Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page slimsay's thread
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 5 1 2 345
 
LinkBack Thread Tools
Old 10-13-2007, 12:14 AM   #21 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: slimsay's thread
I dont think that message was a virus problem...was there a genuine message for you?.



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:


Quote:




Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-13-2007, 08:07 AM   #22 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
ComboFix 07-10-08.3 - randy 2007-10-12 2:22:04.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.174 [GMT -8:00]
Running from: C:\Documents and Settings\randy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\randy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-12 01:25 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-10-12 01:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-12 01:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-12 01:12 <DIR> d-------- C:\Program Files\Symantec
2007-10-10 09:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\BitDefender
2007-10-10 07:38 <DIR> d-------- C:\Documents and Settings\randy\Downloads
2007-10-10 01:18 <DIR> d-------- C:\Documents and Settings\randy\Application Data\CheckPoint
2007-10-10 01:17 <DIR> d-------- C:\Program Files\CheckPoint
2007-10-09 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-09 01:20 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-09 00:22 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 23:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-08 23:42 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-08 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-08 23:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 22:39 <DIR> d-------- C:\Program Files\CCleaner
2007-10-08 18:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 18:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 12:32 <DIR> d-------- C:\VundoFix Backups
2007-10-07 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-07 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-07 13:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor
2007-10-07 13:17 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-10-07 13:13 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-07 13:10 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-10-07 13:10 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-07 13:10 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-07 13:10 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-07 13:10 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-10-07 13:10 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-07 13:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-07 13:10 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-10-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-04 23:16 <DIR> d-------- C:\WINDOWS\config
2007-10-04 15:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\FogelSoft
2007-10-04 15:00 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Opera
2007-10-03 23:36 <DIR> d-------- C:\Program Files\SuperBladePro
2007-10-03 22:35 <DIR> d-------- C:\Deckard
2007-10-03 22:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-01 14:23 4,912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-01 11:54 <DIR> d-------- C:\Program Files\Windows Live
2007-09-30 14:35 <DIR> d-------- C:\Program Files\ViStart_www.softarchive.net
2007-09-29 18:06 <DIR> d-------- C:\Program Files\XP Repair Pro 2007
2007-09-29 17:57 <DIR> d-------- C:\Program Files\XPRepairPro2006
2007-09-28 14:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Leadertech
2007-09-28 01:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-27 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-26 18:59 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-26 18:53 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-09-26 18:52 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-09-26 18:52 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-09-26 18:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-26 18:46 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-09-26 10:49 <DIR> d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:11 <DIR> d-------- C:\Program Files\Formosoft
2007-09-26 07:11 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-09-26 07:11 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-09-26 06:54 <DIR> d-------- C:\Program Files\3D Fish School 3
2007-09-26 06:54 4,770,816 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-09-26 06:54 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-09-24 21:15 249,856 --------- C:\WINDOWS\Setup1.exe
2007-09-24 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-09-24 14:46 <DIR> d-------- C:\Program Files\AIMP2
2007-09-19 19:21 <DIR> d-------- C:\Program Files\Microsoft Encarta
2007-09-18 19:52 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Symantec
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-14 23:11 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-09-14 22:59 <DIR> d-------- C:\Program Files\MSBuild
2007-09-14 22:59 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-14 22:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-14 22:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-14 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 22:27 <DIR> d-------- C:\Program Files\PowerISO
2007-09-14 13:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-14 09:51 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 02:10 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-12 01:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-12 01:49 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-12 01:49 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-12 01:20 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-10-12 01:20 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-10-12 01:20 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-10-12 01:20 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-10-12 01:20 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-10-12 01:20 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-10-12 01:20 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-10-12 01:20 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-10-11 23:55 --------- d-------- C:\Documents and Settings\randy\Application Data\uTorrent
2007-10-10 16:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-08 00:26 --------- d-------- C:\Program Files\Trend Micro
2007-10-07 23:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-07 13:17 --------- d-------- C:\Program Files\Ahead
2007-10-07 13:09 --------- d-------- C:\Program Files\Common Files\Ahead
2007-10-04 15:01 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-10-04 15:01 --------- d-------- C:\Program Files\OneStepSearch
2007-10-04 15:01 --------- d-------- C:\Documents and Settings\randy\Application Data\dvdcss
2007-10-04 15:01 --------- d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-01 14:40 72074 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-10-01 11:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-28 12:24 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-26 10:49 --------- d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:08 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-19 20:12 --------- d-------- C:\Program Files\Yahoo!
2007-09-19 20:12 --------- d-------- C:\Program Files\Common Files\Scanner
2007-09-18 23:37 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-18 23:37 --------- d-------- C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com
2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-17 17:05 --------- d-------- C:\Documents and Settings\randy\Application Data\Apple Computer
2007-09-14 22:06 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-07 20:16 --------- d-------- C:\Documents and Settings\randy\Application Data\MSN6
2007-09-07 20:15 --------- d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-03 09:18 --------- d-------- C:\Program Files\uTorrent
2007-08-29 15:16 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-29 13:42 --------- d-------- C:\Program Files\DivX
2007-08-29 13:02 --------- d-------- C:\Documents and Settings\randy\Application Data\Yahoo!
2007-08-29 13:02 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-27 23:16 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-08-27 17:36 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-26 22:48 --------- d-------- C:\Program Files\Flash N Burn
2007-08-25 21:26 --------- d-------- C:\Documents and Settings\randy\Application Data\AIMP
2007-08-20 22:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-07-30 18:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 68440 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 15:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 15:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_10.22.12.82 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
----a-w 141,424 2006-08-24 16:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 18:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 18:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,856,384 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 163,840 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 62,464 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,225,728 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 393,728 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 814,592 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r 1,165,584 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 73,728 2006-08-02 20:39:06 C:\WINDOWS\system32\asuninst.exe
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 135,168 2007-09-25 06:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 06:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 07:31:42 C:\WINDOWS\system32\javaws.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\rpcrt4.dll
----a-w 613,056 2006-09-03 05:35:16 C:\WINDOWS\system32\SymNeti.dll
----a-w 239,808 2006-09-03 05:35:10 C:\WINDOWS\system32\SymRedir.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 83,432 2007-09-07 00:14:04 C:\WINDOWS\system32\vsdata.dll
----a-w 395,080 2007-09-07 00:14:28 C:\WINDOWS\system32\vsdatant.sys
----a-w 46,568 2007-09-07 00:14:06 C:\WINDOWS\system32\vswmi.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\system32\xpsp3res.dll
----a-w 83,432 2007-09-07 00:14:06 C:\WINDOWS\system32\zlcomm.dll
----a-w 71,144 2007-09-07 00:14:08 C:\WINDOWS\system32\zlcommdb.dll
----a-w 11,776 2003-03-26 02:53:50 C:\WINDOWS\system32\ZPORT4AS.dll
----a-w 110,592 2007-03-29 17:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 233,472 2006-10-06 00:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 96,256 2005-06-03 22:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 36,864 2003-08-01 19:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 86,016 2005-05-20 21:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll
----a-w 4,608 2006-02-17 02:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 348,160 2005-10-26 02:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll
----a-w 139,264 2004-05-04 23:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 21:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 18:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 94,208 2006-02-14 21:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 180,224 2006-02-17 02:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-06 00:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 22:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 22:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 69,632 2006-08-01 21:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll
----a-w 1,388,544 2006-08-23 2108 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 10,752 2006-08-17 19:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 19:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 779,264 2006-08-18 16:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll
----a-w 417,792 2007-03-26 22:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll
----a-w 90,112 2006-08-09 18:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll
----a-w 208,896 2006-07-19 18:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll
----a-w 9,728 2006-01-21 00:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll
----a-w 14,336 2006-05-17 17:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
----a-w 33,280 2006-08-16 18:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll
----a-w 266,240 2006-06-30 22:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll
----a-w 62,976 2006-08-17 22:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll
----a-w 13,312 2006-08-08 21:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll
----a-w 69,632 2006-08-18 16:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll
----a-w 167,936 2006-08-18 16:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll
----a-w 353,840 2007-04-19 01:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll
----a-w 35,328 2007-01-22 22:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll
----a-w 9,488 1997-09-18 14:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll
----a-w 69,632 2006-03-01 01:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
----a-w 16,384 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c----w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 11,968 2006-09-03 05:34:34 C:\WINDOWS\system32\drivers\symdns.sys
----a-w 144,832 2006-09-03 05:34:42 C:\WINDOWS\system32\drivers\symfw.sys
----a-w 39,104 2006-09-03 05:34:50 C:\WINDOWS\system32\drivers\symids.sys
----a-w 33,216 2006-09-03 05:34:46 C:\WINDOWS\system32\drivers\symndis.sys
----a-w 36,032 2006-09-03 05:35:06 C:\WINDOWS\system32\drivers\symndisv.sys
----a-w 26,432 2006-09-03 05:34:56 C:\WINDOWS\system32\drivers\symredrv.sys
----a-w 186,048 2006-09-03 05:35:00 C:\WINDOWS\system32\drivers\symtdi.sys
.
----a-r 1,165,584 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-09-19 18:40:12 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-09-19 18:40:14 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-09-19 18:40:14 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 18:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
------w 61,952 2006-10-17 18:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,856,384 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
------w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 163,840 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:46 C:\WINDOWS\system32\rpcrt4.dll
----a-w 624,784 2007-01-10 17:47:38 C:\WINDOWS\system32\SymNeti.dll
----a-w 242,320 2007-01-10 17:47:38 C:\WINDOWS\system32\SymRedir.dll
----a-w 62,464 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,225,728 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 393,728 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 814,592 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 115,200 2007-03-09 10:02:31 C:\WINDOWS\system32\xpsp3res.dll
----a-w 16,384 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 214,528 2006-10-17 18:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 12,984 2007-01-10 13:32:14 C:\WINDOWS\system32\drivers\symdns.sys
----a-w 145,976 2007-01-10 13:32:14 C:\WINDOWS\system32\drivers\symfw.sys
----a-w 40,120 2007-01-10 13:32:14 C:\WINDOWS\system32\drivers\symids.sys
----a-w 35,256 2007-01-10 13:32:14 C:\WINDOWS\system32\drivers\symndis.sys
----a-w 38,200 2007-01-10 13:32:14 C:\WINDOWS\system32\drivers\symndisv.sys
----a-w 27,576 2007-01-10 13:32:14 C:\WINDOWS\system32\drivers\symredrv.sys
----a-w 191,544 2007-01-10 13:32:14 C:\WINDOWS\system32\drivers\symtdi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 02:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 16:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" []
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" []
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"SMSERIAL"="sm56hlpr.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 09:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 03:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 12:22]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\randy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-27 18:56:26]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 13:00 79368 C:\WINDOWS\system32\UmxWNP.dll

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\CDStart.Exe
Install\Command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
Auto\command - sxs.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}]
AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
*Newly Created Service* - ERASERUTILREBOOTDRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21DB17A7-9EB9-0768-D9C5-22A71AD280F1}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 21:08:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-12 09:36:59 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-08-28 07:37:11 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 02:26:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32:svchost.exe 20480 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-10-12 2:29:48
C:\ComboFix-quarantined-files.txt ... 2007-10-12 02:29
C:\ComboFix2.txt ... 2007-10-10 09:34
C:\ComboFix3.txt ... 2007-10-08 12:25
.
--- E O F ---





















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:29 AM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11020 bytes
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-13-2007, 05:15 PM   #23 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: slimsay's thread
Do you have a Flash Drive...We need to fix this item....
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b6e7aba-4783-11dc-891b-0014a5723710}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

sxs.exe -> Trojan.QQPass.ln


Please run this Flash_Disinfector tool by sUBs ...

http://www.techsupportforum.com/sect...isinfector.exe


Just download the exe file and double click on it to run it...then follow instructions.

A box will pop up telling you to plug in your flash drive and click OK to start the dis infection ... by the way if you try to cross the box of with the X in the corner ... it will run anyway ... after a few seconds a box will pop up saying "done"

-
When you have done that ... please download "Mountpoints Diagnostic.zip" by Mosaic1

http://www.help2go.com/index2.php?op...wnload&id=1450

Unzip it & Double click to run it. It will create a report named Diagnostic.txt. When finished, upload Diagnostic.txt in your next post ...
__________________
Eddy
Last edited by Pancake; 10-13-2007 at 05:18 PM.
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 09:05 AM   #24 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
Diagnostic Report
Sat 10/13/2007 10:00:52.92

Mountpoints > Drives subkeys:
------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0306a677-6d2a-11dc-be8c-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0306a677-6d2a-11dc-be8c-00192167bb26}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0306a677-6d2a-11dc-be8c-00192167bb26}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0306a677-6d2a-11dc-be8c-00192167bb26}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0befcb88-2aaa-11dc-bd72-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f291a96-5e5d-11dc-be45-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26035494-58e4-11dc-be32-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26035494-58e4-11dc-be32-00192167bb26}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26035494-58e4-11dc-be32-00192167bb26}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26035494-58e4-11dc-be32-00192167bb26}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{506fb05f-3f1a-11dc-bde2-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,00,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5338f35a-2479-11dc-bd4b-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{584bfe1c-746c-11dc-bec9-00192167bb26}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a3715da-2427-11dc-a915-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a3715da-2427-11dc-a915-806d6172696f}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a3715da-2427-11dc-a915-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\setup.exe,0"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a3715db-2427-11dc-a915-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a3715dc-2427-11dc-a915-806d6172696f}]
"BaseClass"="Drive"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ae94a99-2523-11dc-bd51-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ae94a99-2523-11dc-bd51-00192167bb26}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ae94a99-2523-11dc-bd51-00192167bb26}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ae94a99-2523-11dc-bd51-00192167bb26}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ae94a9a-2523-11dc-bd51-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
"_CommentFromDesktopINI"=""

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,00,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ee0c80-657a-11dc-be68-00192167bb26}\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ee0c80-657a-11dc-be68-00192167bb26}\Shell\Auto]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ee0c80-657a-11dc-be68-00192167bb26}\Shell\Auto\command]
@="sxs.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ee0c80-657a-11dc-be68-00192167bb26}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ee0c80-657a-11dc-be68-00192167bb26}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}\Shell\AutoRun\command]
@="F:\\LaunchU3.exe -a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}\_Autorun\DefaultIcon]
@="F:\\LaunchU3.exe,0"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e5-357f-11dc-bdbb-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,01,00,5f,\
5f,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e5-357f-11dc-bdbb-00192167bb26}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e5-357f-11dc-bdbb-00192167bb26}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cc795e5-357f-11dc-bdbb-00192167bb26}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9d79b8a-455a-11dc-be04-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9d79b8a-455a-11dc-be04-00192167bb26}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9d79b8a-455a-11dc-be04-00192167bb26}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9d79b8a-455a-11dc-be04-00192167bb26}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7282a73-37da-11dc-bdc4-00192167bb26}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7282a73-37da-11dc-bdc4-00192167bb26}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7282a73-37da-11dc-bdc4-00192167bb26}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7282a73-37da-11dc-bdc4-00192167bb26}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e20087c2-2c37-11dc-bd7d-00192167bb26}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e20087c2-2c37-11dc-bd7d-00192167bb26}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e20087c2-2c37-11dc-bd7d-00192167bb26}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e20087c2-2c37-11dc-bd7d-00192167bb26}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

~~~~~~~~~~~~~~~~~~~~~~~~~
No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

C:\autorun.inf **folder** found
Files in C:\autorun.inf
Who created this folder.txt



D:\autorun.inf **folder** found
Files in D:\autorun.inf
Who created this folder.txt



H:\autorun.inf **folder** found
Files in H:\autorun.inf
Who created this folder.txt
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 04:19 PM   #25 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: slimsay's thread
Can you now get into safe mode ??
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 05:38 PM   #26 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
yes i can now , how you know that wasn't working?
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 06:41 PM   #27 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: slimsay's thread
It showed up in your first ComboFix txt saying that there was no safe mode option.It has now been removed since it was fixed...


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert all thumb drives if you have more than 1.


Open *notepad* and copy/paste the text in the code box below into it:


Code:
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
__________________
Eddy
Last edited by Ried; 10-14-2007 at 09:45 PM.
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 10:12 PM   #28 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
ComboFix 07-10-08.3 - randy 2007-10-13 22:59:55.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126 [GMT -8:00]
Running from: C:\Documents and Settings\randy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\randy\Desktop\CFScript.txt
* Created a new restore point
.
ADS - system32: deleted 37888 bytes in 2 streams.

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-13 18:22 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Eset
2007-10-13 17:38 <DIR> d-------- C:\WINDOWS\system32\eScan
2007-10-13 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-10-13 11:10 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-13 11:10 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-13 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-13 11:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-13 09:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-13 09:54 <DIR> drahs---- C:\autorun.inf
2007-10-12 23:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Help
2007-10-12 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-12 21:01 <DIR> d-------- C:\WINDOWS\system32\CBA
2007-10-12 20:28 1,079 --a------ C:\smbios.bin
2007-10-10 09:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\BitDefender
2007-10-10 07:38 <DIR> d-------- C:\Documents and Settings\randy\Downloads
2007-10-10 01:18 <DIR> d-------- C:\Documents and Settings\randy\Application Data\CheckPoint
2007-10-10 01:17 <DIR> d-------- C:\Program Files\CheckPoint
2007-10-09 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-09 01:20 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-09 00:22 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 23:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-08 23:42 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-08 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-08 23:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 22:39 <DIR> d-------- C:\Program Files\CCleaner
2007-10-08 18:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 12:32 <DIR> d-------- C:\VundoFix Backups
2007-10-07 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-07 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-07 13:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor
2007-10-07 13:17 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-10-07 13:13 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-07 13:10 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-10-07 13:10 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-07 13:10 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-07 13:10 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-07 13:10 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-10-07 13:10 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-07 13:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-07 13:10 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-10-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-04 23:16 <DIR> d-------- C:\WINDOWS\config
2007-10-04 15:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\FogelSoft
2007-10-04 15:00 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Opera
2007-10-03 23:36 <DIR> d-------- C:\Program Files\SuperBladePro
2007-10-03 22:35 <DIR> d-------- C:\Deckard
2007-10-03 22:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-01 14:23 4,912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-01 11:54 <DIR> d-------- C:\Program Files\Windows Live
2007-09-30 14:35 <DIR> d-------- C:\Program Files\ViStart_www.softarchive.net
2007-09-29 18:06 <DIR> d-------- C:\Program Files\XP Repair Pro 2007
2007-09-29 17:57 <DIR> d-------- C:\Program Files\XPRepairPro2006
2007-09-28 14:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Leadertech
2007-09-28 01:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-27 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-26 18:59 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-26 18:53 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-09-26 18:52 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-09-26 18:52 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-09-26 18:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-26 18:46 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-09-26 10:49 <DIR> d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:11 <DIR> d-------- C:\Program Files\Formosoft
2007-09-26 07:11 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-09-26 07:11 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-09-26 06:54 <DIR> d-------- C:\Program Files\3D Fish School 3
2007-09-26 06:54 4,770,816 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-09-26 06:54 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-09-24 21:15 249,856 --------- C:\WINDOWS\Setup1.exe
2007-09-24 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-09-24 14:46 <DIR> d-------- C:\Program Files\AIMP2
2007-09-21 09:17 52,232 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-09-21 09:17 50,184 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-09-21 09:17 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-19 19:21 <DIR> d-------- C:\Program Files\Microsoft Encarta
2007-09-18 19:52 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Symantec
2007-09-18 00:29 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 00:29 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 00:29 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 00:29 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-14 23:11 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-09-14 22:59 <DIR> d-------- C:\Program Files\MSBuild
2007-09-14 22:59 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-14 22:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-14 22:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-14 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 22:27 <DIR> d-------- C:\Program Files\PowerISO
2007-09-14 13:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-14 09:51 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 18:45 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-10-13 18:45 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-10-13 18:45 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-10-13 18:45 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-10-13 18:45 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-10-13 18:45 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-10-13 18:45 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-10-13 18:45 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-10-13 15:54 --------- d-------- C:\Documents and Settings\randy\Application Data\uTorrent
2007-10-13 11:10 --------- d-------- C:\Program Files\Trend Micro
2007-10-13 09:35 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-13 00:47 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-13 00:47 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-12 23:52 --------- d-------- C:\Program Files\Xilisoft
2007-10-10 16:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-07 23:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-07 13:17 --------- d-------- C:\Program Files\Ahead
2007-10-07 13:09 --------- d-------- C:\Program Files\Common Files\Ahead
2007-10-04 15:01 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-10-04 15:01 --------- d-------- C:\Program Files\OneStepSearch
2007-10-04 15:01 --------- d-------- C:\Documents and Settings\randy\Application Data\dvdcss
2007-10-04 15:01 --------- d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-01 14:40 72074 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-10-01 11:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-28 12:24 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-26 10:49 --------- d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:08 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-19 20:12 --------- d-------- C:\Program Files\Yahoo!
2007-09-19 20:12 --------- d-------- C:\Program Files\Common Files\Scanner
2007-09-18 23:37 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-18 23:37 --------- d-------- C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com
2007-09-18 00:29 138512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-17 17:05 --------- d-------- C:\Documents and Settings\randy\Application Data\Apple Computer
2007-09-14 22:06 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-07 20:16 --------- d-------- C:\Documents and Settings\randy\Application Data\MSN6
2007-09-07 20:15 --------- d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-03 09:18 --------- d-------- C:\Program Files\uTorrent
2007-08-29 15:16 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-29 13:42 --------- d-------- C:\Program Files\DivX
2007-08-29 13:02 --------- d-------- C:\Documents and Settings\randy\Application Data\Yahoo!
2007-08-29 13:02 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-27 23:16 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-08-27 17:36 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-26 22:48 --------- d-------- C:\Program Files\Flash N Burn
2007-08-25 21:26 --------- d-------- C:\Documents and Settings\randy\Application Data\AIMP
2007-08-20 22:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-07-30 18:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 68440 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 15:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 15:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_10.22.12.82 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
----a-w 141,424 2006-08-24 16:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 18:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 18:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,856,384 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 163,840 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 62,464 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,225,728 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 393,728 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 814,592 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 96,256 2007-09-18 08:29:54 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 08:29:54 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 08:29:54 C:\WINDOWS\Installer\TmDbg32.dll
----a-r 1,165,584 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-r 22,862 2007-10-14 02:22:28 C:\WINDOWS\Installer\{C23C7DB5-9598-495C-A44A-175ED4927528}\controlPanelIcon.exe
----a-r 10,134 2007-10-14 02:22:28 C:\WINDOWS\Installer\{C23C7DB5-9598-495C-A44A-175ED4927528}\SystemFolder_msiexec.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 73,728 2006-08-02 20:39:06 C:\WINDOWS\system32\asuninst.exe
----a-w 13,824 2000-09-19 01:16:20 C:\WINDOWS\system32\cba.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 135,168 2007-09-25 06:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 06:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 07:31:42 C:\WINDOWS\system32\javaws.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
------w 77,824 2000-09-19 01:12:40 C:\WINDOWS\system32\LOC32VC0.DLL
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 20,992 2000-09-19 01:16:20 C:\WINDOWS\system32\msgsys.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
------w 1,039,360 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJET35.DLL
------w 37,136 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJINT35.DLL
------w 24,336 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJTER35.DLL
------w 169,984 2000-09-19 01:12:40 C:\WINDOWS\system32\MSLTUS35.DLL
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
------w 251,664 2000-09-19 01:12:40 C:\WINDOWS\system32\MSRD2X35.DLL
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 45,056 2001-09-24 15:59:00 C:\WINDOWS\system32\NavLogon.dll
----a-w 61,952 2000-09-19 01:16:20 C:\WINDOWS\system32\nts.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
------w 77,824 2000-09-19 01:12:40 C:\WINDOWS\system32\ODBCTL32.DLL
----a-w 81,408 2000-09-19 01:16:20 C:\WINDOWS\system32\pds.dll
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
------w 368,912 2000-09-19 01:12:40 C:\WINDOWS\system32\VBAR332.DLL
----a-w 83,432 2007-09-07 00:14:04 C:\WINDOWS\system32\vsdata.dll
----a-w 395,080 2007-09-07 00:14:28 C:\WINDOWS\system32\vsdatant.sys
----a-w 46,568 2007-09-07 00:14:06 C:\WINDOWS\system32\vswmi.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\system32\xpsp3res.dll
----a-w 83,432 2007-09-07 00:14:06 C:\WINDOWS\system32\zlcomm.dll
----a-w 71,144 2007-09-07 00:14:08 C:\WINDOWS\system32\zlcommdb.dll
----a-w 11,776 2003-03-26 02:53:50 C:\WINDOWS\system32\ZPORT4AS.dll
----a-w 110,592 2007-03-29 17:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 233,472 2006-10-06 00:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 96,256 2005-06-03 22:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 36,864 2003-08-01 19:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 86,016 2005-05-20 21:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll
----a-w 4,608 2006-02-17 02:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 348,160 2005-10-26 02:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll
----a-w 139,264 2004-05-04 23:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 21:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 18:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 94,208 2006-02-14 21:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 180,224 2006-02-17 02:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-06 00:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 22:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 22:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 69,632 2006-08-01 21:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll
----a-w 1,388,544 2006-08-23 2108 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 10,752 2006-08-17 19:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 19:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 779,264 2006-08-18 16:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll
----a-w 417,792 2007-03-26 22:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll
----a-w 90,112 2006-08-09 18:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll
----a-w 208,896 2006-07-19 18:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll
----a-w 9,728 2006-01-21 00:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll
----a-w 14,336 2006-05-17 17:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
----a-w 33,280 2006-08-16 18:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll
----a-w 266,240 2006-06-30 22:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll
----a-w 62,976 2006-08-17 22:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll
----a-w 13,312 2006-08-08 21:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll
----a-w 69,632 2006-08-18 16:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll
----a-w 167,936 2006-08-18 16:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll
----a-w 353,840 2007-04-19 01:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll
----a-w 35,328 2007-01-22 22:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll
----a-w 9,488 1997-09-18 14:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll
----a-w 69,632 2006-03-01 01:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
----a-w 16,384 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c----w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
.
----a-r 1,165,584 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-09-19 18:40:12 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-09-19 18:40:14 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-09-19 18:40:14 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 18:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
------w 61,952 2006-10-17 18:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,856,384 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
------w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 163,840 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:46 C:\WINDOWS\system32\rpcrt4.dll
----a-w 62,464 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,225,728 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 393,728 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 814,592 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 115,200 2007-03-09 10:02:31 C:\WINDOWS\system32\xpsp3res.dll
----a-w 16,384 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 214,528 2006-10-17 18:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 02:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 16:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" []
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" []
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"SMSERIAL"="sm56hlpr.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [2007-09-21 09:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 12:22]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
@=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\randy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-27 18:56:26]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 13:00 79368 C:\WINDOWS\system32\UmxWNP.dll

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\Eset\Eset Smart Security\ekrn.exe"
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe"
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\CDStart.Exe
Install\Command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
Auto\command - sxs.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}]
AutoRun\command - F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21DB17A7-9EB9-0768-D9C5-22A71AD280F1}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 21:08:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 04:00:56 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job"
"2007-08-28 07:37:11 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 23:02:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-13 23:04:13
C:\ComboFix-quarantined-files.txt ... 2007-10-13 23:03
C:\ComboFix2.txt ... 2007-10-12 02:29
C:\ComboFix3.txt ... 2007-10-10 09:34
.
--- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:29 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\Eset Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\Eset Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 10243 bytes
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 10:17 PM   #29 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
yea you better tutor me on reading those codes lol!
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 10:41 PM   #30 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: slimsay's thread
I am still trying to remove a registry setting but it may be tied in with other files so I may have to consult with others...
__________________
Eddy
Last edited by Pancake; 10-14-2007 at 10:43 PM.
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 11:32 PM   #31 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: slimsay's thread
Something I was going to do later in the final cleanup so lets do it now...You have three anti virus programs active.CA Internet Security Suite,Eset and Norton/Symantec.Choose one and then remove the others via Add/Remove.These will only conflict with each other and give you problems.

======================

Run a scan with HijackThis and fix these entries:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

Click 'Fix Checked' and close HijackThis.

=====================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:


Quote:




File::
C:\WINDOWS\system32\sxs.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21DB17A7-9EB9-0768-D9C5-22A71AD280F1}]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

===========================

Also please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:



Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 01:22 AM   #32 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
well uninstallingthe anti virus normal way through add and remove isn't working, so do you ave software that can remove it , i want to keep eset nod32 and remove the other 2, i have been trying to uninstall them
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 01:23 AM   #33 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
ComboFix 07-10-08.3 - randy 2007-10-14 2:04:53.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.90 [GMT -8:00]
Running from: C:\Documents and Settings\randy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\randy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 00:42 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-10-14 00:42 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-10-14 00:41 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-10-13 23:56 <DIR> d-------- C:\Program Files\Rainy Screensaver
2007-10-13 23:56 1,175,700 --a------ C:\WINDOWS\system32\RainySs.scr
2007-10-13 18:22 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Eset
2007-10-13 17:38 <DIR> d-------- C:\WINDOWS\system32\eScan
2007-10-13 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-10-13 11:10 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-13 11:10 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-13 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-13 11:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-13 09:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-13 09:54 <DIR> drahs---- C:\autorun.inf
2007-10-12 23:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Help
2007-10-12 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-12 21:01 <DIR> d-------- C:\WINDOWS\system32\CBA
2007-10-12 20:28 1,079 --a------ C:\smbios.bin
2007-10-10 09:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\BitDefender
2007-10-10 07:38 <DIR> d-------- C:\Documents and Settings\randy\Downloads
2007-10-10 01:18 <DIR> d-------- C:\Documents and Settings\randy\Application Data\CheckPoint
2007-10-10 01:17 <DIR> d-------- C:\Program Files\CheckPoint
2007-10-09 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-09 01:20 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-09 00:22 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 23:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-08 23:42 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-08 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-08 23:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 22:39 <DIR> d-------- C:\Program Files\CCleaner
2007-10-08 18:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 12:32 <DIR> d-------- C:\VundoFix Backups
2007-10-07 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-07 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-07 13:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor
2007-10-07 13:17 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-10-07 13:13 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-07 13:10 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-10-07 13:10 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-07 13:10 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-07 13:10 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-07 13:10 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-10-07 13:10 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-07 13:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-07 13:10 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-10-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-04 23:16 <DIR> d-------- C:\WINDOWS\config
2007-10-04 15:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\FogelSoft
2007-10-04 15:00 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Opera
2007-10-03 23:36 <DIR> d-------- C:\Program Files\SuperBladePro
2007-10-03 22:35 <DIR> d-------- C:\Deckard
2007-10-03 22:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-01 14:23 4,912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-01 11:54 <DIR> d-------- C:\Program Files\Windows Live
2007-09-30 14:35 <DIR> d-------- C:\Program Files\ViStart
2007-09-29 18:06 <DIR> d-------- C:\Program Files\XP Repair Pro 2007
2007-09-29 17:57 <DIR> d-------- C:\Program Files\XPRepairPro2006
2007-09-28 14:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Leadertech
2007-09-28 01:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-27 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-26 18:59 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-26 18:53 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-09-26 18:52 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-09-26 18:52 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-09-26 18:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-26 18:46 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-09-26 10:49 <DIR> d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:11 <DIR> d-------- C:\Program Files\Formosoft
2007-09-26 07:11 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-09-26 07:11 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-09-26 06:54 <DIR> d-------- C:\Program Files\3D Fish School 3
2007-09-26 06:54 4,770,816 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-09-26 06:54 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-09-24 21:15 249,856 --------- C:\WINDOWS\Setup1.exe
2007-09-24 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-09-24 14:46 <DIR> d-------- C:\Program Files\AIMP2
2007-09-21 09:17 52,232 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-09-21 09:17 50,184 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-09-21 09:17 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-19 19:21 <DIR> d-------- C:\Program Files\Microsoft Encarta
2007-09-18 19:52 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Symantec
2007-09-18 00:29 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 00:29 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 00:29 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 00:29 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-14 23:11 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-09-14 22:59 <DIR> d-------- C:\Program Files\MSBuild
2007-09-14 22:59 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-14 22:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-14 22:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-14 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 22:27 <DIR> d-------- C:\Program Files\PowerISO
2007-09-14 13:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-14 09:51 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 23:05 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-10-13 23:05 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-10-13 23:05 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-10-13 23:05 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-10-13 23:05 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-10-13 23:05 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-10-13 23:05 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-10-13 23:05 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-10-13 15:54 --------- d-------- C:\Documents and Settings\randy\Application Data\uTorrent
2007-10-13 11:10 --------- d-------- C:\Program Files\Trend Micro
2007-10-13 09:35 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-13 00:47 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-13 00:47 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-12 23:52 --------- d-------- C:\Program Files\Xilisoft
2007-10-10 16:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-07 23:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-07 13:17 --------- d-------- C:\Program Files\Ahead
2007-10-07 13:09 --------- d-------- C:\Program Files\Common Files\Ahead
2007-10-04 15:01 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-10-04 15:01 --------- d-------- C:\Program Files\OneStepSearch
2007-10-04 15:01 --------- d-------- C:\Documents and Settings\randy\Application Data\dvdcss
2007-10-04 15:01 --------- d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-01 14:40 72074 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-10-01 11:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-28 12:24 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-26 10:49 --------- d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:08 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-19 20:12 --------- d-------- C:\Program Files\Yahoo!
2007-09-19 20:12 --------- d-------- C:\Program Files\Common Files\Scanner
2007-09-18 23:37 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-18 23:37 --------- d-------- C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com
2007-09-18 00:29 138512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-17 17:05 --------- d-------- C:\Documents and Settings\randy\Application Data\Apple Computer
2007-09-14 22:06 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-07 20:16 --------- d-------- C:\Documents and Settings\randy\Application Data\MSN6
2007-09-07 20:15 --------- d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-03 09:18 --------- d-------- C:\Program Files\uTorrent
2007-08-29 15:16 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-29 13:42 --------- d-------- C:\Program Files\DivX
2007-08-29 13:02 --------- d-------- C:\Documents and Settings\randy\Application Data\Yahoo!
2007-08-29 13:02 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-27 23:16 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-08-27 17:36 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-26 22:48 --------- d-------- C:\Program Files\Flash N Burn
2007-08-25 21:26 --------- d-------- C:\Documents and Settings\randy\Application Data\AIMP
2007-08-20 22:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-07-30 18:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 68440 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 15:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 15:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_10.22.12.82 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
----a-w 141,424 2006-08-24 16:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 18:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 18:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,856,384 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 163,840 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 62,464 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,225,728 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 393,728 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 814,592 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 96,256 2007-09-18 08:29:54 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 08:29:54 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 08:29:54 C:\WINDOWS\Installer\TmDbg32.dll
----a-r 1,165,584 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-r 22,862 2007-10-14 02:22:28 C:\WINDOWS\Installer\{C23C7DB5-9598-495C-A44A-175ED4927528}\controlPanelIcon.exe
----a-r 10,134 2007-10-14 02:22:28 C:\WINDOWS\Installer\{C23C7DB5-9598-495C-A44A-175ED4927528}\SystemFolder_msiexec.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 73,728 2006-08-02 20:39:06 C:\WINDOWS\system32\asuninst.exe
----a-w 13,824 2000-09-19 01:16:20 C:\WINDOWS\system32\cba.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 135,168 2007-09-25 06:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 06:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 07:31:42 C:\WINDOWS\system32\javaws.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
------w 77,824 2000-09-19 01:12:40 C:\WINDOWS\system32\LOC32VC0.DLL
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 20,992 2000-09-19 01:16:20 C:\WINDOWS\system32\msgsys.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
------w 1,039,360 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJET35.DLL
------w 37,136 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJINT35.DLL
------w 24,336 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJTER35.DLL
------w 169,984 2000-09-19 01:12:40 C:\WINDOWS\system32\MSLTUS35.DLL
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
------w 251,664 2000-09-19 01:12:40 C:\WINDOWS\system32\MSRD2X35.DLL
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 45,056 2001-09-24 15:59:00 C:\WINDOWS\system32\NavLogon.dll
----a-w 61,952 2000-09-19 01:16:20 C:\WINDOWS\system32\nts.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
------w 77,824 2000-09-19 01:12:40 C:\WINDOWS\system32\ODBCTL32.DLL
----a-w 81,408 2000-09-19 01:16:20 C:\WINDOWS\system32\pds.dll
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
------w 368,912 2000-09-19 01:12:40 C:\WINDOWS\system32\VBAR332.DLL
----a-w 83,432 2007-09-07 00:14:04 C:\WINDOWS\system32\vsdata.dll
----a-w 395,080 2007-09-07 00:14:28 C:\WINDOWS\system32\vsdatant.sys
----a-w 46,568 2007-09-07 00:14:06 C:\WINDOWS\system32\vswmi.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\system32\xpsp3res.dll
----a-w 83,432 2007-09-07 00:14:06 C:\WINDOWS\system32\zlcomm.dll
----a-w 71,144 2007-09-07 00:14:08 C:\WINDOWS\system32\zlcommdb.dll
----a-w 11,776 2003-03-26 02:53:50 C:\WINDOWS\system32\ZPORT4AS.dll
----a-w 110,592 2007-03-29 17:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 233,472 2006-10-06 00:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 96,256 2005-06-03 22:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 36,864 2003-08-01 19:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 86,016 2005-05-20 21:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll
----a-w 4,608 2006-02-17 02:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 348,160 2005-10-26 02:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll
----a-w 139,264 2004-05-04 23:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 21:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 18:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 94,208 2006-02-14 21:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 180,224 2006-02-17 02:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-06 00:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 22:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 22:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 69,632 2006-08-01 21:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll
----a-w 1,388,544 2006-08-23 2108 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 10,752 2006-08-17 19:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 19:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 779,264 2006-08-18 16:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll
----a-w 417,792 2007-03-26 22:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll
----a-w 90,112 2006-08-09 18:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll
----a-w 208,896 2006-07-19 18:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll
----a-w 9,728 2006-01-21 00:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll
----a-w 14,336 2006-05-17 17:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
----a-w 33,280 2006-08-16 18:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll
----a-w 266,240 2006-06-30 22:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll
----a-w 62,976 2006-08-17 22:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll
----a-w 13,312 2006-08-08 21:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll
----a-w 69,632 2006-08-18 16:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll
----a-w 167,936 2006-08-18 16:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll
----a-w 353,840 2007-04-19 01:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll
----a-w 35,328 2007-01-22 22:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll
----a-w 9,488 1997-09-18 14:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll
----a-w 69,632 2006-03-01 01:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
----a-w 16,384 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c----w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
.
----a-r 1,165,584 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-09-19 18:40:12 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-09-19 18:40:14 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-09-19 18:40:14 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 18:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
------w 61,952 2006-10-17 18:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,856,384 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
------w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 163,840 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:46 C:\WINDOWS\system32\rpcrt4.dll
----a-w 62,464 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,225,728 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 393,728 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 814,592 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 115,200 2007-03-09 10:02:31 C:\WINDOWS\system32\xpsp3res.dll
----a-w 16,384 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 214,528 2006-10-17 18:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 02:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 16:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" []
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" []
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"SMSERIAL"="sm56hlpr.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [2007-09-21 09:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 12:22]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
@=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\randy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-27 18:56:26]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 13:00 79368 C:\WINDOWS\system32\UmxWNP.dll

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\Eset\Eset Smart Security\ekrn.exe"
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe"
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\CDStart.Exe
Install\Command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
Auto\command - sxs.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}]
AutoRun\command - F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21DB17A7-9EB9-0768-D9C5-22A71AD280F1}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 21:08:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 04:00:56 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job"
"2007-08-28 07:37:11 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 02:09:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 2:10:45
C:\ComboFix-quarantined-files.txt ... 2007-10-14 02:10
C:\ComboFix2.txt ... 2007-10-13 23:04
C:\ComboFix3.txt ... 2007-10-12 02:29
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:45 AM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\Eset Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\Eset Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9729 bytes
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 01:36 AM   #34 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: slimsay's thread
Dont forget to do the online scan....do the other av's have uninstall in their program files..??
__________________
Eddy
Last edited by Pancake; 10-15-2007 at 01:39 AM.
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 01:51 AM   #35 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
im doing the scan rite now , uninstalling the anti virus, there is no file for Norton or bitdefender in the program file , . and i only saw Norton in the add and remove category, i guess windows remove the files from program files but never remove the program,
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 01:56 AM   #36 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
I am gonna call it night tomorrow i will do the scan an post the kaspersky report , if u ave another way to remove programs post it thank you
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 10:52 AM   #37 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 11:48:35 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/10/2007
Kaspersky Anti-Virus database records: 436223
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 72342
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 02:26:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Document Building Blocks\1033\Building Blocks.dotx Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Groove12.pip Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\randy's Documents.LNK Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\virus.LNK Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word12.pip Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\UProof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\bookmarkbackups\bookmarks-2007-10-03.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\bookmarks.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\bookmarks.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\chrome\userChrome-example.css Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\chrome\userContent-example.css Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\compatibility.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\compreg.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\extensions.cache Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\extensions.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\extensions.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\hostperm.1 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\localstore.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\metrics.xml Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\mimeTypes.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\prefs.js Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\search.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\secmod.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\user.js Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\user.js.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\xpti.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2007091417\manifest.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2007091417\permdata.box Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\catchme.zip Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\XPC.mfl Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6nkb3beq.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\26GIWU54\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\999PXT3K\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TLHQ3U8Y\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZKXSI9VD\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Desktop.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Kaspersky 7.0.0.127en + activation.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\randy's Documents.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\README.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\trojan voundo.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\virus.lnk Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Eset\Eset Smart Security\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Eset\Eset Smart Security\Logs\epfwlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Eset\Eset Smart Security\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Eset\Eset Smart Security\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\randy\Application Data\Mozilla\Firefox\Profiles\0x6ary9a.default\cert8.db Object is locked skipped
C:\Documents and Settings\randy\Application Data\Mozilla\Firefox\Profiles\0x6ary9a.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\randy\Application Data\Mozilla\Firefox\Profiles\0x6ary9a.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\randy\Application Data\Mozilla\Firefox\Profiles\0x6ary9a.default\history.dat Object is locked skipped
C:\Documents and Settings\randy\Application Data\Mozilla\Firefox\Profiles\0x6ary9a.default\key3.db Object is locked skipped
C:\Documents and Settings\randy\Application Data\Mozilla\Firefox\Profiles\0x6ary9a.default\parent.lock Object is locked skipped
C:\Documents and Settings\randy\Application Data\Mozilla\Firefox\Profiles\0x6ary9a.default\search.sqlite Object is locked skipped
C:\Documents and Settings\randy\Application Data\Mozilla\Firefox\Profiles\0x6ary9a.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\randy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\randy\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\randy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\randy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\randy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\randy\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
C:\Documents and Settings\randy\Local Settings\Temp\~DFAE47.tmp Object is locked skipped
C:\Documents and Settings\randy\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\randy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\randy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\randy\ntuser.dat.LOG Object is locked skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1848OinUninstaller.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\qoobox\Quarantine\C\Program Files\STEM~1\tracert.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ijslfowg.dll.vir Infected: Trojan.Win32.Pakes.sd skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oumkgqmg.dll.vir Infected: Trojan.Win32.Pakes.sd skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A3F5F3F7-53F8-45E8-90C9-2F7301F7130E}\RP32\change.log Object is locked skipped
C:\VundoFix Backups\anulrisl.dll.bad Infected: Trojan.Win32.Pakes.sd skipped
C:\VundoFix Backups\faeyulna.dll.bad Infected: Trojan.Win32.Pakes.sd skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008341.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008342.ver Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008343.msi Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008344.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008345.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008346.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008347.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008348.CAT Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008349.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008350.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008351.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008352.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008353.ini Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008354.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008355.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008356.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008357.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008358.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008359.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008360.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008361.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008362.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008363.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008364.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008365.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008366.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008367.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008368.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008369.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008370.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008371.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008372.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008373.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008374.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008375.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008376.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008377.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008378.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008379.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008380.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008381.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008382.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008383.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008384.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008385.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008386.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008387.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008388.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008389.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008390.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008391.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008392.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008393.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008394.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008395.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008396.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008397.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008398.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008399.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008400.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008401.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008402.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008403.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008404.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008405.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008406.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008407.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008408.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008409.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008410.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008411.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008412.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008413.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008414.tlb Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008415.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008416.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008417.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008418.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008419.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008420.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008421.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008422.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008423.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008424.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008425.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008426.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008427.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008428.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008429.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008430.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008431.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008432.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008433.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008434.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008435.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008436.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008437.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008438.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008439.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008440.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008441.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008442.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008443.sys Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008444.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008445.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008446.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008447.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008448.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008449.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008450.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008451.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008452.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008453.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008454.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008455.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008456.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008457.sys Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008458.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008459.com Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008460.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008461.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008462.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008463.ocx Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008464.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008465.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008466.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008467.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008468.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008469.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008470.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008471.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008472.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008473.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008474.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008475.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008476.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008477.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008478.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008479.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008480.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008481.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008482.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008483.tlb Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008484.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008485.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008486.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008487.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008488.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008489.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008490.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008491.msc Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008492.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008493.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008494.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008495.cmd Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008496.mof Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008497.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008498.sys Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008499.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008500.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008501.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008502.msi Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008503.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008504.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008505.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008506.sif Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008507.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008508.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008509.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008510.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008511.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008512.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008513.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008514.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008515.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008516.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008517.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008518.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008519.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008520.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008521.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008522.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008523.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008524.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008525.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008526.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008527.msi Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008528.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008529.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008530.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008531.sif Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008532.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008533.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008534.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008535.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008536.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008537.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008538.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008539.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008540.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008541.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008542.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008543.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008544.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008545.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008546.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008547.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008548.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008549.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008550.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008551.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008552.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008553.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008554.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008555.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008556.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008557.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008558.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008559.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008560.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008561.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008562.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008563.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008564.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008565.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008566.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008567.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008568.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008569.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008570.sdb Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008571.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008572.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008573.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008574.ini Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008575.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008576.inf Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008577.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008578.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008579.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008580.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008581.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008582.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008583.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008584.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008585.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008586.ini Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008587.ini Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008588.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008589.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008590.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008591.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008592.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008593.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008594.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008595.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008596.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008597.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008598.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008599.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008600.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008601.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008602.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008603.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008604.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008605.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008606.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008607.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008608.cat Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008609.exe Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008610.dll Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008611.wa_ Object is locked skipped
D:\System Volume Information\_restore{A3EDB4C1-1FD3-4CBE-B313-0827D287BAFD}\RP19\A0008612.wa_ Object is locked skipped

Scan process completed.
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 10:53 AM   #38 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
please tell me how i can uninstall these two anti virus
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 05:03 PM   #39 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: slimsay's thread
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Close any open browsers.

--------------------------------------------------------------------

Run HJT and go to the "Open misc tools section" then "Open Uninstall Manager" click on "Save List" and post it in your next reply.

---------------------------------------------------------

Still within Misc. Tools:
Click on Open ADS Spy...
Click Scan
Remove anything it finds. Save the log and post that in your next reply as well.

---------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:


Quote:
File::
C:\WINDOWS\system32\sxs.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21DB17A7-9EB9-0768-D9C5-22A71AD280F1}]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Return with the following reports:

Uninstall_list.txt
ADS Spy log
C:\ComboFix.txt
__________________
Eddy
Last edited by Ried; 10-15-2007 at 05:53 PM.
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 07:58 PM   #40 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 53
OS: xp


Re: slimsay's thread
3D Fish School Screen Saver 3.94
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Illustrator CS2
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
AIMP2
Apple Mobile Device Support
Apple Software Update
Aqua Real
Ashampoo WinOptimizer 4.35
CCleaner (remove only)
DivX Content Uploader
DivX Web Player
DVD Creator3
Eset Smart Security
FTDI USB Serial Converter Drivers
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java DB 10.2.2.0
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3
Kaspersky Online Scanner
Media Library Management Wizard
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero Suite
neroxml
Norton AntiVirus Corporate Edition
OneStep Search 1.0 build 120
Pack Vista Inspirat 2 1.0
Panda ActiveScan
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PowerISO
QuickTime
Rainy Screensaver 2.2.15
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Shockwave
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb942575)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
Update Manager
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.6a
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar





ComboFix 07-10-08.3 - randy 2007-10-14 20:45:55.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.157 [GMT -8:00]
Running from: C:\Documents and Settings\randy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\randy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 02:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-14 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 00:42 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-10-14 00:42 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-10-14 00:41 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-10-13 23:56 <DIR> d-------- C:\Program Files\Rainy Screensaver
2007-10-13 23:56 1,175,700 --a------ C:\WINDOWS\system32\RainySs.scr
2007-10-13 18:22 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Eset
2007-10-13 17:38 <DIR> d-------- C:\WINDOWS\system32\eScan
2007-10-13 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-10-13 11:10 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-13 11:10 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-13 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-13 11:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-13 09:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-13 09:54 <DIR> drahs---- C:\autorun.inf
2007-10-12 23:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Help
2007-10-12 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-12 21:01 <DIR> d-------- C:\WINDOWS\system32\CBA
2007-10-12 20:28 1,079 --a------ C:\smbios.bin
2007-10-10 09:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\BitDefender
2007-10-10 07:38 <DIR> d-------- C:\Documents and Settings\randy\Downloads
2007-10-10 01:18 <DIR> d-------- C:\Documents and Settings\randy\Application Data\CheckPoint
2007-10-10 01:17 <DIR> d-------- C:\Program Files\CheckPoint
2007-10-09 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-09 01:20 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-09 00:22 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 23:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-08 23:42 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-08 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-08 23:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 22:39 <DIR> d-------- C:\Program Files\CCleaner
2007-10-08 18:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 12:32 <DIR> d-------- C:\VundoFix Backups
2007-10-07 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-07 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-07 13:47 <DIR> d-------- C:\Documents and Settings\randy\Application Data\SiteAdvisor
2007-10-07 13:17 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-10-07 13:13 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-07 13:10 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-10-07 13:10 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-07 13:10 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-07 13:10 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-07 13:10 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-10-07 13:10 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-07 13:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-07 13:10 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-10-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-04 23:16 <DIR> d-------- C:\WINDOWS\config
2007-10-04 15:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\FogelSoft
2007-10-04 15:00 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Opera
2007-10-03 23:36 <DIR> d-------- C:\Program Files\SuperBladePro
2007-10-03 22:35 <DIR> d-------- C:\Deckard
2007-10-03 22:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-01 14:23 4,912 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-01 11:54 <DIR> d-------- C:\Program Files\Windows Live
2007-09-30 14:35 <DIR> d-------- C:\Program Files\ViStart
2007-09-29 18:06 <DIR> d-------- C:\Program Files\XP Repair Pro 2007
2007-09-29 17:57 <DIR> d-------- C:\Program Files\XPRepairPro2006
2007-09-28 14:01 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Leadertech
2007-09-28 01:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-27 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-09-26 18:59 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-26 18:53 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-09-26 18:52 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-09-26 18:52 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-09-26 18:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-26 18:46 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-09-26 10:49 <DIR> d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:11 <DIR> d-------- C:\Program Files\Formosoft
2007-09-26 07:11 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-09-26 07:11 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-09-26 06:54 <DIR> d-------- C:\Program Files\3D Fish School 3
2007-09-26 06:54 4,770,816 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-09-26 06:54 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-09-24 21:15 249,856 --------- C:\WINDOWS\Setup1.exe
2007-09-24 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-09-24 14:46 <DIR> d-------- C:\Program Files\AIMP2
2007-09-21 09:17 52,232 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-09-21 09:17 50,184 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-09-21 09:17 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-19 19:21 <DIR> d-------- C:\Program Files\Microsoft Encarta
2007-09-18 19:52 <DIR> d-------- C:\Documents and Settings\randy\Application Data\Symantec
2007-09-18 00:29 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 00:29 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 00:29 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 00:29 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 17:53 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-10-14 17:53 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-10-14 17:53 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-10-14 17:53 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-10-14 17:53 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-10-14 17:53 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-10-14 17:53 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-10-14 17:53 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-10-14 14:31 --------- d-------- C:\Documents and Settings\randy\Application Data\uTorrent
2007-10-13 11:10 --------- d-------- C:\Program Files\Trend Micro
2007-10-13 11:00 --------- d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-13 09:35 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-13 00:47 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-13 00:47 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-12 23:52 --------- d-------- C:\Program Files\Xilisoft
2007-10-10 16:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-07 23:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-07 13:17 --------- d-------- C:\Program Files\Ahead
2007-10-07 13:09 --------- d-------- C:\Program Files\Common Files\Ahead
2007-10-04 15:01 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-10-04 15:01 --------- d-------- C:\Program Files\OneStepSearch
2007-10-04 15:01 --------- d-------- C:\Documents and Settings\randy\Application Data\dvdcss
2007-10-04 15:01 --------- d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-01 14:40 72074 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-10-01 11:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-28 12:24 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-26 10:49 --------- d-------- C:\Documents and Settings\randy\Application Data\???????sAppData
2007-09-26 07:08 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-19 20:12 --------- d-------- C:\Program Files\Yahoo!
2007-09-19 20:12 --------- d-------- C:\Program Files\Common Files\Scanner
2007-09-18 23:37 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-18 23:37 --------- d-------- C:\Documents and Settings\randy\Application Data\SUPERAntiSpyware.com
2007-09-18 00:29 138512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-17 17:05 --------- d-------- C:\Documents and Settings\randy\Application Data\Apple Computer
2007-09-14 22:59 --------- d-------- C:\Program Files\MSBuild
2007-09-14 22:59 --------- d-------- C:\Program Files\Microsoft Works
2007-09-14 22:56 --------- d-------- C:\Program Files\Microsoft.NET
2007-09-14 22:43 --------- d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-14 22:27 --------- d-------- C:\Program Files\PowerISO
2007-09-14 22:06 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-14 13:08 --------- d-------- C:\Program Files\Apple Software Update
2007-09-14 09:51 --------- d-------- C:\Program Files\Microsoft Silverlight
2007-09-07 20:16 --------- d-------- C:\Documents and Settings\randy\Application Data\MSN6
2007-09-07 20:15 --------- d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-03 09:18 --------- d-------- C:\Program Files\uTorrent
2007-08-29 15:16 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-29 13:42 --------- d-------- C:\Program Files\DivX
2007-08-29 13:02 --------- d-------- C:\Documents and Settings\randy\Application Data\Yahoo!
2007-08-29 13:02 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-27 23:16 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-08-27 17:36 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-26 22:48 --------- d-------- C:\Program Files\Flash N Burn
2007-08-25 21:26 --------- d-------- C:\Documents and Settings\randy\Application Data\AIMP
2007-08-20 22:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-07-30 18:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 68440 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 15:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 15:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_10.22.12.82 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
----a-w 141,424 2006-08-24 16:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 18:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 18:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,856,384 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 163,840 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 62,464 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,225,728 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 393,728 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 814,592 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 96,256 2007-09-18 08:29:54 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 08:29:54 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 08:29:54 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 08:29:54 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 08:29:54 C:\WINDOWS\Installer\TmDbg32.dll
----a-r 1,165,584 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-09 09:07:44 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-09 09:07:43 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-r 22,862 2007-10-14 02:22:28 C:\WINDOWS\Installer\{C23C7DB5-9598-495C-A44A-175ED4927528}\controlPanelIcon.exe
----a-r 10,134 2007-10-14 02:22:28 C:\WINDOWS\Installer\{C23C7DB5-9598-495C-A44A-175ED4927528}\SystemFolder_msiexec.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 73,728 2006-08-02 20:39:06 C:\WINDOWS\system32\asuninst.exe
----a-w 13,824 2000-09-19 01:16:20 C:\WINDOWS\system32\cba.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 135,168 2007-09-25 06:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 06:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 07:31:42 C:\WINDOWS\system32\javaws.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
------w 77,824 2000-09-19 01:12:40 C:\WINDOWS\system32\LOC32VC0.DLL
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 20,992 2000-09-19 01:16:20 C:\WINDOWS\system32\msgsys.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
------w 1,039,360 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJET35.DLL
------w 37,136 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJINT35.DLL
------w 24,336 2000-09-19 01:12:40 C:\WINDOWS\system32\MSJTER35.DLL
------w 169,984 2000-09-19 01:12:40 C:\WINDOWS\system32\MSLTUS35.DLL
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
------w 251,664 2000-09-19 01:12:40 C:\WINDOWS\system32\MSRD2X35.DLL
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 45,056 2001-09-24 15:59:00 C:\WINDOWS\system32\NavLogon.dll
----a-w 61,952 2000-09-19 01:16:20 C:\WINDOWS\system32\nts.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
------w 77,824 2000-09-19 01:12:40 C:\WINDOWS\system32\ODBCTL32.DLL
----a-w 81,408 2000-09-19 01:16:20 C:\WINDOWS\system32\pds.dll
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
------w 368,912 2000-09-19 01:12:40 C:\WINDOWS\system32\VBAR332.DLL
----a-w 83,432 2007-09-07 00:14:04 C:\WINDOWS\system32\vsdata.dll
----a-w 395,080 2007-09-07 00:14:28 C:\WINDOWS\system32\vsdatant.sys
----a-w 46,568 2007-09-07 00:14:06 C:\WINDOWS\system32\vswmi.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\system32\xpsp3res.dll
----a-w 83,432 2007-09-07 00:14:06 C:\WINDOWS\system32\zlcomm.dll
----a-w 71,144 2007-09-07 00:14:08 C:\WINDOWS\system32\zlcommdb.dll
----a-w 11,776 2003-03-26 02:53:50 C:\WINDOWS\system32\ZPORT4AS.dll
----a-w 110,592 2007-03-29 17:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 233,472 2006-10-06 00:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 96,256 2005-06-03 22:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 36,864 2003-08-01 19:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 86,016 2005-05-20 21:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll
----a-w 4,608 2006-02-17 02:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 348,160 2005-10-26 02:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll
----a-w 139,264 2004-05-04 23:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 21:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 18:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 94,208 2006-02-14 21:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 180,224 2006-02-17 02:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-06 00:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 22:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 22:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 69,632 2006-08-01 21:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll
----a-w 1,388,544 2006-08-23 2108 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 10,752 2006-08-17 19:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 19:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 779,264 2006-08-18 16:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll
----a-w 417,792 2007-03-26 22:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll
----a-w 90,112 2006-08-09 18:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll
----a-w 208,896 2006-07-19 18:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll
----a-w 9,728 2006-01-21 00:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll
----a-w 14,336 2006-05-17 17:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
----a-w 33,280 2006-08-16 18:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll
----a-w 266,240 2006-06-30 22:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll
----a-w 62,976 2006-08-17 22:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll
----a-w 13,312 2006-08-08 21:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll
----a-w 69,632 2006-08-18 16:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll
----a-w 167,936 2006-08-18 16:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll
----a-w 353,840 2007-04-19 01:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll
----a-w 35,328 2007-01-22 22:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll
----a-w 9,488 1997-09-18 14:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll
----a-w 69,632 2006-03-01 01:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
----a-w 16,384 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-10 16:59:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c----w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 213,048 2005-05-24 20:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-08-29 23:47:20 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 950,272 2007-08-29 23:49:54 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
----a-r 1,165,584 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-09-19 18:40:12 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-09-19 18:40:14 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-09-19 18:40:14 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-09-19 18:40:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-09-19 18:40:11 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 18:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
------w 61,952 2006-10-17 18:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,856,384 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
------w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 163,840 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:46 C:\WINDOWS\system32\rpcrt4.dll
----a-w 62,464 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,225,728 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 393,728 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 814,592 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 115,200 2007-03-09 10:02:31 C:\WINDOWS\system32\xpsp3res.dll
----a-w 16,384 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-08 01:07:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 214,528 2006-10-17 18:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 02:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 16:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" []
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" []
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"SMSERIAL"="sm56hlpr.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [2007-09-21 09:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 12:22]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
@=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE http://www.symantec.com/techsupp/ser...00096.000001da

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\randy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-27 18:56:26]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 13:00 79368 C:\WINDOWS\system32\UmxWNP.dll

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\Eset\Eset Smart Security\ekrn.exe"
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\Eset Smart Security\EHttpSrv.exe"
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\CDStart.Exe
Install\Command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee0c80-657a-11dc-be68-00192167bb26}]
Auto\command - sxs.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc795e4-357f-11dc-bdbb-00192167bb26}]
AutoRun\command - F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21DB17A7-9EB9-0768-D9C5-22A71AD280F1}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 21:08:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 04:00:56 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - randy.job"
"2007-08-28 07:37:11 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 20:48:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 20:50:00
C:\ComboFix-quarantined-files.txt ... 2007-10-14 20:49
C:\ComboFix2.txt ... 2007-10-14 02:10
C:\ComboFix3.txt ... 2007-10-13 23:04
.
--- E O F ---








hjt didnt find any spyware so there was nothing to log
slimsay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 2 of 5 1 2 345

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:16 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6