- C:\WINDOWS\avserve2.exe
2008-03-17 17:37:55 230 -r-h----- C:\Program Files\savenow
2008-03-17 17:37:55 230 -r-h----- C:\Program Files\save
2008-03-17 17:37:55 234 -r-h----- C:\Program Files\rxtoolbar
2008-03-17 17:37:55 250 -r-h----- C:\Program Files\relevantknowledge
2008-03-17 17:37:55 232 -r-h----- C:\Program Files\regifast
2008-03-17 17:37:55 230 -r-h----- C:\Program Files\ezthemes_whenusavenow_installer
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\wserver.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\winlogon.scr
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\winlogon.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\visualguard.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\userconfig9x.dll
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\vlcx052.dll
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\slpube03.dll
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\optserve.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\optserve.dll
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\mstc.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\msclt.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\lp.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\lp.dll
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\system32\auole4.dll
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\sysmonxp.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\symav.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\switpb.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\switpa.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\services.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\pandaavengine.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\msnmsgrs.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\maja.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\kasperskyaveng.exe
2008-03-17 17:37:54 0 dr-hs---- C:\WINDOWS\infodll.dll
2008-03-17 17:37:54 234 -r-h----- C:\Program Files\startup mechanic
2008-03-17 17:37:54 234 -r-h----- C:\Program Files\rax search helper
2008-03-17 17:37:54 228 -r-h----- C:\Program Files\psupport
2008-03-17 17:37:54 240 -r-h----- C:\Program Files\pc mightymax
2008-03-17 17:37:54 234 -r-h----- C:\Program Files\newdotnet
2008-03-17 17:37:54 228 -r-h----- C:\Program Files\exolon
2008-03-17 17:37:54 234 -r-h----- C:\Program Files\ddr
2008-03-17 17:37:54 236 -r-h----- C:\Program Files\Common Files\nsis
2008-03-17 17:37:54 234 -r-h----- C:\Program Files\arcade!
2008-03-17 17:37:54 228 -r-h----- C:\Program Files\adsponsor
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\xpfirewall.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\wpwmgrs.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winvnc.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\wintasker.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winsyscfg.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winsys32.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winsys.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winsvc32.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winstart.pif
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winnt.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\wininfo.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winhlpapi.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\wingmt32.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\winds.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\windowz.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\system32\windowsfirewall.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\rundil32.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\rundil.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\phantom.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\netmedia.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\jammer2nd.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\fvprotect.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\fooding.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\firewallsvr.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\easyav.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\diskmonitor.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\comp.cpl
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\avprotect9x.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\avprotect.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\avpguard.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\avguard.exe
2008-03-17 17:37:53 0 dr-hs---- C:\WINDOWS\avbgle.exe
2008-03-17 17:37:53 234 -r-h----- C:\Program Files\need2find
2008-03-17 17:37:53 226 -r-h----- C:\Program Files\ncase
2008-03-17 17:37:53 232 -r-h----- C:\Program Files\navexcel
2008-03-17 17:37:53 232 -r-h----- C:\Program Files\navexcel search toolbar
2008-03-17 17:37:53 238 -r-h----- C:\Program Files\mywebsearch
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\windasz-updote.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\win32.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\win24.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\wid32.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\wfdmgr.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\wfdgmr.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\wdns33.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\w32ntupdt.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\w1nt5k.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\twunk_65.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\timemanager.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\taskgmr32.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\taskgmr.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\taskgamr.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\tagmr.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\sysconf.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\sword.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\svshost.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\stagmr.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\sp2winfix.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\sp2fx.exe
2008-03-17 17:37:52 0 dr-hs---- C:\WINDOWS\system32\skybot.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\shell.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\service5.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\sd.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\scvhost32.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\

Edited by kingviper, 22 March 2008 - 03:34 PM.

  • 0

#5
kingviper
Posted 22 March 2008 - 03:40 PM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
PART 2:

2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\scrigz.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\scalpe91.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\rundll.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\remote.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\protection.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\plugnplay32.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\picx.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\phantom.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\netcog.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\mtrnqs.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\mswins.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\mssck.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\msplus32.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\msnl.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\msmgrxp.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\msgmr.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\msdev32.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\mouse.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\microupdate.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\memloader.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\mcscn.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\mailinfo.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\logitechwls.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\logic.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\lienvdk.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\lienvandekelder.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\lientjeuh.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\lien vd kelder.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\lien vande kelder.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\lien Van de kelderrr.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\lien van de kelder.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\lcd32.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\jusched32.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\itunegui.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\internet.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\iexplorer.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\hostdrvxp.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\hbmail.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\gothica.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\fixupdattr.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\evil.exe
2008-03-17 17:37:51 0 dr-hs---- C:\WINDOWS\system32\ds.exe
2008-03-17 17:37:50 0 dr-hs---- C:\winssystem.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb60.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb58.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb57.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb56.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb52.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb51.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb42.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb41.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winnb40.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\windmy.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\winats.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\patch31345.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\osalogbe.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\nn_bar31.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\nn_bar22.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\nn_bar21.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\msapasrc.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\msa64chk.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\microsystem.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\dcomuser.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\coolbot.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\ccsrs.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\avpr.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\abs.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\666.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\1hellbot.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\system32\0.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\patch31345.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\msnarrator.exe
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\mrhop.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\mpgcom.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\iempg2.dll
2008-03-17 17:37:50 0 dr-hs---- C:\WINDOWS\iempg.dll
2008-03-17 17:37:50 0 dr-hs---- C:\hellmsn.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\xwrm.exe
2008-03-17 17:37:49 240 -r-h----- C:\WINDOWS\wintrim
2008-03-17 17:37:49 240 -r-h----- C:\WINDOWS\winmgts
2008-03-17 17:37:49 240 -r-h----- C:\WINDOWS\wincomp
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\unstall.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\vtlbar1.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\updtscheduler.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\tubby.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\tbc.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\sys.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\nn_bar.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\nas.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\myaccess.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\mtc.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\msxml4r.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\msklive.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\msegcompid.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\mapisvc32.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\madise.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\iexplore.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\duel.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\dll.dll
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\system32\adv.dll
2008-03-17 17:37:49 240 -r-h----- C:\WINDOWS\navpmc
2008-03-17 17:37:49 240 -r-h----- C:\WINDOWS\mslagent
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\mmups.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\mm63.ocx
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\mm21.ocx
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\mm20.ocx
2008-03-17 17:37:49 240 -r-h----- C:\WINDOWS\mc
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\imgurla.exe
2008-03-17 17:37:49 0 dr-hs---- C:\WINDOWS\a64sddd.exe
2008-03-17 17:37:49 236 -r-h----- C:\Program Files\support software
2008-03-17 17:37:49 234 -r-h----- C:\Program Files\powersearch
2008-03-17 17:37:49 234 -r-h----- C:\Program Files\perfectnav
2008-03-17 17:37:49 236 -r-h----- C:\Program Files\network essentials
2008-03-17 17:37:49 242 -r-h----- C:\Program Files\memorywatcher
2008-03-17 17:37:49 236 -r-h----- C:\Program Files\medialoads
2008-03-17 17:37:49 236 -r-h----- C:\Program Files\medialoads enhanced
2008-03-17 17:37:49 242 -r-h----- C:\Program Files\media gateway
2008-03-17 17:37:49 232 -r-h----- C:\Program Files\md
2008-03-17 17:37:49 244 -r-h----- C:\Program Files\kuaiso toolsbar
2008-03-17 17:37:49 242 -r-h----- C:\Program Files\kgb keylogger
2008-03-17 17:37:49 234 -r-h----- C:\Program Files\incredifind
2008-03-17 17:37:49 228 -r-h----- C:\Program Files\ebayshop
2008-03-17 17:37:49 234 -r-h----- C:\Program Files\Common Files\updmgr
2008-03-17 17:37:49 234 -r-h----- C:\Program Files\Common Files\updater
2008-03-17 17:37:49 234 -r-h----- C:\Program Files\Common Files\keenvalue
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\wgavm.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\wgareg.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\version.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\toolbar.dll
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\mseggrpid.dll
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\mscache.dll
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\keyhost.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\keyactivex.ocx
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\jeired.dll
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\gcasctrl.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\aupdate_uninstall.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\system32\aupdate.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\mscache.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\mscache.dll
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\istsvc.exe
2008-03-17 17:37:48 0 dr-hs---- C:\WINDOWS\exedialer.exe
2008-03-17 17:37:48 228 -r-h----- C:\Program Files\lstsvc
2008-03-17 17:37:48 228 -r-h----- C:\Program Files\istbar
2008-03-17 17:37:48 228 -r-h----- C:\Program Files\ipwindows
2008-03-17 17:37:48 266 -r-h----- C:\Program Files\invisible secrets toolbar
2008-03-17 17:37:48 240 -r-h----- C:\Program Files\instant buzz
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\winstart001.exe
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\winstart.exe
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\winsrm32.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\winenc32.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\windowsie.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\windec32.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\waeb.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\update_rsp.DLL
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\update_removeold.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\update_hosts.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\update_com.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\sbus.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\ineb.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\iexplorr29.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\iexplorr27.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\iexplorr26.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\iexplorr25.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\iexplorr24.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\iexplorr23.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\iexplorr22.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\iexplorr11.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\ia.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\gws.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\egdial.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\egdhtml_1027.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\egdhtml_1026.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\egdhtml_1025.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\egdhtml_1024.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\egdhtml_1023.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\drbr.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\chgrgs.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\bundler_mpb_sb.exe
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\bmeb.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\belop.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\absnro.dll
2008-03-17 17:37:47 0 dr-hs---- C:\WINDOWS\system32\abeb.dll
2008-03-17 17:37:47 230 -r-h----- C:\WINDOWS\ilookup
2008-03-17 17:37:47 258 -r-h----- C:\Program Files\instant access
2008-03-17 17:37:47 248 -r-h----- C:\Program Files\install provider
2008-03-17 17:37:47 240 -r-h----- C:\Program Files\instafink
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\wupdt.exe
2008-03-17 17:37:46 232 -r-h----- C:\WINDOWS\wqzq
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\winserv.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\winobject.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\wdskctl.exe
2008-03-17 17:37:46 232 -r-h----- C:\WINDOWS\wcby
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\ts.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\wtoolsb.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\update_bho.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\rsp001.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\rsp.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\msielink.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\msiein.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\internetfeatures.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\install_all.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\iemsg.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\iemonit.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\iehost.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\iehook.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\iefeaturesversion.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\iefeatures.exe
2008-03-17 17:37:46 232 -r-h----- C:\WINDOWS\system32\iedriver
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\ieaccess2.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\httper.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\eghtmldialer.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\dhtmlaccess.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\btiein.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\bho001.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\bho.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\atmtd.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\system32\atmtd.dll._
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\systb.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\systb.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\ssk.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\snbho.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\rgrt.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\pxckdlauninstall.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\pxckdla.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\offerssk.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\invitessk.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\iehook.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\id.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\extract.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\dsr.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\dsr.dll
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\dlgb.exe
2008-03-17 17:37:46 0 dr-hs---- C:\WINDOWS\dinst.exe
2008-03-17 17:37:46 228 -r-h----- C:\Program Files\system soap pro
2008-03-17 17:37:46 230 -r-h----- C:\Program Files\search toolbar
2008-03-17 17:37:46 228 -r-h----- C:\Program Files\httper
2008-03-17 17:37:46 232 -r-h----- C:\Program Files\Common Files\wqzq
2008-03-17 17:37:46 230 -r-h----- C:\Program Files\Common Files\msiets
2008-03-17 17:37:46 230 -r-h----- C:\Program Files\Common Files\btlink
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\zopenssl.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\yvsvga.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\yvsvga.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\yvprgb.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\yvpp02.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\yvpp01.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\yvpp01.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\yvbb01.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\ydsvgd.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\ydsvgd.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\ycsvgd.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\ycsvga.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\ycsrgb.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xptptt.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xptp16.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xopptp.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xopptp.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xmsk64.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xmsk32.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xmm13g.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xdudtt.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xdpptp.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\xcdmfree.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\wz.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\wxtwdx.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\wndtx1.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\winm32.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\winlow.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\winf44.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\wd.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\w32_ss.exe
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\vtd_16.exe
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\vistax.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\vdnt32.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\vdmt16.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\twpr32.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\twpkad.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\tcpwrk.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\tcpr32.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\tcpgdc.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\tcpg4t.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\svkvpn.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\svkvpn.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\svjvpn.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\sndu32.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\snda32.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\smtapi.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\skyx16.dll
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\sksdrvr2.sys
2008-03-17 17:37:45 0 dr-hs---- C:\WINDOWS\system32\preload.ocx
2008-03-17 17:37:45 228 -r-h----- C:\Program Files\hotbar
2008-03-17 17:37:45 244 -r-h----- C:\Program Files\homekeylogger
2008-03-17 17:37:45 228 -r-h----- C:\Program Files\hbtools
2008-03-17 17:37:45 228 -r-h----- C:\Program Files\hbinst
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\sksdll.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\sks2drvr.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\sertgs.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\semd32.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\se633mxx.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\se500mdm.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\sdmapi.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\sdcard98.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\satmmc.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\satdll.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\satau320.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\rsdapi.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\regp32.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\rdrvr2.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\qz.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\qz.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\qy.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\qo.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\qo.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\psksds.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\prwsks.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\prw76sks.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\printpnp.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\ppts16.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\pptp32.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\pptp24.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\pptp16.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\pdx.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\openglss.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\obbn13t.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\nuclabdll.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\nkunpack.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\nkgfs.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\nclabydll.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\msplg7.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mmxf64.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mmxf32.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mmxeroxk.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mmx4xt.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mmx432.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mmx17g.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\memlow.sys
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mdfpro.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mcfg7a.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\mcfcc4.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\lsd_f3.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\logon16x.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\ljjhh.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\lanmui.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\lanh32.dll
2008-03-17 17:37:44 0 dr-hs---- C:\WINDOWS\system32\klo5.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\jsdapi.exe
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\iesdl4l.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\ies4dll.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\ideusr50.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\hz.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\hpprintx.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\hm.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\gdwxp3.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\gdiwxp.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\gatexkey.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\fuxx32.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\flashdrvr.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\extxerox.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\extfpu.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\emldvc.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\eexvpn.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\eetvpn.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\eetvpn.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\dxtpdx.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\dvd4free.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\dvb06a.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\dvb03a.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\dvb03a.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\drct16.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\draw32.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\docent2.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\docent0.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\directut.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\directpt.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\debugg.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\ddirectz.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\cz.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\cm.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\cert32.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\cdscsix3.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\c4.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\c3.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\c3.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\bt848rom.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\boot32.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\bmtdhh.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\axxt32.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\axdebugl.dll
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\avpx64.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\avpx32.sys
2008-03-17 17:37:43 0 dr-hs---- C:\WINDOWS\system32\avpx32.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\zz.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\trk.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\td1.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\sysldr.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\support.exe
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\ss32.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\ss.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\pdfzzy.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\pavb1u2.exe
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\msxver64.sqr
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\ie.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\idleui.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\fwntoolbar.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\ftapp.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\flt.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\flcp.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\avpp32.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\avpi32.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\avpe32.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\system32\avload32.dll
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\savestartdate.exe
2008-03-17 17:37:42 0 dr-hs---- C:\WINDOWS\frsk.exe
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\xmod
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\xml
2008-03-17 17:37:42 242 -r-h----- C:\Program Files\vcom
2008-03-17 17:37:42 246 -r-h----- C:\Program Files\sync manager demo
2008-03-17 17:37:42 242 -r-h----- C:\Program Files\scom
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\reg2
2008-03-17 17:37:42 242 -r-h----- C:\Program Files\pvm
2008-03-17 17:37:42 242 -r-h----- C:\Program Files\primesoft
2008-03-17 17:37:42 242 -r-h----- C:\Program Files\paymentone
2008-03-17 17:37:42 252 -r-h----- C:\Program Files\gsr
2008-03-17 17:37:42 242 -r-h----- C:\Program Files\gsoft
2008-03-17 17:37:42 242 -r-h----- C:\Program Files\gmsoft
2008-03-17 17:37:42 228 -r-h----- C:\Program Files\globe7
2008-03-17 17:37:42 240 -r-h----- C:\Program Files\globaldialer
2008-03-17 17:37:42 246 -r-h----- C:\Program Files\fwn toolbar
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\ftk
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\ftapp
2008-03-17 17:37:42 250 -r-h----- C:\Program Files\fsw
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\flt
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\fln
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\flcp
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\fla
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\filesubmit
2008-03-17 17:37:42 236 -r-h----- C:\Program Files\fen
2008-03-17 17:37:42 242 -r-h----- C:\Program Files\dialers
2008-03-17 17:37:42 226 -r-h----- C:\Program Files\browserenh
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\otw0i.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\ofrg.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\n3tpa1p.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\mpz300.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\mmview_101.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\mbr32.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\lwz.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\lstb4drc.exe
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\lstb4drc.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\in10b6s.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\im64.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\gr02.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\gold2.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\fone.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\favorite.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\favman.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\favboot.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\f1.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\emesx.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\dlh0st.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\casldr.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\atpartners.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\arb1tal.dll
2008-03-17 17:37:41 0 dr-hs---- C:\WINDOWS\system32\aess2.dll
2008-03-17 17:37:40 248 -r-h----- C:\windowsupdate
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\woinstall.exe
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\rmashlex.dll
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\nvrcr32.dll
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\links.dll
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\keymap.dll
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\goupdate.exe
2008-03-17 17:37:40 252 -r-h----- C:\WINDOWS\system32\fcyberalert
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\fastseekertoolbar.dll
2008-03-17 17:37:40 226 -r-h----- C:\WINDOWS\system32\f0r0r
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\ezstub.exe
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\ezpopstub.exe
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\expup.exe
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\expext.dll
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\estartlinkrotater.exe
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\eros.exe
2008-03-17 17:37:40 248 -r-h----- C:\WINDOWS\system32\ctf
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\bkmsf32.dat
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\system32\_epnt.sys
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\goupdate.exe
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\fastseekersetupv2.ocx
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\fastseekersetup.ocx
2008-03-17 17:37:40 0 dr-hs---- C:\WINDOWS\ezinstall.exe
2008-03-17 17:37:40 232 -r-h----- C:\WINDOWS\etb
2008-03-17 17:37:40 232 -r-h----- C:\WINDOWS\elitetoolbar
2008-03-17 17:37:40 232 -r-h----- C:\WINDOWS\elitesidebar
2008-03-17 17:37:40 232 -r-h----- C:\WINDOWS\elitebar
2008-03-17 17:37:40 260 -r-h----- C:\Program Files\websearch
2008-03-17 17:37:40 260 -r-h----- C:\Program Files\webrebates
2008-03-17 17:37:40 226 -r-h----- C:\Program Files\web offer
2008-03-17 17:37:40 230 -r-h----- C:\Program Files\media-codec
2008-03-17 17:37:40 236 -r-h----- C:\Program Files\fastseeker
2008-03-17 17:37:40 226 -r-h----- C:\Program Files\ezurl
2008-03-17 17:37:40 226 -r-h----- C:\Program Files\ezula
2008-03-17 17:37:40 246 -r-h----- C:\Program Files\exploreanywhere
2008-03-17 17:37:40 248 -r-h----- C:\Program Files\exact
2008-03-17 17:37:40 230 -r-h----- C:\Program Files\emedia codec
2008-03-17 17:37:40 260 -r-h----- C:\Program Files\ebatesmoemoneymaker
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\skytown.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\ptech.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\pruttct.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\prutsct.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\prutpct.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\iniwin32.dll
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\iebhos.dll
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\filgmo.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\ei.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\easywww3.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\easywww2.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\easywww.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\dreampopper.dll
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\system32\askearth17.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\redirect5.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\pi1.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\iewwwint.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\iewww.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\ewupdater.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\easywww3.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\easywww2.exe
2008-03-17 17:37:39 0 dr-hs---- C:\WINDOWS\easywww.exe
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\real-tens
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\movienetworks
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\mlh
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\medch
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\kfh
2008-03-17 17:37:39 260 -r-h----- C:\Program Files\ebates_moemoneymaker
2008-03-17 17:37:39 228 -r-h----- C:\Program Files\e2give
2008-03-17 17:37:39 228 -r-h----- C:\Program Files\e2g
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\drivecleaner free
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\drivecleaner 2006 free
2008-03-17 17:37:39 228 -r-h----- C:\Program Files\data19
2008-03-17 17:37:39 234 -r-h----- C:\Program Files\comsoft
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\Common Files\drivecleaner free
2008-03-17 17:37:39 228 -r-h----- C:\e2g
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\system32\urncbc.dll
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\system32\urncb.dll
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\system32\rundnm.exe
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\system32\dolsp.dll
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\system32\dialeroffline.dll
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\system32\diabolo.exe
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\system32\deltaclick.dll
2008-03-17 17:37:38 226 -r-h----- C:\WINDOWS\explorer
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dsearch1.bin
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dsearch.bin
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dlder.exe
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhupdt.exe
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhun.exe
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhsvr.exe
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhsigned.ocx
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhp2.dll
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhp.dll
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhkw1.bin
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhkw.bin
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhdomp1.bin
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhdomp.bin
2008-03-17 17:37:38 0 dr-hs---- C:\WINDOWS\dhdom1.bin
2008-03-17 17:37:38 258 -r-h----- C:\Program Files\keylog
2008-03-17 17:37:38 240 -r-h----- C:\Program Files\downloadware
2008-03-17 17:37:38 240 -r-h----- C:\Program Files\downloadware engine
2008-03-17 17:37:38 244 -r-h----- C:\Program Files\dealio
2008-03-17 17:37:38 248 -r-h----- C:\Program Files\Common Files\eacceleration
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\winnj32.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\winmc.exe
2008-03-17 17:37:37 242 -r-h----- C:\WINDOWS\winfj
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\newmsrdk2.zip
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\hookpopup.dll
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\dun.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\customtoolbar.dll
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\crocopop32.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\comload.dll
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\cdsync.dll
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\cdlsp.dll
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\cd_swf.dll
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\cd_load.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\cd_htm.dll
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\cd_gif.dll
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\cd_clint.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\system32\calsp.dll
2008-03-17 17:37:37 228 -r-h----- C:\WINDOWS\system32\adcache
2008-03-17 17:37:37 242 -r-h----- C:\WINDOWS\syspi
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\syslr.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\syskr.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\sysjq.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\sysea.exe
2008-03-17 17:37:37 242 -r-h----- C:\WINDOWS\sysbj
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\sys.reg
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\sistem.exe
2008-03-17 17:37:37 228 -r-h----- C:\WINDOWS\roodyc
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\dhdom.bin
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\dhbrwsr.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\dhbrowser.exe
2008-03-17 17:37:37 0 dr-hs---- C:\WINDOWS\dealhlpr.dll
2008-03-17 17:37:37 236 -r-h----- C:\Program Files\dealhelper
2008-03-17 17:37:37 234 -r-h----- C:\Program Files\dateregon
2008-03-17 17:37:37 238 -r-h----- C:\Program Files\date manager
2008-03-17 17:37:37 236 -r-h----- C:\Program Files\commonname
2008-03-17 17:37:37 226 -r-h----- C:\Program Files\Common Files\cpush
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\xxxvideo.hta
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\xplugin.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\word10.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\winyw32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\winres.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\winproc32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\winns32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\winlo.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\winlink.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\winga.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\system32\wer1306.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\sdkrr32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\sdkev.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\qttasks.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\olehelp.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\ntyo32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\ntyk32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\ntwn.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\ntwg.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\navext.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\my.css
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\mszv32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\msnc32.exe
2008-03-17 17:37:36 242 -r-h----- C:\WINDOWS\msew
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\msconfd.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\mfcui32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\mfckb.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\mfcbm32.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\kk8pwxm634.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\ipyx32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\ipog.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\image.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\iexplorer.exe
2008-03-17 17:37:36 242 -r-h----- C:\WINDOWS\ieoo
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\help_ecc.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\help_dcc.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\dpe.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\default.css
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\d3zg.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\d3ue.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\d3nr32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\d3fl32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\d3fd32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\d3cq.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\ctrlpan.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\crvl.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\bipw.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\avpcc.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\atlrl32.dll
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\atlfs32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\appwn32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\appsh.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\apivt.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\apijn32.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\apigj.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\apifb.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\apiac.exe
2008-03-17 17:37:36 0 dr-hs---- C:\WINDOWS\addkc32.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\webinfo.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\wcadw.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\toolband.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\sys_ext.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\submithook.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\sqlbgb.dll
2008-03-17 17:37:35 242 -r-h----- C:\WINDOWS\system32\services
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\searchaddon.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\sdkly.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\sdkhb32.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\sdkdh.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\pnkeb.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\opc.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\olehelp.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\oipa.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\oifhhio.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\ntdx.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\netjh32.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\navext.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mupdate.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mtwirl32.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\msxmlpp.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\msupdate.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mssz32.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\msspi.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mssearch.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\msph32.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\msiesh.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mshelper.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\msconfd.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mid.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mgs_32.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mfcuo.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mfcqc32.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\mfcgt32.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\kncjmlb.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\kha.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\jehmbyxrubdb.dll
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\ipst32.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\ippy.exe
2008-03-17 17:37:35 0 dr-hs---- C:\WINDOWS\system32\iphj32.exe
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\ipgs.exe
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\iewe32.exe
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\ieug32.exe
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\ietoolbar.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\iehost34.exe
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\iefy.exe
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\iefi.exe
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\iefeatsl.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\hlmk.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\googlems.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\gln.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\gejafa.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\gegnba.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\famcff.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\excel10.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\dxm8vb.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\dreplace.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\dnsrelay.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\dnserr.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\dnse.dll
2008-03-17 17:37:34 0 dr-hs---- C:\WINDOWS\system32\delj.dll
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\d3ul32.exe
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\d3gj.exe
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\d3fm.exe
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\ctrlpan.dll
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\ctfmon32.exe
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\crxa.exe
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\crsw32.exe
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\crko.exe
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\criticalupdater.exe
2008-03-17 17:37:33 0 dr-hs---- C:\WINDOWS\system32\crcz.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\msongn.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\msobfl.dll
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\crby32.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\coolwebsearch-info.dll
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\bpln.dll
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\bootconf.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\avpcc.dll
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\autosearch.dll
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\atlpv32.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\atlkt32.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\atlhy.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\astctl32.ocx
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\astctl32.dll
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\appoe32.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\appjc32.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\appis32.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\appio.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\apivy.exe
2008-03-17 17:37:32 0 dr-hs---- C:&
  • 0

#6
kingviper
Posted 22 March 2008 - 03:44 PM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Probably didn't need to post all of this but owell:

2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\apioe.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\apica.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\addwh32.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\addgp32.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\adddx.dll
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\system32\1.00.07.dll
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\smss.exe
2008-03-17 17:37:32 0 dr-hs---- C:\WINDOWS\conscorr.exe
2008-03-17 17:37:32 234 -r-h----- C:\WINDOWS\configsys
2008-03-17 17:37:32 240 -r-h----- C:\WINDOWS\coder
2008-03-17 17:37:32 262 -r-h----- C:\Program Files\colej_uk design toolbar
2008-03-17 17:37:32 234 -r-h----- C:\Program Files\clocksync
2008-03-17 17:37:32 234 -r-h----- C:\Program Files\clipgenie
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\uptodate.exe
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\stlbupdt.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msnkmi.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msncjk.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msmm.exe
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msmdld.DLL
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msmc.exe
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mslefh.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mskpkc.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mskhhe.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mskehb.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mskceo.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msjfbl.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msibkd.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msgdmf.exe
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msfaol.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msenfh.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mseffm.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msedah.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mseclk.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msdlgk.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msdaim.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mscpbo.exe
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\mscdka.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\msccof.exe
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\ipv6mons.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\ietie.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\ie_clrsch.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\disable1.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\disable.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\ctbhooks.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\csie.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\bpv2t.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\bpv2s.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\system32\bpv1a.dll
2008-03-17 17:37:31 0 dr-hs---- C:\WINDOWS\rundll16.dll
2008-03-17 17:37:31 244 -r-h----- C:\WINDOWS\ctb3_shared
2008-03-17 17:37:31 238 -r-h----- C:\Program Files\lycos
2008-03-17 17:37:31 228 -r-h----- C:\Program Files\gator.com
2008-03-17 17:37:31 238 -r-h----- C:\Program Files\csbb
2008-03-17 17:37:31 236 -r-h----- C:\Program Files\Common Files\psd tools
2008-03-17 17:37:31 228 -r-h----- C:\Program Files\Common Files\gmt
2008-03-17 17:37:31 228 -r-h----- C:\Program Files\Common Files\cmeii
2008-03-17 17:37:31 238 -r-h----- C:\Program Files\cntrc
2008-03-17 17:37:31 234 -r-h----- C:\Program Files\clientman
2008-03-17 17:37:31 238 -r-h----- C:\Program Files\clearsearch
2008-03-17 17:37:31 0 dr-hs---- C:\csrss.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\zeta.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\vx3x.nls
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\unstsa2.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\stlbdist.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\stlbad123.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\rundll16.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\rsstoolbar.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\rem00001.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\quicklaunchie.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\oo4.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\msiefr40.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\inetp60.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\iesearchbar.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\highlighthelper.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bxxs5.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bxsx5.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bsx5.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bs3.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bs2.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\broweraidtoolbar.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bdeverify.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bdesecureinstall.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bdesecureinstall.cab
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bdeinstall.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bdeinsta2.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bdefdi.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bdedownloader.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\bdedata2.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\anaamon.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\acd.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\5_0_1browserhelper5.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\3_0_1browserhelper3.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\system32\2_0_1browserhelper2.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\oo4.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\msxct.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\exul.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\exdl.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\exclean.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\cfg32p.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\bxxs5.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\bsx5.dll
2008-03-17 17:37:30 238 -r-h----- C:\WINDOWS\bsx32
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\bs3.dll
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\bs2.dll
2008-03-17 17:37:30 222 -r-h----- C:\WINDOWS\bde
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\bbchk.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\bargain4.exe
2008-03-17 17:37:30 0 dr-hs---- C:\WINDOWS\ahcb.exe
2008-03-17 17:37:30 234 -r-h----- C:\Program Files\windowssa
2008-03-17 17:37:30 238 -r-h----- C:\Program Files\tvs
2008-03-17 17:37:30 238 -r-h----- C:\Program Files\tbonbin
2008-03-17 17:37:30 238 -r-h----- C:\Program Files\rvp
2008-03-17 17:37:30 236 -r-h----- C:\Program Files\letssearch
2008-03-17 17:37:30 238 -r-h----- C:\Program Files\btv
2008-03-17 17:37:30 238 -r-h----- C:\Program Files\brp
2008-03-17 17:37:30 236 -r-h----- C:\Program Files\browser pal
2008-03-17 17:37:30 238 -r-h----- C:\Program Files\bpt
2008-03-17 17:37:30 238 -r-h----- C:\Program Files\bpc_search
2008-03-17 17:37:30 236 -r-h----- C:\Program Files\bonzibuddy
2008-03-17 17:37:30 222 -r-h----- C:\Program Files\bde
2008-03-17 17:37:30 238 -r-h----- C:\Program Files\bcpc
2008-03-17 17:37:30 222 -r-h----- C:\bde
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\winxp.exeopenopenopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\winxp.exeopenopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\winxp.exeopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\winxp.exeopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\winxp.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\wintems.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\winhost.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\wingo.exeopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\wingo.exeopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\wingo.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\windll.exeopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\windll.exeopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\windll.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\windirect.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\win32lib.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\vx3.nls
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\vx2x.nls
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\vx2.nls
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\vx1x.nls
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\vx1.nls
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\vx0x.nls
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\vx0.nls
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\sys_xp.exeopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\sys_xp.exeopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\sys_xp.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\re_file.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\nvms.dll
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\netut80ex.vxd
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\msxct.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\msexreg.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\mscb.dll
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\msbe.dll
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\mqexdlm.srg
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\loader_name.exeopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\loader_name.exeopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\loader_name.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\javexulm.vxd
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\javex80.vxd
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\instsrv.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\hldrrr.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exul3.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exul1.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exul.exe
2008-03-17 17:37:29 236 -r-h----- C:\WINDOWS\system32\exefld
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exdl3.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exdl2.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exdl1.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exdl0.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exdl.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\exclean.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\drvddll.exeopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\drvddll.exeopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\drvddll.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\doriot.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\dlgli.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\bbchk.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\bawindo.exeopenopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\bawindo.exeopen
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\bawindo.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\anti_troj.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\angelex.exe
2008-03-17 17:37:29 0 dr-hs---- C:\WINDOWS\system32\_dll.exe
2008-03-17 17:37:29 240 -r-h----- C:\Program Files\navisearch
2008-03-17 17:37:29 240 -r-h----- C:\Program Files\funcade
2008-03-17 17:37:29 240 -r-h----- C:\Program Files\cashback
2008-03-17 17:37:29 240 -r-h----- C:\Program Files\cardcrazy
2008-03-17 17:37:29 240 -r-h----- C:\Program Files\bullseye network
2008-03-17 17:37:29 240 -r-h----- C:\Program Files\bargain buddy
2008-03-17 17:37:29 230 -r-h----- C:\Program Files\backweb
2008-03-17 17:37:29 0 dr-hs---- C:\ntldr.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\zserv.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\voiceip.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\unast.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\xxvyaj.exe
2008-03-17 17:37:28 248 -r-h----- C:\WINDOWS\system32\win type
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\wbtvsffd.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\tfde.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\susp_reco.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\stmtreco.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\safesearch.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\randreco.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\poller.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\polau2c.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\msipcsv.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\msinfosys.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\ipclient.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\ipcclient.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\intfaxui.exe
2008-03-17 17:37:28 248 -r-h----- C:\WINDOWS\system32\ide
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\htmdeng.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\drpmon.dll
2008-03-17 17:37:28 248 -r-h----- C:\WINDOWS\system32\dhcp32
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\atmon.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\ast.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\aplsp.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\anadscb.ocx
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\anadsc.ocx
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\amcis3.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\amcis2.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\amcis.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\advertcontrolxcontrol.ocx
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\advert.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\system32\adimage.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\svcproc.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\speeryox.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\speer2.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\pynix.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\pool32.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\nail.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\mxtarget.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\ms spool32.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\ms spool32.dat
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\morphacl.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\imguninst.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\imgiant.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\ib.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\farmmext.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\ejgekgpq.ini
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\druninst.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\dlmax.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\ceres.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\buddy.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\btgrab.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\bolger.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\biprep.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\bi.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\banner.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\aurorahandler.dll
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\aurora.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\ast.exe
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\ac.aut
2008-03-17 17:37:28 0 dr-hs---- C:\WINDOWS\abiuninst.htm
2008-03-17 17:37:28 230 -r-h----- C:\Program Files\sysal
2008-03-17 17:37:28 246 -r-h----- C:\Program Files\mediaring talk
2008-03-17 17:37:28 230 -r-h----- C:\Program Files\cxtpls
2008-03-17 17:37:28 244 -r-h----- C:\Program Files\arcaderockstar
2008-03-17 17:37:28 230 -r-h----- C:\Program Files\aprps
2008-03-17 17:37:28 230 -r-h----- C:\Program Files\aproposclient
2008-03-17 17:37:28 228 -r-h----- C:\Program Files\altnet
2008-03-17 17:37:28 232 -r-h----- C:\Program Files\adstatus service
2008-03-17 17:37:28 228 -r-h----- C:\Program Files\acetoolbar
2008-03-17 17:37:28 246 -r-h----- C:\Program Files\accoona
2008-03-17 17:37:27 0 dr-hs---- C:\winstall.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\wnsinttr.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\wnsintsv.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\wnscpit.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\wnscpcc.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\wnsapisv.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\wnsapisu.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\wintsvsu.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\winservs.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\winservn.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\twain32.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\stcloader.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\nnmzoq.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\ndrv.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\ndrv.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\msietk1020.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\msiebho.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\ln_reco.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\laziqn.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\imgiant.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\ginuerep.dll
2008-03-17 17:37:27 230 -r-h----- C:\WINDOWS\system32\feeds
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\farmmext.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\ezxiiyv.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\dxmpp.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\bik.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\bdle4012.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\7search.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\2searchinstaller.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\2ndsrch.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\2020search2.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\2020search.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\system32\007guard.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\mssvr.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\ihsn.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\fejgl.exe
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\2020search2.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\2020search.dll
2008-03-17 17:37:27 0 dr-hs---- C:\WINDOWS\2020install.exe
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\unspypc
2008-03-17 17:37:27 230 -r-h----- C:\Program Files\the guard
2008-03-17 17:37:27 236 -r-h----- C:\Program Files\stc
2008-03-17 17:37:27 236 -r-h----- C:\Program Files\srng
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\spyware remover
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\spysheriff
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\spyfalcon
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\security iguard
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\securemypc
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\scan & repair utilities 2007
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\remedyantispy
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\regfreeze
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\razespyware
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\purityscan
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\psguard
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\privacy crusader demo
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\privacy champion
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\pesttrap
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\pestcapture
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\pestbot
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\perfectcleaner
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\pcsecurityshield
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\pc health plan
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\pal spyrem
2008-03-17 17:37:27 246 -r-h----- C:\Program Files\netturbotrial
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\neospace
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\myspyprotector
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\mynetprotector
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\malwarewipers
2008-03-17 17:37:27 228 -r-h----- C:\Program Files\fs
2008-03-17 17:37:27 246 -r-h----- C:\Program Files\Common Files\betterinternet
2008-03-17 17:37:27 246 -r-h----- C:\Program Files\abetterinternet
2008-03-17 17:37:27 230 -r-h----- C:\Program Files\2search
2008-03-17 17:37:27 254 -r-h----- C:\Program Files\180searchassistant
2008-03-17 17:37:27 254 -r-h----- C:\Program Files\180search assistant
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\xpupdate.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\winutil4.dll
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\winupd.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\winsvc.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\winctl4.dll
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\winctl3.ocx
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\svhost.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\svchost32.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\server.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\regsvc32.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\fk.dll
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\system32\filekiller.dll
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\svchost.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\rundll16.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\explore.exe
2008-03-17 17:37:26 0 dr-hs---- C:\WINDOWS\csrss.exe
2008-03-17 17:37:26 277 -r-h----- C:\Program Files\winferno
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\softwaredoctor
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\secure pc solutions
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\scorpio software
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\pcprivacysoftware.com
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\malwarewipe.com
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\malwaresweeper.com
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\malwarestopper
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\malwarealarm
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\killandclean
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\kazaap
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\hitvirus
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\guardbar
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\goodbye spy
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\froggie scan demo
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\flobo spyware clean
2008-03-17 17:37:26 284 -r-h----- C:\Program Files\fix my registry
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\expertantivirus
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\etd security scanner
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\easy erase spyware remover
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\doctor adware
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\doctor adware pro
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\curepcsolution
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\contravirus
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\codeclean2007
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\cleanx2007
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\bulletproofsoft.com
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\bravesentry
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\bps remover
2008-03-17 17:37:26 276 -r-h----- C:\Program Files\beclean
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\avsystemcare
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\antivirusgoldenpro
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\antivirus solution
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\antivirus protection
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\antiviralgolden
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\antivermins
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\antispyware soldier
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\allume systems
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\alertspy
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adwareX eliminator
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adwarespy
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adwaresheriff
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adwareremovergold.com
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adwarepunisher
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adwarefinder
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adwarebazooka
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adware spyWare removal
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adware remover
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adware patrol
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adware agent
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\ads adware remover
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\adfindertoolbar
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\ad armor
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\1stantivirus
2008-03-17 16:46:52 0 d-------- C:\Program Files\Malware Immunizer
2008-03-16 20:21:15 0 d-------- C:\Program Files\Spyware Doctor
2008-01-05 16:48:19 0 d-------- C:\Documents and Settings\Bryan\OngameNetwork
2008-01-05 16:26:29 0 d-------- C:\Program Files\VTech
2008-01-05 11:24:29 0 d-------- C:\Program Files\HollywoodPoker
2007-06-03 17:17:24 0 d-------- C:\Documents and Settings\Amy\Application Data\RegistrySmart
2007-06-03 17:17:20 0 d-------- C:\Documents and Settings\Amy\Application Data\ErrorKiller
2007-06-03 16:39:32 0 d-------- C:\Program Files\RegistryFix
2007-06-03 16:34:34 0 d-------- C:\Documents and Settings\Bryan\Application Data\ErrorKiller
2007-06-03 12:46:14 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2007-06-03 12:10:41 0 d-------- C:\Documents and Settings\Bryan\Application Data\RegistrySmart
2007-06-03 12:10:35 0 d-------- C:\Program Files\RegistrySmart
2007-06-02 22:17:35 0 d-------- C:\WINDOWS\pss
2007-06-02 21:59:37 26787 --a----c- C:\WINDOWS\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
2007-06-02 21:54:13 45152 --a------ C:\WINDOWS\system32\vdsreg.exe
2007-06-02 21:30:23 0 d-------- C:\Program Files\MSXML 4.0
2007-05-08 15:03:04 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>
2007-02-26 16:41:18 184436 --a----c- C:\WINDOWS\system32\mwinqqdv.exe
2007-01-22 12:58:31 184435 --a----c- C:\WINDOWS\system32\mwinqqea.exe
2007-01-13 18:07:38 122 --a----c- C:\WINDOWS\TMPDELIS.BAT
2007-01-13 18:07:38 123 --a----c- C:\WINDOWS\TMPCPYIS.BAT
2007-01-13 17:45:12 250368 --a----c- C:\WINDOWS\system\MSVCRT20.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2007-01-13 17:45:12 20976 --a----c- C:\WINDOWS\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2007-01-13 17:45:11 0 d-------- C:\OPLIMIT
2007-01-13 17:44:48 248176 --a----c- C:\WINDOWS\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-01-13 17:44:48 26768 --a----c- C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-01-13 17:44:23 47616 -r-----c- C:\WINDOWS\ucmsp_32.dll
2007-01-13 17:44:23 37376 --a----c- C:\WINDOWS\kpsys32.dll <Not Verified; Eastman Kodak Company; KCMS System Interface Library>
2007-01-13 17:44:23 196608 --a----c- C:\WINDOWS\kpcp32.dll <Not Verified; Eastman Kodak Company; KODAK DIGITAL SCIENCE Professional Color Processor (Win32)>
2007-01-13 17:44:22 133120 --a----c- C:\WINDOWS\sprof32.dll <Not Verified; Eastman Kodak Company; KODAK DIGITAL SCIENCE ICC Profile API>
2007-01-13 17:44:13 17376 --a----c- C:\WINDOWS\system32\pv8630.sys <Not Verified; PowerVision Technologies Inc.; USB Image Device>
2007-01-13 17:44:13 6932 --a----c- C:\WINDOWS\system32\glscan.sys
2007-01-13 17:44:13 18880 --a----c- C:\WINDOWS\system32\Fusb100.sys <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2007-01-13 17:44:12 0 d-------- C:\VSTASCAN
2007-01-13 17:44:11 0 d-------- C:\WINDOWS\TWAIN32
2007-01-13 17:43:32 0 d-------- C:\My PageManager
2007-01-13 17:43:09 11776 --a----c- C:\WINDOWS\system32\pmsbfn32.dll <Not Verified; ; PMSBFN32 Dynamic Link Library>
2007-01-13 17:43:07 0 d-------- C:\Program Files\NewSoft
2007-01-05 17:31:17 184422 --a----c- C:\WINDOWS\system32\mwinqqeb.exe
2006-12-22 12:28:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2006-12-20 21:27:07 0 d-------- C:\Documents and Settings\Bryan\System
2006-12-20 21:27:07 0 d-------- C:\Documents and Settings\Bryan\Application Data\SmartDraw
2006-12-20 21:21:40 0 d-------- C:\Program Files\SmartDraw 2007
2006-12-14 21:07:44 184423 --a----c- C:\WINDOWS\system32\mwinqqed.exe
2006-12-14 21:07:39 4 --a----c- C:\WINDOWS\uccspecb.sys
2006-12-14 18:14:48 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2006-12-01 09:28:53 180313 --a----c- C:\WINDOWS\system32\mwinqqeg.exe
2006-11-17 20:43:25 0 d-------- C:\Program Files\Voodoo
2006-11-15 21:03:52 0 d-------- C:\Documents and Settings\Bryan\Application Data\MySpace
2006-11-15 21:03:32 0 d-------- C:\Program Files\MySpace
2006-10-25 17:24:39 172145 --a----c- C:\WINDOWS\system32\mwinqqem.exe
2006-09-27 15:57:45 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-09-27 15:50:43 0 d-------- C:\Program Files\Konami
2006-09-20 10:39:55 168063 --a----c- C:\WINDOWS\system32\mwinqqes.exe
2006-09-18 14:41:58 168072 --a----c- C:\WINDOWS\system32\mwinqqet.exe
2006-09-05 17:06:50 0 d-------- C:\Documents and Settings\Bryan\Application Data\Rainlendar
2006-09-05 17:06:48 0 d-------- C:\Program Files\Rainlendar
2006-09-03 18:09:43 0 d-------- C:\Program Files\CDBurnerXP Pro 3
2006-09-03 15:31:16 0 d-------- C:\AMERICAN_GUN
2006-09-03 15:16:49 0 d-------- C:\DVDFabDecrypter_Temp
2006-09-03 15:16:42 0 d-------- C:\Program Files\DVDFab Decrypter
2006-09-03 14:37:21 0 d-------- C:\POSEIDON_DISC_1
2006-09-03 14:17:31 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2006-08-29 20:07:38 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2006-08-29 20:07:32 0 d-------- C:\Program Files\McFunSoft DVD Creator
2006-08-22 20:33:30 0 d-------- C:\WINDOWS\Xtras
2006-08-10 16:12:52 0 d-------- C:\Documents and Settings\Bryan\Application Data\Autodesk
2006-08-10 16:12:46 0 d-------- C:\Program Files\AnswerWorks 4.0
2006-08-10 16:10:51 0 d-------- C:\Program Files\AutoCAD LT 2006
2006-08-10 16:10:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2006-08-10 16:07:31 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2006-08-10 16:07:27 0 d-------- C:\Program Files\Autodesk
2006-08-10 16:04:25 0 d-------- C:\WINDOWS\system32\URTTemp
2006-08-07 05:35:48 168054 --a----c- C:\WINDOWS\system32\mwinqqex.exe
2006-07-14 17:35:06 0 d-------- C:\WINDOWS\Sun
2006-07-14 17:35:06 0 d-------- C:\Documents and Settings\Bryan\Application Data\Sun
2006-07-04 21:53:49 2917 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2006-06-29 16:35:40 45136 --a----c- C:\WINDOWS\system32\ppdsrego.exe
2006-06-28 17:41:24 159849 --a----c- C:\WINDOWS\system32\mwinqqez.exe
2006-06-26 00:35:24 32768 --a----c- C:\WINDOWS\zfayqvrg.exe <Not Verified; ; override Application>
2006-06-25 23:25:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-06-25 20:16:22 45118 --a----c- C:\WINDOWS\system32\pldsregj.exe
2006-06-25 15:14:08 159870 --a----c- C:\WINDOWS\system32\mwinmqez.exe
2006-06-25 12:18:24 0 d-------- C:\Documents and Settings\Bryan\Application Data\Lavasoft
2006-06-25 11:30:14 0 d-------- C:\Documents and Settings\Bryan\Application Data\Registry Booster
2006-06-23 09:54:07 45090 --a----c- C:\WINDOWS\system32\psdsregj.exe
2006-06-23 09:47:42 0 d-------- C:\Program Files\Common Files\simtest
2006-06-23 09:47:42 0 d-------- C:\Program Files\Common Files\misc001
2006-06-23 09:46:11 159841 --a----c- C:\WINDOWS\system32\owintqez.exe
2006-06-19 15:39:16 139264 --a----c- C:\WINDOWS\876056.exe <Not Verified; Mirar; Mirar Downloader Setup>
2006-05-30 18:09:19 24576 --a----c- C:\WINDOWS\Uninstall.exe
2006-02-16 10:06:16 0 d-------- C:\Program Files\CCleaner
2006-02-12 18:21:34 0 d-------- C:\Program Files\Incomplete
2006-02-04 07:11:28 0 d-------- C:\WINDOWS\CAVTemp
2006-01-26 13:36:01 574976 --a----c- C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2006-01-26 13:35:58 663552 --a----c- C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX, Inc. divx>
2006-01-26 13:35:58 679936 --a----c- C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX, Inc. divx>
2006-01-26 13:35:58 679936 --a----c- C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX, Inc. divx>
2006-01-24 13:08:29 12288 --a----c- C:\WINDOWS\system32\DivXWMPExtType.dll
2005-12-31 17:01:19 139264 --a----c- C:\WINDOWS\system32\eax.dll <Not Verified; Creative Technology Ltd; EAX Unified>
2005-12-31 17:01:19 0 d-------- C:\Program Files\Creative
2005-12-31 17:00:53 0 d-------- C:\Program Files\directx
2005-12-31 00:21:28 0 d-------- C:\SaveGames
2005-12-26 01:05:41 98304 --a----c- C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2005-12-26 00:52:57 0 d---s---- C:\Program Files\Xfire
2005-12-08 22:10:34 0 d-------- C:\Documents and Settings\Bryan\Application Data\Google
2005-11-22 23:00:00 778240 --a----c- C:\WINDOWS\system32\DivXsm.exe
2005-11-20 16:20:55 417792 --a----c- C:\WINDOWS\PhotoShow.scr
2005-11-20 16:20:55 0 d-------- C:\Demo Album
2005-11-20 16:19:59 0 d-------- C:\Program Files\Simple Star
2005-11-20 16:19:02 0 d-------- C:\Documents and Settings\Bryan\Application Data\Simple Star
2005-10-31 10:56:00 700416 --a------ C:\StubInstaller.exe <Not Verified; LimeWire; LimeWire swarmed installer>
2005-10-25 10:53:54 491520 --a------ C:\Documents and Settings\Bryan\pbclsnew.dll
2005-10-25 10:51:31 290816 --a------ C:\Documents and Settings\Bryan\pbsvnew.dll
2005-10-25 10:50:43 491520 --a------ C:\Documents and Settings\Bryan\pbclnew.dll
2005-10-25 10:49:45 0 d-------- C:\Documents and Settings\Bryan\htm
2005-10-25 10:49:45 0 d-------- C:\Documents and Settings\Bryan\dll
2005-10-25 10:47:28 4 --a------ C:\Documents and Settings\Bryan\pbweb.dat
2005-10-10 21:14:47 1592 --a------ C:\PPCleanDeleteAtReboot.bat
2005-10-09 16:20:38 0 d-------- C:\Program Files\MP3 Converter
2005-10-07 19:16:27 8464 --a----c- C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2005-10-02 07:50:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2005-08-12 16:57:09 3596288 --a----c- C:\WINDOWS\system32\qt-dx331.dll
2005-07-23 22:30:22 0 d-------- C:\WINDOWS\A4W_DATA
2005-07-23 21:55:13 0 d-------- C:\Program Files\PADI
2005-06-28 17:00:18 0 d-------- C:\WINDOWS\system32\PreInstall
2005-06-26 16:08:42 0 d-------- C:\Program Files\NVIDIA Corporation
2005-06-26 16:08:42 0 d-------- C:\Program Files\Common Files\NVIDIA Shared
2005-06-26 16:05:43 0 d-------- C:\NVIDIA
2005-05-16 21:03:39 0 d-------- C:\MY MUSIC 666
2005-05-16 16:13:34 0 d-------- C:\Incomplete
2005-05-15 20:07:18 0 d-------- C:\Documents and Settings\Bryan\Shared
2005-05-15 20:07:16 0 d-------- C:\Documents and Settings\Bryan\Incomplete
2005-05-15 20:04:57 0 d-------- C:\Program Files\Java
2005-05-15 20:03:56 0 d-------- C:\Program Files\Common Files\Java
2005-05-07 14:57:25 0 d-------- C:\Program Files\Common Files\Scanner
2005-05-01 00:12:39 0 d-------- C:\Documents and Settings\Bryan\Application Data\Aim
2005-04-26 12:39:15 0 d-------- C:\Program Files\Apple Software Update
2005-04-23 21:22:03 0 d-------- C:\Documents and Settings\Bryan\Application Data\Jasc
2005-04-06 17:15:18 0 d-------- C:\WINDOWS\rkzk
2005-04-06 17:15:18 0 d-------- C:\Program Files\Common Files\rkzk
2005-04-06 17:14:36 0 d-------- C:\Program Files\sf
2005-04-06 17:14:34 16384 --a----c- C:\WINDOWS\system32\vm_d.exe
2005-04-06 17:14:33 8192 --a----c- C:\WINDOWS\system32\vm_d.dll
2005-04-02 09:04:18 0 d-------- C:\WINDOWS\system32\iMesh_Cache
2005-04-02 09:03:59 0 d-------- C:\Program Files\iMeshBar
2005-03-28 14:20:00 0 d-------- C:\Documents and Settings\Amy\Application Data\Mozilla
2005-03-21 16:21:48 0 d-------- C:\Documents and Settings\Amy\Application Data\Macromedia
2005-03-21 13:49:41 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2005-03-21 13:49:40 0 d-------- C:\Documents and Settings\Amy\Application Data\MSN6
2005-03-21 13:47:23 0 d-------- C:\Documents and Settings\Amy\Application Data\Viewpoint
2005-03-21 13:46:47 0 d-------- C:\Documents and Settings\Amy\Application Data\Real
2005-03-20 22:01:36 0 d-------- C:\Program Files\Overland
2005-03-20 21:59:15 552 --a----c- C:\WINDOWS\system32\d3d8caps.dat
2005-02-10 21:06:56 0 d-------- C:\WINDOWS\Desktop
2005-01-29 22:11:01 28672 --a----c- C:\WINDOWS\system32\ssconfig.exe <Not Verified; Auralis, Inc.; Auralis SSConfig>
2005-01-29 22:11:00 180224 --a----c- C:\WINDOWS\UninstallWSST.exe <Not Verified; ; UninstallEXE Application>
2005-01-29 22:09:22 0 d-------- C:\NITEMARE
2005-01-29 22:09:20 398416 --a----c- C:\WINDOWS\system\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2005-01-29 22:09:20 7008 --a----c- C:\WINDOWS\system\SETUPKIT.DLL
2005-01-29 22:09:20 31744 --a----c- C:\WINDOWS\system\MSAFINX.DLL <Not Verified; Microsoft Corp.; Microsoft Visual Basic>
2005-01-29 22:09:20 33904 --a----c- C:\WINDOWS\system\LTTWN90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 272976 --a----c- C:\WINDOWS\system\LTKRN90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 83408 --a----c- C:\WINDOWS\system\LTIMG90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 54192 --a----c- C:\WINDOWS\system\LTFIL90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 140080 --a----c- C:\WINDOWS\system\LTEFX90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 177520 --a----c- C:\WINDOWS\system\LTDIS90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 19920 --a----c- C:\WINDOWS\system\LFGIF90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 210224 --a----c- C:\WINDOWS\system\LFCMP90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 14640 --a----c- C:\WINDOWS\system\LFBMP90W.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Windows>
2005-01-29 22:09:20 179712 --a----c- C:\WINDOWS\MBR232.EXE <Not Verified; Preferred Computer Services; Screen Saver>
2005-01-29 22:09:20 58178 --a----c- C:\WINDOWS\BINS.EXE
2005-01-29 22:07:28 201916 --a----c- C:\WINDOWS\Alien Legacy.scr <Not Verified; MacSourcery; CineMac for Director>
2005-01-29 22:07:28 1778193 --a----c- C:\WINDOWS\Alien Legacy.exe <Not Verified; Macromedia, Inc.; Macromedia Director>
2005-01-12 06:41:07 262144 --a----c- C:\Documents and Settings\All Users\ntuser.dat
2005-01-08 23:12:36 0 d-------- C:\Program Files\Google
2005-01-08 23:12:25 0 d-------- C:\Program Files\DivX
2005-01-01 10:11:46 0 d-------- C:\Program Files\Common Files\xing shared
2004-12-29 12:09:44 0 d-------- C:\Program Files\Excite
2004-12-08 18:33:49 0 d-------- C:\Program Files\CC2004
2004-11-25 23:27:15 0 d-------- C:\Documents and Settings\Bryan\Application Data\ICQLite
2004-11-14 14:33:44 0 d-------- C:\WINDOWS\report
2004-11-14 14:33:35 0 d-------- C:\WINDOWS\AU_Temp
2004-11-14 14:32:10 561316 --a----c- C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; Trend Micro Damage Cleanup Engine 3.6>
2004-11-14 14:32:10 71749 --a----c- C:\WINDOWS\HCExtOutput.dll
2004-11-14 14:32:10 0 d-------- C:\WINDOWS\AU_Backup
2004-11-14 14:32:09 1036800 --a----c- C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; vsapi>
2004-11-14 14:32:08 43008 --a----c- C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; vsapi>
2004-11-14 14:31:12 0 d-------- C:\WINDOWS\AU_Log
2004-11-14 14:30:48 69689 --a----c- C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>
2004-11-14 14:30:48 507904 --a----c- C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
2004-11-09 17:08:59 0 d-------- C:\Program Files\Voiceglo
2004-11-04 15:29:25 0 d-------- C:\Documents and Settings\Bryan\Application Data\Apple Computer
2004-11-04 15:26:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2004-10-31 15:05:48 0 d-------- C:\WINDOWS\browserxtras
2004-10-26 17:39:05 3375104 --a----c- C:\WINDOWS\system32\qt-mt331.dll
2004-10-26 17:38:18 94208 --a----c- C:\WINDOWS\system32\divxdec_0411.dll <Not Verified; DivXNetworks, Inc.; DivX? Decoder ?????>
2004-10-26 17:38:18 94208 --a----c- C:\WINDOWS\system32\divxdec_040c.dll <Not Verified; DivXNetworks, Inc.; Filtre décodeur DivX®>
2004-10-26 17:38:18 94208 --a----c- C:\WINDOWS\system32\divxdec_0407.dll <Not Verified; DivXNetworks, Inc.; DivX® Decoder Filter>
2004-10-24 00:10:10 0 d-------- C:\WINDOWS\cache
2004-10-23 23:33:28 0 d-------- C:\WINDOWS\Hewlett-Packard
2004-10-19 18:57:49 0 d-------- C:\Documents and Settings\Bryan\Application Data\Yahoo! Messenger
2004-10-14 22:42:29 0 d--h----- C:\WINDOWS\$hf_mig$
2004-10-07 16:24:50 0 d-------- C:\Program Files\MsnMusic
2004-09-30 20:43:56 231936 --a----c- C:\WINDOWS\system32\SNWValid.dll <Not Verified; Cendant Software; World Opponent Network>
2004-09-30 20:43:56 1022976 --a----c- C:\WINDOWS\system32\SierraNW.dll <Not Verified; Cendant Software; World Opponent Network>
2004-09-30 20:42:43 125344 --a----c- C:\WINDOWS\system32\MFCO250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2004-09-30 20:42:43 11072 --a----c- C:\WINDOWS\system32\MFCN250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2004-09-30 20:42:43 51920 --a----c- C:\WINDOWS\system32\MFCD250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2004-09-30 20:42:43 320880 --a----c- C:\WINDOWS\system32\MFC250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2004-09-30 20:42:23 0 d-------- C:\SIERRA
2004-09-30 20:42:23 0 d-------- C:\Program Files\Sierra On-Line
2004-09-26 17:51:56 0 d-------- C:\Documents and Settings\Bryan\Application Data\Script Software
2004-09-26 17:51:54 27136 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSUsernamePlugin4435.dll
2004-09-26 17:51:54 28672 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSMacOSXPlugin5242.dll
2004-09-26 17:51:54 44032 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSCFPlugin5228.dll
2004-09-26 17:51:54 37376 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSCarbonEventsPlugin5242.dll
2004-09-26 17:51:54 69036 --ah---c- C:\Documents and Settings\Bryan\Application Data\EHMatrixFilters.dll
2004-09-26 17:51:54 35840 --ah---c- C:\Documents and Settings\Bryan\Application Data\EHEffects.dll
2004-09-26 17:51:53 64512 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSZipPlugin4713.dll
2004-09-26 17:51:53 27648 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSWindowPlugin4708.dll
2004-09-26 17:51:53 444928 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSTiffPlugin4713.dll
2004-09-26 17:51:53 27648 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSRegistrationPlugin4987.dll
2004-09-26 17:51:53 32768 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSProcessPlugin4911.dll
2004-09-26 17:51:53 146944 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSPNGPlugin4713.dll
2004-09-26 17:51:53 103424 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSPicturePlugin5148.dll
2004-09-26 17:51:53 120832 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSJPEGDecompressionPlugin5041.dll
2004-09-26 17:51:53 99328 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSJPEGCompressionPlugin5041.dll
2004-09-26 17:51:53 33792 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSIconPlugin5036.dll
2004-09-26 17:51:53 30208 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSBase64Plugin4708.dll
2004-09-26 17:51:52 40960 --ah---c- C:\Documents and Settings\Bryan\Application Data\RBShell550.dll
2004-09-26 17:51:52 32256 --ah---c- C:\Documents and Settings\Bryan\Application Data\RBJagToolbarItem550.dll
2004-09-26 17:51:52 29184 --ah---c- C:\Documents and Settings\Bryan\Application Data\RBInternetEncodings550.dll
2004-09-26 17:51:52 478720 --ah---c- C:\Documents and Settings\Bryan\Application Data\RBDB550.dll
2004-09-26 17:51:52 88576 --ah---c- C:\Documents and Settings\Bryan\Application Data\rbap550.dll
2004-09-26 17:51:52 25600 --ah---c- C:\Documents and Settings\Bryan\Application Data\EHTypes.dll
2004-09-26 17:51:49 74240 --ah---c- C:\Documents and Settings\Bryan\Application Data\rbqt550.DLL
2004-09-26 17:51:43 0 d-------- C:\Program Files\easy card
2004-09-22 16:16:47 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2004-09-22 16:15:04 0 d-------- C:\WINDOWS\Prefetch
2004-09-22 15:58:15 0 d-------- C:\WINDOWS\peernet
2004-09-22 15:58:07 0 d-------- C:\WINDOWS\provisioning
2004-09-22 15:48:37 0 d-------- C:\WINDOWS\ServicePackFiles
2004-09-22 15:33:28 0 d-------- C:\WINDOWS\EHome
2004-09-21 18:03:14 44544 -ra----c- C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2004-09-21 18:03:14 626960 -ra----c- C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2004-09-21 18:03:09 0 d-------- C:\Program Files\HP
2004-09-21 17:51:31 4284 -------c- C:\WINDOWS\hphmdl02.dat
2004-09-21 17:51:31 19349 --a----c- C:\WINDOWS\HPHins02.dat
2004-09-19 22:54:08 0 d-------- C:\Program Files\Crossword Weaver
2004-09-08 12:04:56 0 d-------- C:\Documents and Settings\Bryan\Application Data\Talkback
2004-09-08 12:03:38 8097 --a----c- C:\WINDOWS\mozver.dat
2004-09-08 12:03:38 0 d-------- C:\Documents and Settings\Bryan\Application Data\Mozilla
2004-08-22 17:19:12 0 d-------- C:\Program Files\WinAce
2004-08-22 09:49:56 0 dr-h----- C:\Documents and Settings\All Users\Application Data\yahoo!
2004-08-16 20:36:21 0 d-------- C:\Program Files\MSN Messenger
2004-08-16 18:54:28 0 d-------- C:\GameSpy Arcade Setup
2004-08-16 14:44:12 0 d-------- C:\WINDOWS\wt
2004-08-11 16:56:49 0 d-------- C:\Program Files\PartyPoker
2004-08-07 13:07:35 0 d-------- C:\Program Files\Common Files\Real
2004-08-07 13:07:33 0 d-------- C:\Program Files\Real
2004-08-07 13:07:17 0 d-------- C:\Documents and Settings\Bryan\Application Data\Real
2004-08-07 13:04:12 0 d-------- C:\My Downloads
2004-08-06 15:18:22 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2004-08-01 00:21:09 0 dr-h----- C:\Documents and Settings\Bryan\Application Data\yahoo!
2004-07-29 19:55:13 4 --a------ C:\loadcounter.dat
2004-07-29 15:38:03 0 d-------- C:\WINDOWS\SoftwareDistribution
2004-07-17 22:35:14 0 d-------- C:\WINDOWS\system32\bits
2004-07-17 22:35:02 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2004-07-14 22:34:06 16896 --a------ C:\WINDOWS\system32\mscorier.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2004-07-14 18:50:31 0 d-------- C:\WINDOWS\system32\NtmsData
2004-07-14 18:29:25 0 d-------- C:\WINDOWS\LogFiles
2004-07-13 16:40:52 0 d-------- C:\Documents and Settings\Bryan\storage
2004-07-12 22:02:04 729088 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose
  • 0

#7
kingviper
Posted 22 March 2008 - 03:46 PM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
PART 4:

2004-07-12 22:02:02 0 d-------- C:\Program Files\AceGain
2004-07-11 17:51:21 0 d-------- C:\Documents and Settings\Bryan\Application Data\Kontiki
2004-07-11 17:51:17 0 d-------- C:\WINDOWS\kdx
2004-06-26 12:15:51 0 d-------- C:\Program Files\AWS
2004-06-11 19:32:31 0 d-------- C:\Documents and Settings\Bryan\Application Data\Motive
2004-06-11 18:28:39 171280 --a----c- C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:39 139536 --a----c- C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:39 46352 --a----c- C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:39 6550 --a----c- C:\WINDOWS\jautoexp.dat
2004-06-11 18:28:38 313856 --a----c- C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2004-06-11 18:28:27 113 --a----c- C:\WINDOWS\system32\zonedon.reg
2004-06-11 18:28:27 113 --a----c- C:\WINDOWS\system32\zonedoff.reg
2004-06-11 18:28:26 171792 --a----c- C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:26 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:26 21264 --a----c- C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:25 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:25 154384 --a----c- C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:24 172304 --a----c- C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:24 15120 --a----c- C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:23 404752 --a----c- C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:22 63248 --a----c- C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:22 187152 --a----c- C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 18:28:21 49424 --a----c- C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2004-06-11 15:26:09 0 d-------- C:\Program Files\TrueSwitch
2004-06-11 15:26:09 0 d-------- C:\Program Files\TrueAssistant
2004-06-11 15:26:04 0 d-------- C:\Program Files\TrueSwitchSBC
2004-06-11 11:13:49 0 d-------- C:\WINDOWS\Motive
2004-06-11 11:13:45 0 d-------- C:\Program Files\Common Files\Motive
2004-06-11 11:13:26 0 d-------- C:\Program Files\SBC Self Support Tool
2004-06-11 11:13:25 0 d-------- C:\Program Files\Motive
2004-06-10 15:58:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Visual Networks
2004-06-10 15:58:05 0 d-------- C:\Program Files\Visual Networks
2004-06-10 15:57:32 0 d-------- C:\Program Files\BroadJump
2004-06-10 15:57:22 0 d-------- C:\Program Files\SBC Yahoo!
2004-06-10 15:57:16 86016 --a----c- C:\WINDOWS\system32\YPcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>
2004-06-10 15:57:16 131072 --a----c- C:\WINDOWS\system32\ypclsp.dll <Not Verified; Yahoo! Inc.; Yahoo! YPCLSP>
2004-06-10 15:55:15 65536 --a----c- C:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module>
2004-06-10 15:34:02 0 d-------- C:\Temp
2004-06-02 01:24:40 622592 --a------ C:\WINDOWS\system32\DVDProX2.dll <Not Verified; NuMedia Soft, Inc.; DVDProX2 Module>
2004-05-16 15:07:49 871 --a----c- C:\WINDOWS\eReg.dat
2004-05-16 14:52:25 0 d-------- C:\Program Files\EA GAMES
2004-04-25 11:34:52 0 d-------- C:\Documents and Settings\Bryan\Application Data\sysxw
2004-04-24 18:31:37 0 d-------- C:\Documents and Settings\Bryan\Application Data\syssz
2004-04-24 10:26:19 0 d-------- C:\Documents and Settings\Bryan\Application Data\winyp
2004-04-22 22:08:26 0 d-------- C:\Documents and Settings\Bryan\Application Data\syspi
2004-04-22 19:34:52 0 d-------- C:\Documents and Settings\Bryan\Application Data\msak
2004-04-22 18:42:45 0 d-------- C:\Documents and Settings\Bryan\Application Data\sysns
2004-04-22 14:18:53 0 d-------- C:\Documents and Settings\Bryan\Application Data\ieyg
2004-04-21 21:05:34 0 d-------- C:\Documents and Settings\Bryan\Application Data\sysea
2004-04-21 05:35:05 0 d-------- C:\Documents and Settings\Bryan\Application Data\winab
2004-04-20 21:35:49 0 d-------- C:\Documents and Settings\Bryan\Application Data\systn
2004-04-20 20:30:01 0 d-------- C:\Documents and Settings\Bryan\Application Data\winzd
2004-04-20 20:04:25 0 d-------- C:\Documents and Settings\Bryan\Application Data\mssa
2004-04-20 19:38:48 0 d-------- C:\Documents and Settings\Bryan\Application Data\msbg
2004-04-08 14:39:26 0 d-------- C:\Program Files\QuickTime
2004-03-24 18:22:16 99328 --a----c- C:\WINDOWS\runtsckl.exe <Not Verified; Trend Micro Inc.; Trend Micro HouseCall v5.70.0>
2004-03-21 20:06:43 0 d-------- C:\Program Files\Lavasoft
2004-03-21 17:12:25 20314 --ah---c- C:\WINDOWS\fiz11
2004-03-21 16:41:34 30057 --ah---c- C:\WINDOWS\fiz10
2004-03-21 16:05:43 30174 --ah---c- C:\WINDOWS\fiz9
2004-03-21 10:29:33 30133 --ah---c- C:\WINDOWS\fiz8
2004-03-21 08:16:11 5632 --a------ C:\Q250204.exe
2004-03-21 07:11:44 30157 --ah---c- C:\WINDOWS\fiz7
2004-03-21 01:06:31 30048 --ah---c- C:\WINDOWS\fiz6
2004-03-21 00:36:45 30141 --ah---c- C:\WINDOWS\fiz5
2004-03-20 23:59:42 30184 --ah---c- C:\WINDOWS\fiz4
2004-03-20 14:49:09 30099 --ah---c- C:\WINDOWS\fiz3
2004-03-16 21:55:31 30181 --ah---c- C:\WINDOWS\fiz2
2004-03-16 21:02:55 0 -ra----c- C:\WINDOWS\system32\TFTP936
2004-03-16 20:13:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2004-03-16 20:13:27 0 -ra----c- C:\WINDOWS\system32\TFTP1708
2004-03-06 06:49:19 40960 --a----c- C:\WINDOWS\Darth Vader.dll <Not Verified; MacSourcery; Saver DLL>
2004-02-27 13:03:39 0 d-------- C:\Program Files\LucasArts
2004-02-26 19:33:18 1638400 --a------ C:\WINDOWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-02-02 03:41:58 495616 --a------ C:\WINDOWS\system32\hphmon05.exe <Not Verified; Hewlett-Packard; HP Photosmart>
2004-01-18 11:26:14 212480 --a----c- C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2004-01-18 11:26:14 0 d-------- C:\Program Files\ArcSoft
2004-01-18 11:23:37 299520 --a----c- C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2004-01-16 04:57:36 6478 --a----c- C:\WINDOWS\system32\hphmon05.dat
2004-01-15 17:37:57 0 d-------- C:\Documents and Settings\Bryan\Application Data\ICQ
2004-01-15 17:37:53 0 d-------- C:\Program Files\AOD
2004-01-15 17:37:47 0 d-------- C:\Program Files\ICQLite
2004-01-06 13:05:02 364544 --a----c- C:\WINDOWS\system32\hphped05.exe <Not Verified; ; GetCounterInfo Application>
2003-12-27 08:21:05 41472 --ah---c- C:\Documents and Settings\Bryan\Application Data\RBShell400.dll
2003-12-27 08:21:05 75776 --ah---c- C:\Documents and Settings\Bryan\Application Data\rbqt450.DLL
2003-12-27 08:21:05 64512 --ah---c- C:\Documents and Settings\Bryan\Application Data\rbap450.dll
2003-12-27 08:21:05 26624 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSUsernamePlugin.dll
2003-12-27 08:21:05 48128 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSResPlugin.dll
2003-12-27 08:21:05 36864 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSRegistryPlugin.dll
2003-12-27 08:21:05 26112 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSRegistrationPlugin.dll
2003-12-27 08:21:05 28672 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSRectPlugin.dll
2003-12-27 08:21:05 38912 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSQuickTimePlugin.dll
2003-12-27 08:21:05 43520 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSQTImporterPlugin.dll
2003-12-27 08:21:05 31232 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSProcessPlugin.dll
2003-12-27 08:21:05 25088 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSPluginVersionPlugin.dll
2003-12-27 08:21:05 53760 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSPicturePlugin.dll
2003-12-27 08:21:05 36864 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSPictureMacPlugin.dll
2003-12-27 08:21:05 28672 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSMemoryPlugin.dll
2003-12-27 08:21:05 36352 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSMainPlugin.dll
2003-12-27 08:21:05 115712 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSJPEGDecompressionPlugin.dll
2003-12-27 08:21:05 52224 --ah---c- C:\Documents and Settings\Bryan\Application Data\EHZComp.dll
2003-12-27 08:21:05 19968 --ah---c- C:\Documents and Settings\Bryan\Application Data\EHMD5.dll
2003-12-27 08:21:05 18432 --ah---c- C:\Documents and Settings\Bryan\Application Data\EHEncrypt.dll
2003-12-27 08:21:02 28160 --ah---c- C:\Documents and Settings\Bryan\Application Data\MBSMacOSXPlugin.dll
2003-12-27 08:06:31 0 d-------- C:\Program Files\InterActual
2003-12-26 09:29:25 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2003-12-26 09:28:52 0 d-------- C:\Program Files\Common Files\Kodak
2003-12-26 09:28:50 0 d-------- C:\WINDOWS\system32\color
2003-12-26 09:28:50 0 d-------- C:\KPCMS
2003-12-26 09:28:46 0 d-------- C:\WINDOWS\system32\BWKDLogs
2003-12-26 09:27:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2003-12-26 09:27:27 0 d-------- C:\Program Files\Kodak
2003-12-19 10:11:38 0 d-------- C:\Program Files\Snapshot Viewer
2003-12-13 13:13:51 815616 --a----c- C:\WINDOWS\HSS_1_~1.SCR
2003-12-08 16:15:14 61440 --a----c- C:\WINDOWS\system32\HPHap05.exe <Not Verified; Hewlett-Packard; hp photosmart autoplay handler>
2003-11-29 16:48:28 0 d-------- C:\Documents and Settings\Bryan\Application Data\Help
2003-11-26 15:20:31 0 d-------- C:\Program Files\WS_FTP
2003-11-26 14:54:37 13824 -ra----c- C:\WINDOWS\system32\VBOA300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2003-11-26 14:54:37 95200 -ra----c- C:\WINDOWS\system32\VBDB300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2003-11-26 14:54:37 1371436 -ra----c- C:\WINDOWS\system32\VBAR2132.DLL
2003-11-26 14:54:37 816720 -ra----c- C:\WINDOWS\system32\VBA32.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2003-11-26 14:54:36 398416 -ra----c- C:\WINDOWS\system32\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2003-11-26 14:54:36 8976 -ra----c- C:\WINDOWS\system32\VBAEN32.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2003-11-26 14:54:36 220944 -ra----c- C:\WINDOWS\system32\MSXL3032.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2003-11-26 14:54:36 260368 -ra----c- C:\WINDOWS\system32\MSXB3032.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2003-11-26 14:54:36 121104 -ra----c- C:\WINDOWS\system32\MSTX3032.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2003-11-26 14:54:36 240912 -ra----c- C:\WINDOWS\system32\MSPX3032.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2003-11-26 14:54:36 43008 -ra----c- C:\WINDOWS\system32\MSOC95.DLL <Not Verified; Microsoft Corporation; MSOC95>
2003-11-26 14:54:36 144144 -ra----c- C:\WINDOWS\system32\MSLT3032.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2003-11-26 14:54:35 243472 -ra----c- C:\WINDOWS\system32\VBAR2232.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2003-11-26 14:54:35 245520 -ra----c- C:\WINDOWS\system32\MSRD2X32.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2003-11-26 14:54:35 98356 -ra----c- C:\WINDOWS\system32\MSJTER32.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2003-11-26 14:54:35 965904 -ra----c- C:\WINDOWS\system32\MSJT3032.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2003-11-26 14:54:35 33552 -ra----c- C:\WINDOWS\system32\MSJINT32.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2003-11-26 14:53:46 32768 -------c- C:\WINDOWS\system32\cmgr32.dll <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2003-11-26 14:53:45 345600 -------c- C:\WINDOWS\system32\qtim32.dll <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
2003-11-26 14:48:59 39125 -------c- C:\WINDOWS\iccsigs.dat
2003-11-26 14:48:52 21504 -------c- C:\WINDOWS\system32\scpext.dll
2003-11-26 14:48:48 409600 -------c- C:\WINDOWS\system32\scint70.dll <Not Verified; Corel Corporation; CorelDRAW ™>
2003-11-26 14:48:16 0 d-------- C:\Corel
2003-11-26 14:47:38 0 d-------- C:\WINDOWS\Corel
2003-11-26 14:42:08 0 d-------- C:\Program Files\Ulead Systems
2003-11-23 19:55:01 0 d-------- C:\Program Files\Fox
2003-11-23 19:54:06 21840 --a----ct C:\WINDOWS\system32\SIntfNT.dll
2003-11-23 19:54:06 17212 --a----ct C:\WINDOWS\system32\SIntf32.dll
2003-11-23 19:54:06 12067 --a----ct C:\WINDOWS\system32\SIntf16.dll
2003-11-22 22:25:32 0 d-------- C:\WINDOWS\occache
2003-11-22 22:25:00 0 d-------- C:\WINDOWS\wb
2003-11-22 22:25:00 87552 -ra----c- C:\WINDOWS\system\url.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2003-11-22 22:25:00 9728 -ra----c- C:\WINDOWS\system\rnaph.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2003-11-22 22:02:08 279040 --a----c- C:\WINDOWS\system32\VCT32150.dll <Not Verified; Voxware, Inc.; Voxware Compression Toolkit>
2003-11-22 21:59:19 0 d-------- C:\Program Files\Red Storm Entertainment
2003-11-22 11:28:54 0 d-------- C:\Documents and Settings\Amy\Application Data\Identities
2003-11-22 11:28:47 0 dr------- C:\Documents and Settings\Amy\Favorites
2003-11-22 11:28:47 0 d-------- C:\Documents and Settings\Amy\Desktop
2003-11-22 11:28:47 0 d--hs---- C:\Documents and Settings\Amy\Cookies
2003-11-22 11:28:47 0 dr-h----- C:\Documents and Settings\Amy\Application Data
2003-11-22 11:28:47 0 d---s---- C:\Documents and Settings\Amy\Application Data\Microsoft
2003-11-22 11:28:46 0 d--h----- C:\Documents and Settings\Amy\Templates
2003-11-22 11:28:46 0 dr------- C:\Documents and Settings\Amy\Start Menu
2003-11-22 11:28:46 0 dr-h----- C:\Documents and Settings\Amy\SendTo
2003-11-22 11:28:46 0 dr-h----- C:\Documents and Settings\Amy\Recent
2003-11-22 11:28:46 0 d--h----- C:\Documents and Settings\Amy\PrintHood
2003-11-22 11:28:46 1835008 --ah----- C:\Documents and Settings\Amy\NTUSER.DAT
2003-11-22 11:28:46 0 d--h----- C:\Documents and Settings\Amy\NetHood
2003-11-22 11:28:46 0 dr------- C:\Documents and Settings\Amy\My Documents
2003-11-22 11:28:46 0 d--h----- C:\Documents and Settings\Amy\Local Settings
2003-11-22 02:38:32 0 d-------- C:\UnrealTournament
2003-11-22 01:31:04 0 d-------- C:\Program Files\Yahoo!
2003-11-21 23:40:11 0 d-------- C:\Program Files\NovaLogic
2003-11-21 23:23:52 114688 --a----c- C:\WINDOWS\system32\HpDigita.dll <Not Verified; Hewlett-Packard; Hewlett-Packard HpDigita>
2003-11-21 23:23:52 40960 --a----c- C:\WINDOWS\system32\hpcamset.dll <Not Verified; Hewlett-Packard; Hewlett-Packard hpcamset>
2003-11-21 23:23:52 0 d-------- C:\Program Files\Hewlett-Packard
2003-11-21 09:28:41 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2003-11-21 09:28:34 0 d-------- C:\Program Files\Common Files\InstallShield
2003-11-21 09:26:17 0 d--hs---- C:\WINDOWS\Installer
2003-11-21 09:26:15 0 d-------- C:\Documents and Settings\Bryan\Application Data\Identities
2003-11-21 09:26:06 0 d--h----- C:\Documents and Settings\Bryan\Templates
2003-11-21 09:26:06 0 dr------- C:\Documents and Settings\Bryan\Start Menu
2003-11-21 09:26:06 0 dr-h----- C:\Documents and Settings\Bryan\SendTo
2003-11-21 09:26:06 0 d--h----- C:\Documents and Settings\Bryan\PrintHood
2003-11-21 09:26:06 6029312 --ah----- C:\Documents and Settings\Bryan\NTUSER.DAT
2003-11-21 09:26:06 0 d--h----- C:\Documents and Settings\Bryan\NetHood
2003-11-21 09:26:06 0 dr------- C:\Documents and Settings\Bryan\My Documents
2003-11-21 09:26:06 0 d--h----- C:\Documents and Settings\Bryan\Local Settings
2003-11-21 09:26:06 0 dr------- C:\Documents and Settings\Bryan\Favorites
2003-11-21 09:26:06 0 d-------- C:\Documents and Settings\Bryan\Desktop
2003-11-21 09:26:06 0 d--hs---- C:\Documents and Settings\Bryan\Cookies
2003-11-21 09:26:06 0 d--h----- C:\Documents and Settings\Bryan\Application Data
2003-11-21 09:24:11 0 d--hs---- C:\System Volume Information
2003-11-21 09:24:10 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2003-11-21 09:24:10 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2003-11-21 09:24:10 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2003-11-21 09:24:10 0 d-------- C:\Documents and Settings\LocalService\Application Data
2003-11-21 09:24:10 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2003-11-21 09:24:09 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2003-11-21 09:24:09 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2003-11-21 09:24:09 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2003-11-21 09:24:09 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2003-11-21 09:24:09 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2003-11-21 09:21:15 0 d-------- C:\WINDOWS\system32\xircom
2003-11-21 09:21:15 0 d-------- C:\Program Files\microsoft frontpage
2003-11-21 09:21:03 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2003-11-21 09:20:10 0 d--hs---- C:\Documents and Settings\All Users\DRM
2003-11-21 09:20:02 0 dr------- C:\WINDOWS\Offline Web Pages
2003-11-21 09:20:02 0 d---s---- C:\WINDOWS\Downloaded Program Files
2003-11-21 09:19:38 0 d-------- C:\WINDOWS\system32\DirectX
2003-11-21 09:19:08 0 d---s---- C:\WINDOWS\Tasks
2003-11-21 09:19:06 0 d-------- C:\Program Files\Common Files\MSSoap
2003-11-21 09:19:03 0 d-------- C:\WINDOWS\srchasst
2003-11-21 09:19:02 0 d-------- C:\WINDOWS\system32\Macromed
2003-11-21 09:19:01 0 d-------- C:\Program Files\Movie Maker
2003-11-21 09:18:58 0 d-------- C:\WINDOWS\system32\Restore
2003-11-21 09:18:58 0 d-------- C:\WINDOWS\PCHealth
2003-11-21 09:18:28 21640 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2003-11-21 09:18:14 0 d-------- C:\WINDOWS\Registration
2003-11-21 09:18:07 0 d--h----- C:\Program Files\WindowsUpdate
2003-11-21 09:18:07 0 d-------- C:\Program Files\Online Services
2003-11-21 09:18:01 0 d-------- C:\Program Files\Messenger
2003-11-21 09:17:57 0 d-------- C:\Program Files\MSN Gaming Zone
2003-11-21 09:17:31 0 d-------- C:\Program Files\Windows NT
2003-11-21 09:17:29 0 d-------- C:\WINDOWS\system32\MsDtc
2003-11-21 09:17:29 0 d-------- C:\WINDOWS\system32\Com
2003-11-21 04:11:42 0 d-------- C:\Program Files\Common Files\ODBC
2003-11-21 04:11:40 0 d-------- C:\Program Files\Common Files\SpeechEngines
2003-11-21 04:11:39 0 d-a------ C:\Program Files
2003-11-21 04:11:39 0 d-------- C:\Program Files\Common Files
2003-11-21 04:11:22 0 d--h----- C:\Documents and Settings\Default User\Templates
2003-11-21 04:11:22 0 dr------- C:\Documents and Settings\Default User\Start Menu
2003-11-21 04:11:22 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2003-11-21 04:11:22 0 d--h----- C:\Documents and Settings\Default User\Recent
2003-11-21 04:11:22 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2003-11-21 04:11:22 0 d--h----- C:\Documents and Settings\Default User\NetHood
2003-11-21 04:11:22 0 d-------- C:\Documents and Settings\Default User\My Documents
2003-11-21 04:11:22 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2003-11-21 04:11:22 0 d-------- C:\Documents and Settings\Default User\Favorites
2003-11-21 04:11:22 0 d-------- C:\Documents and Settings\Default User\Desktop
2003-11-21 04:11:22 0 d---s---- C:\Documents and Settings\Default User\Cookies
2003-11-21 04:11:22 0 d--h----- C:\Documents and Settings\All Users\Templates
2003-11-21 04:11:22 0 dr------- C:\Documents and Settings\All Users\Start Menu
2003-11-21 04:11:22 0 d-------- C:\Documents and Settings\All Users\Favorites
2003-11-21 04:11:22 0 dr------- C:\Documents and Settings\All Users\Documents
2003-11-21 04:11:22 0 d-------- C:\Documents and Settings\All Users\Desktop
2003-11-21 04:11:11 0 d-------- C:\WINDOWS\system32\CatRoot2
2003-11-21 04:11:11 0 d-------- C:\WINDOWS\system32\CatRoot
2003-11-21 04:11:06 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2003-11-21 04:11:06 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2003-11-21 04:11:05 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2003-11-21 04:11:05 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2003-11-21 04:10:50 0 d-------- C:\Documents and Settings
2003-11-21 04:06:43 0 d-a------ C:\WINDOWS
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\WinSxS
2003-11-21 04:06:43 0 dr------- C:\WINDOWS\Web
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\twain_32
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\wins
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\wbem
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\usmt
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\spool
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\ShellExt
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\Setup
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\ras
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\oobe
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\npp
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\mui
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\inetsrv
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\IME
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\icsxml
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\ias
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\export
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\drivers
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\drivers\etc
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\drivers\disdn
2003-11-21 04:06:43 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\dhcp
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\config
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\3com_dmi
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\3076
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\2052
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\1054
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\1042
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\1041
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\1037
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\1033
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\1031
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\1028
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system32\1025
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\system
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\security
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\Resources
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\repair
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\mui
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\msapps
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\msagent
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\Media
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\java
2003-11-21 04:06:43 0 d--h----- C:\WINDOWS\inf
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\ime
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\Help
2003-11-21 04:06:43 0 dr--s---- C:\WINDOWS\Fonts
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\Driver Cache
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\Debug
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\Cursors
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\Connection Wizard
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\Config
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\AppPatch
2003-11-21 04:06:43 0 d-------- C:\WINDOWS\addins
2003-11-20 23:38:04 0 d-------- C:\WINDOWS\system32\appmgmt
2003-11-20 22:31:34 27262976 --a------ C:\VIRTPART.DAT
2003-11-20 22:28:14 45056 --a----c- C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2003-11-20 22:28:13 17005 --a----c- C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2003-11-20 22:28:13 4672 --a----c- C:\WINDOWS\system\WOWPOST.EXE <Not Verified; Adaptec; Adaptec's ASPI Layer>
2003-11-20 22:28:13 5600 --a----c- C:\WINDOWS\system\WINASPI.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2003-11-20 22:28:06 0 d-------- C:\Documents and Settings\Bryan\Application Data\Symantec
2003-11-20 22:28:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2003-11-20 22:27:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2003-11-20 22:27:46 0 d-------- C:\Program Files\Symantec
2003-11-20 22:15:57 40960 --a----c- C:\WINDOWS\system32\VetMsgNT.exe <Not Verified; Computer Associates International, Inc.; CAI Anti-Virus>
2003-11-20 22:15:57 15478 --a----c- C:\WINDOWS\system32\drivers\Vet-Rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
2003-11-20 22:15:57 12288 --a----c- C:\WINDOWS\system32\drivers\VetNTMsg.dll
2003-11-20 22:15:57 21031 --a----c- C:\WINDOWS\system32\drivers\Vet-Filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
2003-11-20 22:15:57 15735 --a----c- C:\WINDOWS\system32\drivers\VetFDDNT.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
2003-11-20 22:15:56 0 d-------- C:\Program Files\CA
2003-11-20 21:50:59 0 d-------- C:\Program Files\OfficeUpdate11
2003-11-20 21:47:03 155648 -ra----c- C:\WINDOWS\system32\nvoglnt.dll <Not Verified; ASUSTeK Computer Inc.; ASUSTeK Computer Inc. ANVOPENGL>
2003-11-20 21:32:43 0 d-------- C:\Program Files\HighMAT CD Writing Wizard
2003-11-20 21:32:41 0 d-------- C:\WINDOWS\Downloaded Installations
2003-11-20 21:27:18 44544 --a----c- C:\WINDOWS\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® Operating System>
2003-11-20 21:26:31 0 d--h----- C:\WINDOWS\msdownld.tmp
2003-11-20 21:17:55 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2003-11-20 21:15:40 0 d-------- C:\WUTemp
2003-11-20 21:15:13 0 d--hs---- C:\Documents and Settings\Bryan\UserData
2003-11-20 21:10:16 0 d-------- C:\Documents and Settings\Bryan\Application Data\Macromedia
2003-11-20 21:05:33 524288 --a----c- C:\WINDOWS\1007d_r2.bin
2003-11-20 20:56:53 48128 --a----c- C:\WINDOWS\system32\nmsckn.dll <Not Verified; NetManage Inc.; NMSCKN.DLL>
2003-11-20 20:56:53 240640 --a----c- C:\WINDOWS\system32\nmocod.dll
2003-11-20 20:56:52 462848 --a----c- C:\WINDOWS\system32\nmw3vwn.dll <Not Verified; NetManage Inc.; NMW3VWN.DLL>
2003-11-20 20:56:52 66560 --a----c- C:\WINDOWS\system32\nmorenu.dll <Not Verified; NetManage Inc.; NetManage, Inc. English Resource>
2003-11-20 20:56:51 996872 --a------ C:\WINDOWS\system32\Cp3240mt.dll <Not Verified; Borland International; Borland C++ Builder 3.0>
2003-11-20 20:56:50 54784 --a----c- C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2003-11-20 20:56:50 85504 --a----c- C:\WINDOWS\system32\Htmlwh.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2003-11-20 20:56:48 0 d-------- C:\Program Files\U.S. Robotics
2003-11-20 20:53:36 0 d-------- C:\WINDOWS\ShellNew
2003-11-20 20:53:19 0 d-------- C:\Documents and Settings\Bryan\Application Data\Microsoft Web Folders
2003-11-20 20:49:19 0 d-------- C:\office setup files
2003-11-20 20:46:51 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2003-11-20 20:46:46 0 d-------- C:\Program Files\CyberLink
2003-11-20 20:46:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2003-11-20 20:42:19 0 d-------- C:\Program Files\Ahead
2003-11-20 20:38:42 0 d-------- C:\WINDOWS\RegisteredPackages
2003-11-20 20:38:29 181760 --a----c- C:\WINDOWS\system32\dinput8.dll
2003-11-20 20:38:02 0 d-------- C:\WINDOWS\nview
2003-11-20 20:37:45 17150 -ra------ C:\WINDOWS\system32\drivers\asuskbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Hot-Key filter driver.>
2003-11-20 20:37:45 233280 -ra------ C:\WINDOWS\system32\drivers\anvioctl.sys <Not Verified; ASUSTeK; ASUS VGA Driver for Windows 2000/XP>
2003-11-20 20:37:45 296960 -ra----c- C:\WINDOWS\system32\asusosdnt.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS On-Screen Display For 3D Game>
2003-11-20 20:37:44 15000 -ra----c- C:\WINDOWS\system32\osdmini.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS On-Screen Display Mini driver>
2003-11-20 20:37:44 10264 -ra----c- C:\WINDOWS\system32\eiomini.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS EIO Mini driver for OSD>
2003-11-20 20:37:44 40960 -ra----c- C:\WINDOWS\system32\AsusVr.dll
2003-11-20 20:37:44 163840 -ra----c- C:\WINDOWS\system32\anvioctl.dll <Not Verified; AsusTeK Computer Inc.; ANVIOCTL Dynamic Link Library>
2003-11-20 20:37:44 798720 -ra----c- C:\WINDOWS\system32\anvctrl.dll <Not Verified; AsusTeK Computer Inc.; ANVCTRL Dynamic Link Library>
2003-11-20 20:37:43 36352 -ra----c- C:\WINDOWS\system32\asustips.dll
2003-11-20 20:37:43 286720 -ra----c- C:\WINDOWS\liveupd.exe <Not Verified; ASUSTek COMPUTER INC.; VgaLiveUpdate Application>
2003-11-20 20:37:43 40960 -ra------ C:\WINDOWS\livenote.exe
2003-11-20 20:37:43 8703 -ra----c- C:\WINDOWS\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2003-11-20 20:37:43 69632 -ra----c- C:\WINDOWS\eio.dll <Not Verified; ASUSTek Computer Inc.,; ASUS EIO.DLL>
2003-11-20 20:37:43 204800 -ra----c- C:\WINDOWS\anvunis.exe <Not Verified; ; uninst Application>
2003-11-20 20:37:43 348160 -ra------ C:\WINDOWS\anvshell.exe <Not Verified; AsusTeK Computer Inc.; ASUS nVidia Series Shell>
2003-11-20 20:37:38 16968 -ra----c- C:\WINDOWS\system32\anvmini.dll <Not Verified; ASUSTeK Computer Inc.; >
2003-11-20 20:37:31 2048 -ra----c- C:\WINDOWS\system32\anvcinst.dll
2003-11-20 20:37:28 6272 --a----c- C:\WINDOWS\system32\drivers\ASLM75.SYS
2003-11-20 20:37:18 0 d-------- C:\Documents and Settings\Bryan\WINDOWS
2003-11-20 20:36:46 8703 -r-----c- C:\WINDOWS\system32\drivers\EIO.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2003-11-20 20:32:45 0 d-------- C:\Program Files\ASUS
2003-11-20 20:31:50 0 d-------- C:\Program Files\ASUS Features
2003-11-20 20:31:45 876803 --a----c- C:\WINDOWS\system32\ASUS Features.scr <Not Verified; Grooveware Multimedia; Screenweaver Shocked Edition>
2003-11-20 20:31:37 0 d-------- C:\WINDOWS\Profiles
2003-11-20 20:31:36 0 d-------- C:\WINDOWS\system32\Adobe
2003-11-20 20:31:36 0 d-------- C:\Program Files\Common Files\Adobe
2003-11-20 20:31:36 0 d-------- C:\Documents and Settings\Bryan\Application Data\InterTrust
2003-11-20 20:31:36 0 d-------- C:\Documents and Settings\Bryan\Application Data\Adobe
2003-11-20 20:31:30 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2003-11-20 20:29:57 0 d-------- C:\WINDOWS\OPTIONS
2003-11-20 20:29:54 41852 -ra----c- C:\WINDOWS\system32\UpdDrv2K.exe <Not Verified; 3Com Corporation; UpdDrv2k.exe>
2003-11-20 20:29:54 569344 -ra----c- C:\WINDOWS\system32\UN3CDiag.exe <Not Verified; 3Com Corporation; NIC Driver Update Program>
2003-11-20 20:27:15 0 d---s---- C:\WINDOWS\system32\Microsoft
2003-10-19 14:51:16 299008 --a------ C:\WINDOWS\system32\vbwFunctionsVB6.dll <Not Verified; Aivosto Oy; VB Watch Extender DLL>
2003-10-06 14:16:00 27136 --a----c- C:\WINDOWS\system32\nvcod.dll
2003-09-22 13:46:34 97530 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys <Not Verified; Silicon Image, Inc; Medley>
2003-09-17 17:29:52 10240 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys <Not Verified; Silicon Image, Inc.; SATALink Accelerator Driver>
2003-08-27 04:10:30 314368 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; Microsoft Office 2003>
2003-07-14 14:30:28 197120 --a----c- C:\WINDOWS\patchw32.dll
2003-07-14 14:30:27 286720 --a----c- C:\WINDOWS\patch.exe <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
2003-07-14 14:30:26 98815 --a----c- C:\WINDOWS\system32\drivers\ipvnmon.sys <Not Verified; Visual Networks; Visual IP InSight>
2003-06-18 09:54:10 294972 --a------ C:\WINDOWS\system32\drivers\KodakCCS.exe <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (Win32)>
2003-06-18 09:53:08 138485 --a------ C:\WINDOWS\system32\drivers\ExportIt.sys <Not Verified; Eastman Kodak Company; Kodak DC File System driver>
2003-06-18 09:53:08 63002 --a------ C:\WINDOWS\system32\drivers\DcPtp.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera PTP Driver>
2003-06-18 09:53:08 8058 --a----c- C:\WINDOWS\system32\drivers\DcLps.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera LPS Driver>
2003-06-18 09:53:08 38997 --a------ C:\WINDOWS\system32\drivers\DCFS2k.sys <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (NT)>
2003-06-18 09:53:08 61568 --a----c- C:\WINDOWS\system32\drivers\DcFpoint.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera FP Driver>
2003-06-18 09:53:08 36826 --a------ C:\WINDOWS\system32\drivers\DcCam.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera Driver>
2003-05-31 19:43:00 5632 --a----c- C:\WINDOWS\TrueProcess.exe
2003-03-13 16:50:18 151040 --a----c- C:\WINDOWS\system32\wimadll.dll
2003-02-21 12:58:22 102400 --a----c- C:\WINDOWS\system32\KodakCoI.dll <Not Verified; Eastman Kodak Company; Kodak Digital Camera Driver>
2003-02-20 18:16:34 32768 --a------ C:\WINDOWS\system32\netfxperf.dll <Not Verified; Microsoft Corporation; Microsoft ® .NET Framework>
2003-02-20 18:09:14 106496 --a------ C:\WINDOWS\system32\mscories.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2003-02-04 08:24:08 57344 --a----c- C:\WINDOWS\system32\WnAspiNT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2003-02-04 08:22:30 181312 --a------ C:\WINDOWS\system32\ScsiAccess.EXE
2002-10-15 14:29:40 77824 --a----c- C:\WINDOWS\loadhttp.dll <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>
2002-08-29 02:41:28 77824 --a----c- C:\WINDOWS\system32\wmpstub.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2002-08-29 02:41:20 446464 --a----c- C:\WINDOWS\system32\wmvdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2002-08-29 02:41:20 1677312 --a----c- C:\WINDOWS\system32\wmvcore2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2002-08-29 02:41:18 311327 --a----c- C:\WINDOWS\system32\wmv8dmod.dll <Not Verified; Microsoft Corporation; Window Media Video>
2002-08-29 02:41:08 241725 --a----c- C:\WINDOWS\system32\msuni11.dll <Not Verified; Microsoft Corporation; Microsoft ® Jet>
2002-08-29 02:41:04 368710 --a----c- C:\WINDOWS\system32\msisam11.dll <Not Verified; Microsoft Corporation; Microsoft ® Jet>
2002-08-29 02:41:00 163840 --a----c- C:\WINDOWS\system32\mindex.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2002-08-29 02:41:00 423936 --a------ C:\WINDOWS\system32\licdll.dll
2002-08-21 18:39:46 266240 --a----c- C:\WINDOWS\system32\TCAUM90X.DLL <Not Verified; 3Com Corporation; 3Com NIC Diagnostic/Configuration Utility>
2002-08-13 08:27:22 74338 --a------ C:\WINDOWS\system32\drivers\el90Xbc5.SYS <Not Verified; 3Com Corporation; 3Com EtherLink PCI>
2002-07-02 18:46:08 1323008 --a----c- C:\WINDOWS\system32\TCAUDIAG.EXE <Not Verified; ; TouchDown Application>
2002-03-22 15:38:58 1129232 --a----c- C:\WINDOWS\system32\FM20.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
2002-03-02 19:26:18 36864 --a----c- C:\WINDOWS\system32\cypher.dll <Not Verified; ; Cypher Module>
2002-02-04 02:43:00 82432 --a----c- C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2002-01-07 05:53:17 0 dr-h----- C:\Documents and Settings\Bryan\Recent
2002-01-06 12:50:57 0 d-------- C:\Program Files\Coupons
2002-01-02 01:44:30 0 d-------- C:\Program Files\Trend Micro
2002-01-02 00:36:57 0 d-------- C:\Documents and Settings\Bryan\Application Data\True Sword
2002-01-02 00:36:37 0 d-------- C:\Program Files\True Sword 4
2002-01-01 23:52:25 0 d-------- C:\Program Files\The Cleaner Free
2002-01-01 23:19:12 0 d-------- C:\Documents and Settings\Bryan\Application Data\GlarySoft
2002-01-01 23:14:27 0 -rahs---- C:\MSDOS.SYS
2002-01-01 23:14:27 0 -rahs---- C:\IO.SYS
2002-01-01 23:14:27 0 --a------ C:\CONFIG.SYS
2002-01-01 23:14:27 0 --a------ C:\AUTOEXEC.BAT
2002-01-01 23:14:26 0 --a----c- C:\WINDOWS\nsreg.dat
2002-01-01 23:14:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2002-01-01 23:03:24 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2002-01-01 11:36:56 933 --a----c- C:\WINDOWS\system32\winpfz32.sys
2002-01-01 02:51:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2002-01-01 02:00:45 0 d-------- C:\Documents and Settings\Bryan\Application Data\Malwarebytes
2002-01-01 02:00:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2002-01-01 02:00:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2002-01-01 01:43:27 0 d-------- C:\Documents and Settings\Bryan\Application Data\Advanced Browser
2002-01-01 00:32:31 0 d-------- C:\Program Files\Activision Value
2002-01-01 00:22:47 0 d-------- C:\Documents and Settings\Bryan\Application Data\Move Networks
2002-01-01 00:14:23 45056 --a----c- C:\WINDOWS\system32\asysiz.exe
2002-01-01 00:05:09 45159 --a------ C:\WINDOWS\system32\dwdsregt.exe


-- Find3M Report ---------------------------------------------------------------

2008-03-17 17:38:01 234 -r-h----- C:\Program Files\websnitch v3.0
2008-03-17 17:37:39 240 -r-h----- C:\Program Files\popcorn.net
2008-03-17 17:37:37 236 -r-h----- C:\Program Files\dealhelper.com inc
2008-03-17 17:37:31 236 -r-h----- C:\Program Files\buddylinks.net
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\scanspyware v3.8.0.4
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\prvdef4.0
2008-03-17 17:37:27 274 -r-h----- C:\Program Files\btppdv2.2
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\killspy.net
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\antispyzone 5.0
2008-03-17 17:37:26 274 -r-h----- C:\Program Files\#1spywarekillerv2.1
2006-08-24 19:12:29 4901 --a------ C:\Documents and Settings\Bryan\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2003-11-21 04:11:22 62 --ahs---- C:\Documents and Settings\Bryan\Application Data\desktop.ini
2002-01-01 04:01:43 0 d-------- C:\Documents and Settings\Bryan\Application Data\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 10:43 AM]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/23/2001 12:00 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/01/2005 10:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [12/20/2004 04:12 PM]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [07/09/2001 05:50 AM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [12/10/2003 03:52 AM]
"LiveNote"="livenote.exe" [07/11/2002 08:31 AM C:\WINDOWS\livenote.exe]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [06/11/2003 12:52 AM]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [06/11/2003 12:52 AM]
"HPIJetSend"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe" [08/22/2000 12:24 PM]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [11/12/2003 08:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [02/02/2004 03:41 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [12/04/2003 07:44 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/16/2005 10:11 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 01:54 PM]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [08/22/2000 12:20 PM]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [06/02/2007 09:58 PM]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [06/02/2007 09:58 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"anvshell"="anvshell.exe" [05/29/2003 02:53 AM C:\WINDOWS\anvshell.exe]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [05/10/2007 11:38 AM]
"{4D-D7-7C-C9-ZN}"="C:\windows\system32\dwdsregt.exe" [01/01/2002 12:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [01/21/2005 07:04 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\
OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [1/13/2007 5:45:15 PM]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [1/23/2006 1:30:56 PM]
Z_Start.lnk - C:\WINDOWS\system32\vdsreg.exe [6/2/2007 9:54:13 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [3/5/2005 8:18:22 AM]
Instant Update Reminder.lnk - C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe [11/20/2003 8:56:49 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/25/2003 6:25:38 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [6/11/2004 11:13:29 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\comink]
comink.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

17893 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2002-01-01 02:35:08 ------------
  • 0

#8
kingviper
Posted 22 March 2008 - 03:47 PM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
AND finally here is the extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 511.48 MiB / 175.32 MiB
Pagefile Memory (total/avail): 1246.03 MiB / 976.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 28.93 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00ETA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - HP photosmart 7700 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Anti-Virus - SBC Yahoo! Online Protection v7.0.7.4 (Computer Associates)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_JetSend.exe"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_JetSend.exe:*:Enabled:JetSendTray Application"
"C:\\WINDOWS\\kdx\\khost.exe"="C:\\WINDOWS\\kdx\\khost.exe:*:Enabled:Secure Delivery Plug-In"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe:*:Enabled:Battlefront"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe"="C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe:*:Disabled:webphone"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yahoo! Browser"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\iMesh\\Client\\iMeshClient.exe"="C:\\Program Files\\iMesh\\Client\\iMeshClient.exe:*:Enabled:iMesh"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"="C:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe:*:Enabled:Client"
"C:\\Program Files\\LucasArts\\SWKotOR\\swupdate.exe"="C:\\Program Files\\LucasArts\\SWKotOR\\swupdate.exe:*:Enabled:Star Wars: Knights of the old Republic Update Program"
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe:*:Disabled:BfVietnam"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe:*:Enabled:BattlefrontII"
"C:\\Program Files\\Yahoo!\\YPSR\\Quarantine\\ppq1D.tmp\\LimeWire.exe"="C:\\Program Files\\Yahoo!\\YPSR\\Quarantine\\ppq1D.tmp\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Voodoo\\voodoo.exe"="C:\\Program Files\\Voodoo\\voodoo.exe:*:Enabled:Voodoo Chat Client"
"C:\\UnrealTournament\\System\\UnrealTournament.exe"="C:\\UnrealTournament\\System\\UnrealTournament.exe:*:Disabled:UnrealTournament"
"C:\\Program Files\\Advanced SMTP Server\\SMTPServer.exe"="C:\\Program Files\\Advanced SMTP Server\\SMTPServer.exe:*:Enabled:SMTPServer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bryan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRIAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bryan
LOGONSERVER=\\BRIAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bryan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bryan\LOCALS~1\Temp
USERDOMAIN=BRIAN
USERNAME=Bryan
USERPROFILE=C:\Documents and Settings\Bryan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bryan (admin)
Amy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Com NIC Diagnostics --> un3cdiag.exe /remove
ACDSee --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\ACD\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\ACD\hpiunAC.dll
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Aliens vs. Predator 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ArcSoft Software for HP --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software\Uninst.isu"
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
ASUS Display Drivers --> C:\WINDOWS\anvunis.exe
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AutoCAD LT 2006 - English --> MsiExec.exe /I{5783F2D7-4009-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield Vietnam™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Corel Applications --> C:\WINDOWS\Corel\Uninstal.exe
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
easy card 2.3.1 (final version) --> "C:\Program Files\easy card\unins000.exe"
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo Imaging Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Intellisync® for Yahoo! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7510009-3E3C-44B6-A074-EF0473ABB022}\Setup.exe" -l0x9 YahooUninstall
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_1f140\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malware Immunizer 1.5 --> C:\PROGRA~1\MALWAR~2\MI.exe /remove /q0
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Converter 3.05 --> C:\PROGRA~1\MP3CON~1\UNWISE.EXE C:\PROGRA~1\MP3CON~1\INSTALL.LOG
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MySpaceIM --> MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Audio Driver --> C:\WINDOWS\System32\nvuAudio.exe Uninstall C:\WINDOWS\System32\NvAudio.nvu,NVIDIA Audio Driver
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PADI Open Water Diver Course --> C:\PROGRA~1\PADI\OWD\UNWISE.EXE C:\PROGRA~1\PADI\OWD\INSTALL.LOG
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PhotoShow Express --> "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\Uninstall.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\setup\hpzscr01.exe -datfile hphscr01.dat
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Presto! PageManager --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
Presto! PageType --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\PageType\DeIsL1.isu"
PunkBuster for Battlefield Vietnam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
RegistrySmart 2.6 --> "C:\Program Files\RegistrySmart\unins000.exe"
SBC Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
Secure Delivery --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\kdx\kdx.inf,DefaultUninstall,5
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SILENT HILL 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00BD992A-D4C7-447D-8AA1-60B5759EA30D}\setup.exe" -l0x9
SmartDraw 2007 --> C:\PROGRA~1\SMARTD~1\UNWISE.EXE C:\PROGRA~1\SMARTD~1\install.log
Star Wars Battlefront --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C79CB9C7-10A4-4814-8402-F574672C2192}\Setup.exe" -l0x9
Star Wars Battlefront II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x9 -removeonly
TrueSwitch Wizard SBC --> C:\Program Files\TrueSwitchSBC\TrueWizard.exe -uninstall
U.S. Robotics ControlCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B83E0346-D2D0-11D5-A9AE-00105AA9E047}\setup.exe" -l0x9 anything
Ulead PhotoImpact 5 Bundled Edition --> C:\WINDOWS\ISUninst.exe -f"C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\IS32Inst.dll"
Unreal Tournament G.O.T.Y. Edition --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Visual IP InSight(SBC) --> C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
VTech Phonebook Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{668E9D53-0B7B-4975-B29B-FAFA9775F31B}\setup.exe" -l0x9
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Blaster Worm Removal Tool (KB833330) --> C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3415 / Error
Event Submitted/Written: 01/01/2002 07:07:13 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mshta.exe, version 7.0.5730.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3402 / Error
Event Submitted/Written: 01/01/2002 11:32:27 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 9.0.0.8216, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3348 / Error
Event Submitted/Written: 01/01/2002 00:14:03 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type3345 / Error
Event Submitted/Written: 01/01/2002 00:14:02 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type3344 / Error
Event Submitted/Written: 01/01/2002 00:14:02 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9064 / Error
Event Submitted/Written: 03/17/2008 04:28:46 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.64 for the Network Card with network address 00265413BD6E has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type9054 / Error
Event Submitted/Written: 03/17/2008 04:28:45 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC Tools Security Service service failed to start due to the following error:
%%1053

Event Record #/Type9053 / Error
Event Submitted/Written: 03/17/2008 04:28:45 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.

Event Record #/Type9011 / Error
Event Submitted/Written: 03/16/2008 08:20:49 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type9009 / Error
Event Submitted/Written: 03/16/2008 08:20:32 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 99.165.254.120 on the
Network Card with network address 00265413BD6E.



-- End of Deckard's System Scanner: finished at 2002-01-01 02:35:08 ------------
  • 0

#9
Essexboy
Posted 22 March 2008 - 04:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you have so many infected files there that I will not yet try to take them out manually but use another tool

First lets secure your system

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4

Please note any other programs that you dont recognize in that list in your next response

THEN

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#10
kingviper
Posted 22 March 2008 - 05:28 PM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here is the current Combofix log:

ComboFix 08-03-22.1 - Bryan 2008-03-22 18:49:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.181 [GMT -4:00]
Running from: C:\Documents and Settings\Bryan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\z_start.lnk
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\Common Files\cpush\
C:\Program Files\Common Files\drivecleaner free\
C:\Program Files\Common Files\KeenValue\
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\simtest\temp.txt
C:\Program Files\Common Files\sogou pxp\
C:\Program Files\Common Files\WinSoftware\
C:\Program Files\CSBB\
C:\Program Files\data19
C:\Program Files\dialers\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\iMeshBar
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\starware\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\WINDOWS\mc\
C:\WINDOWS\mslagent\
C:\WINDOWS\system32\avload32.dll
C:\WINDOWS\system32\axdebugl.dll
C:\WINDOWS\system32\bt848rom.dll
C:\WINDOWS\system32\cdscsix3.dll
C:\WINDOWS\system32\ddirectz.dll
C:\WINDOWS\system32\directpt.dll
C:\WINDOWS\system32\directut.dll
C:\WINDOWS\system32\Dll.dll
C:\WINDOWS\system32\docent0.dll
C:\WINDOWS\system32\docent2.dll
C:\WINDOWS\system32\dvd4free.dll
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\emldvc.dll
C:\WINDOWS\system32\extfpu.dll
C:\WINDOWS\system32\extxerox.dll
C:\WINDOWS\system32\flashdrvr.dll
C:\WINDOWS\system32\gatexkey.dll
C:\WINDOWS\system32\gdiwxp.dll
C:\WINDOWS\system32\gdwxp3.dll
C:\WINDOWS\system32\hpprintx.dll
C:\WINDOWS\system32\ideusr50.dll
C:\WINDOWS\system32\ies4dll.dll
C:\WINDOWS\system32\iesdl4l.dll
C:\WINDOWS\system32\logon16x.dll
C:\WINDOWS\system32\lsd_f3.dll
C:\WINDOWS\system32\mcfCC4.dll
C:\WINDOWS\system32\mcfG7A.dll
C:\WINDOWS\system32\mdfpro.dll
C:\WINDOWS\system32\mmxeroxk.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\MSplg7.dll
C:\WINDOWS\system32\nclabydll.dll
C:\WINDOWS\system32\nkunpack.dll
C:\WINDOWS\system32\nuclabdll.dll
C:\WINDOWS\system32\obbn13t.dll
C:\WINDOWS\system32\openglss.dll
C:\WINDOWS\system32\printpnp.dll
C:\WINDOWS\system32\prw76sks.sys
C:\WINDOWS\system32\prwsks.dll
C:\WINDOWS\system32\psksds.dll
C:\WINDOWS\system32\rdrVR2.dll
C:\WINDOWS\system32\rsdapi.dll
C:\WINDOWS\system32\satau320.dll
C:\WINDOWS\system32\satdll.dll
C:\WINDOWS\system32\satmmc.dll
C:\WINDOWS\system32\sdcard98.dll
C:\WINDOWS\system32\se500mdm.dll
C:\WINDOWS\system32\se633mxx.dll
C:\WINDOWS\system32\sks2drvr.sys
C:\WINDOWS\system32\sksdll.dll
C:\WINDOWS\system32\tcpG4T.dll
C:\WINDOWS\system32\tcpGDC.dll
C:\WINDOWS\system32\tcpwrk.dll
C:\WINDOWS\system32\wincom32.sys
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wndtx1.dll
C:\WINDOWS\system32\xcdmfree.dll
C:\WINDOWS\system32\zopenssl.dll
C:\WINDOWS\wincomp\
C:\WINDOWS\winmgts\
C:\WINDOWS\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-17 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 18:51 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 18:51 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 18:37 . 2008-03-17 18:37 <DIR> dr-hs---- C:\winstall.exe
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\pcprivacysoftware.com
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\malwarewipe.com
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\malwaresweeper.com
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\bulletproofsoft.com
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\adwareremovergold.com
2008-03-17 18:37 . 2008-03-17 18:37 228 -r-h----- C:\Program Files\gator.com
2008-03-17 17:47 . 2004-03-08 12:00 224,016 --------- C:\WINDOWS\system32\tabctl32.ocx
2008-03-17 17:46 . 2008-03-17 17:51 <DIR> d-------- C:\Program Files\Malware Immunizer
2008-03-16 21:21 . 2002-01-01 00:01 <DIR> d-------- C:\Program Files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 23:20 --------- d-----w C:\Program Files\TrueAssistant
2008-03-17 22:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 22:37 284 ---h--r C:\Program Files\fix my registry
2008-03-17 21:42 --------- d-----w C:\Program Files\The Cleaner Free
2008-03-17 21:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-06 21:23 442,368 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-02-27 18:49 3,840 ----a-w C:\WINDOWS\system32\drivers\BANTExt.sys
2005-10-25 15:53 491,520 ----a-w C:\Documents and Settings\Bryan\pbclsnew.dll
2005-10-25 15:52 491,520 ----a-w C:\Documents and Settings\Bryan\pbclnew.dll
2005-10-25 15:51 290,816 ----a-w C:\Documents and Settings\Bryan\pbsvnew.dll
2005-10-25 15:49 4 ----a-w C:\Documents and Settings\Bryan\pbweb.dat
2004-03-06 11:50 75,776 -c-ha-w C:\Documents and Settings\Bryan\Application Data\rbqt450.DLL
2001-08-23 17:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 20:04 163840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2001-08-23 13:00 77891]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 11:11 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 06:50 155648]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"LiveNote"="livenote.exe" [2002-07-11 09:31 40960 C:\WINDOWS\livenote.exe]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"HPIJetSend"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe" [2000-08-22 13:24 585728]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 09:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2004-02-02 04:41 495616]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 08:44 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-22 13:20 32768]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-06-02 22:58 185456]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-06-02 22:58 230512]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"anvshell"="anvshell.exe" [2003-05-29 03:53 348160 C:\WINDOWS\anvshell.exe]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-05-10 12:38 7615984]
"{4D-D7-7C-C9-ZN}"="C:\windows\system32\dwdsregt.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\
OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [2007-01-13 18:45:15 51360]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-01-23 14:30:56 468992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 09:18:22 10872]
Instant Update Reminder.lnk - C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe [2003-11-20 21:56:49 529920]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38 614531]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2004-06-11 12:13:29 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\comink]
comink.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_JetSend.exe"=
"C:\\WINDOWS\\kdx\\khost.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"C:\\Program Files\\Yahoo!\\YPSR\\Quarantine\\ppq1D.tmp\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 18:11]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-09-22 14:46]
R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2003-05-19 04:12]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-05 23:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-03 16:22]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 09:28]

.
Contents of the 'Scheduled Tasks' folder
"2002-01-01 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-06-08 02:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2002-01-01 08:30:01 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\errorkiller\ErrorKiller.ex
- C:\Program Files\errorkiller
"2008-03-22 23:03:16 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-03-22 23:20:16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 19:18:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\OPLIMIT\ocrawr32.exe
.
**************************************************************************
.
Completion time: 2008-03-22 19:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 23:24:57
.
2008-03-17 03:00:57 --- E O F ---





AND HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:40 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryan\Application Data\Real\Update\setup\setup.exe
C:\DOCUME~1\Bryan\LOCALS~1\Temp\temp0.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [{4D-D7-7C-C9-ZN}] C:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - Winlogon Notify: comink - comink.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10852 bytes



BY the way EssexBoy, I have Nvidia Nforce and I updated it but I am still getting the error???

Edited by kingviper, 22 March 2008 - 05:30 PM.

  • 0

Advertisements

#11
Essexboy
Posted 22 March 2008 - 05:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We shall get to that after we have cleared the malware present - you have 3 or 4 rogue malware apps which need to go and they do not appear in Add/remove

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::
Folder::
C:\Program Files\malwaresweeper.com
C:\Program Files\bulletproofsoft.com
C:\Program Files\adwareremovergold.com
C:\Program Files\Malware Immunizer
C:\Program Files\malwarewipe.com
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\comink]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#12
kingviper
Posted 22 March 2008 - 06:23 PM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
COMBOFIX LOG:

ComboFix 08-03-22.1 - Bryan 2008-03-22 20:01:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.260 [GMT -4:00]
Running from: C:\Documents and Settings\Bryan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bryan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\adwareremovergold.com\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\bulletproofsoft.com\
C:\Program Files\ClientMan\
C:\Program Files\Common Files\cpush\
C:\Program Files\Common Files\drivecleaner free\
C:\Program Files\Common Files\KeenValue\
C:\Program Files\Common Files\sogou pxp\
C:\Program Files\Common Files\WinSoftware\
C:\Program Files\CSBB\
C:\Program Files\dialers\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\Malware Immunizer
C:\Program Files\Malware Immunizer\cleanup.bat
C:\Program Files\Malware Immunizer\def.dat
C:\Program Files\Malware Immunizer\help.chm
C:\Program Files\Malware Immunizer\Malware Immunizer.exe
C:\Program Files\Malware Immunizer\MI.exe
C:\Program Files\Malware Immunizer\MI.ini
C:\Program Files\Malware Immunizer\settings
C:\Program Files\malwaresweeper.com\
C:\Program Files\malwarewipe.com\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\starware\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\WINDOWS\mc\
C:\WINDOWS\mslagent\
C:\WINDOWS\wincomp\
C:\WINDOWS\winmgts\
C:\WINDOWS\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-22 19:46 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-03-17 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 18:51 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 18:51 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 18:37 . 2008-03-17 18:37 <DIR> dr-hs---- C:\winstall.exe
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\pcprivacysoftware.com
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\malwarewipe.com
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\malwaresweeper.com
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\bulletproofsoft.com
2008-03-17 18:37 . 2008-03-17 18:37 274 -r-h----- C:\Program Files\adwareremovergold.com
2008-03-17 18:37 . 2008-03-17 18:37 228 -r-h----- C:\Program Files\gator.com
2008-03-17 17:47 . 2004-03-08 12:00 224,016 --------- C:\WINDOWS\system32\tabctl32.ocx
2008-03-16 21:21 . 2002-01-01 00:01 <DIR> d-------- C:\Program Files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 23:20 --------- d-----w C:\Program Files\TrueAssistant
2008-03-17 22:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 22:37 284 ---h--r C:\Program Files\fix my registry
2008-03-17 21:42 --------- d-----w C:\Program Files\The Cleaner Free
2008-03-17 21:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-06 21:23 442,368 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-02-27 18:49 3,840 ----a-w C:\WINDOWS\system32\drivers\BANTExt.sys
2005-10-25 15:53 491,520 ----a-w C:\Documents and Settings\Bryan\pbclsnew.dll
2005-10-25 15:52 491,520 ----a-w C:\Documents and Settings\Bryan\pbclnew.dll
2005-10-25 15:51 290,816 ----a-w C:\Documents and Settings\Bryan\pbsvnew.dll
2005-10-25 15:49 4 ----a-w C:\Documents and Settings\Bryan\pbweb.dat
2004-03-06 11:50 75,776 -c-ha-w C:\Documents and Settings\Bryan\Application Data\rbqt450.DLL
2001-08-23 17:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-22_19.24.07.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-05 06:41:00 7,435,392 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2007-12-05 05:41:00 7,435,392 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
- 2007-12-05 06:41:00 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2007-12-05 05:41:00 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
- 2007-12-05 06:41:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
+ 2007-12-05 05:41:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
- 2007-12-05 06:41:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
+ 2007-12-05 05:41:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
- 2007-12-05 06:41:00 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
+ 2007-12-05 05:41:00 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
- 2007-12-05 06:41:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
+ 2007-12-05 05:41:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
- 2007-12-05 06:41:00 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
+ 2007-12-05 05:41:00 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
- 2007-12-05 06:41:00 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
+ 2007-12-05 05:41:00 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
- 2007-12-05 06:41:00 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
+ 2007-12-05 05:41:00 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
- 2007-12-05 06:41:00 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
+ 2007-12-05 05:41:00 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
- 2007-12-05 06:41:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
+ 2007-12-05 05:41:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
- 2007-12-05 06:41:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
+ 2007-12-05 05:41:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
- 2007-12-05 06:41:00 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
+ 2007-12-05 05:41:00 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
- 2007-12-05 06:41:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
+ 2007-12-05 05:41:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
- 2007-12-05 06:41:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
+ 2007-12-05 05:41:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
- 2007-12-05 06:41:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
+ 2007-12-05 05:41:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
- 2007-12-05 06:41:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
+ 2007-12-05 05:41:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
- 2007-12-05 06:41:00 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
+ 2007-12-05 05:41:00 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
- 2007-12-05 06:41:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
+ 2007-12-05 05:41:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
- 2007-12-05 06:41:00 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
+ 2007-12-05 05:41:00 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
- 2007-12-05 06:41:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
+ 2007-12-05 05:41:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
- 2007-12-05 06:41:00 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
+ 2007-12-05 05:41:00 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
- 2007-12-05 06:41:00 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
+ 2007-12-05 05:41:00 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
- 2007-12-05 06:41:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
+ 2007-12-05 05:41:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
- 2007-12-05 06:41:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
+ 2007-12-05 05:41:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
- 2007-12-05 06:41:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
+ 2007-12-05 05:41:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
- 2007-12-05 06:41:00 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
+ 2007-12-05 05:41:00 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
- 2007-12-05 06:41:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
+ 2007-12-05 05:41:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
- 2008-03-22 23:16:23 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-22 23:21:06 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-22 23:16:23 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-22 23:21:06 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-05 06:41:00 5,773,568 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nv4_disp.dll
+ 2007-12-05 06:41:00 7,435,392 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nv4_mini.sys
+ 2007-12-05 06:41:00 385,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvapi.dll
+ 2007-12-05 06:41:00 35,328 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvcod.dll
+ 2007-12-05 06:41:00 8,523,776 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvcpl.dll
+ 2007-12-05 06:41:00 1,089,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvcuda.dll
+ 2007-12-05 06:41:00 6,549,504 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvdisps.dll
+ 2007-12-05 06:41:00 3,420,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvgames.dll
+ 2007-12-05 06:41:00 229,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmccs.dll
+ 2007-12-05 06:41:00 188,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmccss.dll
+ 2007-12-05 06:41:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmctray.dll
+ 2007-12-05 06:41:00 1,228,800 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmobls.dll
+ 2007-12-05 06:41:00 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvnt4cpl.dll
+ 2007-12-05 06:41:00 6,901,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvoglnt.dll
+ 2007-12-05 06:41:00 155,716 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvsvc32.exe
+ 2007-12-05 06:41:00 3,710,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvvitvs.dll
+ 2007-12-05 06:41:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvwddi.dll
+ 2007-12-05 06:41:00 2,498,560 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvwss.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 20:04 163840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2001-08-23 13:00 77891]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 11:11 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 06:50 155648]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"LiveNote"="livenote.exe" [2002-07-11 09:31 40960 C:\WINDOWS\livenote.exe]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"HPIJetSend"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe" [2000-08-22 13:24 585728]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 09:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2004-02-02 04:41 495616]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 08:44 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-22 13:20 32768]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-06-02 22:58 185456]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-06-02 22:58 230512]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"anvshell"="anvshell.exe" [2003-05-29 03:53 348160 C:\WINDOWS\anvshell.exe]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-05-10 12:38 7615984]
"{4D-D7-7C-C9-ZN}"="C:\windows\system32\dwdsregt.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\
OCRAWARE.lnk - C:\OPLIMIT\OCRAWARE.EXE [2007-01-13 18:45:15 51360]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-01-23 14:30:56 468992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 09:18:22 10872]
Instant Update Reminder.lnk - C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe [2003-11-20 21:56:49 529920]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38 614531]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2004-06-11 12:13:29 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_JetSend.exe"=
"C:\\WINDOWS\\kdx\\khost.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"C:\\Program Files\\Yahoo!\\YPSR\\Quarantine\\ppq1D.tmp\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 18:11]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-09-22 14:46]
R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2003-05-19 04:12]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-05 23:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-03 16:22]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 09:28]

.
Contents of the 'Scheduled Tasks' folder
"2002-01-01 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-06-08 02:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2002-01-01 08:30:01 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\errorkiller\ErrorKiller.ex
- C:\Program Files\errorkiller
"2008-03-22 23:03:16 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-03-23 00:17:04 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 20:17:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\OPLIMIT\ocrawr32.exe
.
**************************************************************************
.
Completion time: 2008-03-22 20:22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 00:22:17
ComboFix2.txt 2008-03-22 23:25:30
.
2008-03-17 03:00:57 --- E O F ---


HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:26 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [{4D-D7-7C-C9-ZN}] C:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10695 bytes


Thanks Essexboy
  • 0

#13
Essexboy
Posted 23 March 2008 - 06:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well we are whittling them down but still a few more to go

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#14
kingviper
Posted 23 March 2008 - 07:00 AM

kingviper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here we go:


SDFix: Version 1.160

Run by Bryan on Sun 03/23/2008 at 08:42 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\TFTP1708 - Deleted
C:\WINDOWS\system32\TFTP936 - Deleted


Could Not Remove C:\csrss.exe
Could Not Remove C:\winstall.exe
Could Not Remove C:\WINDOWS\csrss.exe
Could Not Remove C:\WINDOWS\explore.exe
Could Not Remove C:\WINDOWS\iexplorer.exe
Could Not Remove C:\WINDOWS\lsasss.exe
Could Not Remove C:\WINDOWS\services.exe
Could Not Remove C:\WINDOWS\svchost.exe
Could Not Remove C:\WINDOWS\system32\alsys.exe
Could Not Remove C:\WINDOWS\system32\atmtd.dll
Could Not Remove C:\WINDOWS\system32\atmtd.dll._
Could Not Remove C:\WINDOWS\system32\bho.dll
Could Not Remove C:\WINDOWS\system32\bootconf.exe
Could Not Remove C:\WINDOWS\system32\e1.dll
Could Not Remove C:\WINDOWS\system32\ezStub.exe
Could Not Remove C:\WINDOWS\system32\iexplore.exe
Could Not Remove C:\WINDOWS\system32\iexplorer.exe
Could Not Remove C:\WINDOWS\system32\internet.exe
Could Not Remove C:\WINDOWS\system32\ipv6mons.dll
Could Not Remove C:\WINDOWS\system32\msclt.exe
Could Not Remove C:\WINDOWS\system32\msmsgs.exe
Could Not Remove C:\WINDOWS\system32\mstc.exe
Could Not Remove C:\WINDOWS\system32\msupdate.exe
Could Not Remove C:\WINDOWS\system32\mswins.exe
Could Not Remove C:\WINDOWS\system32\nordsys.exe
Could Not Remove C:\WINDOWS\system32\ppl.exe
Could Not Remove C:\WINDOWS\system32\remote.exe
Could Not Remove C:\WINDOWS\system32\rundll.exe
Could Not Remove C:\WINDOWS\system32\rx.exe
Could Not Remove C:\WINDOWS\system32\scvhost32.exe
Could Not Remove C:\WINDOWS\system32\se.exe
Could Not Remove C:\WINDOWS\system32\server.exe
Could Not Remove C:\WINDOWS\system32\svchost32.exe
Could Not Remove C:\WINDOWS\system32\svhost.exe
Could Not Remove C:\WINDOWS\system32\svshost.exe
Could Not Remove C:\WINDOWS\system32\sys.exe
Could Not Remove C:\WINDOWS\system32\taskgmr.exe
Could Not Remove C:\WINDOWS\system32\update.exe
Could Not Remove C:\WINDOWS\system32\wgareg.exe
Could Not Remove C:\WINDOWS\system32\wgavm.exe
Could Not Remove C:\WINDOWS\system32\win32.exe
Could Not Remove C:\WINDOWS\system32\windll.exe
Could Not Remove C:\WINDOWS\system32\windowz.exe
Could Not Remove C:\WINDOWS\system32\winhost.exe
Could Not Remove C:\WINDOWS\system32\winsvc.exe
Could Not Remove C:\WINDOWS\system32\winsys32.exe
Could Not Remove C:\WINDOWS\system32\winupd.exe
Could Not Remove C:\WINDOWS\system32\winxp.exe
Could Not Remove C:\WINDOWS\system32\zlbw.dll
Could Not Remove C:\WINDOWS\winlogon.exe
Could Not Remove C:\WINDOWS\winserv.exe
Could Not Remove C:\WINDOWS\xpupdate.exe



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 08:50:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_JetSend.exe"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_JetSend.exe:*:Enabled:JetSendTray Application"
"C:\\WINDOWS\\kdx\\khost.exe"="C:\\WINDOWS\\kdx\\khost.exe:*:Enabled:Secure Delivery Plug-In"
"C:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"="C:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe:*:Enabled:Client"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Yahoo!\\YPSR\\Quarantine\\ppq1D.tmp\\LimeWire.exe"="C:\\Program Files\\Yahoo!\\YPSR\\Quarantine\\ppq1D.tmp\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\UnrealTournament\\System\\UnrealTournament.exe"="C:\\UnrealTournament\\System\\UnrealTournament.exe:*:Disabled:UnrealTournament"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe:*:Disabled:BattlefrontII"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe:LocalSubNet:Disabled:Battlefront"
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe:LocalSubNet:Enabled:BfVietnam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

Remaining Files :

C:\csrss.exe Found
C:\winstall.exe Found
C:\WINDOWS\csrss.exe Found
C:\WINDOWS\explore.exe Found
C:\WINDOWS\iexplorer.exe Found
C:\WINDOWS\lsasss.exe Found
C:\WINDOWS\services.exe Found
C:\WINDOWS\svchost.exe Found
C:\WINDOWS\system32\alsys.exe Found
C:\WINDOWS\system32\atmtd.dll Found
C:\WINDOWS\system32\atmtd.dll._ Found
C:\WINDOWS\system32\bho.dll Found
C:\WINDOWS\system32\bootconf.exe Found
C:\WINDOWS\system32\e1.dll Found
C:\WINDOWS\system32\ezStub.exe Found
C:\WINDOWS\system32\iexplore.exe Found
C:\WINDOWS\system32\iexplorer.exe Found
C:\WINDOWS\system32\internet.exe Found
C:\WINDOWS\system32\ipv6mons.dll Found
C:\WINDOWS\system32\msclt.exe Found
C:\WINDOWS\system32\msmsgs.exe Found
C:\WINDOWS\system32\mstc.exe Found
C:\WINDOWS\system32\msupdate.exe Found
C:\WINDOWS\system32\mswins.exe Found
C:\WINDOWS\system32\nordsys.exe Found
C:\WINDOWS\system32\ppl.exe Found
C:\WINDOWS\system32\remote.exe Found
C:\WINDOWS\system32\rundll.exe Found
C:\WINDOWS\system32\rx.exe Found
C:\WINDOWS\system32\scvhost32.exe Found
C:\WINDOWS\system32\se.exe Found
C:\WINDOWS\system32\server.exe Found
C:\WINDOWS\system32\svchost32.exe Found
C:\WINDOWS\system32\svhost.exe Found
C:\WINDOWS\system32\svshost.exe Found
C:\WINDOWS\system32\sys.exe Found
C:\WINDOWS\system32\taskgmr.exe Found
C:\WINDOWS\system32\update.exe Found
C:\WINDOWS\system32\wgareg.exe Found
C:\WINDOWS\system32\wgavm.exe Found
C:\WINDOWS\system32\win32.exe Found
C:\WINDOWS\system32\windll.exe Found
C:\WINDOWS\system32\windowz.exe Found
C:\WINDOWS\system32\winhost.exe Found
C:\WINDOWS\system32\winsvc.exe Found
C:\WINDOWS\system32\winsys32.exe Found
C:\WINDOWS\system32\winupd.exe Found
C:\WINDOWS\system32\winxp.exe Found
C:\WINDOWS\system32\zlbw.dll Found
C:\WINDOWS\winlogon.exe Found
C:\WINDOWS\winserv.exe Found
C:\WINDOWS\xpupdate.exe Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 17 Mar 2008 274 ...HR --- "C:\Program Files\adwareremovergold.com"
Mon 17 Mar 2008 274 ...HR --- "C:\Program Files\bulletproofsoft.com"
Mon 17 Mar 2008 236 ...HR --- "C:\Program Files\dealhelper.com inc"
Mon 17 Mar 2008 228 ...HR --- "C:\Program Files\gator.com"
Mon 17 Mar 2008 274 ...HR --- "C:\Program Files\malwaresweeper.com"
Mon 17 Mar 2008 274 ...HR --- "C:\Program Files\malwarewipe.com"
Mon 17 Mar 2008 274 ...HR --- "C:\Program Files\pcprivacysoftware.com"
Thu 23 Aug 2001 94,784 ..SH. --- "C:\WINDOWS\twain.dll"
Wed 4 Aug 2004 50,688 ..SH. --- "C:\WINDOWS\twain_32.dll"
Thu 6 Dec 2007 625,664 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 4 Aug 2004 1,028,096 ..SH. --- "C:\WINDOWS\system32\mfc42.dll"
Wed 4 Aug 2004 54,784 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll"
Tue 4 Dec 2007 550,912 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll"
Wed 4 Aug 2004 83,456 ..SH. --- "C:\WINDOWS\system32\olepro32.dll"
Wed 4 Aug 2004 11,776 ..SH. --- "C:\WINDOWS\system32\regsvr32.exe"
Fri 30 Apr 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 30 Sep 2004 35,840 A..H. --- "C:\Documents and Settings\Bryan\Application Data\EHEffects.dll"
Sat 6 Mar 2004 18,432 A..H. --- "C:\Documents and Settings\Bryan\Application Data\EHEncrypt.dll"
Thu 30 Sep 2004 69,036 A..H. --- "C:\Documents and Settings\Bryan\Application Data\EHMatrixFilters.dll"
Sat 6 Mar 2004 19,968 A..H. --- "C:\Documents and Settings\Bryan\Application Data\EHMD5.dll"
Thu 30 Sep 2004 25,600 A..H. --- "C:\Documents and Settings\Bryan\Application Data\EHTypes.dll"
Sat 6 Mar 2004 52,224 A..H. --- "C:\Documents and Settings\Bryan\Application Data\EHZComp.dll"
Thu 30 Sep 2004 30,208 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSBase64Plugin4708.dll"
Thu 30 Sep 2004 37,376 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSCarbonEventsPlugin5242.dll"
Thu 30 Sep 2004 44,032 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSCFPlugin5228.dll"
Thu 30 Sep 2004 33,792 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSIconPlugin5036.dll"
Sat 6 Mar 2004 115,712 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSJPEGDecompressionPlugin.dll"
Thu 30 Sep 2004 99,328 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSJPEGCompressionPlugin5041.dll"
Thu 30 Sep 2004 120,832 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSJPEGDecompressionPlugin5041.dll"
Sat 6 Mar 2004 28,160 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSMacOSXPlugin.dll"
Thu 30 Sep 2004 28,672 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSMacOSXPlugin5242.dll"
Sat 6 Mar 2004 36,352 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSMainPlugin.dll"
Sat 6 Mar 2004 28,672 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSMemoryPlugin.dll"
Sat 6 Mar 2004 53,760 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSPicturePlugin.dll"
Sat 6 Mar 2004 36,864 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSPictureMacPlugin.dll"
Thu 30 Sep 2004 103,424 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSPicturePlugin5148.dll"
Sat 6 Mar 2004 25,088 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSPluginVersionPlugin.dll"
Thu 30 Sep 2004 146,944 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSPNGPlugin4713.dll"
Sat 6 Mar 2004 31,232 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSProcessPlugin.dll"
Thu 30 Sep 2004 32,768 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSProcessPlugin4911.dll"
Sat 6 Mar 2004 43,520 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSQTImporterPlugin.dll"
Sat 6 Mar 2004 38,912 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSQuickTimePlugin.dll"
Sat 6 Mar 2004 28,672 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSRectPlugin.dll"
Sat 6 Mar 2004 26,112 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSRegistrationPlugin.dll"
Sat 6 Mar 2004 36,864 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSRegistryPlugin.dll"
Thu 30 Sep 2004 27,648 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSRegistrationPlugin4987.dll"
Sat 6 Mar 2004 48,128 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSResPlugin.dll"
Thu 30 Sep 2004 444,928 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSTiffPlugin4713.dll"
Sat 6 Mar 2004 26,624 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSUsernamePlugin.dll"
Thu 30 Sep 2004 27,136 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSUsernamePlugin4435.dll"
Thu 30 Sep 2004 27,648 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSWindowPlugin4708.dll"
Thu 30 Sep 2004 64,512 A..H. --- "C:\Documents and Settings\Bryan\Application Data\MBSZipPlugin4713.dll"
Sat 6 Mar 2004 64,512 A..H. --- "C:\Documents and Settings\Bryan\Application Data\rbap450.dll"
Thu 30 Sep 2004 88,576 A..H. --- "C:\Documents and Settings\Bryan\Application Data\rbap550.dll"
Thu 30 Sep 2004 478,720 A..H. --- "C:\Documents and Settings\Bryan\Application Data\RBDB550.dll"
Thu 30 Sep 2004 29,184 A..H. --- "C:\Documents and Settings\Bryan\Application Data\RBInternetEncodings550.dll"
Thu 30 Sep 2004 32,256 A..H. --- "C:\Documents and Settings\Bryan\Application Data\RBJagToolbarItem550.dll"
Sat 6 Mar 2004 75,776 A..H. --- "C:\Documents and Settings\Bryan\Application Data\rbqt450.DLL"
Thu 30 Sep 2004 74,240 A..H. --- "C:\Documents and Settings\Bryan\Application Data\rbqt550.DLL"
Sat 6 Mar 2004 41,472 A..H. --- "C:\Documents and Settings\Bryan\Application Data\RBShell400.dll"
Thu 30 Sep 2004 40,960 A..H. --- "C:\Documents and Settings\Bryan\Application Data\RBShell550.dll"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Fri 19 Mar 2004 67,944 ...H. --- "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\PhotoShow Express.exe"

Finished!



HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:59 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [HPIJetSend] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10594 bytes
  • 0

#15
Essexboy
Posted 23 March 2008 - 07:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well we still have a can of worms here. But, now I can start doing some manual removal

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Could Not Remove C:\csrss.exe 
Could Not Remove C:\winstall.exe 
Could Not Remove C:\WINDOWS\csrss.exe 
Could Not Remove C:\WINDOWS\explore.exe 
Could Not Remove C:\WINDOWS\iexplorer.exe 
Could Not Remove C:\WINDOWS\lsasss.exe 
Could Not Remove C:\WINDOWS\services.exe 
Could Not Remove C:\WINDOWS\svchost.exe 
Could Not Remove C:\WINDOWS\system32\alsys.exe 
Could Not Remove C:\WINDOWS\system32\atmtd.dll 
Could Not Remove C:\WINDOWS\system32\atmtd.dll._ 
Could Not Remove C:\WINDOWS\system32\bho.dll 
Could Not Remove C:\WINDOWS\system32\bootconf.exe 
Could Not Remove C:\WINDOWS\system32\e1.dll 
Could Not Remove C:\WINDOWS\system32\ezStub.exe 
Could Not Remove C:\WINDOWS\system32\iexplore.exe 
Could Not Remove C:\WINDOWS\system32\iexplorer.exe 
Could Not Remove C:\WINDOWS\system32\internet.exe 
Could Not Remove C:\WINDOWS\system32\ipv6mons.dll 
Could Not Remove C:\WINDOWS\system32\msclt.exe 
Could Not Remove C:\WINDOWS\system32\msmsgs.exe 
Could Not Remove C:\WINDOWS\system32\mstc.exe 
Could Not Remove C:\WINDOWS\system32\msupdate.exe 
Could Not Remove C:\WINDOWS\system32\mswins.exe 
C:\WINDOWS\system32\nordsys.exe 
C:\WINDOWS\system32\ppl.exe 
C:\WINDOWS\system32\remote.exe 
C:\WINDOWS\system32\rx.exe 
C:\WINDOWS\system32\scvhost32.exe 
C:\WINDOWS\system32\se.exe 
C:\WINDOWS\system32\server.exe 
C:\WINDOWS\system32\svchost32.exe 
C:\WINDOWS\system32\svhost.exe 
C:\WINDOWS\system32\svshost.exe 
C:\WINDOWS\system32\sys.exe 
C:\WINDOWS\system32\taskgmr.exe 
C:\WINDOWS\system32\update.exe 
C:\WINDOWS\system32\wgareg.exe 
C:\WINDOWS\system32\wgavm.exe 
C:\WINDOWS\system32\win32.exe 
C:\WINDOWS\system32\windll.exe 
C:\WINDOWS\system32\windowz.exe 
C:\WINDOWS\system32\winhost.exe 
C:\WINDOWS\system32\winsvc.exe 
C:\WINDOWS\system32\winsys32.exe 
C:\WINDOWS\system32\winupd.exe 
C:\WINDOWS\system32\winxp.exe 
C:\WINDOWS\system32\zlbw.dll 
C:\WINDOWS\winlogon.exe 
C:\WINDOWS\winserv.exe 
C:\WINDOWS\xpupdate.exe 
C:\Program Files\adwareremovergold.com"
C:\Program Files\bulletproofsoft.com
C:\Program Files\dealhelper.com inc
C:\Program Files\gator.com
C:\Program Files\malwaresweeper.com
C:\Program Files\malwarewipe.com
C:\Program Files\pcprivacysoftware.com
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

AND FOLLOW UP WITH ANOTHE COMBOFIX RUN

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP