[mikey4020]

I think I may be infected with the above virus. Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06, on 2008-05-19
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5503D39A-78C1-4FCE-A435-32A54341725B} - C:\Windows\system32\ljJBtqPg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {8f2d3130-3b7d-aa79-b764-e4937a2653ea} - {ae3562a7-394e-467b-97aa-d7b30313d2f8} - C:\Windows\system32\vlowspyj.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [56cb42d7] rundll32.exe "C:\Windows\system32\rwhslixn.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9142 bytes

[Advertisements]

I should also have said both Vundofix and vundobegone found nothing.

[mikey4020]

I should also have said both Vundofix and vundobegone found nothing.

[Rorschach112]

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[mikey4020]

Thanks for quick reply. I've attached my combo log as a txt document and posted my HJT log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:29, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {8f2d3130-3b7d-aa79-b764-e4937a2653ea} - {ae3562a7-394e-467b-97aa-d7b30313d2f8} - C:\Windows\system32\vlowspyj.dll
O2 - BHO: (no name) - {E0868935-B823-4077-99E5-A1026BA1DB43} - C:\Windows\system32\ljJBtqPg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [56cb42d7] rundll32.exe "C:\Windows\system32\rwhslixn.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9149 bytes

Attached Files

•  log.txt   122.18KB   269 downloads

[Rorschach112]

Post the ComboFix log here instead of attaching it

[mikey4020]

Sorry!

ComboFix 08-05-19.4 - Michael 2008-05-20 16:19:29.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1093 [GMT 1:00]
Running from: C:\Users\Michael\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\gPqtBJjl.ini
C:\Windows\System32\gPqtBJjl.ini2
C:\Windows\system32\nxilshwr.ini
.
---- Previous Run -------
.
C:\Program Files\WebGuide
C:\Program Files\WebGuide\WebGuide4\app_data\config_error.txt
C:\Program Files\WebGuide\WebGuide4\app_data\config_log.txt
C:\Program Files\WebGuide\WebGuide4\app_data\missing_Strings.txt
C:\Program Files\WebGuide\WebGuide4\app_data\roles.xml
C:\Program Files\WebGuide\WebGuide4\app_data\settings.xml
C:\Program Files\WebGuide\WebGuide4\app_data\users.xml
C:\Program Files\WebGuide\WebGuide4\app_data\web_error.txt
C:\Program Files\WebGuide\WebGuide4\app_data\web_log.txt
C:\Program Files\WebGuide\WebGuide4\app_data\wg_connect.xml
C:\Program Files\WebGuide\WebGuide4\app_data\WGStreamService_log.txt
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideServicedComponent.tlb
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Michael\AppData\Roaming\inst.exe
C:\Windows\System32\gPqtBJjl.ini
C:\Windows\System32\gPqtBJjl.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-19 22:12 . 2008-05-19 22:12 <DIR> d-------- C:\fixwareout
2008-05-19 22:04 . 2008-05-19 22:04 134,656 --a------ C:\Windows\System32\vlowspyj.dll
2008-05-19 22:03 . 2008-05-19 22:03 114,688 --a------ C:\Windows\System32\rwhslixn.dll
2008-05-19 21:34 . 2008-05-19 21:34 2,560 --a------ C:\Windows\System32\toqtdjtl.exe
2008-05-19 21:27 . 2008-05-19 21:27 <DIR> d-------- C:\VundoFix Backups
2008-05-19 21:25 . 2008-05-19 21:25 124,928 --a------ C:\Windows\System32\drenaore.dll
2008-05-19 21:24 . 2008-05-19 21:24 92,160 --a------ C:\Windows\System32\uvdqvobd.dll
2008-05-19 21:18 . 2008-05-19 18:41 56,320 --a------ C:\Windows\System32\mlJYstSK.dll
2008-05-19 20:45 . 2008-05-19 20:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 19:34 . 2008-05-19 19:34 134,656 --a------ C:\Windows\System32\gmklstyu.dll
2008-05-19 18:55 . 2008-05-19 18:55 114,688 --a------ C:\Windows\System32\spxaudwh.dll
2008-05-19 18:52 . 2008-05-19 18:52 2,560 --a------ C:\Windows\System32\oamjyayc.exe
2008-05-19 18:49 . 2008-05-19 18:49 124,928 --a------ C:\Windows\System32\qtakwlwq.dll
2008-05-19 18:48 . 2008-05-19 18:48 92,160 --a------ C:\Windows\System32\vfkwqivg.dll
2008-05-19 18:46 . 2008-05-19 18:46 371,712 --a------ C:\Windows\System32\ljJBtqPg.dll
2008-05-19 18:35 . 2008-05-19 18:38 <DIR> d-------- C:\Users\Michael\Torrents
2008-05-18 12:51 . 2008-05-18 12:58 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2008-05-18 12:51 . 2008-05-20 16:24 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2008-05-18 12:51 . 2008-05-18 12:58 524,288 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2008-05-18 12:51 . 2008-05-20 16:24 524,288 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2008-05-18 12:51 . 2008-05-20 16:24 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TM.blf
2008-05-18 12:51 . 2008-05-20 16:24 65,536 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TM.blf
2008-05-17 13:36 . 2008-05-17 13:36 <DIR> d-------- C:\Users\Michael\AppData\Roaming\NCH Swift Sound
2008-05-17 13:36 . 2008-05-17 13:36 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-05-16 15:32 . 2008-05-16 15:32 <DIR> d-------- C:\Program Files\MillieSoft
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\Program Files\Devnz
2008-05-15 13:30 . 2008-01-27 01:09 615,424 --a------ C:\Windows\System32\themeui.dll
2008-05-15 13:30 . 2008-01-27 01:09 240,128 --a------ C:\Windows\System32\uxtheme.dll
2008-05-14 15:56 . 2008-05-14 15:56 <DIR> d-------- C:\merged
2008-05-13 18:18 . 2008-05-13 18:18 <DIR> d-------- C:\Users\Michael\AppData\Roaming\vlc
2008-05-13 18:16 . 2008-05-13 18:16 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-13 17:43 . 2008-05-13 17:43 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Nikon
2008-05-13 13:11 . 2008-05-13 13:11 <DIR> d-------- C:\Program Files\Nikon
2008-05-13 13:10 . 2008-05-13 13:10 <DIR> d-------- C:\ProgramData\Ultima_T15
2008-05-13 13:10 . 2008-05-13 13:10 <DIR> d-------- C:\ProgramData\EnterNHelp
2008-05-13 13:10 . 2008-05-13 13:13 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-05-13 13:10 . 2008-05-13 13:10 0 --a------ C:\ProgramData\PKP_DLbz.DAT
2008-05-12 19:19 . 2008-05-12 19:19 <DIR> d-------- C:\Users\Michael\AppData\Roaming\iPodifier
2008-05-12 19:19 . 2008-05-12 19:19 <DIR> d-------- C:\Program Files\iPodifier
2008-05-12 19:18 . 2008-05-12 19:18 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-08 18:46 . 2008-05-08 18:56 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Winamp
2008-05-08 18:46 . 2008-05-08 18:47 <DIR> d-------- C:\Program Files\Winamp
2008-05-07 11:50 . 2008-05-07 11:50 <DIR> d-------- C:\Program Files\vixy.net
2008-05-04 15:39 . 2008-05-17 12:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-04 15:30 . 2008-05-04 15:30 <DIR> d-------- C:\temp\ext18866
2008-05-04 15:30 . 2008-05-04 15:30 <DIR> d-------- C:\temp
2008-05-03 14:26 . 2008-05-17 13:03 <DIR> d-------- C:\Program Files\Handbrake
2008-04-30 14:06 . 2008-04-30 14:06 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-29 13:59 . 2008-05-20 16:25 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-29 13:59 . 2008-04-29 13:59 1,409 --a------ C:\Windows\QTFont.for
2008-04-29 13:58 . 2008-04-29 13:58 <DIR> d-------- C:\Program Files\iTunes
2008-04-29 13:58 . 2008-04-29 13:58 <DIR> d-------- C:\Program Files\iPod
2008-04-29 13:55 . 2008-04-29 13:55 <DIR> d-------- C:\Program Files\QuickTime
2008-04-29 13:52 . 2008-04-29 13:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-29 13:21 . 2008-04-29 13:29 <DIR> d-------- C:\Users\Michael\AppData\Roaming\FrostWire
2008-04-29 13:21 . 2008-04-29 13:22 <DIR> d-------- C:\Program Files\FrostWire
2008-04-28 16:26 . 2008-04-30 16:16 <DIR> d-------- C:\Program Files\Shareaza
2008-04-26 20:00 . 2008-04-26 20:00 <DIR> d-------- C:\Users\Michael\{a58d0d1c-25cd-4b20-a8e0-1308dcfd2b60}
2008-04-26 19:52 . 2008-04-26 19:52 <DIR> d-------- C:\Hauppauge
2008-04-26 19:52 . 2007-03-23 18:25 57,472 --a------ C:\Windows\System32\drivers\hcwu2dtd.sys
2008-04-26 19:52 . 2007-03-23 18:21 18,560 --a------ C:\Windows\System32\drivers\hcwu2dtl.sys
2008-04-23 18:44 . 2008-04-23 18:45 <DIR> d-------- C:\Users\Michael\AppData\Roaming\FLV Extract
2008-04-20 21:29 . 2007-10-08 09:27 436,784 --a------ C:\Windows\System32\vnetlib.dll
2008-04-20 21:29 . 2007-10-08 09:26 150,064 --a------ C:\Windows\System32\vmnat.exe
2008-04-20 21:29 . 2007-10-08 09:26 121,392 --a------ C:\Windows\System32\vmnetdhcp.exe
2008-04-20 21:29 . 2007-10-08 09:26 50,992 -ra------ C:\Windows\System32\vmnetbridge.dll
2008-04-20 21:29 . 2007-10-08 09:26 28,592 -ra------ C:\Windows\System32\drivers\vmnetbridge.sys
2008-04-20 21:29 . 2007-10-08 09:27 25,008 --a------ C:\Windows\System32\drivers\vmnetuserif.sys
2008-04-20 21:29 . 2007-10-08 09:26 17,712 -ra------ C:\Windows\System32\drivers\vmnet.sys
2008-04-20 21:29 . 2007-10-08 09:26 16,816 --a------ C:\Windows\System32\drivers\vmnetadapter.sys
2008-04-20 21:29 . 2007-10-08 09:26 13,104 --a------ C:\Windows\System32\vnetinst.dll
2008-04-20 21:28 . 2007-10-08 09:26 30,768 --a------ C:\Windows\System32\drivers\vmusb.sys
2008-04-20 21:28 . 2007-10-08 09:27 20,912 --a------ C:\Windows\System32\drivers\VMkbd.sys
2008-04-20 21:26 . 2008-04-20 21:26 <DIR> d-------- C:\Program Files\VMware
2008-04-20 21:26 . 2008-04-20 21:26 <DIR> d-------- C:\Program Files\Common Files\VMware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 15:25 --------- d-----w C:\Users\Michael\AppData\Roaming\VMware
2008-05-20 11:41 --------- d-----w C:\Users\Michael\AppData\Roaming\SiteAdvisor
2008-05-19 19:46 262,144 ----a-w C:\ntuser.dat
2008-05-19 17:53 --------- d-----w C:\Users\Michael\AppData\Roaming\uTorrent
2008-05-17 12:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 12:03 --------- d-----w C:\Program Files\nLite
2008-05-17 11:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 17:59 --------- d-----w C:\Users\Michael\AppData\Roaming\Vso
2008-05-04 14:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-30 14:56 --------- d-----w C:\Program Files\UltiDev
2008-04-29 13:19 --------- d-----w C:\Users\Michael\AppData\Roaming\VideoReDoPlus
2008-04-29 13:16 --------- d---a-w C:\ProgramData\TEMP
2008-04-29 12:21 --------- d-----w C:\Program Files\LimeWire
2008-04-26 15:39 --------- d-----w C:\Program Files\Microsoft Games
2008-04-26 14:21 --------- d-----w C:\Program Files\RocketDock
2008-04-23 10:19 --------- d-----w C:\ProgramData\VMware
2008-04-19 12:59 --------- d-----w C:\Program Files\DivX
2008-04-19 12:44 --------- d-----w C:\Users\Michael\AppData\Roaming\JAM Software
2008-04-19 12:39 --------- d-----w C:\Program Files\vLite
2008-04-15 18:55 --------- d-----w C:\Program Files\Java
2008-04-15 13:13 --------- d-----w C:\Program Files\Google
2008-04-14 20:24 --------- d-----w C:\Users\Michael\AppData\Roaming\Sony Corporation
2008-04-14 12:59 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-14 12:57 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 12:33 --------- d-----w C:\Users\Michael\AppData\Roaming\LimeWire
2008-04-12 09:55 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-11 22:37 --------- d-----w C:\Program Files\InterMute
2008-04-11 21:32 --------- d-----w C:\Program Files\ESET
2008-04-11 21:07 691 ----a-w C:\Users\Michael\AppData\Roaming\GetValue.vbs
2008-04-11 21:07 35 ----a-w C:\Users\Michael\AppData\Roaming\SetValue.bat
2008-04-10 21:34 --------- d-----w C:\ProgramData\NVIDIA Corporation
2008-04-10 21:34 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-04-09 10:44 --------- d-----w C:\Program Files\Vista4Cast
2008-04-09 10:29 --------- d-----w C:\Program Files\Windows Mail
2008-04-05 12:45 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-04-05 12:44 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-04-05 10:41 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-04-05 10:40 --------- d-----w C:\ProgramData\VideoSpin
2008-04-05 10:40 --------- d-----w C:\Program Files\Pinnacle
2008-04-05 10:40 --------- d-----w C:\Program Files\Common Files\Yahoo!
2008-04-05 10:38 --------- d-----w C:\ProgramData\Pinnacle
2008-04-04 11:12 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-03 15:53 --------- d-----w C:\Program Files\DVBViewer
2008-04-02 20:21 --------- d-----w C:\Users\Michael\AppData\Roaming\Auslogics
2008-04-02 20:21 --------- d-----w C:\Program Files\Auslogics
2008-04-02 17:21 --------- d-----w C:\ProgramData\Team MediaPortal
2008-04-02 17:21 --------- d-----w C:\Program Files\Team MediaPortal
2008-03-29 15:04 --------- d-----w C:\ProgramData\CMUV
2008-03-29 13:03 --------- d-----w C:\Program Files\Foxit Software
2008-03-28 23:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 23:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 16:27 --------- d-----w C:\Program Files\SmartDraw 2008
2008-03-27 21:54 --------- d-----w C:\Users\Michael\AppData\Roaming\SmartDraw
2008-03-27 21:41 --------- d-----w C:\Program Files\MagicISO
2008-03-26 18:51 --------- d-----w C:\Users\Michael\AppData\Roaming\Acronis
2008-03-24 18:37 --------- d-----w C:\Program Files\mackoy
2008-03-24 11:54 --------- d-----w C:\Program Files\Stardock
2008-03-23 16:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-22 12:26 --------- d-----w C:\ProgramData\Lavasoft
2008-03-22 12:25 --------- d-----w C:\Program Files\Lavasoft
2008-03-22 11:52 --------- d-----w C:\ProgramData\Sony Corporation
2008-03-22 11:51 --------- d-----w C:\Program Files\Sony
2008-03-21 11:54 --------- d-----w C:\Program Files\Microsoft Works
2008-03-19 20:52 174 --sha-w C:\Program Files\desktop.ini
2008-03-03 13:25 5,702 ---ha-w C:\Windows\nod32restoretemdono.reg
2007-12-06 19:24 144 ----a-w C:\Users\Michael\AppData\Roaming\wklnhst.dat
2007-12-02 00:09 604 ---ha-w C:\Program Files\STLL Notifier
2007-11-26 20:31 47,360 ----a-w C:\Users\Michael\AppData\Roaming\pcouffin.sys
2007-12-24 00:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-24 00:21 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-24 00:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-04-12_11.14.20.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2007-08-11 22:07:10 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-18 15:46:29 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-08-11 22:07:10 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-04-18 15:46:30 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-08-11 22:07:10 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-04-18 15:46:30 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-04-18 15:46:31 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-11 22:07:11 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-04-18 15:46:31 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-08-11 22:07:11 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-04-18 15:46:31 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-08-11 22:07:11 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-04-18 15:46:31 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-08-11 22:07:11 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-04-18 15:46:31 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-08-11 22:07:10 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-04-18 15:46:29 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2007-11-26 08:30:35 8,007,680 ----a-w C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-05-04 14:41:20 8,007,680 ----a-w C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-04-14 12:37:06 14,184 ----a-w C:\Windows\assembly\GAC_32\ILoader\2.0.5201.0__31bf3856ad364e35\ILoader.dll
+ 2008-04-14 12:37:06 47,976 ----a-w C:\Windows\assembly\GAC_32\Loader\2.0.5201.0__31bf3856ad364e35\Loader.dll
+ 2008-04-30 13:06:43 880,640 ----a-w C:\Windows\assembly\GAC_32\Microsoft.MapPoint.GraphicsAPI\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GraphicsAPI.dll
+ 2008-04-30 13:06:42 33,808 ----a-w C:\Windows\assembly\GAC_MSIL\GeoCommunityCommon\2.0.0.0__31bf3856ad364e35\GeoCommunityCommon.dll
+ 2008-05-16 14:32:44 50,176 ----a-w C:\Windows\assembly\GAC_MSIL\iPlayerMCE\1.2.0.0__7a013a56d00e4065\iPlayerMCE.dll
+ 2008-05-04 14:37:42 106,496 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2008-05-04 14:37:43 737,280 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-05-04 14:37:43 36,864 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-05-04 14:37:43 794,624 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2008-05-04 14:37:43 94,208 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2008-04-30 13:06:42 163,840 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Data.CompactMapFile\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.CompactMapFile.dll
+ 2008-04-30 13:06:42 151,552 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Data.VirtualEarthTileDataSource\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.dll
+ 2008-04-30 13:06:42 376,832 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Data\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.dll
+ 2008-04-30 13:06:42 65,536 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.COM\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.COM.dll
+ 2008-04-30 13:06:42 819,200 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.dll
+ 2008-04-30 13:06:42 208,896 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Geometry\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Geometry.dll
+ 2008-04-30 13:06:42 540,672 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Graphics3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Graphics3D.dll
+ 2008-04-30 13:06:42 143,360 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.dll
+ 2008-04-30 13:06:42 270,336 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Modeling\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Modeling.dll
+ 2008-04-30 13:06:42 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Network\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Network.dll
+ 2008-04-30 13:06:42 73,728 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-04-30 13:06:42 69,632 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_fr-CA_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-04-30 13:06:42 69,632 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-04-30 13:06:42 73,728 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_it_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-04-30 13:06:42 73,728 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-04-30 13:06:42 131,072 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.Utility\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Utility.dll
+ 2008-04-30 13:06:42 245,760 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.dll
+ 2008-04-30 13:06:42 770,048 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.dll
+ 2008-04-30 13:06:42 94,208 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.Utility\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Utility.dll
+ 2008-04-30 13:06:42 61,440 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MapPoint.UtilityPartialTrust\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.UtilityPartialTrust.dll
+ 2008-05-04 14:37:43 41,984 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2008-04-30 13:06:42 200,704 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client\2.5.0.0__31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.dll
- 2007-11-26 08:30:34 47,832 ----a-w C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2008-05-04 14:37:44 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2008-05-04 14:37:44 159,744 ----a-w C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2008-05-04 14:37:45 663,552 ----a-w C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2008-05-04 14:37:45 53,248 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2008-05-04 14:37:41 667,648 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2008-05-04 14:37:41 282,624 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2008-05-04 14:37:45 139,264 ----a-w C:\Windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2008-05-04 14:37:46 233,472 ----a-w C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2008-05-04 14:37:40 496,672 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2008-05-04 14:37:47 327,680 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2008-05-04 14:37:47 1,253,376 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2008-05-04 14:37:45 10,240 ----a-w C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2008-05-04 14:37:40 517,152 ----a-w C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2008-05-04 14:37:46 139,264 ----a-w C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2008-05-04 14:52:52 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\2867d6975dcacb6ca61bd76045e386cc\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2008-05-04 14:52:55 1,892,352 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\89b45a645222f9aef19baa9d9a1e5383\Microsoft.Build.Engine.ni.dll
+ 2008-05-04 14:52:56 94,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\497955c1d17648990c3a3bd7cf2ecaa3\Microsoft.Build.Framework.ni.dll
+ 2008-05-04 14:52:59 1,966,080 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9c5199d690fd60ed39e8f20730263169\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2008-05-04 14:53:00 196,608 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bfdafec92f9d015d995d2f95fffff8bc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2008-04-30 13:35:11 372,736 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\0e3a42a1766381612a5c818d52be4244\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2008-04-30 13:35:22 1,454,080 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\24f35b5914c7a2d927ebb08e38d5da41\Microsoft.MapPoint.Data.ni.dll
+ 2008-04-30 13:35:20 249,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\63135936a7fe3b6895e14f27fde20e59\Microsoft.MapPoint.UtilityPartialTrust.ni.dll
+ 2008-04-30 13:35:19 839,680 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\6442fcc524025f28b61833e7ab4f3c72\Microsoft.MapPoint.Geometry.ni.dll
+ 2008-04-30 13:35:35 856,064 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\714b83ee87e30b2390fcba5e00f78146\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2008-04-30 13:35:36 475,136 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\735b19c38a2fd7bb38f0d89de9f8bd34\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
+ 2008-04-30 13:35:25 2,592,768 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\808e81a7d6d54215ebc7e332baad5b6d\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2008-04-30 13:35:16 3,588,096 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\8438b6354800987605cc597e92531d02\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2008-04-30 13:35:17 520,192 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\8aa1658dab6f1f9fd43391372c1fda78\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2008-04-30 13:35:37 319,488 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\8b55f14eb8f9106a23e8459b64c9fb0d\Microsoft.MapPoint.Network.ni.dll
+ 2008-04-30 13:35:26 335,872 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\a2b08596c94ab28f709e306051012a35\Microsoft.MapPoint.Utility.ni.dll
+ 2008-04-30 13:35:33 1,683,456 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\bef579327b74e5df3745e06b39663b66\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.ni.dll
+ 2008-04-30 13:35:28 1,597,440 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cce4f0779c7f264f6d3632bda62ecc9c\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2008-04-30 13:35:30 1,863,680 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\e6cf7699954bfd9d0914abd2766f0997\Microsoft.MapPoint.Modeling.ni.dll
+ 2008-05-04 14:52:43 155,648 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\81d70fca7aaf82c2890bfc5e1e644d8a\MSBuild.ni.exe
+ 2008-05-04 14:54:26 102,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\26e397507b87251fea471bb217afbd0e\System.AddIn.Contract.ni.dll
+ 2008-05-04 14:54:25 696,320 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\9ccfb52d02fb0d9fa007a36904bf6ff0\System.AddIn.ni.dll
+ 2008-05-04 14:46:17 2,347,008 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\4c177c394027f9a0da85a3505b2652f7\System.Core.ni.dll
+ 2008-05-04 14:54:28 184,320 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\8d68b6b50f207e88987467417b230c53\System.Data.DataSetExtensions.ni.dll
+ 2008-05-04 14:46:23 2,588,672 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\b987c33b348d1679f01ef49efab94201\System.Data.Linq.ni.dll
+ 2008-05-04 14:54:30 937,984 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\329dfd8debde991c0ba2cd8cba7746d3\System.DirectoryServices.AccountManagement.ni.dll
+ 2008-05-04 14:54:32 356,352 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\8577eda645bc10a0320a5c51167cc950\System.Management.Instrumentation.ni.dll
+ 2008-05-04 14:54:34 729,088 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Net\17df725c679fa1953ed2f4916589eca0\System.Net.ni.dll
+ 2008-05-04 14:54:39 1,556,480 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\336c3a204c86960730758874d4b8ba95\System.ServiceModel.Web.ni.dll
+ 2008-05-04 14:54:42 2,416,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a8a98eb45853f2b3e88a7ae417718101\System.Web.Extensions.ni.dll
+ 2008-05-04 14:54:45 880,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\feb801113de4e3f679a6b38b256523db\System.Web.Extensions.Design.ni.dll
+ 2008-05-04 14:54:47 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\c79ee0048845878426bf6a48fa5d7708\System.Windows.Presentation.ni.dll
+ 2008-05-04 14:54:51 1,531,904 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\1141e73f795266e186d8305e760dac32\System.WorkflowServices.ni.dll
+ 2008-05-04 14:54:52 458,752 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\688bcbbcc735398955c9b8706780c955\System.Xml.Linq.ni.dll
+ 2008-01-05 11:23:07 2,048 ----a-w C:\Windows\Boot\DVD\PCAT\etfsboot.com
- 2008-04-12 10:10:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-20 15:25:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\Help\Tablet PC\PTRes.dll
+ 2006-11-02 12:35:43 2,048 ----a-w C:\Windows\Help\Tablet PC\TTRes.dll
- 2008-04-09 10:29:55 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-04-26 19:04:27 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-04-09 10:29:55 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-04-26 19:00:44 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-04-09 10:29:44 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-26 19:04:27 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2007-08-28 23:38:10 500,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-28 23:38:46 9,584,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-24 03:43:28 138,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-28 23:39:14 625,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 03:43:36 593,296 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-28 23:16:00 350,064 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 18:03:02 4,280,176 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-29 00:07:58 24,928 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-06 17:56:32 17,490,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2008-04-29 12:52:14 27,136 ----a-r C:\Windows\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-04-29 12:59:04 102,400 ----a-r C:\Windows\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2008-04-09 10:26:48 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-14 13:15:41 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-09 10:26:48 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 13:15:41 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-09 10:26:48 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-14 13:15:41 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-09 10:26:48 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-14 13:15:41 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-09 10:26:48 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 13:15:41 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-09 10:26:48 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 13:15:41 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-09 10:26:48 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-14 13:15:41 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-09 10:26:48 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-14 13:15:41 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-09 10:26:48 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-14 13:15:41 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-09 10:26:48 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-14 13:15:41 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-09 10:26:48 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-14 13:15:41 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-09 10:26:48 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-14 13:15:41 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-04-14 12:37:06 25,214 ----a-r C:\Windows\Installer\{A939D341-5A04-4E0A-BB55-3E65B386432D}\ARPPRODUCTICON.exe
+ 2008-05-12 18:19:32 49,152 ----a-r C:\Windows\Installer\{D4163F73-AAE4-4E4F-9E9E-70828C2ADB58}\NewShortcut1_5F8FC2C3050E490EAD5176EB2D31BFF6.exe
+ 2008-05-12 18:19:32 49,152 ----a-r C:\Windows\Installer\{D4163F73-AAE4-4E4F-9E9E-70828C2ADB58}\NewShortcut2_5F8FC2C3050E490EAD5176EB2D31BFF6.exe
+ 2006-03-31 10:27:50 578,560 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-30 15:04:15 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\0b4fc74b\00bc29f1_e9d9c701\WGUsers.DLL
+ 2008-04-30 15:04:15 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\129f5e12\00eb914a_ead9c701\App_global.asax.DLL
+ 2008-04-30 15:04:15 7,680 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\13252534\0099de77_ead9c701\Theme.DLL
+ 2008-04-30 15:04:15 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\13756cc6\000865ec_e9d9c701\Toub.MediaCenter.Dvrms.DLL
+ 2008-04-30 15:04:14 331,776 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\1fda4447\00995df9_fae2c601\WMPLib.DLL
+ 2008-04-30 15:04:15 199,168 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\2a765422\0099de77_ead9c701\mobile.DLL
+ 2008-04-30 15:04:15 24,576 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\2e57dec9\0062c7ee_e9d9c701\WebGuideServicedComponent.DLL
+ 2008-04-30 15:04:15 104,448 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\487ef622\0099de77_ead9c701\controls.DLL
+ 2008-04-30 15:04:15 225,280 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\5668ece4\009cf96d_2010c501\UPnP.DLL
+ 2008-04-30 15:04:15 36,864 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\68deea75\00e0262f_ead9c701\Interop.COMAdmin.DLL
+ 2008-04-30 15:04:15 61,440 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\77b76504\00db33eb_e9d9c701\StreamServer.DLL
+ 2008-04-30 15:04:15 276,992 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\7b700eb7\00c60f79_ead9c701\mce.DLL
+ 2008-04-30 15:04:15 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\8b61e30c\00e95af2_e9d9c701\WGUPnP.DLL
+ 2008-04-30 15:04:14 147,456 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\8e84912d\0062c7ee_e9d9c701\RemoteConnection.DLL
+ 2008-04-30 15:04:14 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\94f830c1\00ae02ea_e9d9c701\WGStream.DLL
+ 2008-04-30 15:04:15 30,720 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\a1d20e18\00c60f79_ead9c701\mobile.controls.DLL
+ 2008-04-30 15:04:15 16,384 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\a84e8f3c\00bc29f1_e9d9c701\UPnP_WHS.DLL
+ 2008-04-30 15:04:15 701,816 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\ab8e7efb\00485e51_bc3cc701\System.Web.Extensions.DLL
+ 2008-04-30 15:04:14 225,280 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\b856c6bb\00be6049_ead9c701\App_Code.DLL
+ 2008-04-30 15:04:15 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\babb5216\003596ed_e9d9c701\Interop.Shell32.DLL
+ 2008-04-30 15:04:15 12,288 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\c4400840\000d5830_ead9c701\Interop.NetFwTypeLib.DLL
+ 2008-04-30 15:04:15 118,784 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\cc518572\007a180a_b6d9c701\WindowsMediaLib.DLL
+ 2008-04-30 15:04:14 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\d046f88a\0081d1e8_e9d9c701\ExtractThumb.DLL
+ 2008-04-30 15:04:14 45,056 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\d3c1c8c8\0064fe46_ead9c701\App_WebReferences.DLL
+ 2008-04-30 15:04:15 28,672 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\e1efbb7f\0049ee11_c348c701\UltiDevCassiniServerConfiguration.DLL
+ 2008-04-30 15:04:15 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\e4e8e3af\008ff8ef_e9d9c701\XmlProviders.DLL
+ 2008-04-30 15:04:15 8,704 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\f6a62be1\00156612_4fc8c701\Interop.WHSInfoIF.DLL
+ 2008-04-30 15:04:15 681,472 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\guide\e3c9ec4e\c6cc82fc\assembly\dl3\fe866b3c\006cad76_ead9c701\Root.DLL
+ 2008-04-29 12:44:25 331,776 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\00840920\00995df9_fae2c601\WMPLib.DLL
+ 2008-04-29 12:44:25 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\2f14df52\0081d1e8_e9d9c701\ExtractThumb.DLL
+ 2008-04-29 12:44:25 24,576 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\3721cc82\0062c7ee_e9d9c701\WebGuideServicedComponent.DLL
+ 2008-04-29 12:44:25 147,456 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\5b341e75\0062c7ee_e9d9c701\RemoteConnection.DLL
+ 2008-04-29 12:44:25 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\72bfa021\003596ed_e9d9c701\Interop.Shell32.DLL
+ 2008-04-29 12:44:25 701,816 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\81ff24ae\00485e51_bc3cc701\System.Web.Extensions.DLL
+ 2008-04-29 12:44:25 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\8c506fb0\000865ec_e9d9c701\Toub.MediaCenter.Dvrms.DLL
+ 2008-04-29 12:44:25 225,280 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\a3ffd526\00be6049_ead9c701\App_Code.DLL
+ 2008-04-29 12:44:26 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\ba6182b9\00eb914a_ead9c701\App_global.asax.DLL
+ 2008-04-29 12:44:25 45,056 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\da9fb95b\0064fe46_ead9c701\App_WebReferences.DLL
+ 2008-04-29 12:44:25 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d7b1a03a\5f5f5212\assembly\dl3\dbf5cb1e\00ae02ea_e9d9c701\WGStream.DLL
+ 2008-04-30 15:03:50 701,816 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\01d6c0e2\00485e51_bc3cc701\System.Web.Extensions.DLL
+ 2008-04-30 15:03:53 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\04397202\00e95af2_e9d9c701\WGUPnP.DLL
+ 2008-04-30 15:03:53 118,784 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\1c1292c9\007a180a_b6d9c701\WindowsMediaLib.DLL
+ 2008-04-30 15:03:52 199,168 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\256b7bb5\0099de77_ead9c701\mobile.DLL
+ 2008-04-30 15:03:50 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\29e497a6\000865ec_e9d9c701\Toub.MediaCenter.Dvrms.DLL
+ 2008-04-30 15:03:53 61,440 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\47456926\00db33eb_e9d9c701\StreamServer.DLL
+ 2008-04-30 15:03:49 45,056 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\4c34a242\0064fe46_ead9c701\App_WebReferences.DLL
+ 2008-04-30 15:03:53 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\4fd4a6ee\00bc29f1_e9d9c701\WGUsers.DLL
+ 2008-04-30 15:03:53 16,384 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\50b36446\00bc29f1_e9d9c701\UPnP_WHS.DLL
+ 2008-04-30 15:03:52 8,704 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\54091acc\00156612_4fc8c701\Interop.WHSInfoIF.DLL
+ 2008-04-30 15:03:52 36,864 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\5caa16c4\00e0262f_ead9c701\Interop.COMAdmin.DLL
+ 2008-04-30 15:03:53 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\5d01c1e0\008ff8ef_e9d9c701\XmlProviders.DLL
+ 2008-04-30 15:03:50 331,776 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\60a67046\00995df9_fae2c601\WMPLib.DLL
+ 2008-04-30 15:03:52 276,992 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\7dfb0915\00c60f79_ead9c701\mce.DLL
+ 2008-04-30 15:03:53 225,280 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\8905615f\009cf96d_2010c501\UPnP.DLL
+ 2008-04-30 15:03:50 24,576 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\8dbf88e9\0062c7ee_e9d9c701\WebGuideServicedComponent.DLL
+ 2008-04-30 15:03:52 12,288 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\9587c59e\000d5830_ead9c701\Interop.NetFwTypeLib.DLL
+ 2008-04-30 15:03:49 147,456 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\95d2dbba\0062c7ee_e9d9c701\RemoteConnection.DLL
+ 2008-04-30 15:03:53 681,472 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\a8e4046e\006cad76_ead9c701\Root.DLL
+ 2008-04-30 15:03:52 104,448 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\b8b3a89a\0099de77_ead9c701\controls.DLL
+ 2008-04-30 15:03:49 225,280 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\be979880\00be6049_ead9c701\App_Code.DLL
+ 2008-04-30 15:03:53 7,680 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\d1cf3aa5\0099de77_ead9c701\Theme.DLL
+ 2008-04-30 15:03:50 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\da7b83f7\003596ed_e9d9c701\Interop.Shell32.DLL
+ 2008-04-30 15:03:50 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\e362c405\00ae02ea_e9d9c701\WGStream.DLL
+ 2008-04-30 15:03:53 28,672 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\e5d871ad\0049ee11_c348c701\UltiDevCassiniServerConfiguration.DLL
+ 2008-04-30 15:03:50 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\f0de112e\0081d1e8_e9d9c701\ExtractThumb.DLL
+ 2008-04-30 15:03:51 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\f97ce7ea\00eb914a_ead9c701\App_global.asax.DLL
+ 2008-04-30 15:03:52 30,720 ----a-w C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webguide\02ee5f64\d85e7465\assembly\dl3\fa19618c\00c60f79_ead9c701\mobile.controls.DLL
+ 2008-01-19 07:31:57 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
+ 2007-11-07 18:02:38 168,448 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2007-11-07 18:02:38 233,976 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2007-11-07 18:02:38 41,992 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2007-11-07 18:02:38 41,992 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2007-11-07 18:02:38 28,672 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2007-11-07 18:02:38 1,545,720 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2007-11-07 18:00:02 210,834 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\baseline.dat
+ 2007-11-07 15:26:34 97,280 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\DeleteTemp.exe
+ 2007-11-07 15:26:34 276,472 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\dlmgr.dll
+ 2007-11-07 15:26:34 1,059,328 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\gencomp.dll
+ 2007-11-07 15:26:34 177,152 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\HtmlLite.dll
+ 2007-11-07 15:26:34 269,304 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
+ 2007-11-07 15:26:34 112,128 ----a-w C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1025.dll
+ 2007-11-07 15:26:34 84,992 ----a-w C:\W

[Rorschach112]

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\vlowspyj.dll
C:\Windows\System32\rwhslixn.dll
C:\Windows\System32\toqtdjtl.exe
C:\Windows\System32\drenaore.dll
C:\Windows\System32\uvdqvobd.dll
C:\Windows\System32\mlJYstSK.dll
C:\Windows\System32\gmklstyu.dll
C:\Windows\System32\spxaudwh.dll
C:\Windows\System32\oamjyayc.exe
C:\Windows\System32\qtakwlwq.dll
C:\Windows\System32\vfkwqivg.dll
C:\Windows\System32\ljJBtqPg.dll

DirLook::
C:\Users\Michael\Torrents
C:\temp\ext18866
C:\Users\Michael\{a58d0d1c-25cd-4b20-a8e0-1308dcfd2b60}


Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log

[mikey4020]

Combo Fix Log

ComboFix 08-05-19.4 - Michael 2008-05-20 20:36:03.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1142 [GMT 1:00]
Running from: C:\Users\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Users\Michael\Desktop\CFScript.txt
* Resident AV is active


FILE ::
C:\Windows\System32\drenaore.dll
C:\Windows\System32\gmklstyu.dll
C:\Windows\System32\ljJBtqPg.dll
C:\Windows\System32\mlJYstSK.dll
C:\Windows\System32\oamjyayc.exe
C:\Windows\System32\qtakwlwq.dll
C:\Windows\System32\rwhslixn.dll
C:\Windows\System32\spxaudwh.dll
C:\Windows\System32\toqtdjtl.exe
C:\Windows\System32\uvdqvobd.dll
C:\Windows\System32\vfkwqivg.dll
C:\Windows\System32\vlowspyj.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\drenaore.dll
C:\Windows\System32\gmklstyu.dll
C:\Windows\system32\gPqtBJjl.ini
C:\Windows\System32\gPqtBJjl.ini2
C:\Windows\System32\ljJBtqPg.dll
C:\Windows\System32\mlJYstSK.dll
C:\Windows\System32\oamjyayc.exe
C:\Windows\System32\qtakwlwq.dll
C:\Windows\System32\rwhslixn.dll
C:\Windows\System32\spxaudwh.dll
C:\Windows\System32\toqtdjtl.exe
C:\Windows\System32\uvdqvobd.dll
C:\Windows\System32\vfkwqivg.dll
C:\Windows\System32\vlowspyj.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 20:41 . 2008-05-20 20:41 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-20 20:41 . 2008-05-20 20:41 1,409 --a------ C:\Windows\QTFont.for
2008-05-20 16:54 . 2008-05-20 16:54 2,560 --a------ C:\Windows\System32\myvrkuhe.exe
2008-05-20 16:48 . 2008-05-20 16:48 92,160 --a------ C:\Windows\System32\irbbeich.dll
2008-05-20 16:47 . 2008-05-20 16:47 126,976 --a------ C:\Windows\System32\nnwsogni.dll
2008-05-20 16:31 . 2008-05-20 20:32 414 ---hs---- C:\Windows\System32\nxilshwr.ini
2008-05-19 22:12 . 2008-05-19 22:12 <DIR> d-------- C:\fixwareout
2008-05-19 21:27 . 2008-05-19 21:27 <DIR> d-------- C:\VundoFix Backups
2008-05-19 20:45 . 2008-05-19 20:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 18:35 . 2008-05-19 18:38 <DIR> d-------- C:\Users\Michael\Torrents
2008-05-18 12:51 . 2008-05-18 12:58 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2008-05-18 12:51 . 2008-05-20 20:40 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2008-05-18 12:51 . 2008-05-18 12:58 524,288 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2008-05-18 12:51 . 2008-05-20 20:40 524,288 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2008-05-18 12:51 . 2008-05-20 20:40 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TM.blf
2008-05-18 12:51 . 2008-05-20 20:40 65,536 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TM.blf
2008-05-17 13:36 . 2008-05-17 13:36 <DIR> d-------- C:\Users\Michael\AppData\Roaming\NCH Swift Sound
2008-05-17 13:36 . 2008-05-17 13:36 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-05-16 15:32 . 2008-05-16 15:32 <DIR> d-------- C:\Program Files\MillieSoft
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\Program Files\Devnz
2008-05-15 13:30 . 2008-01-27 01:09 615,424 --a------ C:\Windows\System32\themeui.dll
2008-05-15 13:30 . 2008-01-27 01:09 240,128 --a------ C:\Windows\System32\uxtheme.dll
2008-05-14 15:56 . 2008-05-14 15:56 <DIR> d-------- C:\merged
2008-05-13 18:18 . 2008-05-13 18:18 <DIR> d-------- C:\Users\Michael\AppData\Roaming\vlc
2008-05-13 18:16 . 2008-05-13 18:16 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-13 17:43 . 2008-05-13 17:43 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Nikon
2008-05-13 13:11 . 2008-05-13 13:11 <DIR> d-------- C:\Program Files\Nikon
2008-05-13 13:10 . 2008-05-13 13:10 <DIR> d-------- C:\ProgramData\Ultima_T15
2008-05-13 13:10 . 2008-05-13 13:10 <DIR> d-------- C:\ProgramData\EnterNHelp
2008-05-13 13:10 . 2008-05-13 13:13 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-05-13 13:10 . 2008-05-13 13:10 0 --a------ C:\ProgramData\PKP_DLbz.DAT
2008-05-12 19:19 . 2008-05-12 19:19 <DIR> d-------- C:\Users\Michael\AppData\Roaming\iPodifier
2008-05-12 19:19 . 2008-05-12 19:19 <DIR> d-------- C:\Program Files\iPodifier
2008-05-12 19:18 . 2008-05-12 19:18 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-08 18:46 . 2008-05-08 18:56 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Winamp
2008-05-08 18:46 . 2008-05-08 18:47 <DIR> d-------- C:\Program Files\Winamp
2008-05-07 11:50 . 2008-05-07 11:50 <DIR> d-------- C:\Program Files\vixy.net
2008-05-04 15:39 . 2008-05-17 12:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-04 15:30 . 2008-05-04 15:30 <DIR> d-------- C:\temp\ext18866
2008-05-04 15:30 . 2008-05-04 15:30 <DIR> d-------- C:\temp
2008-05-03 14:26 . 2008-05-17 13:03 <DIR> d-------- C:\Program Files\Handbrake
2008-04-30 14:06 . 2008-04-30 14:06 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-29 13:58 . 2008-04-29 13:58 <DIR> d-------- C:\Program Files\iTunes
2008-04-29 13:58 . 2008-04-29 13:58 <DIR> d-------- C:\Program Files\iPod
2008-04-29 13:55 . 2008-04-29 13:55 <DIR> d-------- C:\Program Files\QuickTime
2008-04-29 13:52 . 2008-04-29 13:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-29 13:21 . 2008-04-29 13:29 <DIR> d-------- C:\Users\Michael\AppData\Roaming\FrostWire
2008-04-29 13:21 . 2008-04-29 13:22 <DIR> d-------- C:\Program Files\FrostWire
2008-04-28 16:26 . 2008-04-30 16:16 <DIR> d-------- C:\Program Files\Shareaza
2008-04-26 20:00 . 2008-04-26 20:00 <DIR> d-------- C:\Users\Michael\{a58d0d1c-25cd-4b20-a8e0-1308dcfd2b60}
2008-04-26 19:52 . 2008-04-26 19:52 <DIR> d-------- C:\Hauppauge
2008-04-26 19:52 . 2007-03-23 18:25 57,472 --a------ C:\Windows\System32\drivers\hcwu2dtd.sys
2008-04-26 19:52 . 2007-03-23 18:21 18,560 --a------ C:\Windows\System32\drivers\hcwu2dtl.sys
2008-04-23 18:44 . 2008-04-23 18:45 <DIR> d-------- C:\Users\Michael\AppData\Roaming\FLV Extract
2008-04-20 21:29 . 2007-10-08 09:27 436,784 --a------ C:\Windows\System32\vnetlib.dll
2008-04-20 21:29 . 2007-10-08 09:26 150,064 --a------ C:\Windows\System32\vmnat.exe
2008-04-20 21:29 . 2007-10-08 09:26 121,392 --a------ C:\Windows\System32\vmnetdhcp.exe
2008-04-20 21:29 . 2007-10-08 09:26 50,992 -ra------ C:\Windows\System32\vmnetbridge.dll
2008-04-20 21:29 . 2007-10-08 09:26 28,592 -ra------ C:\Windows\System32\drivers\vmnetbridge.sys
2008-04-20 21:29 . 2007-10-08 09:27 25,008 --a------ C:\Windows\System32\drivers\vmnetuserif.sys
2008-04-20 21:29 . 2007-10-08 09:26 17,712 -ra------ C:\Windows\System32\drivers\vmnet.sys
2008-04-20 21:29 . 2007-10-08 09:26 16,816 --a------ C:\Windows\System32\drivers\vmnetadapter.sys
2008-04-20 21:29 . 2007-10-08 09:26 13,104 --a------ C:\Windows\System32\vnetinst.dll
2008-04-20 21:28 . 2007-10-08 09:26 30,768 --a------ C:\Windows\System32\drivers\vmusb.sys
2008-04-20 21:28 . 2007-10-08 09:27 20,912 --a------ C:\Windows\System32\drivers\VMkbd.sys
2008-04-20 21:26 . 2008-04-20 21:26 <DIR> d-------- C:\Program Files\VMware
2008-04-20 21:26 . 2008-04-20 21:26 <DIR> d-------- C:\Program Files\Common Files\VMware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 19:41 --------- d-----w C:\Users\Michael\AppData\Roaming\VMware
2008-05-20 16:06 --------- d-----w C:\Users\Michael\AppData\Roaming\SiteAdvisor
2008-05-19 19:46 262,144 ----a-w C:\ntuser.dat
2008-05-19 17:53 --------- d-----w C:\Users\Michael\AppData\Roaming\uTorrent
2008-05-17 12:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 12:03 --------- d-----w C:\Program Files\nLite
2008-05-17 11:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 14:57 1,392,304 ----a-w C:\Windows\System32\AutoPartNt.exe
2008-05-13 17:59 --------- d-----w C:\Users\Michael\AppData\Roaming\Vso
2008-05-04 14:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-30 14:56 --------- d-----w C:\Program Files\UltiDev
2008-04-29 13:19 --------- d-----w C:\Users\Michael\AppData\Roaming\VideoReDoPlus
2008-04-29 13:16 --------- d---a-w C:\ProgramData\TEMP
2008-04-29 12:21 --------- d-----w C:\Program Files\LimeWire
2008-04-26 15:39 --------- d-----w C:\Program Files\Microsoft Games
2008-04-26 14:21 --------- d-----w C:\Program Files\RocketDock
2008-04-23 10:19 --------- d-----w C:\ProgramData\VMware
2008-04-19 12:59 --------- d-----w C:\Program Files\DivX
2008-04-19 12:44 --------- d-----w C:\Users\Michael\AppData\Roaming\JAM Software
2008-04-19 12:39 --------- d-----w C:\Program Files\vLite
2008-04-15 18:55 --------- d-----w C:\Program Files\Java
2008-04-15 13:13 --------- d-----w C:\Program Files\Google
2008-04-14 20:24 --------- d-----w C:\Users\Michael\AppData\Roaming\Sony Corporation
2008-04-14 12:59 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-14 12:57 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 12:33 --------- d-----w C:\Users\Michael\AppData\Roaming\LimeWire
2008-04-12 09:55 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-11 22:37 --------- d-----w C:\Program Files\InterMute
2008-04-11 22:35 3,192 ----a-w C:\Windows\System32\tmp.reg
2008-04-11 21:32 --------- d-----w C:\Program Files\ESET
2008-04-11 21:07 691 ----a-w C:\Users\Michael\AppData\Roaming\GetValue.vbs
2008-04-11 21:07 35 ----a-w C:\Users\Michael\AppData\Roaming\SetValue.bat
2008-04-10 21:34 --------- d-----w C:\ProgramData\NVIDIA Corporation
2008-04-10 21:34 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-04-09 10:44 --------- d-----w C:\Program Files\Vista4Cast
2008-04-09 10:29 --------- d-----w C:\Program Files\Windows Mail
2008-04-05 12:45 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-04-05 12:44 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-04-05 10:41 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-04-05 10:40 --------- d-----w C:\ProgramData\VideoSpin
2008-04-05 10:40 --------- d-----w C:\Program Files\Pinnacle
2008-04-05 10:40 --------- d-----w C:\Program Files\Common Files\Yahoo!
2008-04-05 10:38 --------- d-----w C:\ProgramData\Pinnacle
2008-04-04 11:12 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-03 15:53 --------- d-----w C:\Program Files\DVBViewer
2008-04-02 20:21 --------- d-----w C:\Users\Michael\AppData\Roaming\Auslogics
2008-04-02 20:21 --------- d-----w C:\Program Files\Auslogics
2008-04-02 17:21 --------- d-----w C:\ProgramData\Team MediaPortal
2008-04-02 17:21 --------- d-----w C:\Program Files\Team MediaPortal
2008-03-29 15:04 --------- d-----w C:\ProgramData\CMUV
2008-03-29 13:03 --------- d-----w C:\Program Files\Foxit Software
2008-03-28 23:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 23:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 16:27 --------- d-----w C:\Program Files\SmartDraw 2008
2008-03-27 21:54 --------- d-----w C:\Users\Michael\AppData\Roaming\SmartDraw
2008-03-27 21:41 --------- d-----w C:\Program Files\MagicISO
2008-03-26 18:51 --------- d-----w C:\Users\Michael\AppData\Roaming\Acronis
2008-03-24 18:38 350,208 ----a-w C:\Windows\System32\d3drm.dll
2008-03-24 18:37 619,008 ----a-w C:\Windows\System32\dx7vb.dll
2008-03-24 18:37 1,227,264 ----a-w C:\Windows\System32\dx8vb.dll
2008-03-24 18:37 --------- d-----w C:\Program Files\mackoy
2008-03-24 11:54 --------- d-----w C:\Program Files\Stardock
2008-03-23 16:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-22 12:26 --------- d-----w C:\ProgramData\Lavasoft
2008-03-22 12:25 --------- d-----w C:\Program Files\Lavasoft
2008-03-22 11:52 --------- d-----w C:\ProgramData\Sony Corporation
2008-03-22 11:51 --------- d-----w C:\Program Files\Sony
2008-03-21 11:54 --------- d-----w C:\Program Files\Microsoft Works
2008-03-19 20:52 174 --sha-w C:\Program Files\desktop.ini
2008-03-19 20:14 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-19 20:14 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-03 13:25 5,702 ---ha-w C:\Windows\nod32restoretemdono.reg
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 09:35 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-02-22 09:35 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-02-22 09:35 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-02-22 09:34 539,160 ----a-w C:\Windows\System32\igfxcfg.exe
2008-02-22 09:34 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-02-22 09:34 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-02-22 09:34 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-12-06 19:24 144 ----a-w C:\Users\Michael\AppData\Roaming\wklnhst.dat
2007-12-02 00:09 604 ---ha-w C:\Program Files\STLL Notifier
2007-11-26 20:31 47,360 ----a-w C:\Users\Michael\AppData\Roaming\pcouffin.sys
2007-12-24 00:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-24 00:21 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-24 00:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\temp\ext18866 ----


---- Directory of C:\Users\Michael\{a58d0d1c-25cd-4b20-a8e0-1308dcfd2b60} ----

2007-04-17 20:22 11211 --a------ C:\Users\Michael\{a58d0d1c-25cd-4b20-a8e0-1308dcfd2b60}\hcwu2dtd.cat

---- Directory of C:\Users\Michael\Torrents ----

2008-05-19 18:41 95104 --a------ C:\Users\Michael\Torrents\Apple.QuickTime.Pro.v7.4.5.Multilanguage.(+. Keymaker)\~uTorrentPartFile_15FEE00.dat
2008-05-19 18:41 348672 --a------ C:\Users\Michael\Torrents\Apple.QuickTime.Pro.v7.4.5.Multilanguage.(+. Keymaker)\Keygen.exe


------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-20_16.29.31.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 15:25:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-20 19:41:18 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-20 15:25:24 217,088 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-20 19:41:38 217,088 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-20 15:25:23 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-20 19:41:37 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-20 15:19:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-20 19:35:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-20 15:19:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-20 19:35:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-20 15:19:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-20 19:35:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-20 09:13:20 16,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3390100157-130006372-542817148-1000_UserData.bin
+ 2008-05-20 19:29:19 16,586 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3390100157-130006372-542817148-1000_UserData.bin
- 2008-05-20 09:13:19 74,350 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 19:29:19 74,390 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-20 09:13:14 71,974 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 19:29:17 72,006 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-20 15:07:51 338,230 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-05-20 19:28:01 338,254 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
2008-05-20 16:48 92160 --a------ C:\Windows\system32\irbbeich.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 08:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 01:39 4489216 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 01:12 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 02:27 317560]
"Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-03 05:47 520192]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-22 10:35 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-22 10:34 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-22 10:34 133656]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 09:27 72240]
"56cb42d7"="C:\Windows\system32\rwhslixn.dll" [ ]
"BM55f8714b"="C:\Windows\system32\nnwsogni.dll" [2008-05-20 16:47 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
"NoWinKeys"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"= C:\Windows\system32\mlJYstSK.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-25 03:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-10-30 21:07 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-10-30 21:11 909208 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-29 15:03 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-10-30 21:06 2595616 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 09:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-10-08 09:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
--a------ 2006-11-02 13:35 176128 C:\Windows\system32\WpcUmi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3390100157-130006372-542817148-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9296F22B-990F-42B6-9EF4-8198383B6147}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{FE1E8A57-C32A-4159-B035-CADDFF2191F4}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{2DE4B469-CCE9-4DE8-82BF-09634B239122}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{DDDA5625-5F0C-413A-B168-E7908AEF23CC}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{DB867C86-FD55-4636-B14A-F74F4C59CB16}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1585C0CE-D192-4D20-BAD8-27CFB0D6A663}"= UDP:6884:utor
"TCP Query User{9FF671CF-4AD7-4EF3-980E-FCB28FD4FD19}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A714B1AF-03AF-4474-B38B-2D648941DB86}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{1C434C2F-0EEC-4984-873D-2734AE01E688}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3AD5EC32-740B-4C96-9884-99D27B51C0DC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2E49F8EF-E5D4-49DD-924E-EC8A3A93DAF5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DAC93052-72FE-4847-825E-F90433CB4208}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{972873BC-8C51-4050-8081-F2C5DA044F98}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{583244E3-9D8C-45BA-BB08-6C567BE6F1D3}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{CED32301-D66D-4B92-8EFD-35BA23E23011}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"95aea77c-e579-4903-b8b2-91e6c95fe2e1"= UDP:17989:lw
"{8217D371-5D20-4C4D-AC68-2217CFBB8973}"= TCP:6884:utor2
"TCP Query User{5C95ADE3-33B4-4263-858B-634C4C21B777}C:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{DAFBA970-A89D-475C-B0D0-B7BBB459B8D8}C:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{B4A7984F-4D85-47BD-8D9D-57F6EB5557C6}C:\\users\\michael\\desktop\\xampp-win32-1.6.5\\xampp\\apache\\bin\\apache.exe"= UDP:C:\users\michael\desktop\xampp-win32-1.6.5\xampp\apache\bin\apache.exe:apache.exe
"UDP Query User{237CD129-391E-4BD9-9F5C-E4916FA8D224}C:\\users\\michael\\desktop\\xampp-win32-1.6.5\\xampp\\apache\\bin\\apache.exe"= TCP:C:\users\michael\desktop\xampp-win32-1.6.5\xampp\apache\bin\apache.exe:apache.exe
"TCP Query User{FF2EE3CC-8D8A-450C-9E22-551AEF4AEBB6}C:\\users\\michael\\desktop\\xampp-win32-1.6.5\\xampp\\mysql\\bin\\mysqld.exe"= UDP:C:\users\michael\desktop\xampp-win32-1.6.5\xampp\mysql\bin\mysqld.exe:mysqld.exe
"UDP Query User{FF920B09-4E47-4F1F-BA04-71E0383994D6}C:\\users\\michael\\desktop\\xampp-win32-1.6.5\\xampp\\mysql\\bin\\mysqld.exe"= TCP:C:\users\michael\desktop\xampp-win32-1.6.5\xampp\mysql\bin\mysqld.exe:mysqld.exe
"{150F7F7B-EB14-4571-8EE7-4C602BBFC975}"= UDP:6346:limewire
"TCP Query User{953D4D3D-68A7-4CE3-99B2-94B04EDEC72F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3C274CC5-1E39-4289-80CE-DE585AA54EC8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{81A1BB1F-3FBD-4547-BE74-C4CFA0392623}C:\\program files\\soundspectrum\\whitecap\\whitecap standalone.exe"= UDP:C:\program files\soundspectrum\whitecap\whitecap standalone.exe:WhiteCap Standalone
"UDP Query User{ACA2F011-BB40-4635-BA9A-919C8AF446BA}C:\\program files\\soundspectrum\\whitecap\\whitecap standalone.exe"= TCP:C:\program files\soundspectrum\whitecap\whitecap standalone.exe:WhiteCap Standalone
"{82EA312B-8A8E-4DFE-B0FD-E524F590EA3C}"= UDP:C:\Users\Michael\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{B0D1672B-5DAF-4A2F-87A3-7A18AAB88C51}"= TCP:C:\Users\Michael\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{1A8F7EB9-452F-4D8C-9197-9871B3E0143D}"= UDP:C:\Users\Michael\Desktop\Vista41C\Installer.exe:SpeedTouch Home Install Wizard
"{06642459-4E0C-437B-AE32-83D39D64A5D1}"= TCP:C:\Users\Michael\Desktop\Vista41C\Installer.exe:SpeedTouch Home Install Wizard
"{F37B408F-DA2F-4FF9-B47E-7D5F3185BF9F}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{063408C1-BF23-4DD0-B3B9-6DA838CF1F83}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{F6F74C65-3A73-4B84-8857-92513DF73FFC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A14EFE97-6446-4866-A7F4-B599702140D4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A1825DD4-27E2-43BD-857B-BAEA57146C07}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{63AC1D89-B914-4FE1-A18B-5DDB13BCBB4E}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{45501F5D-A395-4DE3-A7EC-DE116AAE957F}"= UDP:C:\Users\Michael\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{E8A7670B-239E-4219-939F-A2529797D29B}"= TCP:C:\Users\Michael\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{4BFA30EE-436F-4FC8-B3F8-065AECFCCEDF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{77EE46B7-1AB9-4775-9B0D-29BCAA965A62}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{83148997-93AA-451F-AE8B-C668C57D6EEA}C:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= UDP:C:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{81BF9D4F-ABE8-47FB-85D9-0DD40E5A22D2}C:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= TCP:C:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{4DE093D7-728D-4862-BE28-A77E95B2C659}"= UDP:51394:WebGuide
"{2780D502-22EB-42D7-89F0-3D070A31DE35}"= UDP:51395:WebGuide
"{4EA9575A-B3D0-4216-B6C9-6E9D458ADABF}"= UDP:51393:WebGuide
"{A7B9B0F2-3558-4908-8B97-B3E35EFA364C}"= UDP:51861:WebGuide
"{21392598-91B2-4215-B0E6-B113E9D2ED1A}"= UDP:51862:WebGuide
"4f0bed32-b4f7-4e09-9db8-eed16d6d4fbb"= UDP:Profile=Public|51861:webguide
"TCP Query User{A19E772A-970A-40C4-8400-45A44A27C55D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DB0B7526-3B2B-48C8-85E6-35978BD32B6E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{1131D2C5-AA0A-4E05-8510-D94A1D00C0DF}"= UDP:51861:WebGuide
"TCP Query User{170FE7D8-16F7-4788-918F-5730D78219B4}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{5E74932F-034D-423F-B43F-BB5E49AE899C}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{A8E9F08E-D658-4C85-A5E4-0C16887423AE}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{577D78FE-871A-4202-8C60-A9AE3F3E45D0}C:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= UDP:C:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{D65A53FC-45F3-44D1-913B-9AB25D2486DD}C:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= TCP:C:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{3E559374-AE81-41C8-BD5F-797A347B30B3}"= UDP:8077:WebGuide
"{31A32B1D-84A2-48C5-BCDC-76AC9E77FE88}"= UDP:51862:WebGuide
"TCP Query User{E232EA43-CB3A-407D-9563-29611CBFB951}C:\\program files\\dvbviewer\\dvbserver.exe"= UDP:C:\program files\dvbviewer\dvbserver.exe:DVBViewer Pro NetworkServer
"UDP Query User{CD21EAAE-F392-45B5-A1A4-F5929EECECF1}C:\\program files\\dvbviewer\\dvbserver.exe"= TCP:C:\program files\dvbviewer\dvbserver.exe:DVBViewer Pro NetworkServer
"{C2ED6B95-2BF7-4AE8-860C-969D638B1502}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{C14E5698-9A55-43D5-B66C-E8F06BDD3438}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{26C78D71-7F9F-4963-A1AC-4A1CB5997A52}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{5AAC07C4-138C-4B9A-823D-EDC970610946}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{9DAAB247-9066-4F80-8B20-3B85E800D0B4}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{E509E8E9-238D-4C86-B976-4A4E9A9E3D24}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{6D9832D3-D98D-4036-B09A-1DC45D0A63C3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{26A282B5-D175-4FC6-89A0-CCF7D6DEE158}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"TCP Query User{3095738F-EB4C-42F3-964F-0924B36FDF7B}C:\\program files\\pinnacle\\videospin\\programs\\videospin.exe"= UDP:C:\program files\pinnacle\videospin\programs\videospin.exe:Pinnacle VideoSpin program file
"UDP Query User{8E2A3B31-22DF-4B47-ADD7-284661AF7094}C:\\program files\\pinnacle\\videospin\\programs\\videospin.exe"= TCP:C:\program files\pinnacle\videospin\programs\videospin.exe:Pinnacle VideoSpin program file
"9091af9d-727e-42b5-8e51-5fc989ed6f68"= %USERPROFILE%\Desktop\Wubi-8.04-beta-rev487.exe:wubi
"{ED021FA3-21EB-4596-A56F-3F5FDA6A46B5}"= UDP:62056:WebGuide
"{6DCF84A3-2720-443D-9AED-27F724836805}"= UDP:62057:WebGuide
"TCP Query User{8342B1F8-8248-4B9D-AE37-8060BC3B6E0F}C:\\webguide4\\bin\\webguide_configuration.exe"= UDP:C:\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{F31778A9-257B-4049-B6A6-E6C608528469}C:\\webguide4\\bin\\webguide_configuration.exe"= TCP:C:\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{00A9E808-471D-4EBB-809F-AA82FD27ABDC}"= UDP:2141:WebGuide
"{85D1CE6D-2DEE-4AB7-B310-6225C63CB884}"= UDP:2142:WebGuide
"{053F3FF0-57EF-429D-9B7C-0C2515F8B98A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7D16CFA0-69D2-4E47-AED2-8EF444AA99E1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{460AD5BF-2CE4-4F3B-948E-4AD0FA192A9A}"= UDP:8295:WebGuide
"{D0C72269-38B0-4AC1-B93C-EA35E31B814D}"= UDP:8296:WebGuide
"{BDB40C80-3BC0-400A-853B-FF0F07268ED3}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{5768C715-C908-4746-A127-515705D37A32}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{A4D27B99-8857-4C57-9454-1C2F1AFB189A}C:\\program files\\freewire\\freewire television\\freewire television.exe"= UDP:C:\program files\freewire\freewire television\freewire television.exe:Freewire Television
"UDP Query User{BA37426A-5F8C-4FBB-B4E3-F92818A620E2}C:\\program files\\freewire\\freewire television\\freewire television.exe"= TCP:C:\program files\freewire\freewire television\freewire television.exe:Freewire Television
"{73988511-E7F8-4F5C-B6F2-7AE6C085F293}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{017D949D-1E25-4D44-93D5-1742B90016F7}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{2DE80A82-011C-4806-8782-DD79E49D1C3A}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{42B74061-B596-4C99-A5DD-57E85E6D3744}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{674B8D4C-0F38-406B-B61B-97B45A52B26A}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{054037E3-48F1-4FBF-9906-8E8480691464}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{CD29A0F3-1CAC-43D4-887A-F272C3E45E48}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{EC9AD095-6C86-4F61-B84D-4BF4E03E57F2}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{EC3DB4A4-33ED-4952-B8B9-7342C1DC69CD}"= UDP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{48EBF07E-1B0D-465B-9B59-2CB375E73513}"= TCP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{887705E2-6814-4592-8C6F-4FB4EE13DC8B}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{08FFB4E0-5A37-497D-A6AF-2382638DE1B8}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-11 16:04]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 CrackTcpip;Crack Tcpip;C:\Windows\system32\drivers\CrackTcpip.sys [2008-01-13 17:55]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 12:20]
R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2008-01-16 13:49]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-08 19:50]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 21:51]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-08 01:01]
R3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;C:\Windows\system32\Drivers\hcwu2dtd.sys [2007-03-23 18:25]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 11:36]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 01:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-25 01:23]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 10:45]
S3 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2007-02-22 20:53]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-15 01:28]
S3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;C:\Windows\system32\DRIVERS\hcwu2dtl.sys [2007-03-23 18:21]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]
S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2008-02-29 17:01]
S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2008-02-29 17:01]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2008-02-29 17:01]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 00:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 23:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-06 03:12]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-06 01:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 19:44:33 C:\Windows\Tasks\User_Feed_Synchronization-{287A80A8-B648-4746-823F-5EB2E92E0959}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 20:42:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehrecvr.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-05-20 20:46:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 19:46:47
ComboFix2.txt 2008-05-20 15:31:35
ComboFix3.txt 2008-04-12 10:15:21

Pre-Run: 168,480,346,112 bytes free
Post-Run: 168,438,935,552 bytes free

518 --- E O F --- 2008-05-17 10:12:42

[mikey4020]

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:14, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\Windows\system32\irbbeich.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [56cb42d7] rundll32.exe "C:\Windows\system32\rwhslixn.dll",b
O4 - HKLM\..\Run: [BM55f8714b] Rundll32.exe "C:\Windows\system32\nnwsogni.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9143 bytes

[Rorschach112]

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\myvrkuhe.exe
C:\Windows\System32\irbbeich.dll
C:\Windows\System32\nnwsogni.dll
C:\Windows\System32\nxilshwr.ini
C:\Users\Michael\Torrents\Apple.QuickTime.Pro.v7.4.5.Multilanguage.(+. Keymaker)

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log

[mikey4020]

ComboFix 08-05-19.4 - Michael 2008-05-20 21:03:50.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1061 [GMT 1:00]
Running from: C:\Users\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Users\Michael\Desktop\CFScript.txt
* Resident AV is active


FILE ::
C:\Users\Michael\Torrents\Apple.QuickTime.Pro.v7.4.5.Multilanguage.(+. Keymaker)
C:\Windows\System32\irbbeich.dll
C:\Windows\System32\myvrkuhe.exe
C:\Windows\System32\nnwsogni.dll
C:\Windows\System32\nxilshwr.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\irbbeich.dll
C:\Windows\System32\myvrkuhe.exe
C:\Windows\System32\nnwsogni.dll
C:\Windows\System32\nxilshwr.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 20:41 . 2008-05-20 20:41 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-20 20:41 . 2008-05-20 20:41 1,409 --a------ C:\Windows\QTFont.for
2008-05-19 22:12 . 2008-05-19 22:12 <DIR> d-------- C:\fixwareout
2008-05-19 21:27 . 2008-05-19 21:27 <DIR> d-------- C:\VundoFix Backups
2008-05-19 20:45 . 2008-05-19 20:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 18:35 . 2008-05-19 18:38 <DIR> d-------- C:\Users\Michael\Torrents
2008-05-18 12:51 . 2008-05-18 12:58 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2008-05-18 12:51 . 2008-05-20 21:06 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2008-05-18 12:51 . 2008-05-18 12:58 524,288 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2008-05-18 12:51 . 2008-05-20 21:06 524,288 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2008-05-18 12:51 . 2008-05-20 21:06 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TM.blf
2008-05-18 12:51 . 2008-05-20 21:06 65,536 --ahs---- C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TM.blf
2008-05-17 13:36 . 2008-05-17 13:36 <DIR> d-------- C:\Users\Michael\AppData\Roaming\NCH Swift Sound
2008-05-17 13:36 . 2008-05-17 13:36 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-05-16 15:32 . 2008-05-16 15:32 <DIR> d-------- C:\Program Files\MillieSoft
2008-05-16 15:13 . 2008-05-16 15:13 <DIR> d-------- C:\Program Files\Devnz
2008-05-15 13:30 . 2008-01-27 01:09 615,424 --a------ C:\Windows\System32\themeui.dll
2008-05-15 13:30 . 2008-01-27 01:09 240,128 --a------ C:\Windows\System32\uxtheme.dll
2008-05-14 15:56 . 2008-05-14 15:56 <DIR> d-------- C:\merged
2008-05-13 18:18 . 2008-05-13 18:18 <DIR> d-------- C:\Users\Michael\AppData\Roaming\vlc
2008-05-13 18:16 . 2008-05-13 18:16 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-13 17:43 . 2008-05-13 17:43 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-13 13:12 . 2008-05-13 13:12 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Nikon
2008-05-13 13:11 . 2008-05-13 13:11 <DIR> d-------- C:\Program Files\Nikon
2008-05-13 13:10 . 2008-05-13 13:10 <DIR> d-------- C:\ProgramData\Ultima_T15
2008-05-13 13:10 . 2008-05-13 13:10 <DIR> d-------- C:\ProgramData\EnterNHelp
2008-05-13 13:10 . 2008-05-13 13:13 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-05-13 13:10 . 2008-05-13 13:10 0 --a------ C:\ProgramData\PKP_DLbz.DAT
2008-05-12 19:19 . 2008-05-12 19:19 <DIR> d-------- C:\Users\Michael\AppData\Roaming\iPodifier
2008-05-12 19:19 . 2008-05-12 19:19 <DIR> d-------- C:\Program Files\iPodifier
2008-05-12 19:18 . 2008-05-12 19:18 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-08 18:46 . 2008-05-08 18:56 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Winamp
2008-05-08 18:46 . 2008-05-08 18:47 <DIR> d-------- C:\Program Files\Winamp
2008-05-07 11:50 . 2008-05-07 11:50 <DIR> d-------- C:\Program Files\vixy.net
2008-05-04 15:39 . 2008-05-17 12:46 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-04 15:30 . 2008-05-04 15:30 <DIR> d-------- C:\temp\ext18866
2008-05-04 15:30 . 2008-05-04 15:30 <DIR> d-------- C:\temp
2008-05-03 14:26 . 2008-05-17 13:03 <DIR> d-------- C:\Program Files\Handbrake
2008-04-30 14:06 . 2008-04-30 14:06 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-29 13:58 . 2008-04-29 13:58 <DIR> d-------- C:\Program Files\iTunes
2008-04-29 13:58 . 2008-04-29 13:58 <DIR> d-------- C:\Program Files\iPod
2008-04-29 13:55 . 2008-04-29 13:55 <DIR> d-------- C:\Program Files\QuickTime
2008-04-29 13:52 . 2008-04-29 13:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-29 13:21 . 2008-04-29 13:29 <DIR> d-------- C:\Users\Michael\AppData\Roaming\FrostWire
2008-04-29 13:21 . 2008-04-29 13:22 <DIR> d-------- C:\Program Files\FrostWire
2008-04-28 16:26 . 2008-04-30 16:16 <DIR> d-------- C:\Program Files\Shareaza
2008-04-26 20:00 . 2008-04-26 20:00 <DIR> d-------- C:\Users\Michael\{a58d0d1c-25cd-4b20-a8e0-1308dcfd2b60}
2008-04-26 19:52 . 2008-04-26 19:52 <DIR> d-------- C:\Hauppauge
2008-04-26 19:52 . 2007-03-23 18:25 57,472 --a------ C:\Windows\System32\drivers\hcwu2dtd.sys
2008-04-26 19:52 . 2007-03-23 18:21 18,560 --a------ C:\Windows\System32\drivers\hcwu2dtl.sys
2008-04-23 18:44 . 2008-04-23 18:45 <DIR> d-------- C:\Users\Michael\AppData\Roaming\FLV Extract
2008-04-20 21:29 . 2007-10-08 09:27 436,784 --a------ C:\Windows\System32\vnetlib.dll
2008-04-20 21:29 . 2007-10-08 09:26 150,064 --a------ C:\Windows\System32\vmnat.exe
2008-04-20 21:29 . 2007-10-08 09:26 121,392 --a------ C:\Windows\System32\vmnetdhcp.exe
2008-04-20 21:29 . 2007-10-08 09:26 50,992 -ra------ C:\Windows\System32\vmnetbridge.dll
2008-04-20 21:29 . 2007-10-08 09:26 28,592 -ra------ C:\Windows\System32\drivers\vmnetbridge.sys
2008-04-20 21:29 . 2007-10-08 09:27 25,008 --a------ C:\Windows\System32\drivers\vmnetuserif.sys
2008-04-20 21:29 . 2007-10-08 09:26 17,712 -ra------ C:\Windows\System32\drivers\vmnet.sys
2008-04-20 21:29 . 2007-10-08 09:26 16,816 --a------ C:\Windows\System32\drivers\vmnetadapter.sys
2008-04-20 21:29 . 2007-10-08 09:26 13,104 --a------ C:\Windows\System32\vnetinst.dll
2008-04-20 21:28 . 2007-10-08 09:26 30,768 --a------ C:\Windows\System32\drivers\vmusb.sys
2008-04-20 21:28 . 2007-10-08 09:27 20,912 --a------ C:\Windows\System32\drivers\VMkbd.sys
2008-04-20 21:26 . 2008-04-20 21:26 <DIR> d-------- C:\Program Files\VMware
2008-04-20 21:26 . 2008-04-20 21:26 <DIR> d-------- C:\Program Files\Common Files\VMware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 20:08 --------- d-----w C:\Users\Michael\AppData\Roaming\VMware
2008-05-20 19:58 --------- d-----w C:\Users\Michael\AppData\Roaming\SiteAdvisor
2008-05-19 19:46 262,144 ----a-w C:\ntuser.dat
2008-05-19 17:53 --------- d-----w C:\Users\Michael\AppData\Roaming\uTorrent
2008-05-17 12:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 12:03 --------- d-----w C:\Program Files\nLite
2008-05-17 11:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 17:59 --------- d-----w C:\Users\Michael\AppData\Roaming\Vso
2008-05-04 14:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-30 14:56 --------- d-----w C:\Program Files\UltiDev
2008-04-29 13:19 --------- d-----w C:\Users\Michael\AppData\Roaming\VideoReDoPlus
2008-04-29 13:16 --------- d---a-w C:\ProgramData\TEMP
2008-04-29 12:21 --------- d-----w C:\Program Files\LimeWire
2008-04-26 15:39 --------- d-----w C:\Program Files\Microsoft Games
2008-04-26 14:21 --------- d-----w C:\Program Files\RocketDock
2008-04-23 10:19 --------- d-----w C:\ProgramData\VMware
2008-04-19 12:59 --------- d-----w C:\Program Files\DivX
2008-04-19 12:44 --------- d-----w C:\Users\Michael\AppData\Roaming\JAM Software
2008-04-19 12:39 --------- d-----w C:\Program Files\vLite
2008-04-15 18:55 --------- d-----w C:\Program Files\Java
2008-04-15 13:13 --------- d-----w C:\Program Files\Google
2008-04-14 20:24 --------- d-----w C:\Users\Michael\AppData\Roaming\Sony Corporation
2008-04-14 12:59 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-14 12:57 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 12:33 --------- d-----w C:\Users\Michael\AppData\Roaming\LimeWire
2008-04-12 09:55 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-11 22:37 --------- d-----w C:\Program Files\InterMute
2008-04-11 21:32 --------- d-----w C:\Program Files\ESET
2008-04-11 21:07 691 ----a-w C:\Users\Michael\AppData\Roaming\GetValue.vbs
2008-04-11 21:07 35 ----a-w C:\Users\Michael\AppData\Roaming\SetValue.bat
2008-04-10 21:34 --------- d-----w C:\ProgramData\NVIDIA Corporation
2008-04-10 21:34 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-04-09 10:44 --------- d-----w C:\Program Files\Vista4Cast
2008-04-09 10:29 --------- d-----w C:\Program Files\Windows Mail
2008-04-05 12:45 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-04-05 12:44 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-04-05 10:41 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-04-05 10:40 --------- d-----w C:\ProgramData\VideoSpin
2008-04-05 10:40 --------- d-----w C:\Program Files\Pinnacle
2008-04-05 10:40 --------- d-----w C:\Program Files\Common Files\Yahoo!
2008-04-05 10:38 --------- d-----w C:\ProgramData\Pinnacle
2008-04-04 11:12 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-03 15:53 --------- d-----w C:\Program Files\DVBViewer
2008-04-02 20:21 --------- d-----w C:\Users\Michael\AppData\Roaming\Auslogics
2008-04-02 20:21 --------- d-----w C:\Program Files\Auslogics
2008-04-02 17:21 --------- d-----w C:\ProgramData\Team MediaPortal
2008-04-02 17:21 --------- d-----w C:\Program Files\Team MediaPortal
2008-03-29 15:04 --------- d-----w C:\ProgramData\CMUV
2008-03-29 13:03 --------- d-----w C:\Program Files\Foxit Software
2008-03-28 23:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 23:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 16:27 --------- d-----w C:\Program Files\SmartDraw 2008
2008-03-27 21:54 --------- d-----w C:\Users\Michael\AppData\Roaming\SmartDraw
2008-03-27 21:41 --------- d-----w C:\Program Files\MagicISO
2008-03-26 18:51 --------- d-----w C:\Users\Michael\AppData\Roaming\Acronis
2008-03-24 18:37 --------- d-----w C:\Program Files\mackoy
2008-03-24 11:54 --------- d-----w C:\Program Files\Stardock
2008-03-23 16:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-22 12:26 --------- d-----w C:\ProgramData\Lavasoft
2008-03-22 12:25 --------- d-----w C:\Program Files\Lavasoft
2008-03-22 11:52 --------- d-----w C:\ProgramData\Sony Corporation
2008-03-22 11:51 --------- d-----w C:\Program Files\Sony
2008-03-21 11:54 --------- d-----w C:\Program Files\Microsoft Works
2008-03-19 20:52 174 --sha-w C:\Program Files\desktop.ini
2008-03-03 13:25 5,702 ---ha-w C:\Windows\nod32restoretemdono.reg
2007-12-06 19:24 144 ----a-w C:\Users\Michael\AppData\Roaming\wklnhst.dat
2007-12-02 00:09 604 ---ha-w C:\Program Files\STLL Notifier
2007-11-26 20:31 47,360 ----a-w C:\Users\Michael\AppData\Roaming\pcouffin.sys
2007-12-24 00:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-24 00:21 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-24 00:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-20_16.29.31.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 15:25:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-20 20:07:31 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-20 15:25:24 217,088 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-20 20:07:50 217,088 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-20 15:25:23 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-20 20:07:51 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-20 15:19:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-20 19:35:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-20 15:19:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-20 19:35:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-20 15:19:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-20 19:35:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-20 09:13:20 16,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3390100157-130006372-542817148-1000_UserData.bin
+ 2008-05-20 19:43:43 16,738 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3390100157-130006372-542817148-1000_UserData.bin
- 2008-05-20 09:13:19 74,350 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 19:43:42 74,406 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-20 09:13:14 71,974 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 19:29:17 72,006 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-20 15:07:51 338,230 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-05-20 19:28:01 338,254 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 08:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 01:39 4489216 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 01:12 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 02:27 317560]
"Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-03 05:47 520192]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-22 10:35 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-22 10:34 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-22 10:34 133656]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 09:27 72240]
"56cb42d7"="C:\Windows\system32\rwhslixn.dll" [ ]
"BM55f8714b"="C:\Windows\system32\nnwsogni.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
"NoWinKeys"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"= C:\Windows\system32\mlJYstSK.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-25 03:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-10-30 21:07 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-10-30 21:11 909208 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-29 15:03 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-10-30 21:06 2595616 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2007-10-08 09:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-10-08 09:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
--a------ 2006-11-02 13:35 176128 C:\Windows\system32\WpcUmi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3390100157-130006372-542817148-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9296F22B-990F-42B6-9EF4-8198383B6147}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{FE1E8A57-C32A-4159-B035-CADDFF2191F4}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{2DE4B469-CCE9-4DE8-82BF-09634B239122}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{DDDA5625-5F0C-413A-B168-E7908AEF23CC}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{DB867C86-FD55-4636-B14A-F74F4C59CB16}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1585C0CE-D192-4D20-BAD8-27CFB0D6A663}"= UDP:6884:utor
"TCP Query User{9FF671CF-4AD7-4EF3-980E-FCB28FD4FD19}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A714B1AF-03AF-4474-B38B-2D648941DB86}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{1C434C2F-0EEC-4984-873D-2734AE01E688}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3AD5EC32-740B-4C96-9884-99D27B51C0DC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2E49F8EF-E5D4-49DD-924E-EC8A3A93DAF5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DAC93052-72FE-4847-825E-F90433CB4208}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{972873BC-8C51-4050-8081-F2C5DA044F98}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{583244E3-9D8C-45BA-BB08-6C567BE6F1D3}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{CED32301-D66D-4B92-8EFD-35BA23E23011}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"95aea77c-e579-4903-b8b2-91e6c95fe2e1"= UDP:17989:lw
"{8217D371-5D20-4C4D-AC68-2217CFBB8973}"= TCP:6884:utor2
"TCP Query User{5C95ADE3-33B4-4263-858B-634C4C21B777}C:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{DAFBA970-A89D-475C-B0D0-B7BBB459B8D8}C:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{B4A7984F-4D85-47BD-8D9D-57F6EB5557C6}C:\\users\\michael\\desktop\\xampp-win32-1.6.5\\xampp\\apache\\bin\\apache.exe"= UDP:C:\users\michael\desktop\xampp-win32-1.6.5\xampp\apache\bin\apache.exe:apache.exe
"UDP Query User{237CD129-391E-4BD9-9F5C-E4916FA8D224}C:\\users\\michael\\desktop\\xampp-win32-1.6.5\\xampp\\apache\\bin\\apache.exe"= TCP:C:\users\michael\desktop\xampp-win32-1.6.5\xampp\apache\bin\apache.exe:apache.exe
"TCP Query User{FF2EE3CC-8D8A-450C-9E22-551AEF4AEBB6}C:\\users\\michael\\desktop\\xampp-win32-1.6.5\\xampp\\mysql\\bin\\mysqld.exe"= UDP:C:\users\michael\desktop\xampp-win32-1.6.5\xampp\mysql\bin\mysqld.exe:mysqld.exe
"UDP Query User{FF920B09-4E47-4F1F-BA04-71E0383994D6}C:\\users\\michael\\desktop\\xampp-win32-1.6.5\\xampp\\mysql\\bin\\mysqld.exe"= TCP:C:\users\michael\desktop\xampp-win32-1.6.5\xampp\mysql\bin\mysqld.exe:mysqld.exe
"{150F7F7B-EB14-4571-8EE7-4C602BBFC975}"= UDP:6346:limewire
"TCP Query User{953D4D3D-68A7-4CE3-99B2-94B04EDEC72F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3C274CC5-1E39-4289-80CE-DE585AA54EC8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{81A1BB1F-3FBD-4547-BE74-C4CFA0392623}C:\\program files\\soundspectrum\\whitecap\\whitecap standalone.exe"= UDP:C:\program files\soundspectrum\whitecap\whitecap standalone.exe:WhiteCap Standalone
"UDP Query User{ACA2F011-BB40-4635-BA9A-919C8AF446BA}C:\\program files\\soundspectrum\\whitecap\\whitecap standalone.exe"= TCP:C:\program files\soundspectrum\whitecap\whitecap standalone.exe:WhiteCap Standalone
"{82EA312B-8A8E-4DFE-B0FD-E524F590EA3C}"= UDP:C:\Users\Michael\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{B0D1672B-5DAF-4A2F-87A3-7A18AAB88C51}"= TCP:C:\Users\Michael\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{1A8F7EB9-452F-4D8C-9197-9871B3E0143D}"= UDP:C:\Users\Michael\Desktop\Vista41C\Installer.exe:SpeedTouch Home Install Wizard
"{06642459-4E0C-437B-AE32-83D39D64A5D1}"= TCP:C:\Users\Michael\Desktop\Vista41C\Installer.exe:SpeedTouch Home Install Wizard
"{F37B408F-DA2F-4FF9-B47E-7D5F3185BF9F}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{063408C1-BF23-4DD0-B3B9-6DA838CF1F83}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{F6F74C65-3A73-4B84-8857-92513DF73FFC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A14EFE97-6446-4866-A7F4-B599702140D4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A1825DD4-27E2-43BD-857B-BAEA57146C07}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{63AC1D89-B914-4FE1-A18B-5DDB13BCBB4E}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{45501F5D-A395-4DE3-A7EC-DE116AAE957F}"= UDP:C:\Users\Michael\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{E8A7670B-239E-4219-939F-A2529797D29B}"= TCP:C:\Users\Michael\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{4BFA30EE-436F-4FC8-B3F8-065AECFCCEDF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{77EE46B7-1AB9-4775-9B0D-29BCAA965A62}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{83148997-93AA-451F-AE8B-C668C57D6EEA}C:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= UDP:C:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{81BF9D4F-ABE8-47FB-85D9-0DD40E5A22D2}C:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= TCP:C:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{4DE093D7-728D-4862-BE28-A77E95B2C659}"= UDP:51394:WebGuide
"{2780D502-22EB-42D7-89F0-3D070A31DE35}"= UDP:51395:WebGuide
"{4EA9575A-B3D0-4216-B6C9-6E9D458ADABF}"= UDP:51393:WebGuide
"{A7B9B0F2-3558-4908-8B97-B3E35EFA364C}"= UDP:51861:WebGuide
"{21392598-91B2-4215-B0E6-B113E9D2ED1A}"= UDP:51862:WebGuide
"4f0bed32-b4f7-4e09-9db8-eed16d6d4fbb"= UDP:Profile=Public|51861:webguide
"TCP Query User{A19E772A-970A-40C4-8400-45A44A27C55D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DB0B7526-3B2B-48C8-85E6-35978BD32B6E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{1131D2C5-AA0A-4E05-8510-D94A1D00C0DF}"= UDP:51861:WebGuide
"TCP Query User{170FE7D8-16F7-4788-918F-5730D78219B4}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{5E74932F-034D-423F-B43F-BB5E49AE899C}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{A8E9F08E-D658-4C85-A5E4-0C16887423AE}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{577D78FE-871A-4202-8C60-A9AE3F3E45D0}C:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= UDP:C:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{D65A53FC-45F3-44D1-913B-9AB25D2486DD}C:\\program files\\webguide\\webguide4\\bin\\webguide_configuration.exe"= TCP:C:\program files\webguide\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{3E559374-AE81-41C8-BD5F-797A347B30B3}"= UDP:8077:WebGuide
"{31A32B1D-84A2-48C5-BCDC-76AC9E77FE88}"= UDP:51862:WebGuide
"TCP Query User{E232EA43-CB3A-407D-9563-29611CBFB951}C:\\program files\\dvbviewer\\dvbserver.exe"= UDP:C:\program files\dvbviewer\dvbserver.exe:DVBViewer Pro NetworkServer
"UDP Query User{CD21EAAE-F392-45B5-A1A4-F5929EECECF1}C:\\program files\\dvbviewer\\dvbserver.exe"= TCP:C:\program files\dvbviewer\dvbserver.exe:DVBViewer Pro NetworkServer
"{C2ED6B95-2BF7-4AE8-860C-969D638B1502}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{C14E5698-9A55-43D5-B66C-E8F06BDD3438}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{26C78D71-7F9F-4963-A1AC-4A1CB5997A52}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{5AAC07C4-138C-4B9A-823D-EDC970610946}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{9DAAB247-9066-4F80-8B20-3B85E800D0B4}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{E509E8E9-238D-4C86-B976-4A4E9A9E3D24}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{6D9832D3-D98D-4036-B09A-1DC45D0A63C3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{26A282B5-D175-4FC6-89A0-CCF7D6DEE158}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"TCP Query User{3095738F-EB4C-42F3-964F-0924B36FDF7B}C:\\program files\\pinnacle\\videospin\\programs\\videospin.exe"= UDP:C:\program files\pinnacle\videospin\programs\videospin.exe:Pinnacle VideoSpin program file
"UDP Query User{8E2A3B31-22DF-4B47-ADD7-284661AF7094}C:\\program files\\pinnacle\\videospin\\programs\\videospin.exe"= TCP:C:\program files\pinnacle\videospin\programs\videospin.exe:Pinnacle VideoSpin program file
"9091af9d-727e-42b5-8e51-5fc989ed6f68"= %USERPROFILE%\Desktop\Wubi-8.04-beta-rev487.exe:wubi
"{ED021FA3-21EB-4596-A56F-3F5FDA6A46B5}"= UDP:62056:WebGuide
"{6DCF84A3-2720-443D-9AED-27F724836805}"= UDP:62057:WebGuide
"TCP Query User{8342B1F8-8248-4B9D-AE37-8060BC3B6E0F}C:\\webguide4\\bin\\webguide_configuration.exe"= UDP:C:\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"UDP Query User{F31778A9-257B-4049-B6A6-E6C608528469}C:\\webguide4\\bin\\webguide_configuration.exe"= TCP:C:\webguide4\bin\webguide_configuration.exe:WebGuide_Configuration
"{00A9E808-471D-4EBB-809F-AA82FD27ABDC}"= UDP:2141:WebGuide
"{85D1CE6D-2DEE-4AB7-B310-6225C63CB884}"= UDP:2142:WebGuide
"{053F3FF0-57EF-429D-9B7C-0C2515F8B98A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7D16CFA0-69D2-4E47-AED2-8EF444AA99E1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{460AD5BF-2CE4-4F3B-948E-4AD0FA192A9A}"= UDP:8295:WebGuide
"{D0C72269-38B0-4AC1-B93C-EA35E31B814D}"= UDP:8296:WebGuide
"{BDB40C80-3BC0-400A-853B-FF0F07268ED3}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{5768C715-C908-4746-A127-515705D37A32}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{A4D27B99-8857-4C57-9454-1C2F1AFB189A}C:\\program files\\freewire\\freewire television\\freewire television.exe"= UDP:C:\program files\freewire\freewire television\freewire television.exe:Freewire Television
"UDP Query User{BA37426A-5F8C-4FBB-B4E3-F92818A620E2}C:\\program files\\freewire\\freewire television\\freewire television.exe"= TCP:C:\program files\freewire\freewire television\freewire television.exe:Freewire Television
"{73988511-E7F8-4F5C-B6F2-7AE6C085F293}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{017D949D-1E25-4D44-93D5-1742B90016F7}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{2DE80A82-011C-4806-8782-DD79E49D1C3A}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{42B74061-B596-4C99-A5DD-57E85E6D3744}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{674B8D4C-0F38-406B-B61B-97B45A52B26A}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{054037E3-48F1-4FBF-9906-8E8480691464}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{CD29A0F3-1CAC-43D4-887A-F272C3E45E48}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{EC9AD095-6C86-4F61-B84D-4BF4E03E57F2}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{EC3DB4A4-33ED-4952-B8B9-7342C1DC69CD}"= UDP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{48EBF07E-1B0D-465B-9B59-2CB375E73513}"= TCP:C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide
"{887705E2-6814-4592-8C6F-4FB4EE13DC8B}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan
"{08FFB4E0-5A37-497D-A6AF-2382638DE1B8}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-11 16:04]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 CrackTcpip;Crack Tcpip;C:\Windows\system32\drivers\CrackTcpip.sys [2008-01-13 17:55]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 12:20]
R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2008-01-16 13:49]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-08 19:50]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 21:51]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-08 01:01]
R3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;C:\Windows\system32\Drivers\hcwu2dtd.sys [2007-03-23 18:25]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 11:36]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 01:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-25 01:23]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 10:45]
S3 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2007-02-22 20:53]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-15 01:28]
S3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;C:\Windows\system32\DRIVERS\hcwu2dtl.sys [2007-03-23 18:21]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]
S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2008-02-29 17:01]
S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2008-02-29 17:01]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2008-02-29 17:01]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 00:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 23:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-06 03:12]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-06 01:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 19:44:33 C:\Windows\Tasks\User_Feed_Synchronization-{287A80A8-B648-4746-823F-5EB2E92E0959}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 21:07:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehrecvr.exe
.
**************************************************************************
.
Completion time: 2008-05-20 21:12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 20:12:33
ComboFix2.txt 2008-05-20 19:46:53
ComboFix3.txt 2008-05-20 15:31:35
ComboFix4.txt 2008-04-12 10:15:21

Pre-Run: 168,467,054,592 bytes free
Post-Run: 168,425,209,856 bytes free

452 --- E O F --- 2008-05-17 10:12:42

[mikey4020]

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:00, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [56cb42d7] rundll32.exe "C:\Windows\system32\rwhslixn.dll",b
O4 - HKLM\..\Run: [BM55f8714b] Rundll32.exe "C:\Windows\system32\nnwsogni.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8993 bytes

Thanks Again for all the help

[Rorschach112]

Hello


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"=-

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [56cb42d7] rundll32.exe "C:\Windows\system32\rwhslixn.dll",b
O4 - HKLM\..\Run: [BM55f8714b] Rundll32.exe "C:\Windows\system32\nnwsogni.dll",s


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Reboot and post a new HijackThis log and tell me how your PC is running

[mikey4020]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 20, 2008 11:15:58 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/05/2008
Kaspersky Anti-Virus database records: 788626
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 114444
Number of viruses found: 2
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:10:28

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01ad4ed4993ef3859140bf7313a4f766_c5f7b2ce-f0f7-49d5-b16d-13aa07694251 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_c5f7b2ce-f0f7-49d5-b16d-13aa07694251 Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.180.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.180.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy51.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf27DA.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf27DB.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\drenaore.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\hivxsolp.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\ksxqaodw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\myvrkuhe.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\nnwsogni.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\nywxwgyq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\oamjyayc.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\ollmjsvr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\oplbbhht.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\Windows\System32\qoMfGVoN.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\qtakwlwq.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\rqRJDTkH.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\rwhslixn.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\spxaudwh.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\sqwuylrh.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\toqtdjtl.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\vsgrqufj.dll.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-04-12_111058.03.zip/Users/Michael/Desktop/catchme.zip/cbXRJDsQ.dll Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-12_111058.03.zip/Users/Michael/Desktop/catchme.zip Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-12_111058.03.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat{31975524-24c1-11dd-a51f-005056c00008}.TM.blf Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat{31975524-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat{31975524-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Michael\AppData\Local\Microsoft\Windows Defender\FileTracker\{6E3E484B-D8C7-4E1D-820E-0B2E6F708228} Object is locked skipped
C:\Users\Michael\AppData\Local\Temp\vmware-Michael\vmware-vix-Michael-2156.log Object is locked skipped
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Michael\Desktop\Michael\Michael\mcombo.exe/data0180 Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Users\Michael\Desktop\Michael\Michael\mcombo.exe NSIS: infected - 1 skipped
C:\Users\Michael\NTUSER.DAT Object is locked skipped
C:\Users\Michael\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Michael\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TM.blf Object is locked skipped
C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Michael\NTUSER.DAT{31975522-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_1456161400_1310720_74588 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBEBFC5.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{17FDAEFE-9F8E-4165-94BF-BEE1B11E095A}.TmpSBE Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{31975520-24c1-11dd-a51f-005056c00008}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehmsdri.log Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehRecvr.log Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{613c97ee-00dd-11dd-9453-005056c00008}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{613c97ee-00dd-11dd-9453-005056c00008}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{613c97ee-00dd-11dd-9453-005056c00008}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Acronis\TrueImageHome\Logs\37B98854-AF89-41FB-B8B0-B8C79FF98C53.log Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{31975513-24c1-11dd-a51f-005056c00008}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{31975513-24c1-11dd-a51f-005056c00008}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{31975513-24c1-11dd-a51f-005056c00008}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{31975513-24c1-11dd-a51f-005056c00008}.TxR.blf Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:01, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\unsecapp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8944 bytes

Thanks!!

[Rorschach112]

Hello

Delete this file in bold

C:\Users\Michael\Desktop\Michael\Michael\mcombo.exe



Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.