Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help removing BackDoor.Turkojan [CLOSED] [RESOLVED]

Started by chich , Aug 21 2008 03:31 AM

  • This topic is locked This topic is locked

#1
chich
Posted 21 August 2008 - 03:31 AM

chich

    Member

  • Member
  • PipPip
  • 25 posts
Recently discovered that my PC was infected with this back door trojan.
Ran Malwarebytes which fixed the bulk of the problem.
I also have a free version of Spyware Doctor which detected a same/similar infection in the Registry, I wont touch it for obvious reasons.

- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\perfmons, ImagePath = C:\WINDOWS\system32\perfs.exe

Malwarebytes cannot detect this infection.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:16 PM, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB001" /M "Stylus C87"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

--
End of file - 8997 bytes



Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

8:28:59 PM 21/08/2008
mbam-log-08-21-2008 (20-28-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 74826
Time elapsed: 26 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\macidwe (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nobicyt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sobicyt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdxdowkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.


Any help is appreciated

Edited by chich, 21 August 2008 - 05:06 AM.

  • 0

Advertisements

#2
Egwene
Posted 26 August 2008 - 06:18 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello chich !

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
  • 0

#3
Egwene
Posted 26 August 2008 - 07:00 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Chich,

Your Hijackthis log looks good but there are some things to do and we need to check about this :

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\perfmons, ImagePath = C:\WINDOWS\system32\perfs.exe


1) Disable real-time protection :

--> While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

--> Please disable AVG8 : more help here : http://www.bleepingc...opic114351.html

2) Update Java :

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Update Adobe acrobate Reader :

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

4) Run OTviewIT :

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

Regards,
Egwene.
  • 0

#4
chich
Posted 28 August 2008 - 05:32 AM

chich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Thankyou,
Few days ago the virus was detected by AVG again in the system volume information

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0005592.sys

Not to sure if that helps.

I'd also like to note that this PC is used by a number of people with several user logins


OTViewIt logfile created on: 28/08/2008 7:16:17 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

509.98 Mb Total Physical Memory | 286.93 Mb Available Physical Memory | 56.26% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 73.02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 57.71 Gb Free Space | 77.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CIANA
Current User Name: Family
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[01/15/2008 01:40 AM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[08/17/2008 09:23 PM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe
[08/17/2008 09:23 PM | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgrsx.exe
[08/17/2008 09:23 PM | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgemc.exe
[01/27/2005 03:02 AM | 00,086,016 | ---- | M] () - C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[09/20/2005 09:32 AM | 00,077,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[09/20/2005 09:36 AM | 00,114,688 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\igfxpers.exe
[01/27/2005 02:00 PM | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABP.EXE
[05/07/2008 12:41 PM | 02,162,688 | ---- | M] (Telstra) - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
[08/17/2008 09:23 PM | 01,232,152 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgtray.exe
[05/04/2007 05:15 PM | 00,598,016 | ---- | M] (QUALCOMM Inc.) - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[01/15/2008 01:40 AM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(avg8emc) AVG Free8 E-mail Scanner [Auto | Running]
[08/17/2008 09:23 PM | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgemc.exe

(avg8wd) AVG Free8 WatchDog [Auto | Running]
[08/17/2008 09:23 PM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe

(WANMiniportService) WAN Miniport (ATW) Service [Auto | Stopped]
File not found - C:\WINDOWS\wanmpsvc.exe

===== Driver Services - Non-Microsoft Only =====

(ASCTRM) ASCTRM [Auto | Running]
[01/22/2006 01:07 AM | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\asctrm.sys

(AvgLdx86) AVG Free AVI Loader Driver x86 [System | Running]
[08/17/2008 09:24 PM | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgldx86.sys

(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [System | Running]
[08/17/2008 09:24 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgmfx86.sys

(AvgTdiX) AVG Free8 Network Redirector [Auto | Running]
[08/17/2008 09:24 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\system32\drivers\avgtdix.sys

(cmusbnet) WAN Driver @ 3GPP (6280) [On_Demand | Running]
[06/22/2007 09:54 AM | 00,087,424 | ---- | M] (Cmotech Co., Ltd) - C:\WINDOWS\system32\drivers\cmusbnet.sys

(cmusbser) %CMUSBSER% [On_Demand | Running]
[12/13/2006 06:31 PM | 00,087,040 | ---- | M] (Cmotech Co.,Ltd) - C:\WINDOWS\system32\drivers\cmusbser.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Running]
[02/10/2004 10:49 PM | 00,154,112 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(ialm) ialm [On_Demand | Running]
[09/20/2005 10:00 AM | 01,302,332 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(PCASp50) PCASp50 NDIS Protocol Driver [On_Demand | Stopped]
[07/13/2007 04:25 PM | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) - C:\WINDOWS\system32\drivers\PCASp50.sys

(SE2Cbus) Sony Ericsson Device 044 Driver driver (WDM) [On_Demand | Stopped]
[11/10/2006 08:54 AM | 00,061,600 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE2Cbus.sys

(SE2Cmdfl) Sony Ericsson Device 044 USB WMC Modem Filter [On_Demand | Stopped]
[11/10/2006 08:54 AM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE2Cmdfl.sys

(SE2Cmdm) Sony Ericsson Device 044 USB WMC Modem Driver [On_Demand | Stopped]
[11/10/2006 08:54 AM | 00,097,184 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE2Cmdm.sys

(SE2Cmgmt) Sony Ericsson Device 044 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[11/10/2006 08:54 AM | 00,088,688 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE2Cmgmt.sys

(se2Cnd5) Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (NDIS) [On_Demand | Stopped]
[11/10/2006 08:54 AM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se2Cnd5.sys

(SE2Cobex) Sony Ericsson Device 044 USB WMC OBEX Interface [On_Demand | Stopped]
[11/10/2006 08:54 AM | 00,086,560 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE2Cobex.sys

(se2Cunic) Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (WDM) [On_Demand | Stopped]
[11/10/2006 08:54 AM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se2Cunic.sys

(se44bus) Sony Ericsson Device 068 driver (WDM) [On_Demand | Stopped]
[11/30/2006 11:58 PM | 00,061,536 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se44bus.sys

(se44mdfl) Sony Ericsson Device 068 USB WMC Modem Filter [On_Demand | Stopped]
[11/30/2006 01:58 PM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se44mdfl.sys

(se44mdm) Sony Ericsson Device 068 USB WMC Modem Driver [On_Demand | Stopped]
[11/30/2006 01:58 PM | 00,097,088 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se44mdm.sys

(se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[11/30/2006 01:58 PM | 00,088,624 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se44mgmt.sys

(se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) [On_Demand | Stopped]
[11/30/2006 01:58 PM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se44nd5.sys

(se44obex) Sony Ericsson Device 068 USB WMC OBEX Interface [On_Demand | Stopped]
[11/30/2006 01:58 PM | 00,086,432 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se44obex.sys

(se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) [On_Demand | Stopped]
[11/30/2006 01:58 PM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se44unic.sys

(senfilt) senfilt [On_Demand | Running]
[09/17/2004 04:02 PM | 00,732,928 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\senfilt.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AVG8_TRAY" = C:\PROGRA~1\AVG\AVG8\avgtray.exe [08/17/2008 09:23 PM | 01,232,152 | ---- | M] (AVG Technologies CZ, s.r.o.)
"BigPondWirelessBroadbandCM" = "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr [05/07/2008 12:41 PM | 02,162,688 | ---- | M] (Telstra)
"dla" = C:\WINDOWS\system32\dla\tfswctrl.exe [12/06/2004 03:05 AM | 00,127,035 | ---- | M] (Sonic Solutions)
"DMXLauncher" = C:\Program Files\Dell\Media Experience\DMXLauncher.exe [01/27/2005 03:02 AM | 00,086,016 | ---- | M] ()
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 06:19 PM | 00,053,248 | ---- | M] (CyberLink Corp.)
"EPSON Stylus C87 Series" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB001" /M "Stylus C87" [01/27/2005 02:00 PM | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
"igfxhkcmd" = C:\WINDOWS\system32\hkcmd.exe [09/20/2005 09:32 AM | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" = C:\WINDOWS\system32\igfxpers.exe [09/20/2005 09:36 AM | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" = C:\WINDOWS\system32\igfxtray.exe [09/20/2005 09:35 AM | 00,094,208 | ---- | M] (Intel Corporation)
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 06:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 06:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 12:10 PM | 00,267,048 | ---- | M] (Apple Inc.)
"MSKDetectorExe" = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMAXPnP" = C:\Program Files\Analog Devices\Core\smax4pnp.exe [10/14/2004 09:42 PM | 01,404,928 | ---- | M] (Analog Devices, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C87 Series" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU" [01/27/2005 02:00 PM | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
"OM2_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart [05/28/2007 04:59 PM | 00,095,800 | ---- | M] (OLYMPUS IMAGING CORP.)
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[05/16/2002 04:10 PM | 00,032,842 | -H-- | M] (America Online, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
[10/29/2003 04:06 AM | 00,024,576 | R--- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

[Family Startup Folder - C:\Documents and Settings\Family\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
HKLM CLSID: (AVG Safe Search) - [08/17/2008 09:23 PM | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgssie.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [12/06/2004 03:05 AM | 00,118,842 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
HKLM CLSID: (AVG Security Toolbar) - [08/17/2008 09:23 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\Program Files\AVG\AVG8\avgtoolbar.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85}]
HKLM CLSID: (BigPond Wireless Broadband 2.0 Auto Dial) - [02/26/2008 02:21 PM | 00,118,784 | ---- | M] (Telstra) C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"
HKLM CLSID: (AVG Security Toolbar) - [08/17/2008 09:23 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\Program Files\AVG\AVG8\avgtoolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"
HKLM CLSID: (AVG Security Toolbar) - [08/17/2008 09:23 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\Program Files\AVG\AVG8\avgtoolbar.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"avgrsstx.dll" - [08/17/2008 09:24 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgrsstx.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 10:12 AM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/14/2008 04:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 10:12 AM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [04/14/2008 10:12 AM | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/14/2008 04:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [02/19/2008 12:10 PM | 19,897,640 | ---- | M] (Apple Inc.)
"C:\Soldat\Soldat.exe" = C:\Soldat\Soldat.exe [08/10/2007 09:32 PM | 00,678,400 | ---- | M] (Michal Marcinkowski)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe [08/17/2008 09:23 PM | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe [08/17/2008 09:23 PM | 00,640,280 | ---- | M] (AVG Technologies CZ, s.r.o.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/14/2008 10:12 AM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/14/2008 10:12 AM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/14/2008 10:12 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/14/2008 10:12 AM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [09/20/2005 09:31 AM | 00,135,168 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5014F15B-8138-4BF0-8A09-D782825A50BC}]
Servers: | Description: Intel® PRO/100 VE Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6643B6FC-44E7-4EEA-893F-7F7A35B02947}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8947956F-3EF0-4704-BAF9-AA85CA17585F}]
Servers: | Description: Sony Ericsson Device 044 USB Ethernet Emulation (NDIS 5)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{BEA781F8-82E8-4751-9A27-33D318D3409B}]
Servers: | Description: Sony Ericsson Device 068 USB Ethernet Emulation (NDIS 5)

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[08/10/2004 03:04 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 10:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (259232 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net



[Files/Folders - Created Within 30 days]
[08/21/2008 06:48 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/28/2008 07:12 PM | -HSD | C] - C:\Config.Msi
[08/17/2008 09:24 PM | 00,075,236 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg
[08/17/2008 09:24 PM | 00,211,986 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[08/17/2008 09:24 PM | 06,061,540 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg
[08/17/2008 09:24 PM | 26,642,915 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/17/2008 09:24 PM | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys
[08/17/2008 09:24 PM | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgtdix.sys
[08/17/2008 09:24 PM | 00,096,520 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys
[08/17/2008 09:24 PM | ---D | C] - C:\WINDOWS\System32\drivers\Avg
[08/26/2008 07:05 PM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/26/2008 07:06 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/26/2008 07:10 PM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[2 C:\WINDOWS\System32\*.tmp files]
[08/02/2008 02:22 PM | 00,107,888 | ---- | C] (Sony DADC Austria AG.) - C:\WINDOWS\System32\CmdLineExt.dll
[08/03/2008 01:36 PM | 00,000,664 | ---- | C] () - C:\WINDOWS\System32\d3d9caps.dat
[08/03/2008 06:26 PM | ---D | C] - C:\WINDOWS\System32\Adobe
[08/17/2008 09:24 PM | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll
[08/26/2008 07:07 PM | 00,001,261 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[08/26/2008 08:07 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/26/2008 08:07 PM | ---D | C] - C:\WINDOWS\System32\en
[08/26/2008 08:07 PM | ---D | C] - C:\WINDOWS\System32\scripting
[2 C:\WINDOWS\*.tmp files]
[08/21/2008 07:55 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/26/2008 07:57 PM | ---D | C] - C:\WINDOWS\EHome
[08/26/2008 07:57 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/26/2008 08:04 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/26/2008 08:07 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/27/2008 08:34 AM | ---D | C] - C:\WINDOWS\Prefetch
[08/28/2008 05:53 PM | ---D | C] - C:\WINDOWS\LastGood
[08/13/2008 03:52 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[08/17/2008 07:08 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avg8
[08/17/2008 08:54 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/21/2008 08:00 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/28/2008 07:13 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/02/2008 02:22 PM | RH-D | C] - C:\Documents and Settings\Family\Application Data\SecuROM
[08/17/2008 09:24 PM | ---D | C] - C:\Documents and Settings\Family\Application Data\AVGTOOLBAR
[08/21/2008 08:00 PM | ---D | C] - C:\Documents and Settings\Family\Application Data\Malwarebytes
[08/13/2008 05:45 PM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/17/2008 09:24 PM | 00,001,507 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[08/21/2008 08:00 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/28/2008 07:13 PM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/28/2008 07:15 PM | 00,000,734 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/24/2008 01:01 PM | 12,146,263 | ---- | C] () - C:\Documents and Settings\Family\Desktop\streetfighteriv_072408_qtlowwide.mov
[08/26/2008 06:37 PM | ---D | C] - C:\Documents and Settings\Family\Desktop\Unused Desktop Shortcuts
[08/28/2008 06:00 PM | 00,000,933 | ---- | C] () - C:\Documents and Settings\Family\Desktop\Spybot - Search & Destroy.lnk
[08/28/2008 06:08 PM | 00,059,632 | ---- | C] () - C:\Documents and Settings\Family\Desktop\JavaRa.zip
[08/28/2008 06:09 PM | ---D | C] - C:\Documents and Settings\Family\Desktop\JavaRa
[08/28/2008 06:14 PM | 00,001,593 | ---- | C] () - C:\Documents and Settings\Family\Desktop\1219911257265-integrated.jnlp
[08/28/2008 06:15 PM | 15,984,024 | ---- | C] () - C:\Documents and Settings\Family\Desktop\jre-6u7-windows-i586-p.exe
[08/28/2008 06:29 PM | 35,124,856 | ---- | C] ( ) - C:\Documents and Settings\Family\Desktop\AdbeRdr90_en_US.exe
[08/13/2008 05:40 PM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[08/21/2008 07:58 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/28/2008 07:12 PM | ---D | C] - C:\Program Files\Common Files\Adobe
[08/28/2008 07:15 PM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/03/2008 01:43 PM | ---D | C] - C:\Program Files\AVG
[08/17/2008 09:17 PM | ---D | C] - C:\Program Files\Trend Micro
[08/21/2008 07:54 PM | ---D | C] - C:\Program Files\ERUNT
[08/21/2008 08:00 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/28/2008 06:00 PM | ---D | C] - C:\Program Files\Spybot - Search & Destroy

[Files/Folders - Modified Within 30 days]
[08/11/2008 04:26 PM | 00,000,232 | -H-- | M] () - C:\sqmdata00.sqm
[08/11/2008 04:26 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt00.sqm
[08/11/2008 11:14 AM | ---D | M] - C:\etax2006
[08/17/2008 07:09 PM | -HSD | M] - C:\System Volume Information
[08/21/2008 06:48 PM | -H-D | M] - C:\$AVG8.VAULT$
[08/26/2008 08:01 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/28/2008 05:46 PM | 53,482,7008 | -HS- | M] () - C:\hiberfil.sys
[08/28/2008 05:56 PM | ---D | M] - C:\WINDOWS
[08/28/2008 06:00 PM | R--D | M] - C:\Program Files
[08/28/2008 07:15 PM | -HSD | M] - C:\Config.Msi
[08/17/2008 09:24 PM | 06,061,540 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg
[08/17/2008 09:27 PM | 00,211,986 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[08/28/2008 05:53 PM | 00,075,236 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg
[08/28/2008 05:53 PM | 26,642,915 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm
[08/12/2008 03:15 PM | 00,000,734 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080821-163237.backup
[08/21/2008 04:32 PM | 00,259,232 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[08/17/2008 09:24 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys
[08/17/2008 09:24 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgtdix.sys
[08/17/2008 09:24 PM | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys
[08/21/2008 04:32 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/28/2008 05:53 PM | ---D | M] - C:\WINDOWS\System32\drivers\Avg
[2 C:\WINDOWS\System32\*.tmp files]
[08/02/2008 02:22 PM | 00,107,888 | ---- | M] (Sony DADC Austria AG.) - C:\WINDOWS\System32\CmdLineExt.dll
[08/03/2008 01:36 PM | 00,000,664 | ---- | M] () - C:\WINDOWS\System32\d3d9caps.dat
[08/03/2008 06:28 PM | ---D | M] - C:\WINDOWS\System32\Macromed
[08/03/2008 06:39 PM | ---D | M] - C:\WINDOWS\System32\Adobe
[08/17/2008 09:24 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll
[08/21/2008 04:04 PM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[08/26/2008 08:03 PM | ---D | M] - C:\WINDOWS\System32\oobe
[08/26/2008 08:04 PM | ---D | M] - C:\WINDOWS\System32\Com
[08/26/2008 08:04 PM | ---D | M] - C:\WINDOWS\System32\npp
[08/26/2008 08:04 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/26/2008 08:07 PM | ---D | M] - C:\WINDOWS\System32\bits
[08/26/2008 08:07 PM | ---D | M] - C:\WINDOWS\System32\en
[08/26/2008 08:07 PM | ---D | M] - C:\WINDOWS\System32\en-US
[08/26/2008 08:07 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/26/2008 08:07 PM | ---D | M] - C:\WINDOWS\System32\usmt
[08/26/2008 08:14 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/27/2008 08:33 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/27/2008 08:33 AM | ---D | M] - C:\WINDOWS\System32\wbem
[08/27/2008 08:34 AM | ---D | M] - C:\WINDOWS\System32\Setup
[08/27/2008 08:36 AM | 00,053,436 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/27/2008 08:36 AM | 00,381,692 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/27/2008 08:36 AM | 00,441,626 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/27/2008 11:00 AM | 00,149,992 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/28/2008 05:47 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/28/2008 05:53 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/28/2008 05:56 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[2 C:\WINDOWS\*.tmp files]
[08/03/2008 02:28 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/03/2008 06:26 PM | 00,002,432 | ---- | M] () - C:\WINDOWS\mozver.dat
[08/21/2008 04:06 PM | ---D | M] - C:\WINDOWS\Downloaded Installations
[08/21/2008 07:55 PM | ---D | M] - C:\WINDOWS\ERDNT
[08/26/2008 01:34 PM | ---D | M] - C:\WINDOWS\Debug
[08/26/2008 07:57 PM | ---D | M] - C:\WINDOWS\EHome
[08/26/2008 08:00 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/26/2008 08:03 PM | ---D | M] - C:\WINDOWS\system
[08/26/2008 08:04 PM | ---D | M] - C:\WINDOWS\msagent
[08/26/2008 08:04 PM | ---D | M] - C:\WINDOWS\srchasst
[08/26/2008 08:07 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/26/2008 08:07 PM | ---D | M] - C:\WINDOWS\PeerNet
[08/26/2008 08:08 PM | ---D | M] - C:\WINDOWS\Help
[08/26/2008 08:08 PM | ---D | M] - C:\WINDOWS\ime
[08/26/2008 08:08 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/26/2008 08:08 PM | ---D | M] - C:\WINDOWS\ServicePackFiles
[08/26/2008 08:08 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/26/2008 08:13 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/26/2008 08:17 PM | ---D | M] - C:\WINDOWS\security
[08/27/2008 08:33 AM | R-SD | M] - C:\WINDOWS\Fonts
[08/27/2008 08:34 AM | ---D | M] - C:\WINDOWS\AppPatch
[08/28/2008 05:46 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/28/2008 05:48 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/28/2008 05:53 PM | ---D | M] - C:\WINDOWS\LastGood
[08/28/2008 05:53 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/28/2008 05:56 PM | -H-D | M] - C:\WINDOWS\inf
[08/28/2008 06:05 PM | ---D | M] - C:\WINDOWS\Temp
[08/28/2008 07:11 PM | ---D | M] - C:\WINDOWS\system32
[08/28/2008 07:15 PM | -HSD | M] - C:\WINDOWS\Installer
[08/28/2008 07:16 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/28/2008 05:46 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/13/2008 05:43 PM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/17/2008 09:23 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Avg8
[08/21/2008 08:00 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 09:14 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[08/28/2008 06:07 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/28/2008 07:13 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/02/2008 02:22 PM | RH-D | M] - C:\Documents and Settings\Family\Application Data\SecuROM
[08/21/2008 05:16 PM | ---D | M] - C:\Documents and Settings\Family\Application Data\AVGTOOLBAR
[08/21/2008 08:00 PM | ---D | M] - C:\Documents and Settings\Family\Application Data\Malwarebytes
[08/26/2008 07:21 PM | ---D | M] - C:\Documents and Settings\Family\Application Data\Mozilla
[08/28/2008 06:06 PM | 00,030,392 | ---- | M] () - C:\Documents and Settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/28/2008 07:13 PM | ---D | M] - C:\Documents and Settings\Family\Local Settings\Application Data\Adobe
[08/17/2008 09:02 PM | 00,000,572 | ---- | M] () - C:\Documents and Settings\Family\My Documents\My Sharing Folders.lnk
[08/13/2008 05:45 PM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/17/2008 09:24 PM | 00,001,507 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[08/21/2008 08:00 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/28/2008 07:13 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/28/2008 07:15 PM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/12/2008 03:37 PM | 00,002,137 | ---- | M] () - C:\Documents and Settings\Family\Desktop\iTunes.lnk
[08/21/2008 09:16 PM | ---D | M] - C:\Documents and Settings\Family\Desktop\adam
[08/24/2008 01:09 PM | 12,146,263 | ---- | M] () - C:\Documents and Settings\Family\Desktop\streetfighteriv_072408_qtlowwide.mov
[08/26/2008 06:37 PM | ---D | M] - C:\Documents and Settings\Family\Desktop\Unused Desktop Shortcuts
[08/28/2008 06:00 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\Family\Desktop\Spybot - Search & Destroy.lnk
[08/28/2008 06:08 PM | 00,059,632 | ---- | M] () - C:\Documents and Settings\Family\Desktop\JavaRa.zip
[08/28/2008 06:09 PM | ---D | M] - C:\Documents and Settings\Family\Desktop\JavaRa
[08/28/2008 06:14 PM | 00,001,593 | ---- | M] () - C:\Documents and Settings\Family\Desktop\1219911257265-integrated.jnlp
[08/28/2008 06:23 PM | 15,984,024 | ---- | M] () - C:\Documents and Settings\Family\Desktop\jre-6u7-windows-i586-p.exe
[08/28/2008 06:53 PM | 35,124,856 | ---- | M] ( ) - C:\Documents and Settings\Family\Desktop\AdbeRdr90_en_US.exe
[08/17/2008 07:21 PM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard
[08/21/2008 04:05 PM | ---D | M] - C:\Program Files\Common Files\Teleca Shared
[08/21/2008 07:58 PM | ---D | M] - C:\Program Files\Common Files\Download Manager
[08/26/2008 08:04 PM | ---D | M] - C:\Program Files\Common Files\System
[08/28/2008 07:13 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/28/2008 07:15 PM | ---D | M] - C:\Program Files\Common Files\Adobe AIR

< End of report >


OTViewIt Extras logfile created on: 28/08/2008 7:16:17 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

509.98 Mb Total Physical Memory | 286.93 Mb Available Physical Memory | 56.26% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 73.02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 57.71 Gb Free Space | 77.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [08/26/2008 07:20 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== HKEY_LOCAL_MACHINE Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{52842271-922C-4907-8573-9F57A546509A}" = BigPond Wireless Broadband 2.10.6
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91175441-4E5D-4e13-B116-828FD352CDB2}" = Canon MP170
"{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0}" = OpenOffice.org 2.0
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"America Online au" = AOL Australia
"AOL|7 Broadband Demo" = AOL|7 Broadband Demo
"AVG8Uninstall" = AVG Free 8.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESC87 User's Guide" = ESC87 User's Guide
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 9 (KB911565)
"KB917734_WMP9" = Security Update for Windows Media Player 9 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB936782_WMP9" = Security Update for Windows Media Player 9 (KB936782)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"ShockwaveFlash" = Macromedia Flash Player 8
"Smart PDF Converter_is1" = Smart PDF Converter
"Soldat_is1" = Soldat 1.4.2
"UltraISO_is1" = UltraISO Premium V8.51
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

===== HKEY_CURRENT_USER Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

===== Winsock2 Catalogs =====

===== HKEY_LOCAL_MACHINE Protocol Defaults =====


===== HKEY_CURRENT_USER Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM - XPLPPFilter Class]
[08/17/2008 09:23 PM | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >

Thankyou
  • 0

#5
Egwene
Posted 28 August 2008 - 10:24 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey chich,

1) Backing up the registry :

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

2) Run OTmoveIT2 :

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015}
purity
emptytemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Regards,
Egwene.
  • 0

#6
Rorschach112
Posted 31 August 2008 - 04:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
chich
Posted 03 September 2008 - 05:00 AM

chich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Egwene, sorry for the late reply, have been busy the past few days


Explorer killed successfully
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f09af82-a28e-11db-a6fb-00038a000015}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45b7b76a-1ef7-11dd-aa4d-00a0c6000000}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588bd0c2-0149-11dd-aa1b-00038a000015}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8463e718-1ffb-11dd-aa50-00a0c6000000}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c31e03ab-473c-11dc-a899-00038a000015}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3a6e10-911f-11da-a470-001676141cf2}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6cb0de8-c297-11dc-a995-00038a000015}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe67e006-96e4-11da-a47d-00038a000015}\\ deleted successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\etilqs_47tu0g4bN9bxiNXphYDN scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbad.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbcm.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08312008_183711

Files moved on Reboot...
File C:\DOCUME~1\Family\LOCALS~1\Temp\etilqs_47tu0g4bN9bxiNXphYDN not found!
C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbad.log moved successfully.
C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbcm.log moved successfully.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 01, 2008 08:14:17
Records in database: 1172431
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 52500
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:12:13


File name / Threat name / Threats count
C:\WINDOWS\system32\ceswxfst.sys Infected: Trojan-Clicker.Win32.VB.bjh 1
C:\WINDOWS\system32\cfexfst.sys Infected: Trojan-Clicker.Win32.VB.bna 1
C:\WINDOWS\system32\sxtsyctd.sys Infected: Trojan.Win32.Delf.dsu 1

The selected area was scanned.

My system was infected by another virus, which i have dealt with, however, im not sure if these "threats" are from this virus or the original infection.
Should I post another HijackThis?
  • 0

#8
Egwene
Posted 03 September 2008 - 06:35 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey chich,

No problem :)

Let's go on with the removal so.

1) Run OTmoveIT2 :

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\ceswxfst.sys 
C:\WINDOWS\system32\cfexfst.sys 
C:\WINDOWS\system32\sxtsyctd.sys 
purity
emptytemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2) Run RSIT :

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Regards,
Egwene.
  • 0

#9
chich
Posted 04 September 2008 - 02:15 AM

chich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTMoveit2

Explorer killed successfully
C:\WINDOWS\system32\ceswxfst.sys moved successfully.
C:\WINDOWS\system32\cfexfst.sys moved successfully.
C:\WINDOWS\system32\sxtsyctd.sys moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\etilqs_JAFhF8PUNAQAZ3Cw4IMD scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbcm.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_175650

Files moved on Reboot...
File C:\DOCUME~1\Family\LOCALS~1\Temp\etilqs_JAFhF8PUNAQAZ3Cw4IMD not found!
C:\DOCUME~1\Family\LOCALS~1\Temp\tbpwbcm.log moved successfully.

RSIR log
Logfile of random's system information tool (written by random/random)
Run by Family at 2008-09-04 18:10:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (77%) free of 76 GB
Total RAM: 510 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:00 PM, on 4/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Family\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Family.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB001" /M "Stylus C87"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

--
End of file - 8335 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-01 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-17 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85}]
BigPond Wireless Broadband 2.0 Auto Dial - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll [2008-02-26 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-17 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"EPSON Stylus C87 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE [2005-01-27 98304]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"BigPondWirelessBroadbandCM"=C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe [2008-05-07 2162688]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-01 1235736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C87 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE [2005-01-27 98304]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-05-28 95800]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:Soldat"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-04 18:10:34 ----D---- C:\rsit
2008-08-31 20:32:47 ----D---- C:\Documents and Settings\Family\Application Data\TmpRecentIcons
2008-08-31 20:30:53 ----A---- C:\WINDOWS\eaxf.exe
2008-08-31 18:37:11 ----D---- C:\_OTMoveIt
2008-08-28 19:15:26 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-28 19:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-28 19:12:40 ----D---- C:\Program Files\Common Files\Adobe
2008-08-28 18:27:43 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-28 18:27:43 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-28 18:27:43 ----A---- C:\WINDOWS\system32\java.exe
2008-08-28 18:00:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-28 17:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-27 08:34:47 ----D---- C:\WINDOWS\Prefetch
2008-08-26 20:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-26 20:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-26 20:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-26 20:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-26 20:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-26 20:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-26 20:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-26 20:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-26 20:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-26 20:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-26 20:07:58 ----D---- C:\WINDOWS\system32\scripting
2008-08-26 20:07:58 ----D---- C:\WINDOWS\l2schemas
2008-08-26 20:07:57 ----D---- C:\WINDOWS\system32\en
2008-08-26 20:07:56 ----D---- C:\WINDOWS\system32\bits
2008-08-26 20:04:19 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-26 19:57:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-26 19:57:21 ----D---- C:\WINDOWS\EHome
2008-08-26 19:13:35 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-26 19:13:27 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-26 19:13:21 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-26 19:13:21 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-26 19:12:53 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-26 19:12:52 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-26 19:12:33 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-26 19:12:31 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-26 19:12:24 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-26 19:12:24 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-26 19:12:24 ----N---- C:\WINDOWS\slrundll.exe
2008-08-26 19:12:23 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-26 19:12:23 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-26 19:12:23 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-26 19:12:09 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-26 19:12:00 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-26 19:11:56 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-26 19:11:52 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-26 19:11:50 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-26 19:11:43 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-26 19:11:42 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-26 19:11:42 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-26 19:11:34 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-26 19:11:23 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-26 19:10:45 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-26 19:10:44 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-26 19:10:42 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-26 19:10:40 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-26 19:10:35 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-26 19:10:35 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-26 19:10:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-26 19:10:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-26 19:09:31 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 19:09:29 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 19:09:29 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-26 19:09:28 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 19:08:30 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 19:08:06 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 19:08:02 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 19:08:02 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 19:08:02 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 19:08:01 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 19:07:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-26 19:06:48 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-26 19:06:48 ----A---- C:\WINDOWS\002709_.tmp
2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-26 19:06:40 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-26 19:06:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-26 19:06:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-26 19:06:28 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-26 19:06:24 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-26 19:06:24 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-26 19:06:23 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-26 19:06:16 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-26 19:05:56 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-26 19:05:54 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-26 19:05:50 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-26 19:05:50 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-26 19:05:48 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-26 19:05:47 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-26 19:05:47 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-26 19:05:46 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-26 19:05:46 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-26 19:05:26 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-21 20:00:10 ----D---- C:\Documents and Settings\Family\Application Data\Malwarebytes
2008-08-21 20:00:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-21 20:00:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-21 19:58:53 ----D---- C:\Program Files\Common Files\Download Manager
2008-08-21 19:55:24 ----D---- C:\WINDOWS\ERDNT
2008-08-21 19:54:37 ----D---- C:\Program Files\ERUNT
2008-08-21 18:48:20 ----HD---- C:\$AVG8.VAULT$
2008-08-17 21:24:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-08-17 21:24:03 ----D---- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR
2008-08-17 21:17:52 ----D---- C:\Program Files\Trend Micro
2008-08-17 20:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 19:08:16 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-14 09:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 09:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 09:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 09:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 09:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 09:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 09:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-13 17:42:13 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-13 17:40:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 15:52:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 18:26:09 ----D---- C:\WINDOWS\system32\Adobe
2008-08-03 13:43:10 ----D---- C:\Program Files\AVG
2008-08-02 14:22:23 ----RHD---- C:\Documents and Settings\Family\Application Data\SecuROM
2008-08-02 14:22:22 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-07-28 21:35:23 ----A---- C:\WINDOWS\impborl.dll
2008-07-28 21:35:23 ----A---- C:\WINDOWS\flashax.exe
2008-07-09 16:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-20 17:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-12 20:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-12 09:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-12 09:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 09:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2008-06-09 17:39:33 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 068 USB WMC Modem.txt
2008-06-09 17:39:33 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 068 USB WMC Data Modem.txt

List of drivers

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-01-22 8552]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 cmusbnet;WAN Driver @ 3GPP (6280); C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2007-06-22 87424]
R3 cmusbser;%CMUSBSER%; C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-13 87040]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2002-02-05 28396]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-07-13 27072]
S3 SE2Cbus;Sony Ericsson Device 044 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys [2006-11-10 61600]
S3 SE2Cmdfl;Sony Ericsson Device 044 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys [2006-11-10 9360]
S3 SE2Cmdm;Sony Ericsson Device 044 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys [2006-11-10 97184]
S3 SE2Cmgmt;Sony Ericsson Device 044 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys [2006-11-10 88688]
S3 se2Cnd5;Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys [2006-11-10 18704]
S3 SE2Cobex;Sony Ericsson Device 044 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys [2006-11-10 86560]
S3 se2Cunic;Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se2Cunic.sys [2006-11-10 90800]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-01 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 2008-09-04 18:11:04

Uninstall list

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOL Australia-->C:\Program Files\Common Files\aolshare\Aolunins_au.exe
AOL|7 Broadband Demo-->C:\PROGRA~1\AOL7\BBDEMO~1\UNWISE.EXE C:\PROGRA~1\AOL7\BBDEMO~1\INSTALL.LOG
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BigPond Wireless Broadband 2.10.6-->MsiExec.exe /I{52842271-922C-4907-8573-9F57A546509A}
Canon MP170-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x0009
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESC87 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESC87\USE_G\DOCUNINS.EXE
Free Mp3 Wma Converter V 1.6.3-->"C:\Program Files\Free Audio Pack\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OLYMPUS Master 2-->MsiExec.exe /X{CBC85F2E-1981-4C55-9418-908D08D2C6E8}
OLYMPUS muvee theaterPack-->MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}
OpenOffice.org 2.0-->MsiExec.exe /I{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Smart PDF Converter-->"C:\Program Files\Smart PDF Converter\unins000.exe"
Soldat 1.4.2-->"c:\Soldat\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
UltraISO Premium V8.51-->"C:\Program Files\UltraISO\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: AVG Anti-Virus Free

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------
  • 0

#10
Egwene
Posted 04 September 2008 - 06:41 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey chich,

There are still some bad junks on your computer and we will remove it now :)

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Regards,
Egwene.
  • 0

Advertisements

#11
chich
Posted 05 September 2008 - 01:56 AM

chich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ComboFix 08-09-04.08 - Family 2008-09-05 17:18:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.196 [GMT 10:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Family\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Install.txt
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\rtl60.bpl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_MACIDWE
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_SOBICYT
-------\Legacy_TDSSSERV
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-04 18:10 . 2008-09-04 18:11 <DIR> d-------- C:\rsit
2008-08-31 20:30 . 2008-08-31 19:10 139,264 --a------ C:\WINDOWS\eaxf.exe
2008-08-31 18:37 . 2008-08-31 18:37 <DIR> d-------- C:\_OTMoveIt
2008-08-28 19:15 . 2008-08-28 19:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-28 19:12 . 2008-08-28 19:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-28 18:27 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-28 18:00 . 2008-08-28 18:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 20:04 . 2008-08-26 20:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-26 19:57 . 2008-08-26 19:57 <DIR> d-------- C:\WINDOWS\EHome
2008-08-26 19:12 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-08-26 19:11 . 2008-04-14 10:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-26 19:10 . 2008-04-14 10:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-26 19:09 . 2008-04-14 10:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-26 19:09 . 2008-04-14 10:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 19:09 . 2008-04-14 10:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 19:09 . 2008-04-14 10:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 19:08 . 2008-04-14 10:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 19:08 . 2008-04-14 10:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 19:07 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-26 19:07 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-08-26 19:07 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-08-26 19:07 . 2008-04-14 02:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-08-26 19:07 . 2008-04-14 04:36 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2008-08-26 19:07 . 2008-04-14 10:11 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-26 19:07 . 2008-04-14 04:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2008-08-26 19:07 . 2008-04-14 04:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-08-26 19:07 . 2007-09-17 18:48 1,261 --------- C:\WINDOWS\system32\pid.inf
2008-08-26 19:05 . 2008-04-14 10:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Malwarebytes
2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-21 20:00 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-21 20:00 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-21 19:58 . 2008-08-21 19:58 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-21 19:54 . 2008-08-31 18:34 <DIR> d-------- C:\Program Files\ERUNT
2008-08-21 18:48 . 2008-08-21 18:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-17 21:24 . 2008-09-03 20:39 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-17 21:24 . 2008-08-21 17:16 <DIR> d-------- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR
2008-08-17 21:24 . 2008-09-01 20:40 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-17 21:24 . 2008-08-17 21:24 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-17 21:24 . 2008-08-17 21:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-17 21:17 . 2008-08-17 21:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 20:54 . 2008-08-28 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 19:08 . 2008-08-17 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-13 21:55 . 2008-05-02 00:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 21:49 . 2008-04-12 05:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 17:42 . 2008-08-13 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-13 17:40 . 2008-08-17 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 15:52 . 2008-08-22 21:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 11:37 --------- d-----w C:\Program Files\Lavasoft
2008-08-28 12:21 --------- d-----w C:\Program Files\MSN Messenger
2008-08-28 08:27 --------- d-----w C:\Program Files\Java
2008-08-21 06:05 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-13 07:43 --------- d-----w C:\Documents and Settings\Family\Application Data\Lavasoft
2008-08-11 01:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 03:43 --------- d-----w C:\Program Files\AVG
2008-08-02 04:22 --------- d--h--r C:\Documents and Settings\Family\Application Data\SecuROM
2008-07-28 11:35 606,848 ----a-w C:\WINDOWS\flashax.exe
2008-07-28 11:35 12,288 ----a-w C:\WINDOWS\impborl.dll
2006-02-11 07:27 30,080 ----a-w C:\Documents and Settings\Family\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C87 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE" [2005-01-27 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"EPSON Stylus C87 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE" [2005-01-27 98304]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"BigPondWirelessBroadbandCM"="C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-05-07 2162688]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-01 1235736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe [2006-01-22 32842]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-01-22 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-01 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-01 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-17 76040]
S3 cmusbnet;WAN Driver @ 3GPP (6280);C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2007-06-22 87424]
S3 cmusbser;%CMUSBSER%;C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-13 87040]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-07-13 27072]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\flfbopbd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 17:41:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-05 17:47:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 07:47:04

Pre-Run: 61,710,413,824 bytes free
Post-Run: 61,600,575,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

199 --- E O F --- 2008-08-28 07:56:40



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:38 PM, on 5/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB001" /M "Stylus C87"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /M "Stylus C87" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

--
End of file - 7547 bytes
  • 0

#12
Egwene
Posted 05 September 2008 - 06:09 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey chich,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Sysrst::

File::
C:\WINDOWS\eaxf.exe

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
Egwene.
  • 0

#13
chich
Posted 07 September 2008 - 05:41 AM

chich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ComboFix 08-09-04.08 - Family 2008-09-07 21:29:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.238 [GMT 10:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Family\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\eaxf.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-04 18:10 . 2008-09-04 18:11 <DIR> d-------- C:\rsit
2008-08-31 18:37 . 2008-08-31 18:37 <DIR> d-------- C:\_OTMoveIt
2008-08-28 19:15 . 2008-08-28 19:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-28 19:12 . 2008-08-28 19:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-28 18:27 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-28 18:00 . 2008-08-28 18:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-26 20:07 . 2008-08-26 20:07 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 20:04 . 2008-08-26 20:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-26 19:57 . 2008-08-26 19:57 <DIR> d-------- C:\WINDOWS\EHome
2008-08-26 19:12 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-08-26 19:11 . 2008-04-14 10:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-26 19:10 . 2008-04-14 10:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-26 19:09 . 2008-04-14 10:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-26 19:09 . 2008-04-14 10:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 19:09 . 2008-04-14 10:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 19:09 . 2008-04-14 10:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 19:08 . 2008-04-14 10:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 19:08 . 2008-04-14 10:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 19:08 . 2008-04-14 10:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 19:07 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-26 19:07 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-08-26 19:07 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-08-26 19:07 . 2008-04-14 02:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-08-26 19:07 . 2008-04-14 04:36 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2008-08-26 19:07 . 2008-04-14 10:11 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-26 19:07 . 2008-04-14 04:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2008-08-26 19:07 . 2008-04-14 04:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-08-26 19:07 . 2007-09-17 18:48 1,261 --------- C:\WINDOWS\system32\pid.inf
2008-08-26 19:05 . 2008-04-14 10:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-21 20:00 . 2008-09-05 17:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Malwarebytes
2008-08-21 20:00 . 2008-08-21 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-21 20:00 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-21 20:00 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-21 19:58 . 2008-08-21 19:58 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-21 19:54 . 2008-08-31 18:34 <DIR> d-------- C:\Program Files\ERUNT
2008-08-21 18:48 . 2008-08-21 18:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-17 21:24 . 2008-09-07 16:38 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-17 21:24 . 2008-08-21 17:16 <DIR> d-------- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR
2008-08-17 21:24 . 2008-09-01 20:40 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-17 21:24 . 2008-08-17 21:24 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-17 21:24 . 2008-08-17 21:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-17 21:17 . 2008-08-17 21:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 20:54 . 2008-08-28 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 19:08 . 2008-08-17 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-13 21:55 . 2008-05-02 00:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 21:49 . 2008-04-12 05:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 17:42 . 2008-08-13 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-13 17:40 . 2008-08-17 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 15:52 . 2008-08-22 21:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 11:37 --------- d-----w C:\Program Files\Lavasoft
2008-08-28 12:21 --------- d-----w C:\Program Files\MSN Messenger
2008-08-28 08:27 --------- d-----w C:\Program Files\Java
2008-08-21 06:05 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-13 07:43 --------- d-----w C:\Documents and Settings\Family\Application Data\Lavasoft
2008-08-11 01:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 03:43 --------- d-----w C:\Program Files\AVG
2008-08-02 04:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-02 04:22 --------- d--h--r C:\Documents and Settings\Family\Application Data\SecuROM
2008-07-28 11:35 606,848 ----a-w C:\WINDOWS\flashax.exe
2008-07-28 11:35 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 00:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2006-02-11 07:27 30,080 ----a-w C:\Documents and Settings\Family\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegBHO-Global.reg
2008-08-21 19:50 1404 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005677.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDPF-Global.reg
2008-08-21 19:50 884 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005676.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDummy-Family.reg
2008-08-21 19:50 60 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005687.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtBat-Global.reg
2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005661.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtCmd-Global.reg
2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005657.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtCom-Global.reg
2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005660.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtExe-Global.reg
2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005659.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtPif-Global.reg
2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005658.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtReg-Global.reg
2008-08-21 19:50 86 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005638.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtScr-Global.reg
2008-08-21 19:50 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005637.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBME-Global.reg
2008-08-21 19:50 81 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005672.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP1-Global.reg
2008-08-21 19:50 116 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005666.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2a-Global.reg
2008-08-21 19:50 352 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005665.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2b-Global.reg
2008-08-21 19:50 464 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005664.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP3-Global.reg
2008-08-21 19:50 277 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005663.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP4-Global.reg
2008-08-21 19:50 83 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005662.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB1-Global.reg
2008-08-21 19:50 184 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005678.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB2-Global.reg
2008-08-21 19:50 399 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005674.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGCP-Global.reg
2008-08-21 19:50 87 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005655.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGIESH-Global.reg
2008-08-21 19:50 88 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005643.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGNTCVW-Global.reg
2008-08-21 19:50 244 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005653.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGNTCVWL-Global.reg
2008-08-21 19:50 337 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005651.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1-Global.reg
2008-08-21 19:50 1827 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005634.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1SM-Global.reg
2008-08-21 19:50 232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005648.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2-Global.reg
2008-08-21 19:50 86 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005682.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2SM-Global.reg
2008-08-21 19:50 81 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005647.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS3-Global.reg
2008-08-21 19:50 90 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005681.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS3SM-Global.reg
2008-08-21 19:50 232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005646.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS4-Global.reg
2008-08-21 19:50 94 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005680.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGSS-Global.reg
2008-08-21 19:50 13861 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005641.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGSSODL-Global.reg
2008-08-21 19:50 383 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005649.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGWLN-Global.reg
2008-08-21 19:50 6065 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005642.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBME-Family.reg
2008-08-21 19:50 262 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005673.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP1-Family.reg
2008-08-21 19:50 115 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005671.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2a-Family.reg
2008-08-21 19:50 254 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005670.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Family.reg
2008-08-21 19:50 407 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005669.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP3-Family.reg
2008-08-21 19:50 79 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005668.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP4-Family.reg
2008-08-21 19:50 115 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005667.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBTB1-Family.reg
2008-08-21 19:50 5933 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005679.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBTB2-Family.reg
2008-08-21 19:50 694 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005675.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUCP-Family.reg
2008-08-21 19:50 113 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005656.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUDesk-Family.reg
2008-08-21 19:50 136 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005645.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUIESH-Family.reg
2008-08-21 19:50 132 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005644.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUNTCVW-Family.reg
2008-08-21 19:50 208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005654.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUNTCVWL-Family.reg
2008-08-21 19:50 390 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005652.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS1-Family.reg
2008-08-21 19:50 569 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005686.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS2-Family.reg
2008-08-21 19:50 85 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005685.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS3-Family.reg
2008-08-21 19:50 89 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005684.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS4-Family.reg
2008-08-21 19:50 93 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005683.reg

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUSSODL-Family.reg
2008-08-21 19:50 105 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005650.reg

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\_003050_.tmp.dll
2004-08-10 15:04 1487 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006644.dll

2008-08-28 19:12 1304576 C:\Documents and Settings\Family\Desktop\OTViewIt.exe
2008-08-28 19:12 524288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009179.exe

C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIR\Adobe AIR Installer.exe
2008-06-12 20:10 6848789 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009190.exe

C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIR\nosso_air.exe
2008-06-12 20:09 211784 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009191.exe

C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIRShareInstaller.exe
2008-06-12 17:10 198032 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009192.exe

C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\READER9\Setup.exe
2008-06-12 17:10 341352 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009195.exe

C:\Documents and Settings\Family\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\Setup.exe
2008-06-12 17:10 308584 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0009197.exe

2004-08-04 07:00 25600 C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2004-08-04 07:00 25600 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005845.dll

2008-04-14 10:12 741376 C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll
2004-08-04 07:00 741376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007674.dll

2008-04-14 10:12 153088 C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll
2004-08-04 07:00 153088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007676.DLL

2008-04-14 10:11 618605 C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\fp4autl.dll
2003-03-24 18:52 618605 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007635.dll

2008-04-14 10:11 86528 C:\Program Files\Common Files\System\directdb.dll
2007-05-17 01:12 86528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007619.dll

2008-05-02 00:33 331776 C:\Program Files\Common Files\System\msadc\msadce.dll
2008-05-02 00:30 331776 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008043.dll

2008-04-14 03:25 20480 C:\Program Files\Common Files\System\msadc\msadcer.dll
2004-08-04 07:00 20480 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006832.dll

2008-04-14 10:11 61440 C:\Program Files\Common Files\System\msadc\msadcf.dll
2004-08-04 07:00 61440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006831.dll

2008-04-14 03:25 16384 C:\Program Files\Common Files\System\msadc\msadcfr.dll
2004-08-04 07:00 16384 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006830.dll

2008-04-14 10:11 143360 C:\Program Files\Common Files\System\msadc\msadco.dll
2006-03-23 15:44 143360 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006829.dll

2008-04-14 03:25 16384 C:\Program Files\Common Files\System\msadc\msadcor.dll
2004-08-04 07:00 16384 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006828.dll

2008-04-14 10:11 53248 C:\Program Files\Common Files\System\msadc\msadcs.dll
2004-08-04 07:00 53248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006827.dll

2008-04-14 10:11 155648 C:\Program Files\Common Files\System\msadc\msadds.dll
2004-08-04 07:00 155648 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006826.dll

2008-04-14 03:25 24576 C:\Program Files\Common Files\System\msadc\msaddsr.dll
2004-08-04 07:00 24576 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006825.dll

2008-04-14 03:25 16384 C:\Program Files\Common Files\System\msadc\msdaprsr.dll
2004-08-04 07:00 16384 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006824.dll

2008-04-14 10:11 200704 C:\Program Files\Common Files\System\msadc\msdaprst.dll
2004-08-04 07:00 200704 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006823.dll

2008-04-14 10:11 118784 C:\Program Files\Common Files\System\msadc\msdarem.dll
2004-08-04 07:00 118784 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006822.dll

2008-04-14 03:25 16384 C:\Program Files\Common Files\System\msadc\msdaremr.dll
2004-08-04 07:00 16384 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006821.dll

2008-04-14 10:11 36864 C:\Program Files\Common Files\System\msadc\msdfmap.dll
2004-08-04 07:00 36864 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006820.dll

2008-04-14 10:12 510976 C:\Program Files\Common Files\System\wab32.dll
2007-05-17 01:12 510976 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007618.dll

2008-04-14 02:21 249856 C:\Program Files\Common Files\System\wab32res.dll
2004-08-04 07:00 249856 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007617.dll

2005-10-20 12:04 38912 C:\Program Files\ERUNT\AUTOBACK.EXE
2005-10-20 12:04 38912 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0009263.EXE

2005-10-20 12:00 157696 C:\Program Files\ERUNT\ERUNT.EXE
2005-10-20 12:00 157696 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0009264.EXE

2005-10-20 12:03 140288 C:\Program Files\ERUNT\NTREGOPT.EXE
2005-10-20 12:03 140288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0009265.EXE

2004-06-27 01:00 77257 C:\Program Files\ERUNT\unins000.exe
2004-06-27 01:00 77257 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0009271.exe

2008-04-14 10:11 61440 C:\Program Files\Internet Explorer\Connection Wizard\icwconn.dll
2004-08-04 07:00 61440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007648.dll

2008-04-14 10:12 214528 C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
2004-08-04 07:00 214528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007647.exe

2008-04-14 10:12 86016 C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
2004-08-04 07:00 86016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007646.exe

2008-04-14 10:11 32768 C:\Program Files\Internet Explorer\Connection Wizard\icwdl.dll
2004-08-04 07:00 32768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007645.dll

2008-04-14 10:11 172032 C:\Program Files\Internet Explorer\Connection Wizard\icwhelp.dll
2004-08-04 07:00 172032 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007644.dll

2008-04-14 10:12 24576 C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
2004-08-04 07:00 24576 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007643.exe

2008-04-14 10:11 49152 C:\Program Files\Internet Explorer\Connection Wizard\icwutil.dll
2004-08-04 07:00 49152 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007642.dll

2008-04-14 10:12 20480 C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
2004-08-04 07:00 20480 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007641.exe

2008-09-02 00:16 1244848 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
2008-08-17 15:01 1195640 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009573.exe

2008-09-02 00:16 110256 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2008-08-17 15:01 110200 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009577.exe

2008-09-02 00:16 372400 C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
2008-08-17 15:01 372344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009576.exe

2008-09-05 17:59 688816 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
2008-08-21 19:59 688760 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009582.exe

2008-09-02 00:16 78000 C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
2008-08-17 15:01 77944 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009575.dll

2008-04-14 10:11 33792 C:\Program Files\Messenger\custsat.dll
2004-08-04 07:00 28672 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007906.dll

2008-05-03 00:01 83968 C:\Program Files\Messenger\msgsc.dll
2008-05-03 00:22 83968 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007905.dll

2008-04-14 03:30 180224 C:\Program Files\Messenger\msgslang.dll
2004-08-04 03:06 180224 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007904.dll

2008-04-14 10:12 1695232 C:\Program Files\Messenger\msmsgs.exe
2004-10-14 02:24 1694208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007903.exe

2008-04-14 10:12 3558912 C:\Program Files\Movie Maker\moviemk.exe
2004-08-04 07:00 3555328 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007712.exe

2008-04-14 10:12 167936 C:\Program Files\Movie Maker\wmm2ae.dll
2004-08-04 07:00 167936 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007775.dll

2008-04-14 10:12 4096 C:\Program Files\Movie Maker\wmm2eres.dll
2004-08-04 07:00 4096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007774.dll

2008-04-14 10:12 7680 C:\Program Files\Movie Maker\wmm2ext.dll
2004-08-04 07:00 7680 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007773.dll

2008-04-14 10:12 402432 C:\Program Files\Movie Maker\wmm2filt.dll
2004-08-04 07:00 402432 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007772.dll

2008-04-14 10:12 502272 C:\Program Files\Movie Maker\wmm2fxa.dll
2004-08-04 07:00 502272 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007771.dll

2008-04-14 10:12 325632 C:\Program Files\Movie Maker\wmm2fxb.dll
2004-08-04 07:00 325632 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007770.dll

2008-04-14 10:12 4256768 C:\Program Files\Movie Maker\wmm2res.dll
2004-08-04 07:00 4256768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007769.dll

2008-04-14 10:12 5632 C:\Program Files\Movie Maker\wmm2res2.dll
2004-08-04 07:00 5632 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007768.dll

2008-08-26 19:20 17408 C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
2008-07-20 20:24 13952 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006296.dll

C:\Program Files\Mozilla Firefox\components\jar50.dll
2008-07-20 20:24 67696 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006336.dll

C:\Program Files\Mozilla Firefox\components\jsd3250.dll
2008-07-20 20:24 54376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006337.dll

C:\Program Files\Mozilla Firefox\components\myspell.dll
2008-07-20 20:24 34952 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006340.dll

C:\Program Files\Mozilla Firefox\components\spellchk.dll
2008-07-20 20:24 46720 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006341.dll

C:\Program Files\Mozilla Firefox\components\xpinstal.dll
2008-07-20 20:24 172144 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006338.dll

2008-08-26 19:20 307712 C:\Program Files\Mozilla Firefox\firefox.exe
2008-07-20 20:24 7667312 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006305.exe

2008-08-26 19:20 233472 C:\Program Files\Mozilla Firefox\freebl3.dll
2008-07-20 20:24 200829 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006306.dll

2008-08-26 19:20 695296 C:\Program Files\Mozilla Firefox\js3250.dll
2008-07-20 20:24 458856 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006307.dll

2008-08-26 19:20 198144 C:\Program Files\Mozilla Firefox\nspr4.dll
2008-07-20 20:24 161392 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006308.dll

2008-08-26 19:20 697856 C:\Program Files\Mozilla Firefox\nss3.dll
2008-07-20 20:24 382568 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006309.dll

2008-08-26 19:20 304640 C:\Program Files\Mozilla Firefox\nssckbi.dll
2008-07-20 20:24 276080 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006310.dll

2008-08-26 19:20 20480 C:\Program Files\Mozilla Firefox\plc4.dll
2008-07-20 20:24 34424 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006312.dll

2008-08-26 19:20 17408 C:\Program Files\Mozilla Firefox\plds4.dll
2008-07-20 20:24 30320 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006313.dll

2008-08-26 19:20 65536 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
2008-07-20 20:24 22664 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006314.dll

2008-08-26 19:20 103936 C:\Program Files\Mozilla Firefox\smime3.dll
2008-07-20 20:24 112232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006328.dll

2008-08-26 19:20 151552 C:\Program Files\Mozilla Firefox\softokn3.dll
2008-07-20 20:24 254060 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006329.dll

2008-08-26 19:20 136704 C:\Program Files\Mozilla Firefox\ssl3.dll
2008-07-20 20:24 136808 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006330.dll

2008-08-26 19:20 507568 C:\Program Files\Mozilla Firefox\uninstall\helper.exe
2008-07-20 20:24 450936 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006331.exe

2008-08-26 19:20 241664 C:\Program Files\Mozilla Firefox\updater.exe
2008-07-20 20:24 132232 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006332.exe

2008-08-26 19:20 17920 C:\Program Files\Mozilla Firefox\xpcom.dll
2008-07-20 20:24 13416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006334.dll

C:\Program Files\Mozilla Firefox\xpcom_compat.dll
2008-07-20 20:24 73848 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006351.dll

C:\Program Files\Mozilla Firefox\xpcom_core.dll
2008-07-20 20:24 422000 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006335.dll

C:\Program Files\Mozilla Firefox\xpicleanup.exe
2008-07-20 20:24 73336 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006352.exe

C:\Program Files\Mozilla Firefox\xpistub.dll
2008-07-20 20:24 12400 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006339.dll

2008-04-14 10:10 229376 C:\Program Files\MSN\MSNCoreFiles\OOBE\obelog.dll
2004-08-04 07:00 229376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007786.dll

2008-04-14 10:10 966656 C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll
2004-08-04 07:00 966656 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007785.dll

2007-04-03 04:44 77824 C:\Program Files\MSN\MSNCoreFiles\OOBE\obemtllc.dll
2004-08-04 07:00 77824 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007784.dll

2008-04-14 10:10 86016 C:\Program Files\MSN\MSNCoreFiles\OOBE\obepopc.dll
2004-08-04 07:00 86016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007783.dll

2008-04-14 10:11 385024 C:\Program Files\NetMeeting\callcont.dll
2004-08-04 07:00 385024 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007667.dll

2008-04-14 10:12 1032192 C:\Program Files\NetMeeting\conf.exe
2004-08-04 07:00 1032192 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007666.exe

2008-04-14 10:11 45056 C:\Program Files\NetMeeting\confmrsl.dll
2004-08-04 07:00 45056 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007665.dll

2008-04-14 10:11 40960 C:\Program Files\NetMeeting\dcap32.dll
2004-08-04 07:00 40960 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007664.dll

2008-04-14 10:11 57344 C:\Program Files\NetMeeting\h323cc.dll
2004-08-04 07:00 57344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007663.dll

2008-04-14 10:12 274432 C:\Program Files\NetMeeting\mst120.dll
2004-08-04 07:00 274432 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007662.DLL

2008-04-14 10:12 57344 C:\Program Files\NetMeeting\mst123.dll
2004-08-04 07:00 57344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007661.DLL

2008-04-14 10:12 221184 C:\Program Files\NetMeeting\nac.dll
2004-08-04 07:00 221184 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007660.dll

2008-04-14 10:12 229376 C:\Program Files\NetMeeting\nmas.dll
2004-08-04 07:00 229376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007659.dll

2008-04-14 10:12 28672 C:\Program Files\NetMeeting\nmasnt.dll
2004-08-04 07:00 28672 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007658.dll

2008-04-14 10:12 81920 C:\Program Files\NetMeeting\nmchat.dll
2004-08-04 07:00 81920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007657.dll

2008-04-14 10:12 77824 C:\Program Files\NetMeeting\nmcom.dll
2004-08-04 07:00 77824 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007656.dll

2008-04-14 10:12 151552 C:\Program Files\NetMeeting\nmft.dll
2004-08-04 07:00 151552 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007655.dll

2008-04-14 10:12 172032 C:\Program Files\NetMeeting\nmoldwb.dll
2004-08-04 07:00 172032 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007654.dll

2008-04-14 10:12 188416 C:\Program Files\NetMeeting\nmwb.dll
2004-08-04 07:00 188416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007653.dll

2008-04-14 10:12 61440 C:\Program Files\NetMeeting\rrcm.dll
2004-08-04 07:00 61440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007652.dll

2008-04-14 10:12 60416 C:\Program Files\Outlook Express\msimn.exe
2004-08-04 07:00 60416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007633.exe

2008-04-14 10:12 1314816 C:\Program Files\Outlook Express\msoe.dll
2007-05-17 01:12 1314816 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007632.dll

2008-04-14 02:23 2479616 C:\Program Files\Outlook Express\msoeres.dll
2004-08-04 07:00 2479616 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007631.dll

2008-04-14 10:12 104448 C:\Program Files\Outlook Express\oeimport.dll
2004-08-04 07:00 104448 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007630.dll

2008-04-14 10:12 60416 C:\Program Files\Outlook Express\oemig50.exe
2004-08-04 07:00 60416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007629.exe

2008-04-14 10:12 35328 C:\Program Files\Outlook Express\oemiglib.dll
2004-08-04 07:00 35328 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007628.dll

2008-04-14 10:12 73216 C:\Program Files\Outlook Express\setup50.exe
2004-08-04 07:00 73216 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007627.exe

2008-04-14 10:12 46080 C:\Program Files\Outlook Express\wab.exe
2004-08-04 07:00 46080 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007626.exe

2008-04-14 10:12 32768 C:\Program Files\Outlook Express\wabfind.dll
2004-08-04 07:00 32768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007625.dll

2008-04-14 10:12 85504 C:\Program Files\Outlook Express\wabimp.dll
2007-05-17 01:12 85504 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007624.dll

2008-04-14 10:12 30208 C:\Program Files\Outlook Express\wabmig.exe
2004-08-04 07:00 30208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007623.exe

2008-07-07 09:41 939344 C:\Program Files\Spybot - Search & Destroy\advcheck.dll
2008-07-07 09:41 939344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005769.dll

2007-04-02 20:22 34472 C:\Program Files\Spybot - Search & Destroy\aports.dll
2007-04-02 20:22 34472 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005760.dll

2008-07-07 09:41 428880 C:\Program Files\Spybot - Search & Destroy\blindman.exe
2008-07-07 09:41 428880 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005768.exe

C:\Program Files\Spybot - Search & Destroy\BQEVUFSVUMKWOCYDV.scr
2008-07-07 09:42 1429840 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005774.scr

C:\Program Files\Spybot - Search & Destroy\CBDHQIKXN.scr
2008-07-07 09:42 4891472 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005775.scr

2008-06-14 11:24 255392 C:\Program Files\Spybot - Search & Destroy\DelZip179.dll
2008-06-14 11:24 255392 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005761.dll

2007-04-19 16:42 54440 C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
2007-04-19 16:42 54440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005752.dll

2008-03-04 15:52 790392 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
2008-03-04 15:52 790392 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005755.dll

2008-03-05 10:34 795520 C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
2008-03-05 10:34 795520 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005754.dll

2008-02-26 12:04 717176 C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
2008-02-26 12:04 717176 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005753.dll

2007-12-24 02:05 121344 C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
2007-12-24 02:05 121344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005756.dll

2008-07-07 09:36 1430016 C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
2008-07-07 09:36 1430016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005758.exe

2008-07-07 09:41 1562448 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
2008-07-07 09:41 1562448 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005782.dll

2008-07-07 09:42 414544 C:\Program Files\Spybot - Search & Destroy\SDMain.exe
2008-07-07 09:42 414544 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005765.exe

2008-07-07 09:37 958976 C:\Program Files\Spybot - Search & Destroy\SDShred.exe
2008-07-07 09:37 958976 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005757.exe

2008-07-07 09:42 1429840 C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
2008-07-07 09:42 1429840 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005778.exe

2008-07-07 09:42 809296 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2008-07-07 09:42 809296 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005764.exe

2008-07-07 09:42 4891472 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
2008-07-07 09:42 4891472 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005777.exe

2008-06-19 18:35 333288 C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
2008-06-19 18:35 333288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005759.dll

2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2008-07-07 09:42 2156368 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005779.exe

2008-07-07 09:42 835920 C:\Program Files\Spybot - Search & Destroy\Tools.dll
2008-07-07 09:42 835920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005763.dll

2008-08-28 17:57 696200 C:\Program Files\Spybot - Search & Destroy\unins000.exe
2008-08-17 20:50 696200 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005773.exe

2008-07-07 09:42 464720 C:\Program Files\Spybot - Search & Destroy\Update.exe
2008-07-07 09:42 464720 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005762.exe

C:\Program Files\Spybot - Search & Destroy\XIPECPCJHPDTUKHDKU.scr
2008-07-07 09:42 2156368 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005776.scr

C:\Program Files\Spyware Doctor\avengine\PCTAVEng.dll
2008-06-02 15:18 956296 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005694.dll

C:\Program Files\Spyware Doctor\avengine\SDAVgate.dll
2008-06-02 15:18 186248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005693.dll

C:\Program Files\Spyware Doctor\BH.dll
2008-06-02 15:18 419208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005723.dll

C:\Program Files\Spyware Doctor\cdialogs.dll
2008-07-03 18:07 670088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005722.dll

C:\Program Files\Spyware Doctor\commhlpr.dll
2008-06-02 15:18 298888 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005721.dll

C:\Program Files\Spyware Doctor\commlib.dll
2008-06-02 15:23 923528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005733.dll

C:\Program Files\Spyware Doctor\commom.dll
2008-07-16 09:16 1021832 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005732.dll

C:\Program Files\Spyware Doctor\drvctl.exe
2008-06-02 15:18 28040 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005730.exe

C:\Program Files\Spyware Doctor\filehlpr.dll
2008-06-02 15:18 319368 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005720.dll

C:\Program Files\Spyware Doctor\ikdll.dll
2008-06-02 15:19 119688 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005719.dll

C:\Program Files\Spyware Doctor\inethlpr.dll
2008-06-02 15:19 379272 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005718.dll

C:\Program Files\Spyware Doctor\InnoHelpers.dll
2008-07-08 16:07 241664 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005735.dll

C:\Program Files\Spyware Doctor\msvcp71.dll
2007-12-07 13:30 499712 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005704.dll

C:\Program Files\Spyware Doctor\msvcr71.dll
2007-12-07 13:30 348160 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005703.dll

C:\Program Files\Spyware Doctor\msvcr80.dll
2008-07-08 16:07 626688 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005734.dll

C:\Program Files\Spyware Doctor\NetworkLayer\Driver.exe
2008-07-08 16:31 165768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005702.exe

C:\Program Files\Spyware Doctor\NetworkLayer\InterfaceDLL.dll
2008-06-02 15:19 497544 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005695.dll

C:\Program Files\Spyware Doctor\NetworkLayer\msvcp71.dll
2007-12-07 13:30 499712 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005697.dll

C:\Program Files\Spyware Doctor\NetworkLayer\msvcr71.dll
2007-12-07 13:30 348160 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005696.dll

C:\Program Files\Spyware Doctor\NetworkLayer\PCTCFFix.exe
2008-06-02 15:19 71560 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005699.exe

C:\Program Files\Spyware Doctor\NetworkLayer\PCTCFHook.dll
2008-06-02 15:19 104328 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005701.dll

C:\Program Files\Spyware Doctor\NetworkLayer\pctfw2.sys
2008-07-28 11:29 160792 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005698.sys

C:\Program Files\Spyware Doctor\NetworkLayer\PCTLsp.dll
2008-06-02 15:20 190344 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005700.dll

C:\Program Files\Spyware Doctor\pctsAuxs.exe
2008-06-13 15:29 356920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005724.exe

C:\Program Files\Spyware Doctor\pctsGui.exe
2008-07-16 09:16 2871688 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005726.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe
2008-08-07 12:12 1073544 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005725.exe

C:\Program Files\Spyware Doctor\pctsTray.exe
2008-07-16 09:16 1166216 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005727.exe

C:\Program Files\Spyware Doctor\PCTWSC.dll
2008-06-02 15:20 182152 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005717.dll

C:\Program Files\Spyware Doctor\PWindow.dll
2008-06-02 15:21 194440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005716.dll

C:\Program Files\Spyware Doctor\RegHelper.dll
2008-06-02 15:22 286088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005715.dll

C:\Program Files\Spyware Doctor\sdcore.dll
2008-06-02 15:22 126856 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005714.dll

C:\Program Files\Spyware Doctor\sdinvoker.exe
2008-06-02 15:22 289160 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005729.exe

C:\Program Files\Spyware Doctor\sdloader.exe
2008-07-03 18:07 333704 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005728.exe

C:\Program Files\Spyware Doctor\sdwvhlp.dll
2008-06-02 15:22 59272 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005713.dll

C:\Program Files\Spyware Doctor\SH.dll
2008-06-02 15:22 398728 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005712.dll

C:\Program Files\Spyware Doctor\smumhook.dll
2008-06-02 15:22 146312 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005711.dll

C:\Program Files\Spyware Doctor\SysAccess.dll
2008-06-02 15:22 135560 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005710.dll

C:\Program Files\Spyware Doctor\unins000.exe
2008-08-13 15:51 707976 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005740.exe

C:\Program Files\Spyware Doctor\Update.exe
2008-07-03 18:08 1857416 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005731.exe

C:\Program Files\Spyware Doctor\Upgrade.exe
2008-06-02 15:22 1560968 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0005709.exe

2008-04-14 10:12 4639 C:\Program Files\Windows Media Player\mplayer2.exe
2004-08-04 07:00 4639 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007639.exe

2008-04-14 10:12 226816 C:\Program Files\Windows Media Player\npdrmv2.dll
2004-08-04 07:00 226816 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007638.dll

2008-04-14 10:12 364544 C:\Program Files\Windows Media Player\npdsplay.dll
2005-11-29 15:27 364544 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007637.dll

2008-04-14 10:12 10240 C:\Program Files\Windows Media Player\npwmsdrm.dll
2004-08-04 07:00 10240 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007636.dll

2008-04-14 10:12 214528 C:\Program Files\Windows NT\Accessories\wordpad.exe
2004-08-04 07:00 214528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007710.exe

2008-04-14 10:12 539136 C:\Program Files\Windows NT\dialer.exe
2004-08-04 07:00 539136 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007634.exe

2008-04-14 10:12 281088 C:\Program Files\Windows NT\Pinball\pinball.exe
2004-08-04 07:00 281088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007711.EXE

C:\system32\dsprpres.dll
2004-08-04 07:00 4096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007859.dll
2004-08-04 07:00 4096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007859.dll

C:\system32\p2pgasvc.dll
2004-08-04 07:00 86016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007817.dll

C:\WINDOWS\_000006_.tmp.dll
2008-05-03 01:01 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007995.dll
2008-05-02 01:30 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008042.dll

C:\WINDOWS\_000007_.tmp.dll
2008-05-03 01:01 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007997.dll
2008-05-02 01:30 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008046.dll

C:\WINDOWS\_000008_.tmp.dll
2008-05-09 07:25 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008003.dll
2008-06-17 06:12 12431 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008026.dll

C:\WINDOWS\_000010_.tmp.dll
2008-06-21 20:36 18785 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008034.dll

C:\WINDOWS\_000012_.tmp.dll
2008-06-19 19:25 15271 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0009085.dll

C:\WINDOWS\_000014_.tmp.dll
2008-06-21 20:36 18785 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0008039.dll

C:\WINDOWS\_002711_.tmp.dll
2004-08-04 07:00 7334 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006364.dll

C:\WINDOWS\_002712_.tmp.dll
2008-04-14 12:04 1088840 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006365.dll

C:\WINDOWS\_002713_.tmp.dll
2008-04-14 12:04 2144487 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006366.dll

C:\WINDOWS\_002714_.tmp.dll
2008-04-14 12:04 10027 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006367.dll

C:\WINDOWS\_002715_.tmp.dll
2008-04-14 12:04 14433 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006368.dll

C:\WINDOWS\_002716_.tmp.dll
2008-04-14 12:04 26991 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006369.dll

C:\WINDOWS\_002717_.tmp.dll
2008-04-14 12:04 12363 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006370.dll

C:\WINDOWS\_002718_.tmp.dll
2008-04-14 12:04 16535 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006371.dll

C:\WINDOWS\_002719_.tmp.dll
2008-04-14 12:04 34063 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006372.dll

C:\WINDOWS\_002720_.tmp.dll
2008-04-14 07:40 1296669 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006373.dll

C:\WINDOWS\_002721_.tmp.dll
2008-04-14 12:04 171588 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006374.dll

C:\WINDOWS\_002722_.tmp.dll
2008-04-14 12:04 402264 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006375.dll

C:\WINDOWS\_003266_.tmp.dll
2008-04-14 12:04 1088840 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007960.dll

C:\WINDOWS\_003267_.tmp.dll
2008-04-14 12:04 402264 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007962.dll

C:\WINDOWS\_003268_.tmp.dll
2008-04-14 12:04 171588 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007964.dll

C:\WINDOWS\_003269_.tmp.dll
2008-04-14 12:04 10027 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007966.dll

C:\WINDOWS\_003270_.tmp.dll
2008-04-14 12:04 16535 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007968.dll

C:\WINDOWS\_003271_.tmp.dll
2008-04-14 12:04 14433 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007970.dll

C:\WINDOWS\_003272_.tmp.dll
2008-04-14 12:04 12363 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007972.dll

C:\WINDOWS\_003273_.tmp.dll
2008-04-14 12:04 26991 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007974.dll

C:\WINDOWS\_003274_.tmp.dll
2008-04-14 12:04 2144487 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007976.dll

C:\WINDOWS\_003275_.tmp.dll
2004-08-04 07:00 7334 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007978.dll

C:\WINDOWS\_003276_.tmp.dll
2008-04-14 12:04 34063 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007980.dll

C:\WINDOWS\AppPatch\_003244_.tmp.dll
2004-08-04 07:00 9424 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006799.dll

2008-04-14 10:11 39424 C:\WINDOWS\AppPatch\acadproc.dll
2006-10-05 00:05 39424 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0007882.dll

C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll
2008-09-03 21:37 42248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0009441.dll

C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll
2008-09-03 21:37 27912 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0009442.dll

C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll
2008-09-03 21:37 73728 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0009443.dll

C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll
2008-09-03 21:37 83296 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0009444.dll

C:\WINDOWS\Driver Cache\i386\_002729_.tmp.dll
2006-06-14 19:00 82944 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006382.dll

C:\WINDOWS\Driver Cache\i386\_002759_.tmp.dll
2006-06-14 18:47 6400 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0006412.dll

C:\
  • 0

#14
chich
Posted 07 September 2008 - 06:06 AM

chich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
AVG also just detected another threat

Infection Type: "PUP"
Virus name: Potentially harmful program HideExec.EV
Located: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0009550.exe
  • 0

#15
Egwene
Posted 07 September 2008 - 06:24 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Chich,

Look at your CF repport, it's incomplete.

Could you please post me what is missing in a next reply ?

Thanks. :)

Regards,
Egwene.

Edited by Egwene, 07 September 2008 - 06:24 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP