Technicolor screen, Popups, Error messages running programs, random programs starting

[Nigel4]

There's a java 6u3 now... I got that instead of 6u2...

ComboFix 07-10-07.2 - Owner 2007-10-08 17:34:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.228 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\My Documents\Downloads\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\pwinqsap.exe
C:\windows\system32\rpdsregs.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-07 19:38 <DIR> d-------- C:\AntiVirus Logs
2007-10-07 09:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 23:27 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-10-06 23:24 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2007-10-06 23:24 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2007-10-06 23:24 <DIR> d-------- C:\Program Files\MultiRes
2007-10-05 22:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-03 21:06 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-02 20:29 2,104 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-01 21:46 <DIR> d-------- C:\VundoFix Backups
2007-09-30 15:41 <DIR> d-------- C:\Deckard
2007-09-29 15:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-09-20 22:36 <DIR> d-------- C:\Program Files\Jetico Personal Firewall
2007-09-20 09:01 <DIR> d-------- C:\Temp
2007-09-15 10:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-14 21:30 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC
2007-09-13 20:59 <DIR> d-------- C:\Program Files\Halo
2007-09-13 20:55 <DIR> d-------- C:\sysprep
2007-09-13 20:55 <DIR> d-------- C:\Program Files\Worms Armageddon
2007-09-13 20:55 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-09-13 20:55 <DIR> d-------- C:\Program Files\IntelliMover Data Transfer Demo
2007-09-13 20:55 <DIR> d-------- C:\Program Files\Atari
2007-09-13 20:48 <DIR> d-------- C:\ATI
2007-09-13 20:06 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC(2)
2007-09-11 22:37 <DIR> d-------- C:\Program Files\DriverCleanerDotNET
2007-09-11 21:04 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-11 18:56 <DIR> d-------- C:\Program Files\Xfire
2007-09-11 18:34 <DIR> d-------- C:\WINDOWS\system32\AGEIA(2)
2007-09-09 12:56 <DIR> d-------- C:\Program Files\InterActual
2007-09-08 15:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-09-08 15:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 08:29 --------- d-------- C:\Program Files\PokerStars
2007-10-04 20:53 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-29 15:03 --------- d-------- C:\Program Files\EA GAMES
2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-29 00:10 --------- d-------- C:\Program Files\PokerStars.TEST
2007-09-28 16:52 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe
2007-09-14 16:11 --------- d-------- C:\Program Files\LEGO Media
2007-09-14 14:33 --------- d-------- C:\Program Files\LogMeIn
2007-09-13 20:59 --------- d-------- C:\Program Files\Electronic Arts
2007-09-13 20:49 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-10 21:58 --------- d-------- C:\Program Files\Midway Home Entertainment
2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-09-06 06:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 06:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 06:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 06:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 06:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 06:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 06:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-14 16:04 --------- d-------- C:\Program Files\MSXML 6.0
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-09 15:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 15:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 15:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 129784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-07-09 15:07 118520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-07-09 15:07 116472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-07-09 15:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 15:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 15:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 15:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 15:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 15:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 15:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 15:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 15:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 15:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 15:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 15:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 15:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 15:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 15:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2006-11-21 20:58 1 --a--c--- C:\Documents and Settings\Owner\SI.bin
2005-04-29 16:21 774144 --a--c--- C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_ 9.16.59.93 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,168 2007-09-25 02:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 02:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 03:31:42 C:\WINDOWS\system32\javaws.exe
----atw 16,384 2007-10-08 21:18:32 C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat
.
-c--a-w 24,681 2004-04-01 07:28:09 C:\WINDOWS\system32\java.exe
-c--a-w 28,779 2004-04-01 07:28:09 C:\WINDOWS\system32\javaw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"JeticoPFStartup"="C:\Program Files\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 02:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-14 19:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 04:49 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=C:\WINDOWS\pss\IMStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Zeno.lnk
backup=C:\WINDOWS\pss\Zeno.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Z_Start.lnk
backup=C:\WINDOWS\pss\Z_Start.lnkStartup
c:\windowsupdate\ufp\irs7\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS4EN\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
C:\WINDOWS\system32\pwinqsap.exe FI002

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139081734\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\support.com\bin\tgcmd.exe" /server

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:4]
C:\Program Files\Tukati\Redistributor\4\TukatiRedistributor.exe -r:4 -x:1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdateProtection]
c:\windowsupdate\ufp\008\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{08-8B-BF-FC-ZN}]
C:\windows\system32\rpdsregs.exe FI002

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido security suite control"=2 (0x2)
"vsmon"=2 (0x2)
"StarWindService"=2 (0x2)
"RadClock"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WANMiniportService"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 bc_filter;BC_Filter;C:\WINDOWS\system32\drivers\bc_filter.sys
R1 bc_ip_f;BC_IP_Filter;C:\WINDOWS\system32\drivers\bc_ip_f.sys
R1 bc_ngn;BC_Engine;C:\WINDOWS\system32\drivers\bc_ngn.sys
R1 bc_pat_f;BC_PAT_Filter;C:\WINDOWS\system32\drivers\bc_pat_f.sys
R1 bc_prt_f;BC_Protocol_Filter;C:\WINDOWS\system32\drivers\bc_prt_f.sys
R1 bc_tdi_f;BC_TDI_Filter;C:\WINDOWS\system32\drivers\bc_tdi_f.sys
R1 bcftdi;BCFTDI;C:\WINDOWS\system32\drivers\bcftdi.sys
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 pnicml;pnicml;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys
S3 W8100PCI;D-Link AirPlus G Wireless Driver;C:\WINDOWS\system32\DRIVERS\MRV8K51.sys
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 18:45:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-29 17:22:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-01 17:22:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 17:38:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 17:39:39
C:\ComboFix-quarantined-files.txt ... 2007-10-08 17:39
.
--- E O F ---

[Bob4]

Opps just a few more.

________________________________________
Open notepad and copy/paste the text in the quotebox below into it:

Quote:

Folder::
c:\windowsupdate
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Zeno.lnk



Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk]
backup=-

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk]
backup=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdateProtection]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{08-8B-BF-FC-ZN}]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt

which I will need in your next reply.

_____________________________________________

[Nigel4]

Sorry for the long delay, my brother came home for the weekend from college. However, on the downside he also removed Jetico and reinstalled ZoneAlarm... I hope it doesn't mess anything up.


ComboFix 07-10-07.2 - Owner 2007-10-12 20:47:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.205 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\My Documents\Downloads\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windowsupdate
c:\windowsupdate\008.dat
c:\windowsupdate\ufp\008\csrss.exe
c:\windowsupdate\ufp\008\Owner.usr
c:\windowsupdate\ufp\008\Owner\Owner.dll
c:\windowsupdate\ufp\008\uninstall-008.dat
c:\windowsupdate\ufp\008\uninstall.dat

.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-11 14:33 153,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-11 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-10 15:47 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 19:38 <DIR> d-------- C:\AntiVirus Logs
2007-10-07 09:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 23:27 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-10-06 23:24 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2007-10-06 23:24 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2007-10-06 23:24 <DIR> d-------- C:\Program Files\MultiRes
2007-10-05 22:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-02 20:29 2,104 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-01 21:46 <DIR> d-------- C:\VundoFix Backups
2007-09-30 15:41 <DIR> d-------- C:\Deckard
2007-09-29 15:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-09-21 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jetico Personal Firewall
2007-09-20 09:01 <DIR> d-------- C:\Temp
2007-09-15 10:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-14 21:30 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC
2007-09-13 20:59 <DIR> d-------- C:\Program Files\Halo
2007-09-13 20:55 <DIR> d-------- C:\sysprep
2007-09-13 20:55 <DIR> d-------- C:\Program Files\Worms Armageddon
2007-09-13 20:55 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-09-13 20:55 <DIR> d-------- C:\Program Files\IntelliMover Data Transfer Demo
2007-09-13 20:55 <DIR> d-------- C:\Program Files\Atari
2007-09-13 20:48 <DIR> d-------- C:\ATI
2007-09-13 20:06 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 20:53 2852 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-11 11:21 --------- d-------- C:\Program Files\PokerStars
2007-10-08 20:49 3884 --a--c--- C:\WINDOWS\viassary-hp.reg
2007-10-04 20:53 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-29 15:29 --------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-09-29 15:11 --------- d-------- C:\Program Files\Xfire
2007-09-29 15:03 --------- d-------- C:\Program Files\EA GAMES
2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-29 14:57 --------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-29 00:10 --------- d-------- C:\Program Files\PokerStars.TEST
2007-09-14 16:11 --------- d-------- C:\Program Files\LEGO Media
2007-09-14 14:33 --------- d-------- C:\Program Files\LogMeIn
2007-09-13 20:59 --------- d-------- C:\Program Files\Electronic Arts
2007-09-13 20:49 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 20:49 --------- d-------- C:\Program Files\DriverCleanerDotNET
2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-10 21:58 --------- d-------- C:\Program Files\Midway Home Entertainment
2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-09-09 17:21 --------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-09-09 12:56 --------- d-------- C:\Program Files\InterActual
2007-09-09 00:25 --------- d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-09-09 00:25 --------- d-------- C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-09-06 16:14 75248 --a------ C:\WINDOWS\zllsputility.exe
2007-09-06 06:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 06:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 06:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 06:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 06:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-14 21:15 --------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-08-14 16:04 --------- d-------- C:\Program Files\MSXML 6.0
2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2007-04-21 14:34 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2006-11-21 20:58 1 --a--c--- C:\Documents and Settings\Owner\SI.bin
2005-04-29 16:21 774144 --a--c--- C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_ 9.16.59.93 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 16:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 16:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\inetcomm.dll
----a-w 135,168 2007-09-25 02:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 02:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 03:31:42 C:\WINDOWS\system32\javaws.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 796,048 2007-09-06 20:13:58 C:\WINDOWS\system32\libeay32_0.9.6l.dll
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 83,432 2007-09-06 20:14:04 C:\WINDOWS\system32\vsdata.dll
----a-w 395,080 2007-09-06 20:14:28 C:\WINDOWS\system32\vsdatant.sys
----a-w 157,160 2007-09-06 20:14:04 C:\WINDOWS\system32\vsinit.dll
----a-w 103,912 2007-09-06 20:14:04 C:\WINDOWS\system32\vsmonapi.dll
----a-w 275,944 2007-09-06 20:14:04 C:\WINDOWS\system32\vspubapi.dll
----a-w 71,144 2007-09-06 20:14:04 C:\WINDOWS\system32\vsregexp.dll
----a-w 472,552 2007-09-06 20:14:06 C:\WINDOWS\system32\vsutil.dll
----a-w 46,568 2007-09-06 20:14:06 C:\WINDOWS\system32\vswmi.dll
------w 99,816 2007-09-06 20:14:06 C:\WINDOWS\system32\vsxml.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\system32\xpsp3res.dll
----a-w 83,432 2007-09-06 20:14:06 C:\WINDOWS\system32\zlcomm.dll
----a-w 71,144 2007-09-06 20:14:08 C:\WINDOWS\system32\zlcommdb.dll
---h--w 4,212 2007-10-11 21:23:11 C:\WINDOWS\system32\zllictbl.dat
----a-w 1,086,952 2007-09-06 20:14:12 C:\WINDOWS\system32\zpeng24.dll
-c--a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c--a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c--a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c--a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c--a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 127,768 2007-07-19 19:10:28 C:\WINDOWS\system32\drivers\klif.sys
----a-w 370,208 2007-09-06 20:13:56 C:\WINDOWS\system32\ZoneLabs\av.dll
----a-w 99,816 2007-09-06 20:13:56 C:\WINDOWS\system32\ZoneLabs\camupd.dll
----a-w 813,568 2004-01-30 16:35:08 C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
----a-w 128,480 2007-09-06 20:13:58 C:\WINDOWS\system32\ZoneLabs\fbl.dll
----a-w 38,376 2007-09-06 20:13:58 C:\WINDOWS\system32\ZoneLabs\featuremap.dll
----a-w 321,016 2007-09-06 20:13:58 C:\WINDOWS\system32\ZoneLabs\imsecure.dll
----a-w 714,208 2007-08-15 19:45:42 C:\WINDOWS\system32\ZoneLabs\qrbase.dll
----a-w 787,936 2007-08-15 19:45:44 C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
----a-w 173,544 2007-09-06 20:14:00 C:\WINDOWS\system32\ZoneLabs\scheduler.dll
----a-w 2,432,259 2007-01-11 15:12:08 C:\WINDOWS\system32\ZoneLabs\spyware.dat
----a-w 1,500,640 2007-08-15 19:45:44 C:\WINDOWS\system32\ZoneLabs\srescan.dll
----a-w 50,416 2007-06-11 16:44:10 C:\WINDOWS\system32\ZoneLabs\srescan.sys
----a-w 456,168 2007-09-06 20:14:02 C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
----a-w 833,248 2007-08-01 10:30:04 C:\WINDOWS\system32\ZoneLabs\updating.dll
----a-w 149,032 2007-09-06 20:14:18 C:\WINDOWS\system32\ZoneLabs\updclient.exe
----a-w 286,787 2007-01-11 21:31:06 C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
----a-w 503,875 2006-09-05 00:59:14 C:\WINDOWS\system32\ZoneLabs\upd_core.dll
----a-w 108,008 2007-09-06 20:14:04 C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
----a-w 79,336 2007-09-06 20:14:04 C:\WINDOWS\system32\ZoneLabs\vsdb.dll
----a-w 75,304 2007-09-06 20:14:18 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
----a-w 2,024,936 2007-09-06 20:14:04 C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
----a-w 1,345,000 2007-09-06 20:14:06 C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
----a-w 239,080 2007-09-06 20:14:06 C:\WINDOWS\system32\ZoneLabs\vsvault.dll
----a-w 2,432,259 2007-01-11 15:12:08 C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
----a-w 177,640 2007-09-06 20:14:08 C:\WINDOWS\system32\ZoneLabs\zlparser.dll
----a-w 79,344 2007-09-06 20:14:08 C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
----a-w 382,440 2007-09-06 20:14:08 C:\WINDOWS\system32\ZoneLabs\zlsre.dll
----a-w 120,296 2007-09-06 20:14:08 C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
----a-w 77,824 2007-05-31 04:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
----a-w 110,592 2007-05-31 04:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
----a-w 331,776 2007-05-31 04:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
----a-w 38,400 2007-05-31 04:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
----a-w 208,960 2006-09-20 03:12:14 C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
----a-w 274,432 2007-08-24 23:31:48 C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
----a-w 1,093,632 2006-12-19 22:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
----a-w 548,864 2007-05-31 04:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
----a-w 626,688 2007-05-31 04:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
----a-w 184,320 2007-05-31 04:03:18 C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
----a-w 90,112 2007-05-31 04:03:22 C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
----a-w 135,168 2007-08-24 23:31:48 C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
----a-w 200,704 2006-12-19 22:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
----a-w 65,248 2007-05-31 04:03:30 C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
----a-w 21,568 2006-06-30 18:47:36 C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
----a-w 110,360 2007-07-19 19:10:32 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
----a-w 186,128 2007-07-19 19:10:32 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
----a-w 110,360 2007-05-31 04:03:48 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
----a-w 127,768 2007-07-19 19:10:28 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
----a-w 45,056 2007-05-31 04:03:50 C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
----a-w 288,144 2007-09-06 20:14:30 C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
----a-w 152,976 2007-09-06 20:14:30 C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
----a-w 26,000 2007-09-06 20:14:30 C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
----a-w 1,361,296 2007-09-06 20:14:32 C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
----a-w 71,056 2007-09-06 20:14:32 C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
----a-w 30,184 2007-09-06 20:15:50 C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
----a-w 30,216 2007-09-06 20:15:52 C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
----a-w 214,528 2007-09-06 20:15:52 C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
----a-w 3,266,040 2007-09-06 20:15:54 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
----atw 16,384 2007-10-13 00:54:37 C:\WINDOWS\temp\Perflib_Perfdata_d8.dat
.
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 16:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
----a-w 61,952 2006-10-17 16:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\inetcomm.dll
-c--a-w 24,681 2004-04-01 07:28:09 C:\WINDOWS\system32\java.exe
-c--a-w 28,779 2004-04-01 07:28:09 C:\WINDOWS\system32\javaw.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:44 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
-c--a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\system32\xpsp3res.dll
---ha-w 4,212 2007-04-05 19:20:06 C:\WINDOWS\system32\zllictbl.dat
-c--a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-17 16:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c--a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c--a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c--a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c--a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 04:49 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=C:\WINDOWS\pss\IMStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Zeno.lnk
backup=C:\WINDOWS\pss\Zeno.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Z_Start.lnk
backup=C:\WINDOWS\pss\Z_Start.lnkStartup
c:\windowsupdate\ufp\irs7\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS4EN\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139081734\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\support.com\bin\tgcmd.exe" /server

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tukati:4]
C:\Program Files\Tukati\Redistributor\4\TukatiRedistributor.exe -r:4 -x:1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido security suite control"=2 (0x2)
"vsmon"=2 (0x2)
"StarWindService"=2 (0x2)
"RadClock"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WANMiniportService"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 pnicml;pnicml;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys
S3 W8100PCI;D-Link AirPlus G Wireless Driver;C:\WINDOWS\system32\DRIVERS\MRV8K51.sys
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 02:45:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-29 17:22:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-01 17:22:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 20:54:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 20:57:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-12 20:57
C:\ComboFix2.txt ... 2007-10-08 17:39
.
--- E O F ---

[Bob4]

Sorry about the delay. I was out of town for a bit.


No problem as his choice of firewall is his own. As long as he has one he's OK.

________________________

Great news !

Your log now appears to be clean.

Lets do a few things to tidy up.
Please do these in the order I suggest!

You may delete all of the tools we have used. They are updated often so keeping an out of date tool is senseless.

• VundoFix.exe
• Combofix.exe
• Smitfraudfix.exe

_________________________________

As long as he uninstalled Jetico you may navigate to and delete this folder I have listed in bold type..

C:\Documents and Settings\Owner\Application Data\Jetico Personal

___________________________________
If we have set your computer to see all files and folders we must reprotect them.

UNDO SHOW ALL FILES
click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Deselect in the checkbox labeled Display the contents of system folders.
Deselect the checkbox labeled Show hidden files and folders.
Select the checkmark from the checkbox labeled Hide file extensions for known file types.
Replace the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK .
Now many important files are safe.


___________________________________
Run the ccleaner program once again.


___________________________________
Please create a 'clean' System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.
Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT

Now go right back to the same place and unchecksystem restore
Click APPLYand OK




A few things to help with possible threats

These are optional . But will help protect you further.
___________________________________

SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.





___________________________________
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here :
This website also contains useful tips, and links to other resources and utilities.


___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.




Here's a site with great advise on how to AVOID malware. Much easier to do than removing it.






___________________________________
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.
The infections you had were Vundo and Smitfraud

Safe and Happy Surfing. :)

[Nigel4]

Everything is running perfectly. I already had a few of the things you mentioned done, but also added a few more. Much appreciated, resolved?

[Bob4]

Quote:

Originally Posted by Nigel4

, resolved?

Yes were done .