Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help! Infected with Win32/Heur and Win32/Tanatos.M [RESOLVE

Started by Richiiee , Oct 30 2008 06:46 PM

  • This topic is locked This topic is locked

#16
Richiiee
Posted 09 November 2008 - 02:05 PM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

And just like the Kaspersky one, the scan didn't complete... it went about 3/4 of the way through the scan (it hadn't detected anything so far), and then it asked me to install ActiveX control again so I clicked yes, and the scan restarted, then it did it again.


The Eset scan just doesn't seem to complete. But it goes about 3/4 of the way through before messing up, but it hasn't detected anything that far.

Edited by Richiiee, 09 November 2008 - 02:06 PM.

  • 0

Advertisements

#17
Ltangelic
Posted 10 November 2008 - 05:24 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Richiiee,

All right, no worries about the online scan. Let's try one more tool to see if there is anything else that can be found.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#18
Richiiee
Posted 10 November 2008 - 02:38 PM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
[Deleted to save space]

Edited by Richiiee, 11 November 2008 - 07:05 AM.

  • 0

#19
Ltangelic
Posted 11 November 2008 - 03:55 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Your log.txt got cut off here:

S4 vsdatant;vsdatant; C:\WINDOWS\system32

Please don't put them in quotes as it takes more posting space. Also, please post your info.txt separately as well. Thanks. :)
  • 0

#20
Richiiee
Posted 11 November 2008 - 07:05 AM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Sorry about that. Here's the log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Richie at 2008-11-10 15:36:18
Microsoft Windows XP Professional Service Pack 2
System drive C: has 201 GB (84%) free of 238 GB
Total RAM: 384 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:30 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Richie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 5552 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-01 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-02 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-01 185872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-02 136600]
"a-squared"=C:\Program Files\a-squared Anti-Malware\a2guard.exe [2008-10-19 2782352]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-01 133104]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2008-11-07 270128]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2008-11-10 15:36:18 ----D---- C:\rsit
2008-11-09 21:36:50 ----A---- C:\WINDOWS\system32\i81xdnt5.dll
2008-11-09 15:45:16 ----D---- C:\Program Files\Rockstar Games
2008-11-09 15:15:39 ----D---- C:\Program Files\Max Payne
2008-11-09 15:14:45 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-09 15:03:06 ----D---- C:\Program Files\MagicISO
2008-11-09 14:49:28 ----D---- C:\Documents and Settings\Richie\Application Data\DAEMON Tools
2008-11-09 11:29:04 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-09 11:25:00 ----D---- C:\Program Files\Common Files\Reallusion
2008-11-09 11:24:58 ----D---- C:\Program Files\Reallusion
2008-11-09 11:24:22 ----N---- C:\WINDOWS\system32\Remover.ini
2008-11-09 11:24:22 ----N---- C:\WINDOWS\system32\Remove.exe
2008-11-09 11:24:20 ----A---- C:\WINDOWS\system32\CoInst_070910.dll
2008-11-09 11:24:17 ----D---- C:\Program Files\PixArt
2008-11-09 11:24:16 ----N---- C:\WINDOWS\system32\SP7302.ini
2008-11-09 11:24:15 ----N---- C:\WINDOWS\system32\P7302USD.dll
2008-11-09 11:24:14 ----D---- C:\WINDOWS\PixArt
2008-11-09 11:24:14 ----D---- C:\Program Files\Common Files\PAC7302
2008-11-09 11:23:51 ----D---- C:\Documents and Settings\Richie\Application Data\InstallShield
2008-11-09 01:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-11-09 01:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-11-09 01:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-09 01:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-11-09 01:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-09 01:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-09 01:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-09 01:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-09 01:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-11-09 01:08:32 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-11-09 01:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-11-09 01:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-09 01:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-09 01:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-09 01:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-11-09 01:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-09 01:06:30 ----A---- C:\WINDOWS\imsins.BAK
2008-11-09 01:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-11-08 13:14:38 ----A---- C:\WINDOWS\system32\rewire.dll
2008-11-08 12:50:50 ----D---- C:\Program Files\CCleaner
2008-11-08 11:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-08 09:30:11 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-07 21:10:33 ----D---- C:\Program Files\uTorrent
2008-11-07 21:08:18 ----D---- C:\Program Files\Bit Che
2008-11-07 21:08:18 ----D---- C:\Documents and Settings\Richie\Application Data\Convivea
2008-11-07 19:38:28 ----D---- C:\Program Files\SopCast
2008-11-07 17:27:08 ----D---- C:\Program Files\Trend Micro
2008-11-07 17:21:46 ----D---- C:\WINDOWS\Sun
2008-11-07 17:14:03 ----D---- C:\Documents and Settings\Richie\Application Data\Malwarebytes
2008-11-07 17:13:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-07 17:13:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-02 18:20:19 ----A---- C:\WINDOWS\system32\OGACheckControl.dll
2008-11-02 18:17:29 ----D---- C:\Program Files\Microsoft Works
2008-11-02 18:17:04 ----D---- C:\Program Files\MSBuild
2008-11-02 18:16:34 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-02 18:16:33 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-02 18:07:56 ----D---- C:\WINDOWS\SHELLNEW
2008-11-02 18:06:50 ----D---- C:\Program Files\Microsoft Office
2008-11-02 18:06:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-02 18:06:12 ----RHD---- C:\MSOCache
2008-11-02 16:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-11-02 16:40:51 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-11-02 16:38:52 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-02 16:38:01 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-02 16:35:02 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-02 16:32:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-02 16:32:10 ----D---- C:\Program Files\Common Files\Adobe
2008-11-02 16:32:10 ----D---- C:\Program Files\Adobe
2008-11-02 16:29:56 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-11-02 16:29:53 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-11-02 16:29:52 ----D---- C:\Program Files\ffdshow
2008-11-02 16:28:43 ----D---- C:\Program Files\PlayFLV
2008-11-02 16:16:23 ----D---- C:\Documents and Settings\Richie\Application Data\WinRAR
2008-11-02 16:14:52 ----D---- C:\Program Files\WinRAR
2008-11-02 13:11:11 ----SHD---- C:\RECYCLER
2008-11-02 13:07:03 ----A---- C:\ComboFix.txt
2008-11-02 13:03:01 ----A---- C:\Boot.bak
2008-11-02 13:02:57 ----RASHD---- C:\cmdcons
2008-11-02 13:01:29 ----A---- C:\WINDOWS\zip.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\VFIND.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\SWSC.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\SWREG.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\sed.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\grep.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\fdsv.exe
2008-11-02 13:01:20 ----D---- C:\WINDOWS\ERDNT
2008-11-02 13:01:20 ----D---- C:\Qoobox
2008-11-02 09:53:37 ----D---- C:\Program Files\a-squared Anti-Malware
2008-11-02 09:45:34 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-02 09:45:34 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-02 09:45:34 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-02 09:45:33 ----A---- C:\WINDOWS\system32\java.exe
2008-11-02 09:45:15 ----D---- C:\Program Files\Java
2008-11-02 09:44:23 ----D---- C:\Documents and Settings\Richie\Application Data\Sun
2008-11-02 09:25:37 ----D---- C:\Documents and Settings\Richie\Application Data\Mozilla
2008-11-02 08:18:47 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-02 08:18:47 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-02 08:18:47 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-01 20:28:10 ----D---- C:\Program Files\New Folder
2008-11-01 16:00:01 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2008-11-01 16:00:01 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2008-11-01 16:00:01 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2008-11-01 15:59:39 ----D---- C:\Program Files\eRightSoft
2008-11-01 15:59:22 ----D---- C:\Documents and Settings\Richie\Application Data\vlc
2008-11-01 15:58:24 ----D---- C:\Program Files\VideoLAN
2008-11-01 15:52:10 ----D---- C:\Program Files\Common Files\xing shared
2008-11-01 15:52:03 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-01 15:51:56 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-11-01 15:51:56 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-11-01 15:51:55 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-01 15:51:53 ----D---- C:\Program Files\Common Files\Real
2008-11-01 15:51:51 ----D---- C:\Program Files\Real
2008-11-01 15:51:26 ----D---- C:\Documents and Settings\Richie\Application Data\Real
2008-11-01 15:48:52 ----D---- C:\Documents and Settings\Richie\Application Data\uTorrent
2008-11-01 13:48:23 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-01 13:42:12 ----D---- C:\Program Files\Avira
2008-11-01 13:42:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-11-01 13:27:21 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-11-01 13:27:21 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-11-01 13:27:21 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-11-01 13:12:20 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-01 13:08:51 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-01 13:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-01 13:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-01 13:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-01 13:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 13:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-01 13:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 13:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-01 13:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-01 13:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 12:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 12:54:11 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-01 12:53:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-01 12:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-01 12:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-01 12:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-01 12:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-01 12:46:27 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-11-01 12:46:21 ----D---- C:\Program Files\Sygate
2008-11-01 12:46:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-01 12:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-01 12:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-01 12:42:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-01 12:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-01 12:35:26 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-01 12:34:59 ----D---- C:\Program Files\Windows Live
2008-11-01 12:34:44 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-11-01 12:30:49 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-01 12:16:08 ----D---- C:\WINDOWS\pss
2008-11-01 11:54:17 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-01 11:47:47 ----D---- C:\Documents and Settings\Richie\Application Data\Macromedia
2008-11-01 11:47:47 ----D---- C:\Documents and Settings\Richie\Application Data\Adobe
2008-11-01 11:44:09 ----D---- C:\Program Files\Mozilla Firefox
2008-11-01 11:24:55 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-01 11:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-01 11:24:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 11:13:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-01 11:12:19 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-01 11:12:16 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-01 11:12:16 ----D---- C:\WINDOWS\Prefetch
2008-11-01 11:11:51 ----SHD---- C:\System Volume Information
2008-11-01 11:11:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 11:07:17 ----D---- C:\WINDOWS\system32\xircom
2008-11-01 11:07:17 ----D---- C:\Program Files\xerox
2008-11-01 11:07:17 ----D---- C:\Program Files\microsoft frontpage
2008-11-01 11:06:39 ----A---- C:\WINDOWS\control.ini
2008-11-01 11:06:39 ----A---- C:\AUTOEXEC.BAT
2008-11-01 11:06:36 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-01 11:06:36 ----N---- C:\WINDOWS\system32\asr_pfu.exe
2008-11-01 11:06:35 ----N---- C:\WINDOWS\system32\spiisupd.exe
2008-11-01 11:06:27 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-01 11:06:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-01 11:06:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-01 11:06:27 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-01 11:06:27 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-11-01 11:06:27 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\encapi.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\dxdiagn.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\dsprpres.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\d3d9.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\btpanui.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\bthserv.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\bthci.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\blastcln.exe
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\auditusr.exe
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\ieencode.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\httpapi.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\hccoin.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\fwcfg.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\fsquirt.exe
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\fltmc.exe
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\fltlib.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\encdec.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdukx.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdno1.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdinben.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mssap.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\msftedit.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\msdadiag.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\powercfg.exe
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2psvc.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2p.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\wmidx.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\wmerror.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\winshfhc.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\winhttp.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\winbrand.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\w3ssl.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\twext.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\strmfilt.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\smbinst.exe
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\sbeio.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\sbe.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmpasf.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmp.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wshbth.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wscsvc.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wscntfy.exe
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wmspdmoe.dll
2008-11-01 11:06:19 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\system32\xpsp1res.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\system32\xpob2res.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\system32\xmlprov.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\slrundll.exe
2008-11-01 11:06:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-01 11:06:18 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-01 11:06:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-01 11:06:17 ----D---- C:\WINDOWS\peernet
2008-11-01 11:06:16 ----D---- C:\WINDOWS\provisioning
2008-11-01 11:05:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-01 11:05:20 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-01 11:05:20 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-01 11:05:13 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-01 11:04:55 ----D---- C:\WINDOWS\srchasst
2008-11-01 11:04:47 ----D---- C:\WINDOWS\system32\DirectX
2008-11-01 11:04:46 ----D---- C:\WINDOWS\system32\Macromed
2008-11-01 11:04:36 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-01 11:04:36 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-01 11:04:35 ----D---- C:\Program Files\Movie Maker
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-01 11:04:15 ----A---- C:\WINDOWS\system32\desktop.ini
2008-11-01 11:04:15 ----A---- C:\WINDOWS\desktop.ini
2008-11-01 11:04:09 ----D---- C:\WINDOWS\system32\Restore
2008-11-01 11:04:09 ----D---- C:\Program Files\Windows Media Player
2008-11-01 11:04:09 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-01 11:04:09 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-01 11:04:09 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-01 11:04:07 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-01 11:04:05 ----D---- C:\Program Files\NetMeeting
2008-11-01 11:04:04 ----D---- C:\WINDOWS\PCHEALTH
2008-11-01 11:04:04 ----D---- C:\Program Files\Common Files\Services
2008-11-01 11:04:04 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-01 11:04:04 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-01 11:04:04 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-01 11:04:02 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-01 11:04:02 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-01 11:04:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-01 11:03:59 ----SD---- C:\WINDOWS\Tasks
2008-11-01 11:03:59 ----D---- C:\Program Files\Outlook Express
2008-11-01 11:03:59 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-01 11:03:59 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-01 11:03:59 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-01 11:03:56 ----D---- C:\Program Files\Common Files\MSSoap
2008-11-01 11:03:52 ----D---- C:\Program Files\Common Files\System
2008-11-01 11:03:47 ----D---- C:\Program Files\Internet Explorer
2008-11-01 11:03:02 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-01 11:03:02 ----A---- C:\WINDOWS\vb.ini
2008-11-01 11:02:58 ----D---- C:\WINDOWS\Registration
2008-11-01 11:02:53 ----HD---- C:\Program Files\WindowsUpdate
2008-11-01 11:02:47 ----D---- C:\Program Files\Messenger
2008-11-01 11:02:41 ----D---- C:\Program Files\MSN
2008-11-01 11:02:38 ----D---- C:\Program Files\MSN Gaming Zone
2008-11-01 11:02:38 ----A---- C:\WINDOWS\system32\write.exe
2008-11-01 11:02:29 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-01 11:02:29 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-01 11:02:27 ----D---- C:\Program Files\Windows NT
2008-11-01 11:02:27 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-01 11:02:26 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-01 11:02:22 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-01 11:02:17 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-01 11:02:15 ----D---- C:\WINDOWS\system32\Com
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-01 11:02:13 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-01 11:02:13 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-01 11:02:13 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-01 11:02:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-01 11:02:04 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-01 11:02:04 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-01 11:02:04 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-01 11:02:03 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-01 11:02:03 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-01 11:01:58 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2008-11-01 11:00:56 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-01 11:00:53 ----A---- C:\WINDOWS\002254_.tmp
2008-11-01 11:00:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 11:00:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-01 10:58:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-01 10:58:23 ----D---- C:\WINDOWS\EHome
2008-11-01 10:13:15 ----SHD---- C:\WINDOWS\Installer
2008-11-01 10:13:12 ----D---- C:\Documents and Settings\Richie\Application Data\Identities
2008-11-01 10:13:06 ----HD---- C:\Program Files\Uninstall Information
2008-11-01 10:12:57 ----ASH---- C:\Documents and Settings\Richie\Application Data\desktop.ini
2008-11-01 10:12:56 ----SD---- C:\Documents and Settings\Richie\Application Data\Microsoft
2008-11-01 02:59:30 ----A---- C:\WINDOWS\system32\h323log.txt
2008-11-01 02:55:53 ----A---- C:\WINDOWS\system32\ati2draa.dll
2008-11-01 02:55:39 ----A---- C:\WINDOWS\system32\usbui.dll
2008-11-01 02:55:36 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-01 02:54:32 ----D---- C:\Program Files\Common Files\ODBC
2008-11-01 02:54:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 02:54:32 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-01 02:54:29 ----RD---- C:\Program Files
2008-11-01 02:54:29 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-11-01 02:54:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 02:54:29 ----D---- C:\Program Files\Common Files
2008-11-01 02:54:26 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-11-01 02:54:26 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-11-01 02:54:26 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-11-01 02:54:18 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\batt.dll
2008-11-01 02:54:15 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-11-01 02:54:15 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-01 02:54:15 ----A---- C:\WINDOWS\notepad.exe
2008-11-01 02:54:11 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-01 02:54:04 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-11-01 02:53:33 ----RA---- C:\WINDOWS\SET7.tmp
2008-11-01 02:53:30 ----RA---- C:\WINDOWS\SET3.tmp
2008-11-01 02:53:23 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 02:53:23 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 02:53:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-01 02:53:05 ----D---- C:\Documents and Settings
2008-11-01 02:49:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-01 02:49:09 ----RSD---- C:\WINDOWS\Fonts
2008-11-01 02:49:09 ----RD---- C:\WINDOWS\Web
2008-11-01 02:49:09 ----HD---- C:\WINDOWS\inf
2008-11-01 02:49:09 ----D---- C:\WINDOWS\WinSxS
2008-11-01 02:49:09 ----D---- C:\WINDOWS\twain_32
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Temp
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\wins
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\usmt
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\spool
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\ras
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\oobe
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\npp
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\mui
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\IME
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\icsxml
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\ias
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\export
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\dhcp
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\config
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\3com_dmi
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\3076
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\2052
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1054
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1042
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1041
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1037
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1033
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1031
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1028
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1025
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system
2008-11-01 02:49:09 ----D---- C:\WINDOWS\security
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Resources
2008-11-01 02:49:09 ----D---- C:\WINDOWS\repair
2008-11-01 02:49:09 ----D---- C:\WINDOWS\mui
2008-11-01 02:49:09 ----D---- C:\WINDOWS\msapps
2008-11-01 02:49:09 ----D---- C:\WINDOWS\msagent
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Media
2008-11-01 02:49:09 ----D---- C:\WINDOWS\java
2008-11-01 02:49:09 ----D---- C:\WINDOWS\ime
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Help
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Driver Cache
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Debug
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Cursors
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Connection Wizard
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Config
2008-11-01 02:49:09 ----D---- C:\WINDOWS\AppPatch
2008-11-01 02:49:09 ----D---- C:\WINDOWS\addins
2008-11-01 02:49:09 ----D---- C:\WINDOWS
2008-11-01 02:43:17 ----RASH---- C:\boot.ini

======List of files/folders modified in the last 1 months======

2008-11-09 21:54:48 ----A---- C:\WINDOWS\system.ini
2008-11-09 11:48:47 ----A---- C:\WINDOWS\win.ini
2008-11-01 11:01:48 ----RASH---- C:\NTDETECT.COM
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2002-01-11 295168]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\WINDOWS\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 a09dhpzg;a09dhpzg; C:\WINDOWS\system32\drivers\a09dhpzg.sys []
S3 aqk9kd2z;aqk9kd2z; C:\WINDOWS\system32\drivers\aqk9kd2z.sys []
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 ATICDSDr;ATICDSDr; \??\C:\DOCUME~1\Richie\LOCALS~1\Temp\ATICDSDr.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PAC7302;In-Sight Webcam; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of servic
  • 0

#21
Richiiee
Posted 11 November 2008 - 07:07 AM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I don't know why it keeps cutting off... well here's the second part of log.txt:




S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-10-19 418936]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-02 152984]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-02 68096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------





And here's info.txt:


info.txt logfile of random's system information tool 1.04 2008-11-10 15:36:38

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
a-squared Anti-Malware 4.0-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bit Che-->"C:\Program Files\Bit Che\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CrazyTalk Cam Suite-->C:\Program Files\InstallShield Installation Information\{D1504C77-1B19-4AF0-8DEC-946666123B55}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
In-Sight Webcam-->C:\Program Files\InstallShield Installation Information\{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}\setup.exe -runfromtemp -l0x0009 -removeonly
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Max Payne 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\Setup.exe" -l0x9
Max Payne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe" uninstall uninstall
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PlayFLV-->"C:\Program Files\PlayFLV\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Office 2007 (KB936514)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: Sygate Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0b01
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
  • 0

#22
Ltangelic
Posted 11 November 2008 - 07:40 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Richiiee,

Looks like there are still some leftovers for us to remove. :)

1) Remove unnecessary folders

Use Windows Explorer and remove the following (if present):

C:\Documents and Settings\Richie\Application Data\uTorrent
C:\Program Files\uTorrent
C:\WINDOWS\peernet

The folders above are leftovers of P2P programs, you can safely remove them.

Reboot your computer.

2) Run OTMoveIt3

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveIt3.exe and select "Run as an Administrator")
  • Copy everything in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\WINDOWS\control.ini
C:\AUTOEXEC.BAT
C:\WINDOWS\002254_.tmp
C:\WINDOWS\system32\h323log.txt
C:\WINDOWS\SET7.tmp
C:\WINDOWS\SET3.tmp
C:\WINDOWS\system32\Remover.ini
C:\WINDOWS\system32\Remove.exe
C:\WINDOWS\system32\CoInst_070910.dll
C:\WINDOWS\system32\drivers\a09dhpzg.sys
C:\WINDOWS\system32\drivers\aqk9kd2z.sys

:Services
a09dhpzg
aqk9kd2z

:Reg
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

:Commands
[purity]
[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the "Results" window (under the Green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3) Re-run Malwarebytes Anti-Malware

  • Open Malwarebytes by clicking on its shortcut on desktop. Please click on the "Update" tab and click "Check for Updates".
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next reply (please include):

Fresh RSIT log (Re-run RSIT)
OTMoveIt3 log
MBAM scan log
  • 0

#23
Richiiee
Posted 11 November 2008 - 10:23 AM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ugh... the thing froze. It moved all the files believe, but it disabled explorer.exe and froze so I had to Run the explorer.exe process from the Task Manager because my taskbar disappeared. The program didn't respond so I couldn't copy the log, but I did get this screenshot:

Posted Image


Here's the MBAM log:


Malwarebytes' Anti-Malware 1.30
Database version: 1383
Windows 5.1.2600 Service Pack 2

11/11/2008 11:21:07 AM
mbam-log-2008-11-11 (11-21-07).txt

Scan type: Quick Scan
Objects scanned: 43216
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#24
Richiiee
Posted 11 November 2008 - 10:23 AM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
RSIT's log.txt:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Richie at 2008-11-11 11:22:48
Microsoft Windows XP Professional Service Pack 2
System drive C: has 201 GB (84%) free of 238 GB
Total RAM: 384 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:50 AM, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Richie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\Richie\Desktop\OTMoveIt3.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 5801 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-01 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-02 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-01 185872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-02 136600]
"a-squared"=C:\Program Files\a-squared Anti-Malware\a2guard.exe [2008-10-19 2782352]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTMoveIt"=C:\Documents and Settings\Richie\Desktop\OTMoveIt3.exe [2008-11-11 334848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-01 133104]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31bc873d-a90b-11dd-9258-00e0183d2367}]
shell\AUtoplay\command - rbyn.exe
shell\AutoRun\command - rbyn.exe
shell\ExplORE\command - rbyn.exe
shell\opEn\command - rbyn.exe


======List of files/folders created in the last 1 months======

2008-11-11 11:05:55 ----D---- C:\_OTMoveIt
2008-11-11 10:20:43 ----D---- C:\Program Files\VALVe
2008-11-11 08:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-11 08:52:55 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-11-11 08:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-11-11 08:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-11-11 08:46:26 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-11-11 08:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-11 08:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-11-11 08:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-11-11 08:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-11 08:41:36 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-11 08:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-11 08:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-11-11 08:40:13 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-11 08:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-11 08:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-11-11 08:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-11 08:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-11-11 08:37:54 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-11 08:37:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-11-11 08:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-11-11 08:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-11 08:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-11-11 08:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-11-11 08:35:11 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-11-11 08:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2008-11-11 08:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-11 08:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-11-11 08:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2008-11-11 08:32:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-11 08:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-11-11 08:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-11-11 08:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-11 08:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-11-11 08:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-11 08:23:15 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-11 08:23:07 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-11-11 08:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-11-11 08:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-11-11 08:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-11 08:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-11 08:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-11-11 08:20:06 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-11 08:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-11 08:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-11-11 08:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-11-11 08:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-11-11 08:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-11 08:16:42 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-11 08:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-11 08:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-11-11 08:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-11 08:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-11 08:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-11-11 08:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-11-11 08:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-11-11 08:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-11 08:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-11-11 08:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-11 08:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-11-11 08:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-11-11 08:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-11-11 08:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-11-11 08:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-11-11 08:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-11-10 15:36:18 ----D---- C:\rsit
2008-11-09 21:36:50 ----A---- C:\WINDOWS\system32\i81xdnt5.dll
2008-11-09 15:45:16 ----D---- C:\Program Files\Rockstar Games
2008-11-09 15:15:39 ----D---- C:\Program Files\Max Payne
2008-11-09 15:14:45 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-09 15:03:06 ----D---- C:\Program Files\MagicISO
2008-11-09 14:49:28 ----D---- C:\Documents and Settings\Richie\Application Data\DAEMON Tools
2008-11-09 11:29:04 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-09 11:25:00 ----D---- C:\Program Files\Common Files\Reallusion
2008-11-09 11:24:58 ----D---- C:\Program Files\Reallusion
2008-11-09 11:24:17 ----D---- C:\Program Files\PixArt
2008-11-09 11:24:16 ----N---- C:\WINDOWS\system32\SP7302.ini
2008-11-09 11:24:15 ----N---- C:\WINDOWS\system32\P7302USD.dll
2008-11-09 11:24:14 ----D---- C:\WINDOWS\PixArt
2008-11-09 11:24:14 ----D---- C:\Program Files\Common Files\PAC7302
2008-11-09 11:23:51 ----D---- C:\Documents and Settings\Richie\Application Data\InstallShield
2008-11-09 01:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-11-09 01:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-11-09 01:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-09 01:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-11-09 01:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-09 01:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-09 01:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-09 01:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-09 01:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-11-09 01:08:32 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-11-09 01:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-11-09 01:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-09 01:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-09 01:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-09 01:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-11-09 01:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-09 01:06:30 ----A---- C:\WINDOWS\imsins.BAK
2008-11-09 01:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-11-08 13:14:38 ----A---- C:\WINDOWS\system32\rewire.dll
2008-11-08 12:50:50 ----D---- C:\Program Files\CCleaner
2008-11-08 11:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-07 21:08:18 ----D---- C:\Program Files\Bit Che
2008-11-07 21:08:18 ----D---- C:\Documents and Settings\Richie\Application Data\Convivea
2008-11-07 19:38:28 ----D---- C:\Program Files\SopCast
2008-11-07 17:27:08 ----D---- C:\Program Files\Trend Micro
2008-11-07 17:21:46 ----D---- C:\WINDOWS\Sun
2008-11-07 17:14:03 ----D---- C:\Documents and Settings\Richie\Application Data\Malwarebytes
2008-11-07 17:13:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-07 17:13:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-02 18:20:19 ----A---- C:\WINDOWS\system32\OGACheckControl.dll
2008-11-02 18:17:29 ----D---- C:\Program Files\Microsoft Works
2008-11-02 18:17:04 ----D---- C:\Program Files\MSBuild
2008-11-02 18:16:34 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-02 18:16:33 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-02 18:07:56 ----D---- C:\WINDOWS\SHELLNEW
2008-11-02 18:06:50 ----D---- C:\Program Files\Microsoft Office
2008-11-02 18:06:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-02 18:06:12 ----RHD---- C:\MSOCache
2008-11-02 16:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-11-02 16:40:51 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-11-02 16:38:52 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-02 16:38:01 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-02 16:35:02 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-02 16:32:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-02 16:32:10 ----D---- C:\Program Files\Common Files\Adobe
2008-11-02 16:32:10 ----D---- C:\Program Files\Adobe
2008-11-02 16:29:56 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-11-02 16:29:53 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-11-02 16:29:52 ----D---- C:\Program Files\ffdshow
2008-11-02 16:28:43 ----D---- C:\Program Files\PlayFLV
2008-11-02 16:16:23 ----D---- C:\Documents and Settings\Richie\Application Data\WinRAR
2008-11-02 16:14:52 ----D---- C:\Program Files\WinRAR
2008-11-02 13:11:11 ----SHD---- C:\RECYCLER
2008-11-02 13:07:03 ----A---- C:\ComboFix.txt
2008-11-02 13:03:01 ----A---- C:\Boot.bak
2008-11-02 13:02:57 ----RASHD---- C:\cmdcons
2008-11-02 13:01:29 ----A---- C:\WINDOWS\zip.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\VFIND.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\SWSC.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\SWREG.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\sed.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\grep.exe
2008-11-02 13:01:29 ----A---- C:\WINDOWS\fdsv.exe
2008-11-02 13:01:20 ----D---- C:\WINDOWS\ERDNT
2008-11-02 13:01:20 ----D---- C:\Qoobox
2008-11-02 09:53:37 ----D---- C:\Program Files\a-squared Anti-Malware
2008-11-02 09:45:34 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-02 09:45:34 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-02 09:45:34 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-02 09:45:33 ----A---- C:\WINDOWS\system32\java.exe
2008-11-02 09:45:15 ----D---- C:\Program Files\Java
2008-11-02 09:44:23 ----D---- C:\Documents and Settings\Richie\Application Data\Sun
2008-11-02 09:25:37 ----D---- C:\Documents and Settings\Richie\Application Data\Mozilla
2008-11-02 08:18:47 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-02 08:18:47 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-02 08:18:47 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-01 20:28:10 ----D---- C:\Program Files\New Folder
2008-11-01 16:00:01 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2008-11-01 16:00:01 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2008-11-01 16:00:01 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2008-11-01 15:59:39 ----D---- C:\Program Files\eRightSoft
2008-11-01 15:59:22 ----D---- C:\Documents and Settings\Richie\Application Data\vlc
2008-11-01 15:58:24 ----D---- C:\Program Files\VideoLAN
2008-11-01 15:52:10 ----D---- C:\Program Files\Common Files\xing shared
2008-11-01 15:52:03 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-01 15:51:56 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-11-01 15:51:56 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-11-01 15:51:55 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-01 15:51:53 ----D---- C:\Program Files\Common Files\Real
2008-11-01 15:51:51 ----D---- C:\Program Files\Real
2008-11-01 15:51:26 ----D---- C:\Documents and Settings\Richie\Application Data\Real
2008-11-01 13:48:23 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-01 13:42:12 ----D---- C:\Program Files\Avira
2008-11-01 13:42:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-11-01 13:27:21 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-11-01 13:27:21 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-11-01 13:27:21 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-11-01 13:12:20 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-01 13:08:51 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-01 13:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-01 13:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-01 13:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-01 13:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 13:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-01 13:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 13:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-01 13:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-01 13:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 12:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 12:54:11 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-01 12:53:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-01 12:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-01 12:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-01 12:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-01 12:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-01 12:46:27 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-11-01 12:46:21 ----D---- C:\Program Files\Sygate
2008-11-01 12:46:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-01 12:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-01 12:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-01 12:42:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-01 12:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-01 12:35:26 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-01 12:34:59 ----D---- C:\Program Files\Windows Live
2008-11-01 12:34:44 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-11-01 12:30:49 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-01 12:16:08 ----D---- C:\WINDOWS\pss
2008-11-01 11:54:17 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-01 11:47:47 ----D---- C:\Documents and Settings\Richie\Application Data\Macromedia
2008-11-01 11:47:47 ----D---- C:\Documents and Settings\Richie\Application Data\Adobe
2008-11-01 11:44:09 ----D---- C:\Program Files\Mozilla Firefox
2008-11-01 11:24:55 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-01 11:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-01 11:24:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 11:13:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-01 11:12:19 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-01 11:12:16 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-01 11:12:16 ----D---- C:\WINDOWS\Prefetch
2008-11-01 11:11:51 ----SHD---- C:\System Volume Information
2008-11-01 11:11:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 11:07:17 ----D---- C:\WINDOWS\system32\xircom
2008-11-01 11:07:17 ----D---- C:\Program Files\xerox
2008-11-01 11:07:17 ----D---- C:\Program Files\microsoft frontpage
2008-11-01 11:06:36 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-01 11:06:36 ----N---- C:\WINDOWS\system32\asr_pfu.exe
2008-11-01 11:06:35 ----N---- C:\WINDOWS\system32\spiisupd.exe
2008-11-01 11:06:27 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-01 11:06:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-01 11:06:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-01 11:06:27 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-01 11:06:27 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-11-01 11:06:27 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\encapi.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\dxdiagn.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\dsprpres.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\d3d9.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\btpanui.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\bthserv.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\bthci.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\blastcln.exe
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\auditusr.exe
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-01 11:06:26 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\ieencode.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\httpapi.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\hccoin.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\fwcfg.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\fsquirt.exe
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-11-01 11:06:25 ----N---- C:\WINDOWS\system32\encdec.dll
2008-11-01 11:06:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-11-01 11:06:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdukx.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdno1.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdinben.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2008-11-01 11:06:24 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mssap.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\msftedit.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\msdadiag.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2008-11-01 11:06:23 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\powercfg.exe
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2psvc.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\p2p.dll
2008-11-01 11:06:22 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\wmidx.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\wmerror.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\winshfhc.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\winhttp.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\winbrand.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\w3ssl.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\twext.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\strmfilt.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\smbinst.exe
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\sbeio.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\sbe.dll
2008-11-01 11:06:21 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmpasf.dll
2008-11-01 11:06:20 ----N---- C:\WINDOWS\system32\wmp.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wshbth.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wscsvc.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wscntfy.exe
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2008-11-01 11:06:19 ----N---- C:\WINDOWS\system32\wmspdmoe.dll
2008-11-01 11:06:19 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\system32\xpsp1res.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\system32\xpob2res.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\system32\xmlprov.dll
2008-11-01 11:06:18 ----N---- C:\WINDOWS\slrundll.exe
2008-11-01 11:06:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-01 11:06:18 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-01 11:06:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-01 11:06:17 ----D---- C:\WINDOWS\peernet
2008-11-01 11:06:16 ----D---- C:\WINDOWS\provisioning
2008-11-01 11:05:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-01 11:05:20 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-01 11:05:20 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-01 11:05:13 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-01 11:04:55 ----D---- C:\WINDOWS\srchasst
2008-11-01 11:04:47 ----D---- C:\WINDOWS\system32\DirectX
2008-11-01 11:04:46 ----D---- C:\WINDOWS\system32\Macromed
2008-11-01 11:04:36 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-01 11:04:36 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-01 11:04:35 ----D---- C:\Program Files\Movie Maker
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-01 11:04:19 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-01 11:04:15 ----A---- C:\WINDOWS\system32\desktop.ini
2008-11-01 11:04:15 ----A---- C:\WINDOWS\desktop.ini
2008-11-01 11:04:09 ----D---- C:\WINDOWS\system32\Restore
2008-11-01 11:04:09 ----D---- C:\Program Files\Windows Media Player
2008-11-01 11:04:09 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-01 11:04:09 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-01 11:04:09 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-01 11:04:08 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-01 11:04:07 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-01 11:04:05 ----D---- C:\Program Files\NetMeeting
2008-11-01 11:04:04 ----D---- C:\WINDOWS\PCHEALTH
2008-11-01 11:04:04 ----D---- C:\Program Files\Common Files\Services
2008-11-01 11:04:04 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-01 11:04:04 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-01 11:04:04 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-01 11:04:02 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-01 11:04:02 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-01 11:04:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-01 11:03:59 ----SD---- C:\WINDOWS\Tasks
2008-11-01 11:03:59 ----D---- C:\Program Files\Outlook Express
2008-11-01 11:03:59 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-01 11:03:59 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-01 11:03:59 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-01 11:03:58 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-01 11:03:56 ----D---- C:\Program Files\Common Files\MSSoap
2008-11-01 11:03:52 ----D---- C:\Program Files\Common Files\System
2008-11-01 11:03:47 ----D---- C:\Program Files\Internet Explorer
2008-11-01 11:03:02 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-01 11:03:02 ----A---- C:\WINDOWS\vb.ini
2008-11-01 11:02:58 ----D---- C:\WINDOWS\Registration
2008-11-01 11:02:53 ----HD---- C:\Program Files\WindowsUpdate
2008-11-01 11:02:47 ----D---- C:\Program Files\Messenger
2008-11-01 11:02:41 ----D---- C:\Program Files\MSN
2008-11-01 11:02:38 ----D---- C:\Program Files\MSN Gaming Zone
2008-11-01 11:02:38 ----A---- C:\WINDOWS\system32\write.exe
2008-11-01 11:02:29 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-01 11:02:29 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-01 11:02:28 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-01 11:02:27 ----D---- C:\Program Files\Windows NT
2008-11-01 11:02:27 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-01 11:02:26 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-01 11:02:22 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-01 11:02:21 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-01 11:02:20 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-01 11:02:19 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-01 11:02:18 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-01 11:02:17 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-01 11:02:17 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-01 11:02:16 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-01 11:02:15 ----D---- C:\WINDOWS\system32\Com
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-01 11:02:15 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-01 11:02:14 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-01 11:02:13 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-01 11:02:13 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-01 11:02:13 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-01 11:02:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-01 11:02:04 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-01 11:02:04 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-01 11:02:04 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-01 11:02:03 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-01 11:02:03 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-11-01 11:01:58 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2008-11-01 11:00:56 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-01 11:00:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 11:00:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-01 10:58:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-01 10:58:23 ----D---- C:\WINDOWS\EHome
2008-11-01 10:13:15 ----SHD---- C:\WINDOWS\Installer
2008-11-01 10:13:12 ----D---- C:\Documents and Settings\Richie\Application Data\Identities
2008-11-01 10:13:06 ----HD---- C:\Program Files\Uninstall Information
2008-11-01 10:12:57 ----ASH---- C:\Documents and Settings\Richie\Application Data\desktop.ini
2008-11-01 10:12:56 ----SD---- C:\Documents and Settings\Richie\Application Data\Microsoft
2008-11-01 02:59:30 ----A---- C:\WINDOWS\system32\h323log.txt
2008-11-01 02:55:53 ----A---- C:\WINDOWS\system32\ati2draa.dll
2008-11-01 02:55:39 ----A---- C:\WINDOWS\system32\usbui.dll
2008-11-01 02:55:36 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-01 02:54:32 ----D---- C:\Program Files\Common Files\ODBC
2008-11-01 02:54:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 02:54:32 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-01 02:54:29 ----RD---- C:\Program Files
2008-11-01 02:54:29 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-11-01 02:54:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 02:54:29 ----D---- C:\Program Files\Common Files
2008-11-01 02:54:26 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-11-01 02:54:26 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-11-01 02:54:26 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-11-01 02:54:25 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-11-01 02:54:23 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-11-01 02:54:22 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-11-01 02:54:20 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-11-01 02:54:18 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-01 02:54:17 ----A---- C:\WINDOWS\system32\batt.dll
2008-11-01 02:54:15 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-11-01 02:54:15 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-01 02:54:15 ----A---- C:\WINDOWS\notepad.exe
2008-11-01 02:54:11 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-01 02:54:04 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-11-01 02:53:23 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 02:53:23 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 02:53:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-01 02:53:05 ----D---- C:\Documents and Settings
2008-11-01 02:49:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-01 02:49:09 ----RSD---- C:\WINDOWS\Fonts
2008-11-01 02:49:09 ----RD---- C:\WINDOWS\Web
2008-11-01 02:49:09 ----HD---- C:\WINDOWS\inf
2008-11-01 02:49:09 ----D---- C:\WINDOWS\WinSxS
2008-11-01 02:49:09 ----D---- C:\WINDOWS\twain_32
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Temp
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\wins
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\usmt
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\spool
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\ras
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\oobe
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\npp
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\mui
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\IME
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\icsxml
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\ias
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\export
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\dhcp
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\config
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\3com_dmi
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\3076
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\2052
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1054
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1042
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1041
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1037
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1033
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1031
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1028
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32\1025
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system32
2008-11-01 02:49:09 ----D---- C:\WINDOWS\system
2008-11-01 02:49:09 ----D---- C:\WINDOWS\security
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Resources
2008-11-01 02:49:09 ----D---- C:\WINDOWS\repair
2008-11-01 02:49:09 ----D---- C:\WINDOWS\mui
2008-11-01 02:49:09 ----D---- C:\WINDOWS\msapps
2008-11-01 02:49:09 ----D---- C:\WINDOWS\msagent
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Media
2008-11-01 02:49:09 ----D---- C:\WINDOWS\java
2008-11-01 02:49:09 ----D---- C:\WINDOWS\ime
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Help
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Driver Cache
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Debug
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Cursors
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Connection Wizard
2008-11-01 02:49:09 ----D---- C:\WINDOWS\Config
2008-11-01 02:49:09 ----D---- C:\WINDOWS\AppPatch
2008-11-01 02:49:09 ----D---- C:\WINDOWS\addins
2008-11-01 02:49:09 ----D---- C:\WINDOWS
2008-11-01 02:43:17 ----RASH---- C:\boot.ini

======List of files/folders modified in the last 1 months======

2008-11-09 21:54:48 ----A---- C:\WINDOWS\system.ini
2008-11-09 11:48:47 ----A---- C:\WINDOWS\win.ini
2008-11-01 11:01:48 ----RASH---- C:\NTDETECT.COM
2008-10-15 11:57:5
  • 0

#25
Richiiee
Posted 11 November 2008 - 10:25 AM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
... and the second part of log.txt:


======List of files/folders modified in the last 1 months======

2008-11-09 21:54:48 ----A---- C:\WINDOWS\system.ini
2008-11-09 11:48:47 ----A---- C:\WINDOWS\win.ini
2008-11-01 11:01:48 ----RASH---- C:\NTDETECT.COM
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2002-01-11 295168]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\WINDOWS\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 ais73iwd;ais73iwd; C:\WINDOWS\system32\drivers\ais73iwd.sys []
S3 ako4ys4i;ako4ys4i; C:\WINDOWS\system32\drivers\ako4ys4i.sys []
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 ATICDSDr;ATICDSDr; \??\C:\DOCUME~1\Richie\LOCALS~1\Temp\ATICDSDr.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PAC7302;In-Sight Webcam; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-10-19 418936]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-02 152984]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-02 68096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------








RSIT never created a info.txt file for some reason, I tried it twice.
  • 0

Advertisements

#26
Ltangelic
Posted 12 November 2008 - 06:30 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Richiiee,

How is your computer doing now? Strange that OTMoveIt3 hanged upon the removal. We still have a few more things to remove and a final scan to do. Hang in there. :)

1) Fix entries with HijackThis

Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

2) Re-run OTMoveIt3

  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveIt3.exe and select "Run as an Administrator")
  • Copy everything in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\Windows\system32\rbyn.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31bc873d-a90b-11dd-9258-00e0183d2367}]

:Commands
[purity]
[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the "Results" window (under the Green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3) Run an online scan with Kaspersky

Disable your protection softwares temporarily and re-enable them AFTER the scan.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Next reply (please include):

Fresh HijackThis log
OTMoveIt3 log
Kaspersky scan log
  • 0

#27
Richiiee
Posted 12 November 2008 - 03:48 PM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
My computer seems to be working fine from what I can see. Ever since AntiVir caught and quarintined that one trojan, nothing else has come up and I haven't noticed any strange processes or anything. It seems to be running smoothly. :)

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:24 PM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 5121 bytes



OTMoveIt3 completed the fix this time:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Windows\system32\rbyn.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31bc873d-a90b-11dd-9258-00e0183d2367}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Richie\LOCALS~1\Temp\etilqs_YKBwUkAOv5WvWFy scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_110.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11122008_164232




As for the Kaspersky online scan, it still doesn't seem to be working properly like I said on the first page:

And for the online scan, it keeps freezing and crashing while it updates before scanning. Any other ideas?


  • 0

#28
Ltangelic
Posted 13 November 2008 - 06:52 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Richiiee,

Your logs are clean, good work! :) A few more housekeeping steps and then recommendations!

1) Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
2) Cleanup with OTMoveIt3

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

* Click on the CleanUp! button
* A list of tool components used in the Cleanup of malware will be downloaded.
* If your Firewall or Real Time protection attempts to block OtMoveit3 to reach the Internet, please allow the application to do so.
* Click Yes to begin the Cleanup process and remove these components, including this application.
* You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Below I have included a number of recommendations for how to protect your computer against malware infections.

1) Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

2) To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

Complementary programs (does not conflict with any software that offers real time protection)

* SpywareBlaster- Prevents malicious Active-X controls from installing in the first place and reducing your chances of infection of spyware.
* IE-SpyAd- Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites which actually installs malicious codes onto your system. (Tutorial available here)
* MVPS Hosts file- Replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Anti-spyware programs with real time protection

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
* Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
* Windows Defender - Microsoft's free anti-spyware program that has high detection rates and protects well against unwanted malicious softwares

It is critical to have only ONE firewall, ONE anti virus and ONE anti-spyware resident protection running to protect your system and to keep them updated. Take note that not ALL programs offer real time protection, for a list of programs that DO offer real time protection, look here

3) Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
4) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

5) Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Please post back telling me if there are any further problems. If everything is working properly, I will mark this as Resolved.
  • 0

#29
Richiiee
Posted 13 November 2008 - 02:33 PM

Richiiee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thank you very much for all your help Ltangelic. Everything seems to be running well now. :)

One last question - what should I do with RSIT.exe which is still on my desktop?
  • 0

#30
Ltangelic
Posted 14 November 2008 - 09:16 AM

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey,

No problem, glad to be of help. :)

You can delete RSIT.exe and the RSIT folder located in C:\. :)

Happy safe surfing!

Edited by Ltangelic, 14 November 2008 - 09:18 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP