|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-04-2008, 06:13 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 40
OS: windows xp
|
I'm infected and some other problems
My husband got on my computer and I do not know what he did. I can be typing and theletters are not there. At startup I get alot of things that say they can't be loaded or found. I have active desktop recovery on my screen. and i'm sure alot more things wrong
I couldn't get panda scan todo anything nomatter how many times I tried. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:51:41 PM, on 10/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\system32\upwberod.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CBEOD5WU\setup_sbd_en[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookanddiscover.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe" O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [\YUR2E.exe] C:\Windows\system32\YUR2E.exe O4 - HKLM\..\Run: [\YUR2F.exe] C:\Windows\system32\YUR2F.exe O4 - HKLM\..\Run: [\YUR30.exe] C:\Windows\system32\YUR30.exe O4 - HKLM\..\Run: [\YUR31.exe] C:\Windows\system32\YUR31.exe O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe O4 - HKLM\..\Run: [\YUR32.exe] C:\Windows\system32\YUR32.exe O4 - HKLM\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe O4 - HKLM\..\Run: [\YUR17.exe] C:\Windows\system32\YUR17.exe O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe O4 - HKLM\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe O4 - HKLM\..\Run: [\YUR18.exe] C:\Windows\system32\YUR18.exe O4 - HKLM\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe O4 - HKLM\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe O4 - HKLM\..\Run: [\YUR24.exe] C:\Windows\system32\YUR24.exe O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CBEOD5WU\setup_sbd_en[1].exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [\YUR2E.exe] C:\Windows\system32\YUR2E.exe O4 - HKCU\..\Run: [\YUR2F.exe] C:\Windows\system32\YUR2F.exe O4 - HKCU\..\Run: [\YUR30.exe] C:\Windows\system32\YUR30.exe O4 - HKCU\..\Run: [\YUR31.exe] C:\Windows\system32\YUR31.exe O4 - HKCU\..\Run: [\YUR32.exe] C:\Windows\system32\YUR32.exe O4 - HKCU\..\Run: [ComSys] C:\WINDOWS\system32\upwberod.exe O4 - HKCU\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe O4 - HKCU\..\Run: [\YUR17.exe] C:\Windows\system32\YUR17.exe O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe O4 - HKCU\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe O4 - HKCU\..\Run: [\YUR18.exe] C:\Windows\system32\YUR18.exe O4 - HKCU\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe O4 - HKCU\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe O4 - HKCU\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe O4 - HKCU\..\Run: [\YUR24.exe] C:\Windows\system32\YUR24.exe O4 - HKLM\..\Policies\Explorer\Run: [PGZ3CxH5CO] C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: winsched.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [international] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {149e45d8-163e-4189-86fc-45022ab2b6c9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1208046169125 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - https://brewx.qualcomm.com/bws/conte...all/isetup.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///F:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB O16 - DPF: {cc450d71-cc90-424c-8638-1f2dbac87a54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: autorunsdisabled - (no CLSID) - (no file) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: autorunsdisabled - (no CLSID) - (no file) O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Capture Device Service (capture device service) - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (lightscribeservice) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: Ulead Burning Helper (uleadburninghelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 14930 bytes |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-07-2008, 06:45 AM
|
#2 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: I'm infected and some other problems
Hello,
========= Logs Required log.txt info.txt If there is no response to this post within 72hrs, this thread will be closed. |
|
|
|
|
10-07-2008, 02:35 PM
|
#3 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 40
OS: windows xp
|
Re: I'm infected and some other problems
Thank You for getting back to me. Here is what you asked for.
Logfile of random's system information tool 1.04 (written by random/random) Run by Owner at 2008-10-07 16:30:56 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 106 GB (72%) free of 147 GB Total RAM: 447 MB (11% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:31:45 PM, on 10/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe C:\WINDOWS\system32\lxddcoms.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\upwberod.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe" O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {1cba9d5f-1483-44f8-8bce-501a2c26b55a} - C:\WINDOWS\system32\xxyyaBut.dll (file missing) O2 - BHO: (no name) - {1ED8C6DA-6421-4C89-A772-B757F96CA697} - C:\WINDOWS\system32\yayvWnKB.dll O2 - BHO: {35a4032c-a78d-3b4a-7fa4-3c04d5f53e76} - {67e35f5d-40c3-4af7-a4b3-d87ac2304a53} - C:\WINDOWS\system32\aufmww.dll O2 - BHO: (no name) - {8B7698E8-1D21-4C79-B0E3-4D66A03DE092} - C:\WINDOWS\system32\nnnkKDss.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {915e01d7-853a-4e06-bfad-4d24bd6f85d6} - C:\WINDOWS\system32\opnlKaWN.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [\YUR2E.exe] C:\Windows\system32\YUR2E.exe O4 - HKLM\..\Run: [\YUR2F.exe] C:\Windows\system32\YUR2F.exe O4 - HKLM\..\Run: [\YUR30.exe] C:\Windows\system32\YUR30.exe O4 - HKLM\..\Run: [\YUR31.exe] C:\Windows\system32\YUR31.exe O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe O4 - HKLM\..\Run: [\YUR32.exe] C:\Windows\system32\YUR32.exe O4 - HKLM\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe O4 - HKLM\..\Run: [\YUR17.exe] C:\Windows\system32\YUR17.exe O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe O4 - HKLM\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe O4 - HKLM\..\Run: [\YUR18.exe] C:\Windows\system32\YUR18.exe O4 - HKLM\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe O4 - HKLM\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe O4 - HKLM\..\Run: [\YUR24.exe] C:\Windows\system32\YUR24.exe O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CBEOD5WU\setup_sbd_en[1].exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [543e60cd] rundll32.exe "C:\WINDOWS\system32\oojedgoi.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [\YUR2E.exe] C:\Windows\system32\YUR2E.exe O4 - HKCU\..\Run: [\YUR2F.exe] C:\Windows\system32\YUR2F.exe O4 - HKCU\..\Run: [\YUR30.exe] C:\Windows\system32\YUR30.exe O4 - HKCU\..\Run: [\YUR31.exe] C:\Windows\system32\YUR31.exe O4 - HKCU\..\Run: [\YUR32.exe] C:\Windows\system32\YUR32.exe O4 - HKCU\..\Run: [ComSys] C:\WINDOWS\system32\upwberod.exe O4 - HKCU\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe O4 - HKCU\..\Run: [\YUR17.exe] C:\Windows\system32\YUR17.exe O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe O4 - HKCU\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe O4 - HKCU\..\Run: [\YUR18.exe] C:\Windows\system32\YUR18.exe O4 - HKCU\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe O4 - HKCU\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe O4 - HKCU\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe O4 - HKCU\..\Run: [\YUR24.exe] C:\Windows\system32\YUR24.exe O4 - HKLM\..\Policies\Explorer\Run: [PGZ3CxH5CO] C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: winsched.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [international] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {149e45d8-163e-4189-86fc-45022ab2b6c9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1208046169125 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - https://brewx.qualcomm.com/bws/conte...all/isetup.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///F:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB O16 - DPF: {cc450d71-cc90-424c-8638-1f2dbac87a54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: autorunsdisabled - (no CLSID) - (no file) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: autorunsdisabled - (no CLSID) - (no file) O20 - Winlogon Notify: iifdEvts - iifdEvts.dll (file missing) O20 - Winlogon Notify: yayvWnKB - C:\WINDOWS\SYSTEM32\yayvWnKB.dll O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Capture Device Service (capture device service) - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (lightscribeservice) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Ulead Burning Helper (uleadburninghelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 16962 bytes info.txt logfile of random's system information tool 1.04 2008-10-07 16:32:10 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} -->"C:\Program Files\winvi\uninst.exe" -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature -->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9 -->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf -->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer' 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008} Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9 Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini" BitPim 1.0.4-->"C:\Program Files\BitPim\unins000.exe" Blubster 2.69-->C:\PROGRA~1\Blubster\UNWISE.EXE C:\PROGRA~1\Blubster\INSTALL.LOG CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe" CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe Compaq Instant Support-->C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} ConvertXtoDVD 3.0.0.7-->"C:\Program Files\VSO\ConvertX\3\unins000.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_FE4264652A965D92.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9 InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0} InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02} Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} KBD-->C:\HP\KBD\KBD.EXE uninstalled Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG Magic ISO Maker v5.4 (build 0256)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG MainConcept MPEG Encoder-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5CF71E9E-5E2F-4074-B28B-AE5307AE1B13} /l1033 Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Matrox Imaging Products-->C:\WINDOWS\UnInstallMIP.exe Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E} Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe" Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat PictureGear Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\setup.exe" PixiePack Codec Pack-->MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10} PS2-->C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Rhapsody Player Engine-->MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9} S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} SpamSubtract-->C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG Ulead DVD MovieFactory 6-->C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409 Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb949037)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2} Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E} Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456} Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\System32\hg201hp.inf VSO Image Resizer 1.3.4d-->"C:\Program Files\VSO\Image Resizer\unins000.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe" =====HijackThis Backups===== O4 - .DEFAULT User Startup: Deewoo.lnk.del (User 'Default user') O4 - Global Startup: .protected O4 - .DEFAULT User Startup: Deewoo.lnk.del (User 'Default user') O4 - .DEFAULT User Startup: Deewoo.lnk.del (User 'Default user') ======Security center information====== AV: CA Anti-Virus FW: CA Personal Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Ulead Systems\MPEG "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "VGAVCF"=c:\Program Files\Matrox Imaging\drivers\vga\vcf -----------------EOF----------------- |
|
|
|
|
10-07-2008, 02:59 PM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 40
OS: windows xp
|
Re: I'm infected and some other problems
This is what I get when I run it.
Logfile of random's system information tool 1.04 (written by random/random) Run by Owner at 2008-10-07 16:54:05 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 106 GB (72%) free of 147 GB Total RAM: 447 MB (15% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:55:56 PM, on 10/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe C:\WINDOWS\system32\lxddcoms.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\upwberod.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe" O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {1cba9d5f-1483-44f8-8bce-501a2c26b55a} - C:\WINDOWS\system32\xxyyaBut.dll (file missing) O2 - BHO: (no name) - {1ED8C6DA-6421-4C89-A772-B757F96CA697} - C:\WINDOWS\system32\yayvWnKB.dll O2 - BHO: {35a4032c-a78d-3b4a-7fa4-3c04d5f53e76} - {67e35f5d-40c3-4af7-a4b3-d87ac2304a53} - C:\WINDOWS\system32\aufmww.dll O2 - BHO: (no name) - {8B7698E8-1D21-4C79-B0E3-4D66A03DE092} - C:\WINDOWS\system32\nnnkKDss.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {915e01d7-853a-4e06-bfad-4d24bd6f85d6} - C:\WINDOWS\system32\opnlKaWN.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [\YUR2E.exe] C:\Windows\system32\YUR2E.exe O4 - HKLM\..\Run: [\YUR2F.exe] C:\Windows\system32\YUR2F.exe O4 - HKLM\..\Run: [\YUR30.exe] C:\Windows\system32\YUR30.exe O4 - HKLM\..\Run: [\YUR31.exe] C:\Windows\system32\YUR31.exe O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe O4 - HKLM\..\Run: [\YUR32.exe] C:\Windows\system32\YUR32.exe O4 - HKLM\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe O4 - HKLM\..\Run: [\YUR17.exe] C:\Windows\system32\YUR17.exe O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe O4 - HKLM\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe O4 - HKLM\..\Run: [\YUR18.exe] C:\Windows\system32\YUR18.exe O4 - HKLM\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe O4 - HKLM\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe O4 - HKLM\..\Run: [\YUR24.exe] C:\Windows\system32\YUR24.exe O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CBEOD5WU\setup_sbd_en[1].exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [543e60cd] rundll32.exe "C:\WINDOWS\system32\oojedgoi.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [\YUR2E.exe] C:\Windows\system32\YUR2E.exe O4 - HKCU\..\Run: [\YUR2F.exe] C:\Windows\system32\YUR2F.exe O4 - HKCU\..\Run: [\YUR30.exe] C:\Windows\system32\YUR30.exe O4 - HKCU\..\Run: [\YUR31.exe] C:\Windows\system32\YUR31.exe O4 - HKCU\..\Run: [\YUR32.exe] C:\Windows\system32\YUR32.exe O4 - HKCU\..\Run: [ComSys] C:\WINDOWS\system32\upwberod.exe O4 - HKCU\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe O4 - HKCU\..\Run: [\YUR17.exe] C:\Windows\system32\YUR17.exe O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe O4 - HKCU\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe O4 - HKCU\..\Run: [\YUR18.exe] C:\Windows\system32\YUR18.exe O4 - HKCU\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe O4 - HKCU\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe O4 - HKCU\..\Run: [\YUR1D.exe] C:\Windows\system32\YUR1D.exe O4 - HKCU\..\Run: [\YUR24.exe] C:\Windows\system32\YUR24.exe O4 - HKLM\..\Policies\Explorer\Run: [PGZ3CxH5CO] C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: winsched.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [international] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {149e45d8-163e-4189-86fc-45022ab2b6c9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1208046169125 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - https://brewx.qualcomm.com/bws/conte...all/isetup.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///F:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB O16 - DPF: {cc450d71-cc90-424c-8638-1f2dbac87a54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: autorunsdisabled - (no CLSID) - (no file) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: autorunsdisabled - (no CLSID) - (no file) O20 - Winlogon Notify: iifdEvts - iifdEvts.dll (file missing) O20 - Winlogon Notify: yayvWnKB - C:\WINDOWS\SYSTEM32\yayvWnKB.dll O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Capture Device Service (capture device service) - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (lightscribeservice) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Ulead Burning Helper (uleadburninghelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 16962 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Owner at 7 26 AM.job C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job C:\WINDOWS\tasks\CleanUp!.job C:\WINDOWS\tasks\RegCure Program Check.job C:\WINDOWS\tasks\RegCure.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1cba9d5f-1483-44f8-8bce-501a2c26b55a}] C:\WINDOWS\system32\xxyyaBut.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED8C6DA-6421-4C89-A772-B757F96CA697}] C:\WINDOWS\system32\yayvWnKB.dll [2008-10-03 38272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67e35f5d-40c3-4af7-a4b3-d87ac2304a53}] C:\WINDOWS\system32\aufmww.dll [2008-10-06 137344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B7698E8-1D21-4C79-B0E3-4D66A03DE092}] C:\WINDOWS\system32\nnnkKDss.dll [2008-10-03 326656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{915e01d7-853a-4e06-bfad-4d24bd6f85d6}] C:\WINDOWS\system32\opnlKaWN.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-09-19 193136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll [2008-09-19 651760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - [] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-09-19 193136] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688] "KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440] "UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248] "LTMSG"=LTMSG.exe 7 [] "PS2"=C:\WINDOWS\system32\ps2.exe [2002-07-31 81920] "cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-16 177416] "lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760] "lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480] "CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-08-20 230664] "cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-07-31 1193200] "capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-07-31 173296] "capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-07-31 259312] "QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2008-05-01 14088] "CaPPcl"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 410888] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "\YUR2E.exe"=C:\Windows\system32\YUR2E.exe [] "\YUR2F.exe"=C:\Windows\system32\YUR2F.exe [] "\YUR30.exe"=C:\Windows\system32\YUR30.exe [] "\YUR31.exe"=C:\Windows\system32\YUR31.exe [] "ANTIVIRUS"=C:\Program Files\MicroAV\MicroAV.exe [] "\YUR32.exe"=C:\Windows\system32\YUR32.exe [] "\YUR5.exe"=C:\Windows\system32\YUR5.exe [] "\YUR17.exe"=C:\Windows\system32\YUR17.exe [] "\YURC.exe"=C:\Windows\system32\YURC.exe [] "\YURE.exe"=C:\Windows\system32\YURE.exe [] "\YUR18.exe"=C:\Windows\system32\YUR18.exe [] "\YUR19.exe"=C:\Windows\system32\YUR19.exe [] "\YUR1A.exe"=C:\Windows\system32\YUR1A.exe [] "\YUR1D.exe"=C:\Windows\system32\YUR1D.exe [] "\YUR24.exe"=C:\Windows\system32\YUR24.exe [] "SBI"=C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CBEOD5WU\setup_sbd_en[1].exe [2008-10-04 1090840] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264] "543e60cd"=C:\WINDOWS\system32\oojedgoi.dll [2008-10-05 80512] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "PGZ3CxH5CO"=C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe [2008-10-03 77824] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-11 68856] "WinUpdater"= [] "WebSUpdater"= [] "Tunebite"=C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray [] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "\YUR2E.exe"=C:\Windows\system32\YUR2E.exe [] "\YUR2F.exe"=C:\Windows\system32\YUR2F.exe [] "\YUR30.exe"=C:\Windows\system32\YUR30.exe [] "\YUR31.exe"=C:\Windows\system32\YUR31.exe [] "\YUR32.exe"=C:\Windows\system32\YUR32.exe [] "ComSys"=C:\WINDOWS\system32\upwberod.exe [2008-10-03 106496] "\YUR5.exe"=C:\Windows\system32\YUR5.exe [] "\YUR17.exe"=C:\Windows\system32\YUR17.exe [] "\YURC.exe"=C:\Windows\system32\YURC.exe [] "\YURE.exe"=C:\Windows\system32\YURE.exe [] "\YUR18.exe"=C:\Windows\system32\YUR18.exe [] "\YUR19.exe"=C:\Windows\system32\YUR19.exe [] "\YUR1A.exe"=C:\Windows\system32\YUR1A.exe [] "\YUR1D.exe"=C:\Windows\system32\YUR1D.exe [] "\YUR24.exe"=C:\Windows\system32\YUR24.exe [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup winsched.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup AutorunsDisabled spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifdEvts] iifdEvts.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW] C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvWnKB] C:\WINDOWS\system32\yayvWnKB.dll [2008-10-03 38272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] "{1ED8C6DA-6421-4C89-A772-B757F96CA697}"=C:\WINDOWS\system32\yayvWnKB.dll [2008-10-03 38272] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\nnnkKDss [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=0 ""= [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "ForceActiveDesktopOn"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System" "C:\Program Files\Blubster\Blubster.exe"="C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: " "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: " "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: " "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: " "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 3 months====== 2008-10-07 16:30:56 ----D---- C:\rsit 2008-10-06 17:03:13 ----A---- C:\WINDOWS\system32\aufmww.dll 2008-10-06 17:03:11 ----A---- C:\WINDOWS\system32\alibobtc.dll 2008-10-05 16:59:04 ----SH---- C:\WINDOWS\system32\iogdejoo.ini 2008-10-05 16:58:57 ----A---- C:\WINDOWS\system32\oojedgoi.dll 2008-10-04 19:48:58 ----D---- C:\Program Files\Spyware Doctor 2008-10-04 19:48:58 ----D---- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-10-04 16:58:18 ----SH---- C:\WINDOWS\system32\lkqlnolx.ini 2008-10-04 16:58:10 ----A---- C:\WINDOWS\system32\xlonlqkl.dll 2008-10-04 14:45:27 ----SH---- C:\WINDOWS\system32\oyafisww.ini 2008-10-04 14:45:23 ----A---- C:\WINDOWS\system32\wwsifayo.dll 2008-10-03 22:52:54 ----D---- C:\Program Files\Enigma Software Group 2008-10-03 15:55:05 ----A---- C:\WINDOWS\system32\mcrh.tmp 2008-10-03 14:43:32 ----SH---- C:\WINDOWS\system32\jigxgyce.ini 2008-10-03 14:43:27 ----A---- C:\WINDOWS\system32\ecygxgij.dll 2008-10-03 14:42:19 ----A---- C:\WINDOWS\system32\5f1da4b3-.txt 2008-10-03 14:40:10 ----ASH---- C:\WINDOWS\system32\ssDKknnn.ini2 2008-10-03 14:40:08 ----ASH---- C:\WINDOWS\system32\ssDKknnn.ini 2008-10-03 14:39:54 ----A---- C:\WINDOWS\system32\nnnkKDss.dll 2008-10-03 14:37:13 ----A---- C:\WINDOWS\userconfig9x.dll 2008-10-03 14:37:13 ----A---- C:\WINDOWS\FVProtect.exe 2008-10-03 14:37:07 ----A---- C:\WINDOWS\system32\thun32.dll 2008-10-03 14:37:07 ----A---- C:\WINDOWS\system32\thun.dll 2008-10-03 14:37:05 ----A---- C:\WINDOWS\winsystem.exe 2008-10-03 14:37:05 ----A---- C:\WINDOWS\system32\bdn.com 2008-10-03 14:37:05 ----A---- C:\WINDOWS\mssecu.exe 2008-10-03 14:37:05 ----A---- C:\WINDOWS\bdn.com 2008-10-03 14:36:31 ----D---- C:\Documents and Settings\All Users\Application Data\cpgxapgr 2008-10-03 14:36:26 ----A---- C:\WINDOWS\system32\upwberod.exe 2008-10-03 14:34:45 ----A---- C:\WINDOWS\system32\yayvWnKB.dll 2008-10-03 14:34:45 ----A---- C:\WINDOWS\system32\fccayyya.dll 2008-10-01 18:33:58 ----A---- C:\WINDOWS\system32\CF9344.exe 2008-10-01 18:31:31 ----A---- C:\WINDOWS\system32\CF8867.exe 2008-09-16 16:40:51 ----D---- C:\Documents and Settings\Owner\Application Data\Windows Live Writer 2008-09-16 16:31:54 ----D---- C:\Program Files\Windows Live Toolbar 2008-09-16 16:31:50 ----D---- C:\Program Files\Windows Live Favorites 2008-09-16 16:29:40 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-09-11 10:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-11 10:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2008-09-03 21:10:15 ----A---- C:\WINDOWS\system32\ltclr13n.dll 2008-09-03 21:10:15 ----A---- C:\WINDOWS\system32\lftif13n.dll 2008-09-03 21:10:15 ----A---- C:\WINDOWS\system32\lffax13n.dll 2008-09-03 17:02:33 ----D---- C:\Program Files\Driver-Soft 2008-09-03 07:24:03 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2008-09-01 17:30:54 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-08-24 21:38:00 ----D---- C:\Documents and Settings\All Users\Application Data\LxThumbs 2008-08-23 09:48:05 ----D---- C:\Program Files\Nick Arcade 2008-08-13 10:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-13 10:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-13 10:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-13 10:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-13 10:28:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-13 10:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-13 10:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-08-11 22:48:57 ----D---- C:\Documents and Settings\Owner\Application Data\XemiComputers 2008-07-22 12:12:25 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-07-22 11:48:21 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2008-07-22 11:48:12 ----D---- C:\Program Files\NOS 2008-07-20 05:58:26 ----A---- C:\WINDOWS\system32\sndtdriverv32.sys.bak 2008-07-18 13:09:41 ----D---- C:\Converted 2008-07-18 12:40:19 ----D---- C:\Program Files\PixiePack Codec Pack 2008-07-18 12:38:29 ----A---- C:\Log.txt 2008-07-18 12:38:28 ----D---- C:\Documents and Settings\Owner\Application Data\Tunebite 2008-07-18 12:37:05 ----D---- C:\Program Files\RapidSolution 2008-07-18 12:37:05 ----D---- C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-07-18 07:08:51 ----A---- C:\WINDOWS\system32\CF13329.exe 2008-07-18 07:08:35 ----A---- C:\Bug.txt 2008-07-15 17:58:47 ----D---- C:\Documents and Settings\Owner\Application Data\FruitfulTime TaskManager 2008-07-15 14:30:03 ----D---- C:\Program Files\QuickTime 2008-07-09 10:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-07-09 10:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ ======List of files/folders modified in the last 3 months====== 2008-10-07 16:55:55 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent 2008-10-07 16:31:22 ----D---- C:\WINDOWS\Prefetch 2008-10-07 16:29:36 ----D---- C:\WINDOWS\CAVTemp 2008-10-07 16:29:16 ----D---- C:\WINDOWS\TEMP 2008-10-07 11:25:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 09  41 ----D---- C:\WINDOWS2008-10-07 09 41 ----AD---- C:\WINDOWS\system322008-10-06 10:13:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-05 09:02:42 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-05 08:49:39 ----D---- C:\WINDOWS\system32\drivers 2008-10-04 19:48:58 ----RD---- C:\Program Files 2008-10-04 10:58:34 ----D---- C:\Documents and Settings\Owner\Application Data\Vso 2008-10-04 00:53:31 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe 2008-10-03 16:26:12 ----HD---- C:\Config.Msi 2008-10-03 15:09:28 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-03 15:09:24 ----SHD---- C:\WINDOWS\Installer 2008-10-03 13:02:17 ----HD---- C:\WINDOWS\inf 2008-10-01 18:33:22 ----AD---- C:\QooBox 2008-10-01 16:49:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-01 16:18:26 ----D---- C:\Program Files\Lx_cats 2008-09-19 07:56:20 ----D---- C:\Program Files\Google 2008-09-19 07:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2008-09-18 15:58:35 ----D---- C:\Documents and Settings\Owner\Application Data\Ulead Systems 2008-09-18 12:12:50 ----RSD---- C:\WINDOWS\assembly 2008-09-18 12:12:03 ----D---- C:\WINDOWS\system32\DirectX 2008-09-16 16:38:06 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2008-09-16 16:34:05 ----D---- C:\WINDOWS\Microsoft.NET 2008-09-16 16:32:28 ----SD---- C:\WINDOWS\Tasks 2008-09-16 16:31:35 ----D---- C:\Program Files\Windows Live 2008-09-16 16:28:36 ----D---- C:\WINDOWS\WinSxS 2008-09-16 16:27:31 ----SHD---- C:\Program Files\Common Files\Microsoft Shared 2008-09-16 16:27:09 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-16 16:25:35 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-15 21:46:50 ----D---- C:\WINDOWS\system32\CatRoot 2008-09-15 21:39:22 ----D---- C:\WINDOWS\system32\config 2008-09-15 21:38:56 ----D---- C:\WINDOWS\system32\wbem 2008-09-15 21:38:56 ----D---- C:\WINDOWS\Registration 2008-09-15 21:35:22 ----D---- C:\WINDOWS\network diagnostic 2008-09-14 22:50:24 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-09-11 10 49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2008-09-11 10:01:05 ----A---- C:\WINDOWS\imsins.BAK 2008-09-05 06:35:25 ----D---- C:\Program Files\Blubster 2008-09-03 17:38:53 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-09-03 07:24:16 ----D---- C:\WINDOWS\Help 2008-09-01 21:07:07 ----D---- C:\WINDOWS\Cache 2008-08-27 08:13:22 ----HD---- C:\WINDOWS\$hf_mig$ 2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe 2008-08-13 10:39:39 ----D---- C:\Program Files\Internet Explorer 2008-08-13 10:32:57 ----D---- C:\Program Files\Messenger 2008-08-13 10:27:45 ----D---- C:\WINDOWS\ie7updates 2008-08-11 21:09:51 ----A---- C:\WINDOWS\win.ini 2008-08-01 07:27:04 ----A---- C:\caisslog.txt 2008-07-30 08:46:43 ----D---- C:\WINDOWS\system32\GUI2 2008-07-22 12:13:19 ----D---- C:\Program Files\Adobe 2008-07-22 12:12:25 ----D---- C:\Program Files\Common Files 2008-07-22 12:11:38 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-07-22 12:09:48 ----D---- C:\Program Files\Common Files\Adobe 2008-07-20 08:34:03 ----D---- C:\WINDOWS\system32\Macromed 2008-07-20 08:02:08 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-07-20 06:23:06 ----D---- C:\WINDOWS\system32\Adobe 2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll 2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe 2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll 2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll 2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll 2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll 2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll 2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll 2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll 2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll 2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2008-07-18 13:05:54 ----D---- C:\WINDOWS\Debug 2008-07-18 06:58:06 ----D---- C:\cf1413d416c1fe942dc21a68c7b97cee 2008-07-18 06:51:06 ----D---- C:\WINDOWS\system32\NtmsData 2008-07-11 08:42:28 ----A---- C:\WINDOWS\system32\tzchange.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760] R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952] R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288] R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504] R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584] R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216] R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624] R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-04 880560] R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512] R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376] R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264] R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128] R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648] R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576] R2 MaVctrl;MaVctrl; C:\WINDOWS\System32\DRIVERS\MaVc2K.sys [2007-01-16 11986] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2004-12-16 42496] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816] R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497] R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-10-11 28256] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-23 47360] R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-04 108368] R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-12-07 172672] S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [] S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348] S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006] S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504] S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752] S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128] S3 avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-16 41984] S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907] S3 mam4410c;mam4410c; C:\WINDOWS\System32\Drivers\mam4410c.sys [2005-06-16 24784] S3 mam4410m;mam4410m; C:\WINDOWS\System32\Drivers\mam4410m.sys [2005-06-16 25044] S3 mam4410u;mam4410u; C:\WINDOWS\System32\Drivers\mam4410u.sys [2007-03-19 52309] S3 misalign;Data Misalignment Exception Kernel Driver; C:\WINDOWS\system32\drivers\misalign.sys [2007-12-18 8832] S3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768] S3 msdv;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976] S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912] S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-04-17 508544] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-04-09 12672] S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-04-09 21248] S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-04-09 22912] S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960] R2 capture device service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704] R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080] R2 lightscribeservice;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520] R2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176] R2 uleadburninghelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-01-18 67056] R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192] R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296] R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936] R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104] R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952] R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-16 214280] R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704] S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-19 156656] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF----------------- |
|
|
|
|
10-07-2008, 03:13 PM
|
#7 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: I'm infected and some other problems
Hello again
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. ======== Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present. Please DO NOT Attach logs to your posts unless you are advised to do so. ========== Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Download this file from Microsoft`s webpage: For XP Home >> http://www.microsoft.com/downloads/d...displaylang=en Save it as it is originally named to your Desktop. Now close all open windows and programs, including all antivirus and antispyware programs.  Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console. As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Recovery Console is installed, this blue window will appear:  Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. =========== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. =========== Logs Required C:\Combofix.txt Hijackthis Log |
|
|
|
|
10-07-2008, 05:16 PM
|
#8 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 40
OS: windows xp
|
Re: I'm infected and some other problems
The following errors occurred when this message was submitted:
You have included 98 images in your message. You are limited to using 25 images so please go back and correct the problem and then continue again. Images include use of smilies, the vB code [img] tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator. I'm getting this message when I try to post the combofix log and the hijack log I'm going to see if I can do two post. |
|
|
|
|
10-07-2008, 05:22 PM
|
#9 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: I'm infected and some other problems
Click on Disable Smilies in Text button, you`ll see it below the box where you type in your messages, in Miscellaneous Options.
|
|
|
|
|
10-07-2008, 05:27 PM
|
#10 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 40
OS: windows xp
|
Re: I'm infected and some other problems
ComboFix 08-10-07.03 - Owner 2008-10-07 17:47:27.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.98 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Desktopblackbird.jpg C:\Documents and Settings\Administrator\DesktopEditorFKWP1.5.exe C:\Documents and Settings\Administrator\DesktopEditorFKWP2.0.exe C:\Documents and Settings\Administrator\Desktopfilemanagerclient.exe C:\Documents and Settings\Administrator\Desktopfkwp1.5.exe C:\Documents and Settings\Administrator\Desktopfkwp2.0.exe C:\Documents and Settings\Administrator\Desktopfwebd.exe C:\Documents and Settings\Administrator\DesktopFWebdEditor.exe C:\Documents and Settings\Administrator\DesktopTrojan.Win32.BlackBird.exe C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Default User\Desktopblackbird.jpg C:\Documents and Settings\Default User\DesktopEditorFKWP1.5.exe C:\Documents and Settings\Default User\DesktopEditorFKWP2.0.exe C:\Documents and Settings\Default User\Desktopfilemanagerclient.exe C:\Documents and Settings\Default User\Desktopfkwp1.5.exe C:\Documents and Settings\Default User\Desktopfkwp2.0.exe C:\Documents and Settings\Default User\Desktopfwebd.exe C:\Documents and Settings\Default User\DesktopFWebdEditor.exe C:\Documents and Settings\Default User\DesktopTrojan.Win32.BlackBird.exe C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe C:\Documents and Settings\Owner\Application Data\inst.exe C:\Program Files\FunWebProducts C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search3 C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\setting2.htm C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\WINDOWS\bdn.com C:\WINDOWS\BM570d5351.txt C:\WINDOWS\FVProtect.exe C:\WINDOWS\jestertb.dll C:\WINDOWS\mssecu.exe C:\WINDOWS\system32\1.ico C:\WINDOWS\system32\2.ico C:\WINDOWS\system32\alibobtc.dll C:\WINDOWS\system32\aufmww.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\ecygxgij.dll C:\WINDOWS\system32\eygkbili.ini C:\WINDOWS\system32\fccayyya.dll C:\WINDOWS\system32\hcbsol.dll C:\WINDOWS\system32\ilibkgye.dll C:\WINDOWS\system32\iogdejoo.ini C:\WINDOWS\system32\jigxgyce.ini C:\WINDOWS\system32\lkqlnolx.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nnnkKDss.dll C:\WINDOWS\system32\oojedgoi.dll C:\WINDOWS\system32\oyafisww.ini C:\WINDOWS\system32\ssDKknnn.ini C:\WINDOWS\system32\ssDKknnn.ini2 C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\vdbnmnrl.dll C:\WINDOWS\system32\wwsifayo.dll C:\WINDOWS\system32\xlonlqkl.dll C:\WINDOWS\system32\yayvWnKB.dll C:\WINDOWS\userconfig9x.dll C:\WINDOWS\winsystem.exe C:\x ----- BITS: Possible infected sites ----- hxxp://hqvideoporn.com . ((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 ))))))))))))))))))))))))))))))) . 2008-10-07 17:30 . 2008-10-07 17:30 <DIR> d-------- C:\Program Files\kvlwzjd 2008-10-07 17:30 . 2008-10-07 17:30 106,496 --a------ C:\WINDOWS\system32\pidclyxs.exe 2008-10-07 16:30 . 2008-10-07 16:32 <DIR> d-------- C:\rsit 2008-10-04 19:49 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-10-04 19:49 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-10-04 19:49 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-10-04 19:49 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-10-04 19:48 . 2008-10-07 11:25 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-10-04 19:48 . 2008-10-04 19:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-10-03 22:52 . 2008-10-04 18:31 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-10-03 14:36 . 2008-10-03 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cpgxapgr 2008-10-03 14:36 . 2008-10-03 14:36 106,496 --a------ C:\WINDOWS\system32\upwberod.exe 2008-09-16 16:40 . 2008-09-16 16:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Windows Live Writer 2008-09-16 16:38 . 2008-09-16 16:53 <DIR> d-------- C:\Documents and Settings\Owner\Contacts 2008-09-16 16:31 . 2008-09-16 16:32 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-09-16 16:31 . 2008-09-16 16:31 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-09-16 16:29 . 2008-09-16 16:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1 2008-10-07 22:50 475,118 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0 2008-10-07 21:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 21:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent 2008-10-04 14:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso 2008-10-03 19:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-01 23:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\XemiComputers 2008-10-01 20:18 --------- d-----w C:\Program Files\Lx_cats 2008-09-19 11:56 --------- d-----w C:\Program Files\Google 2008-09-18 19:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems 2008-09-16 20:31 --------- d-----w C:\Program Files\Windows Live 2008-09-16 20:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-16 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-11 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-05 10:35 --------- d-----w C:\Program Files\Blubster 2008-09-03 21:02 --------- d-----w C:\Program Files\Driver-Soft 2008-09-01 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-08-25 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\LxThumbs 2008-08-23 13:48 --------- d-----w C:\Program Files\Nick Arcade 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-04-23 20:13 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys 2008-04-05 19:53 12 -c--a-w C:\WINDOWS\system32\config\systemprofile\bitpim.dat 2008-04-05 19:53 12 -c--a-w C:\Documents and Settings\Owner\bitpim.dat 2008-04-05 19:53 12 -c--a-w C:\Documents and Settings\Default User\bitpim.dat 2007-12-02 17:56 284 -c--a-w C:\WINDOWS\system32\config\systemprofile\Application Data\ViewerApp.dat 2007-12-02 17:56 284 -c--a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat 2008-04-06 14:45 2 --shatr C:\WINDOWS\winstart.bat 2008-04-11 03:14 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-04-07 02:04 458,752 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008033120080407\index.dat 2008-04-07 17:04 98,304 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040720080408\index.dat 2008-04-09 03:47 229,376 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040820080409\index.dat 2008-04-09 20:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040920080410\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-05-29_ 6.55.27.39 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-02 13:42:10 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll + 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll + 2008-04-23 03:35:35 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll + 2008-04-23 03:35:35 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll + 2008-04-23 03:35:35 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll + 2008-04-23 03:35:35 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll + 2008-04-23 03:35:35 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll + 2008-04-22 08:02:19 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe + 2008-04-23 03:35:35 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll + 2008-04-23 03:35:35 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll + 2008-04-20 05:07:38 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat + 2008-04-23 03:35:35 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll + 2008-04-23 03:35:35 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll + 2008-04-23 03:35:36 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll + 2008-04-23 03:35:36 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll + 2008-04-23 03:35:36 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll + 2008-04-22 08:02:19 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe + 2008-04-22 08:02:46 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe + 2008-04-23 03:35:36 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll + 2008-04-23 03:35:36 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll + 2008-04-23 03:35:36 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll + 2008-04-23 03:35:36 3,593,728 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll + 2008-04-23 03:35:36 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll + 2008-04-23 03:35:36 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll + 2008-04-23 03:35:36 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll + 2008-04-23 03:35:36 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll + 2008-04-23 03:35:36 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll + 2008-04-23 03:35:36 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\url.dll + 2008-04-23 03:35:36 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll + 2008-04-23 03:35:36 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll + 2008-04-23 03:35:36 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll + 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spmsg.dll + 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spuninst.exe + 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\updspapi.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll + 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll + 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll + 2008-04-12 04:22:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll + 2007-12-03 15:25:31 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe + 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll + 2008-06-13 11:27:43 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys + 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll + 2008-04-14 12:36:35 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys + 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll + 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll + 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe + 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll + 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll + 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll + 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll + 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe + 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll + 2008-05-01 14:38:05 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll + 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll + 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll + 2008-06-23 16:01:38 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll + 2008-06-23 16:01:38 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll + 2008-06-23 16:01:39 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll + 2008-06-23 16:01:39 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll + 2008-06-23 16:01:39 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll + 2008-06-23 08:23:18 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe + 2008-06-23 16:01:39 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll + 2008-06-23 16:01:39 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll + 2008-06-21 05:23:53 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat + 2008-06-23 16:01:40 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll + 2008-06-23 16:01:40 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll + 2008-06-23 16:01:43 6,068,736 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll + 2008-06-23 16:01:43 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll + 2008-06-23 16:01:44 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll + 2008-06-23 08:23:18 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe + 2008-06-23 08:23:52 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe + 2008-06-23 16:01:46 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll + 2008-06-23 16:01:46 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll + 2008-06-23 16:01:46 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll + 2008-06-23 16:01:49 3,594,240 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll + 2008-06-23 16:01:49 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll + 2008-06-23 16:01:49 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll + 2008-06-23 16:01:50 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll + 2008-06-23 16:01:50 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll + 2008-06-23 16:01:50 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll + 2008-06-23 16:01:50 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\url.dll + 2008-06-23 16:01:51 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll + 2008-06-23 16:01:51 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll + 2008-06-23 16:01:51 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll + 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\spmsg.dll + 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\spuninst.exe + 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\updspapi.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll + 2008-04-14 00:11:59 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll + 2008-04-13 18:55:08 202,624 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll + 2008-04-14 00:11:53 246,272 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe + 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll + 2008-04-14 00:11:54 691,712 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll + 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll + 2008-04-14 00:12:38 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe + 2008-04-14 12:30:49 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys + 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll + 2008-04-13 18:46:32 273,024 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys + 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll + 2008-04-14 00:12:03 1,288,192 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll + 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll + 2008-04-13 19:19:23 138,112 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys + 2008-04-14 00:11:52 147,968 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll + 2008-04-14 00:12:01 245,248 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe + 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll + 2008-04-13 19:20:16 361,344 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys + 2008-04-13 19:00:02 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys + 2008-04-14 00:12:15 139,264 -c----w C:\WINDOWS\$NtUninstallKB951978$\cscript.exe + 2008-04-14 00:11:56 512,000 -c----w C:\WINDOWS\$NtUninstallKB951978$\jscript.dll + 2008-04-14 00:12:05 180,224 -c----w C:\WINDOWS\$NtUninstallKB951978$\scrobj.dll + 2008-04-14 00:12:05 172,032 -c----w C:\WINDOWS\$NtUninstallKB951978$\scrrun.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe + 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB951978$\spuninst\updspapi.dll + 2008-04-14 00:12:08 434,176 -c----w C:\WINDOWS\$NtUninstallKB951978$\vbscript.dll + 2008-04-14 00:12:41 155,648 -c----w C:\WINDOWS\$NtUninstallKB951978$\wscript.exe + 2008-04-14 00:12:10 90,112 -c----w C:\WINDOWS\$NtUninstallKB951978$\wshext.dll + 2008-04-14 00:11:58 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll + 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll + 2008-04-14 00:11:58 73,728 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\updspapi.dll - 2008-05-28 17:57:09 251,272 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll + 2008-08-13 14:29:45 250,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll + 2008-09-01 21:32:02 2,490,368 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\14b2daf912f626c33da2a1ae336ae61b\DriversHQ.DriverDetective.Client.ni.exe + 2008-09-01 21:32:28 58,368 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\6c03a08be1f0a68f608bdb2c46834386\DriversHQ.DriverDetective.ExceptionLogging.ni.dll + 2008-09-01 21:32:27 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\6c532213c62ac61e5127d70a0f350996\DriversHQ.DriverDetective.Common.ni.dll + 2008-09-01 21:32:15 253,952 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\e5f37af1e1aeabebdc2ef2d0e657ec5c\DriversHQ.DriverDetective.Client.Communication.ni.dll + 2008-09-01 21:32:31 249,856 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\ce7e97ee2001ac09d24345663279ae99\Microsoft.ApplicationBlocks.Updater.ni.dll + 2008-09-01 21:32:40 2,441,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\03cd932a3f398e076ea0fa3a144a8729\Microsoft.JScript.ni.dll + 2008-09-01 21:32:42 356,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\11aa94c79bff560d5236562e7f0e7cdb\Microsoft.Practices.ObjectBuilder.ni.dll + 2008-09-01 21:32:33 368,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\8dc1c2450835ef1654a56b30b22c7a79\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll + 2008-09-01 21:32:45 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\cb219e3f0644f9d7347df00887e260c3\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll + 2008-09-01 21:32:16 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\b7f503038312fbdb46d541be8767dc0b\Microsoft.VisualC.ni.dll + 2008-09-01 21:32:41 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\7f08f9fd338abdaac2d4b60b34761307\Microsoft.Vsa.ni.dll + 2008-09-01 21:32:13 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5c0afeab2445a935e4573bd004421392\System.Configuration.Install.ni.dll + 2008-09-01 21:32:23 1,179,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\d10c42e16715f4fdd0efd4c96fd3fd66\System.Data.OracleClient.ni.dll + 2008-09-01 21:32:09 2,695,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\3c37964856667adcacb5b4ade5f9cee5\System.Data.SqlXml.ni.dll + 2008-09-01 21:32:35 1,064,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\fbb6cee271e35d1ed87c6f3a7a446a60\System.Management.ni.dll + 2008-09-01 21:32:19 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f786e72fea8fdbc0a670d34266711678\System.Runtime.Remoting.ni.dll + 2008-09-01 21:32:11 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a33827fda63dcbbc207985eb4f1a9cef\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2008-09-01 21:32:25 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\91552494c35a30e02816fdf050ef3f80\System.ServiceProcess.ni.dll + 2008-09-01 21:32:46 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\23bdbb504d2d8a43db0607f04ca8514e\XPBurnComponent.ni.dll + 2002-03-11 17:45:04 1,708,856 ----a-w C:\WINDOWS\Cache\Adobe Reader 6.0.1\ENUBIG\instmsia.exe + 2002-03-11 18:06:30 1,822,520 ----a-w C:\WINDOWS\Cache\Adobe Reader 6.0.1\ENUBIG\instmsiw.exe + 2003-11-03 23:06:25 217,088 ----a-w C:\WINDOWS\Cache\Adobe Reader 6.0.1\ENUBIG\setup.exe + 2008-03-24 23:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe + 2004-07-22 19:36:40 41,472 ----a-w C:\WINDOWS\Downloaded Program Files\hpodpcfc2.dll + 2007-07-27 10:36:48 70,944 ----a-w C:\WINDOWS\Downloaded Program Files\sprthelper.exe + 2007-07-27 10:37:08 284,032 ----a-w C:\WINDOWS\Downloaded Program Files\tgctlcm.dll + 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 23:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll + 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll + 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll + 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll + 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll + 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll + 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe + 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll + 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll + 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll + 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll + 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll + 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll + 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll + 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll + 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe + 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe + 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll + 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll + 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll + 2008-04-24 02:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll + 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll + 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll + 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll + 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll + 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll + 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll + 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll + 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll + 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll + 2007-09-15 01:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL + 2007-08-29 04:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL + 2007-08-24 09:00:34 1,767,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PPCNV.DLL + 2007-08-24 09:00:48 72,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PXBCOM.EXE + 2006-10-27 00:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL + 2006-10-27 19:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL + 2007-08-29 04:49:28 606,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNIE.DLL + 2007-08-29 03:43:30 1,022,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTE.EXE + 2007-08-24 08:45:42 101,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTEM.EXE + 2007-08-24 08:45:42 75,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONFILTER.DLL + 2007-08-24 08:45:46 1,167,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONLIBS.DLL + 2007-10-13 01:08:52 6,588,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONMAIN.DLL + 2007-08-29 03:06:16 467,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE + 2007-08-29 03:06:44 7,990,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL + 2008-05-28 17:57:09 251,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTPIA.DLL + 2008-02-04 14:10:10 208,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\ImagingDevice.dll + 2008-02-04 14:06:54 417,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\ImagingServices.dll + 2008-02-04 14:08:42 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\LiveAlbumXCtrl.dll + 2008-02-04 14:07:46 1,779,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\MicrosoftEffects.dll + 2008-02-04 14:05:04 46,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\PhotoViewerShim.dll + 2008-02-04 14:11:26 371,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXAlbumDownloadWizard.exe + 2008-02-01 15:13:40 279,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\wlxclip.dll + 2008-02-01 15:13:40 191,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXDSPA.dll + 2008-02-04 14:10:02 130,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXGrinderScheduler.dll + 2008-02-04 14:06:00 59,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXImageTranscode.dll + 2008-02-04 14:07:48 711,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXMediaPublishSubscribe.dll + 2008-02-01 15:11:10 586,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPGSS.SCR + 2008-02-04 14:06:24 1,563,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoAcq.dll + 2008-02-01 15:13:40 227,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoAcquireWizard.exe + 2008-02-04 14:08:38 86,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoCinematic.dll + 2008-02-04 14:08:32 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoClassic.dll + 2008-02-04 14:08:42 125,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoGallery.exe + 2008-02-01 15:13:42 16,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoGalleryRepair.exe + 2008-02-04 14:06:54 394,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoLibraryDatabase.dll + 2008-02-04 14:06:20 1,515,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoViewer.dll + 2008-02-04 14:06:20 1,250,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoVoyager.dll + 2008-02-04 14:06:18 752,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPipeline.dll + 2008-02-04 14:06:14 734,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXPipetran.dll + 2008-02-01 15:13:42 101,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXQuickTimeControlHost.exe + 2008-02-04 14:05:00 20,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXQuickTimeControlHostPS.dll + 2008-02-04 14:05:04 53,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXQuickTimeShellExt.dll + 2008-02-04 14:08:42 85,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXThumbCache.dll + 2008-02-04 14:10:04 144,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXVAFilt.dll + 2008-02-04 14:07:02 670,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXVideoAcquireWizard.exe + 2008-02-04 14:07:10 69,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXVideoCameraAutoPlayManager.exe + 2008-02-04 14:10:10 165,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2FEF69EF4D91041602B020DC8\12.0.1329\WLXVideoTrim.dll + 2008-09-16 20:28:13 86,746 ----a-r C:\WINDOWS\Installer\{184E7118-0295-43C4-B72C-1D54AA75AAF7}\wlmail.exe - 2008-02-27 08:02:04 123,008 -c--a-r C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\WLXPhotoGalleryIcon.exe + 2008-09-20 14:01:16 123,008 ----a-r C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\WLXPhotoGalleryIcon.exe + 2008-09-16 20:29:08 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe - 2008-05-28 17:53:16 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-09-11 14:05:15 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2008-05-28 17:58:06 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-09-11 14:06:45 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-05-28 17:58:07 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-09-11 14:06:46 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-05-28 17:58:06 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-09-11 14:06:46 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-05-28 17:58:06 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-09-11 14:06:46 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-05-28 17:58:07 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-09-11 14:06:46 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-05-28 17:58:07 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-09-11 14:06:46 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-05-28 17:58:07 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-09-11 14:06:46 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-05-28 17:58:06 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-09-11 14:06:46 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-05-28 17:58:07 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-09-11 14:06:46 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-05-28 17:58:07 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-09-11 14:06:46 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-05-28 17:58:07 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-09-11 14:06:46 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-05-28 17:58:06 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-09-11 14:06:45 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2007-12-12 19:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe - 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 12:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe + 2008-09-16 01:54:57 467,328 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat + 2008-09-16 01:54:57 467,328 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat.bak - 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-04-14 00:12:15 139,264 ----a-w C:\WINDOWS\system32\cscript.exe + 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\cscript.exe - 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-06-23 16:57:27 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-04-13 19:19:23 138,112 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys + 2008-06-20 11:40:08 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys - 2008-04-13 18:46:32 273,024 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys + 2008-06-13 11:05:51 272,128 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys - 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2008-04-14 00:12:15 139,264 -c--a-w C:\WINDOWS\system32\dllcache\cscript.exe + 2008-05-07 09:07:23 135,168 -c--a-w C:\WINDOWS\system32\dllcache\cscript.exe - 2008-04-14 00:11:52 147,968 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-06-20 17:46:57 147,968 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-06-23 16:57:27 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-06-23 16:57:27 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-04-14 00:11:53 246,272 -c--a-w C:\WINDOWS\system32\dllcache\es.dll + 2008-07-07 20:26:58 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll - 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-06-23 16:57:27 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 13:06:21 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-06-23 16:57:28 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-06-23 09:20:25 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-06-23 16:57:29 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-06-23 16:57:29 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-06-21 05:23:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-03-01 13:06:22 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-06-23 16:57:29 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-06-23 16:57:29 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 13:06:24 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-06-23 16:57:33 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-06-23 16:57:33 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 13:06:25 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-06-23 16:57:34 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-06-23 09:20:26 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-06-23 09:20:52 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe - 2008-04-14 00:11:54 691,712 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2008-04-11 19:04:26 691,712 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2008-04-14 00:11:56 512,000 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2008-05-09 10:53:39 512,000 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-06-23 16:57:35 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-04-14 00:11:58 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll + 2008-05-01 14:33:02 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll - 2008-04-14 00:11:58 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll + 2008-06-24 16:43:16 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll - 2008-03-01 13:06:26 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-06-23 16:57:36 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 13:06:26 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-06-23 16:57:36 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 23:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-06-24 14:57:40 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-06-23 16:57:39 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-06-23 16:57:39 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-06-23 16:57:40 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-04-14 00:12:01 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll + 2008-06-20 17:46:57 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll - 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-06-23 16:57:40 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-06-23 16:57:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-04-13 19:19:41 146,048 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys + 2008-04-13 19:19:42 146,048 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys - 2008-04-14 00:12:03 1,288,192 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 05:12:40 1,288,192 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll - 2008-04-13 18:55:08 202,624 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2008-05-08 14:02:52 203,136 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2008-04-14 00:12:05 180,224 -c--a-w C:\WINDOWS\system32\dllcache\scrobj.dll + 2008-05-09 10:53:39 180,224 -c--a-w C:\WINDOWS\system32\dllcache\scrobj.dll - 2008-04-14 00:12:05 172,032 -c--a-w C:\WINDOWS\system32\dllcache\scrrun.dll + 2008-05-09 10:53:40 172,032 -c--a-w C:\WINDOWS\system32\dllcache\scrrun.dll - 2008-04-13 18:45:15 49,408 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys + 2008-04-13 18:45:16 49,408 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys - 2008-04-13 19:20:16 361,344 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2008-06-20 11:51:12 361,600 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2008-04-13 19:00:02 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys + 2008-06-20 11:08:27 225,856 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-06-23 16:57:40 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-06-23 16:57:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-04-14 00:12:08 434,176 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll + 2008-05-09 10:53:40 430,080 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll - 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-06-23 16:57:41 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-06-23 16:57:41 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-04-14 00:12:41 155,648 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe + 2008-05-08 11:24:44 155,648 -c--a-w C:\WINDOWS\system32\dllcache\wscript.exe - 2008-04-14 00:12:10 90,112 -c--a-w C:\WINDOWS\system32\dllcache\wshext.dll + 2008-05-09 10:53:40 90,112 -c--a-w C:\WINDOWS\system32\dllcache\wshext.dll - 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-07-30 23:19:46 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll - 2008-04-14 00:11:52 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2008-04-13 19:19:23 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys - 2008-04-13 18:46:32 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys + 2008-06-13 11:05:51 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys - 2007-05-18 17:30:00 61,960 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys + 2008-06-24 23:08:36 63,504 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys - 2007-10-18 14:24:46 134,672 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys + 2008-06-24 23:08:42 134,648 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys - 2007-09-13 19:15:06 88,840 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys + 2008-06-24 23:08:42 88,816 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys - 2007-05-18 17:30:00 45,064 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys + 2008-06-24 23:08:46 45,584 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys - 2007-10-18 18:21:02 114,704 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys + 2008-06-24 23:08:52 115,216 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys - 2007-11-02 16:09:10 65,552 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys + 2008-06-24 23:08:56 66,576 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys - 2007-10-18 14:24:46 93,712 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys + 2008-06-24 23:08:58 93,712 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys + 2008-04-17 15:57:48 3,768 ----a-w C:\WINDOWS\system32\drivers\MovRVDrv32.sys - 2008-04-13 19:19:41 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys + 2008-04-13 19:19:42 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys - 2008-04-13 18:55:08 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys + 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys + 2008-04-17 15:57:46 508,544 ----a-w C:\WINDOWS\system32\drivers\SndTDriverV32.sys - 2008-04-13 18:45:15 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys + 2008-04-13 18:45:16 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys + 2008-02-20 17:47:34 27,936 ----a-w C:\WINDOWS\system32\drivers\tbhsd.sys - 2008-04-13 19:20:16 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2008-04-13 19:00:02 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys - 2008-05-14 14:24:11 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys + 2008-06-04 11:13:48 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys - 2008-05-14 14:24:11 880,432 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys + 2008-06-04 11:13:48 880,560 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys - 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-08-23 22:30:00 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll - 2008-05-18 13:10:57 293,272 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-06-16 17:12:11 298,048 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-04-14 00:11:54 691,712 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll + 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll - 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2003-11-04 19:10:36 98,304 ----a-w C:\WINDOWS\system32\lffax13n.dll + 2003-11-04 19:11:32 155,648 ----a-w C:\WINDOWS\system32\lftif13n.dll + 2003-12-12 20:06:30 1,693,696 ----a-w C:\WINDOWS\system32\ltclr13n.dll + 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe + 2008-07-20 12:34:16 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe - 2008-05-09 18:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-04-14 00:11:58 73,728 ----a-w C:\WINDOWS\system32\mscms.dll + 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\system32\mscms.dll - 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-24 14:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-04-14 00:12:01 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll + 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll - 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-05-19 15:01:49 64,092 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-10-01 20:49:51 64,092 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-19 15:01:49 405,926 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-10-01 20:49:51 405,926 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2008-04-14 00:12:03 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll + 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll - 2008-05-12 09:59:25 2,257,276 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2008-09-16 01:39:23 134,648 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat - 2008-04-14 00:12:05 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll + 2008-05-09 10:53:39 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll - 2008-04-14 00:12:05 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll + 2008-05-09 10:53:40 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll + 2007-10-18 15:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll + 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2007-08-11 00:46:18 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll - 2008-04-14 00:12:38 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe - 2007-08-02 13:09:40 117,264 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll + 2008-06-24 23:10:44 117,264 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll - 2007-08-02 13:09:40 256,528 ----a-w C:\WINDOWS\system32\UmxSbxw.dll + 2008-06-24 23:10:46 256,528 ----a-w C:\WINDOWS\system32\UmxSbxw.dll - 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-04-14 00:12:08 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll + 2008-05-09 10:53:40 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll + 2003-08-08 16:41:48 438,272 ----a-w C:\WINDOWS\system32\VTDisply(2).dll + 2003-08-08 16:41:48 438,272 ----a-w C:\WINDOWS\system32\VTDisply(3).dll + 2003-08-08 16:41:48 438,272 ----a-w C:\WINDOWS\system32\VTDisply(4).dll + 2003-08-08 16:41:48 438,272 ----a-w C:\WINDOWS\system32\VTDisply(5).dll + 2003-08-08 16:41:48 438,272 ----a-w C:\WINDOWS\system32\VTDisply(6).dll + 2003-06-19 05:42:38 290,816 ----a-w C:\WINDOWS\system32\VTGamma2(2).dll + 2003-06-19 05:42:38 290,816 ----a-w C:\WINDOWS\system32\VTGamma2(3).dll + 2003-06-19 05:42:38 290,816 ----a-w C:\WINDOWS\system32\VTGamma2(4).dll + 2003-06-19 05:42:38 290,816 ----a-w C:\WINDOWS\system32\VTGamma2(5).dll + 2003-06-19 05:42:38 290,816 ----a-w C:\WINDOWS\system32\VTGamma2(6).dll + 2003-07-31 16:45:02 225,280 ----a-w C:\WINDOWS\system32\VTInfo2(2).dll + 2003-07-31 16:45:02 225,280 ----a-w C:\WINDOWS\system32\VTInfo2(3).dll + 2003-07-31 16:45:02 225,280 ----a-w C:\WINDOWS\system32\VTInfo2(4).dll + 2003-07-31 16:45:02 225,280 ----a-w C:\WINDOWS\system32\VTInfo2(5).dll + 2003-07-31 16:45:02 225,280 ----a-w C:\WINDOWS\system32\VTInfo2(6).dll + 2003-08-09 01:53:00 323,584 ----a-w C:\WINDOWS\system32\VTovrlay(2).dll + 2003-08-09 01:53:00 323,584 ----a-w C:\WINDOWS\system32\VTovrlay(3).dll + 2003-08-09 01:53:00 323,584 ----a-w C:\WINDOWS\system32\VTovrlay(4).dll + 2003-08-09 01:53:00 323,584 ----a-w C:\WINDOWS\system32\VTovrlay(5).dll + 2003-08-09 01:53:00 323,584 ----a-w C:\WINDOWS\system32\VTovrlay(6).dll + 2004-10-22 15:53:06 53,248 ----a-w C:\WINDOWS\system32\VTTimer(2).exe + 2004-10-22 15:53:06 53,248 ----a-w C:\WINDOWS\system32\VTTimer(3).exe + 2004-10-22 15:53:06 53,248 ----a-w C:\WINDOWS\system32\VTTimer(4).exe + 2004-10-22 15:53:06 53,248 ----a-w C:\WINDOWS\system32\VTTimer(5).exe + 2004-10-22 15:53:06 53,248 ----a-w C:\WINDOWS\system32\VTTimer(6).exe - 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\wininet.dll - 2006-10-19 02:47:20 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll + 2008-06-24 22:12:58 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll - 2008-04-14 00:12:41 155,648 ----a-w C:\WINDOWS\system32\wscript.exe + 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe - 2008-04-14 00:12:10 90,112 ----a-w C:\WINDOWS\system32\wshext.dll + 2008-05-09 10:53:40 90,112 ----a-w C:\WINDOWS\system32\wshext.dll + 2008-04-15 17:47:33 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 68856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ComSys"="C:\WINDOWS\system32\upwberod.exe" [2008-10-03 106496] "AplApp"="C:\WINDOWS\system32\pidclyxs.exe" [2008-10-07 106496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 81920] "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416] "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760] "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480] "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664] "cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200] "capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296] "capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312] "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-05-01 14088] "CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [2007-08-16 410888] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "VTTimer"="VTTimer.exe" [2004-10-22 C:\WINDOWS\system32\VTTimer.exe] "LTMSG"="LTMSG.exe" [2003-07-14 C:\WINDOWS\ltmsg.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "PGZ3CxH5CO"="C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe" [2008-10-03 77824] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ Deewoo.lnk.del [2008-04-06 686] spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ winsched.exe [2008-09-23 274418] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "AplSys"= {26829E71-91E2-A630-EE19-0179970B7B73} - C:\Program Files\kvlwzjd\AplSys.dll [2008-10-07 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\system32\\lxddcoms.exe"= "C:\\Program Files\\Blubster\\Blubster.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"= "C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"= "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"= R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712] R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-10 182248] R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504] R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584] R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216] R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648] R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248] R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192] R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296] R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104] R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816] R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704] R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 mam4410c;mam4410c;C:\WINDOWS\system32\Drivers\mam4410c.sys [2005-06-16 24784] S3 mam4410m;mam4410m;C:\WINDOWS\system32\Drivers\mam4410m.sys [2005-06-16 25044] S3 mam4410u;mam4410u;C:\WINDOWS\system32\Drivers\mam4410u.sys [2007-03-19 52309] S3 misalign;Data Misalignment Exception Kernel Driver;C:\WINDOWS\system32\drivers\misalign.sys [2007-12-18 8832] S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768] S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-04-17 508544] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-09-28 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 7 26 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 21:10] 2008-10-07 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2008-10-07 C:\WINDOWS\Tasks\CleanUp!.job - C:\PROGRA~1\CleanUp!\Cleanup.exe [2006-06-25 17:05] 2008-10-07 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [] 2008-05-15 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [] . - - - - ORPHANS REMOVED - - - - BHO-{1cba9d5f-1483-44f8-8bce-501a2c26b55a} - C:\WINDOWS\system32\xxyyaBut.dll BHO-{1ED8C6DA-6421-4C89-A772-B757F96CA697} - C:\WINDOWS\system32\yayvWnKB.dll BHO-{8B7698E8-1D21-4C79-B0E3-4D66A03DE092} - C:\WINDOWS\system32\nnnkKDss.dll BHO-{906bb1b2-6d0b-4fd3-83cc-8eac17f989e0} - C:\WINDOWS\system32\hcbsol.dll BHO-{915e01d7-853a-4e06-bfad-4d24bd6f85d6} - C:\WINDOWS\system32\opnlKaWN.dll HKCU-Run-Tunebite - C:\Program Files\RapidSolution\Tunebite\Tunebite.exe HKCU-Run-\YUR2E.exe - C:\Windows\system32\YUR2E.exe HKCU-Run-\YUR2F.exe - C:\Windows\system32\YUR2F.exe HKCU-Run-\YUR30.exe - C:\Windows\system32\YUR30.exe HKCU-Run-\YUR31.exe - C:\Windows\system32\YUR31.exe HKCU-Run-\YUR32.exe - C:\Windows\system32\YUR32.exe HKCU-Run-\YUR5.exe - C:\Windows\system32\YUR5.exe HKCU-Run-\YUR17.exe - C:\Windows\system32\YUR17.exe HKCU-Run-\YURC.exe - C:\Windows\system32\YURC.exe HKCU-Run-\YURE.exe - C:\Windows\system32\YURE.exe HKCU-Run-\YUR18.exe - C:\Windows\system32\YUR18.exe HKCU-Run-\YUR19.exe - C:\Windows\system32\YUR19.exe HKCU-Run-\YUR1A.exe - C:\Windows\system32\YUR1A.exe HKCU-Run-\YUR1D.exe - C:\Windows\system32\YUR1D.exe HKCU-Run-\YUR24.exe - C:\Windows\system32\YUR24.exe HKLM-Run-\YUR2E.exe - C:\Windows\system32\YUR2E.exe HKLM-Run-\YUR2F.exe - C:\Windows\system32\YUR2F.exe HKLM-Run-\YUR30.exe - C:\Windows\system32\YUR30.exe HKLM-Run-\YUR31.exe - C:\Windows\system32\YUR31.exe HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe HKLM-Run-\YUR32.exe - C:\Windows\system32\YUR32.exe HKLM-Run-\YUR5.exe - C:\Windows\system32\YUR5.exe HKLM-Run-\YUR17.exe - C:\Windows\system32\YUR17.exe HKLM-Run-\YURC.exe - C:\Windows\system32\YURC.exe HKLM-Run-\YURE.exe - C:\Windows\system32\YURE.exe HKLM-Run-\YUR18.exe - C:\Windows\system32\YUR18.exe HKLM-Run-\YUR19.exe - C:\Windows\system32\YUR19.exe HKLM-Run-\YUR1A.exe - C:\Windows\system32\YUR1A.exe HKLM-Run-\YUR1D.exe - C:\Windows\system32\YUR1D.exe HKLM-Run-\YUR24.exe - C:\Windows\system32\YUR24.exe HKLM-Run-543e60cd - C:\WINDOWS\system32\ilibkgye.dll ShellExecuteHooks-{1ED8C6DA-6421-4C89-A772-B757F96CA697} - C:\WINDOWS\system32\yayvWnKB.dll Notify-iifdEvts - iifdEvts.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mr439kbz.default\ FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-07 18:54:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe . ************************************************************************** . Completion time: 2008-10-07 19:04:24 - machine was rebooted [Owner] ComboFix-quarantined-files.txt 2008-10-07 23:04:18 Pre-Run: 111,166,550,016 bytes free Post-Run: 111,488,598,016 bytes free 1005 --- E O F --- 2008-10-07 23:01:02 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:08:46 PM, on 10/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\upwberod.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\upwberod.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookanddiscover.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ComSys] C:\WINDOWS\system32\upwberod.exe O4 - HKCU\..\Run: [AplApp] C:\WINDOWS\system32\pidclyxs.exe O4 - HKLM\..\Policies\Explorer\Run: [PGZ3CxH5CO] C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: winsched.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [international] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {149e45d8-163e-4189-86fc-45022ab2b6c9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1208046169125 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - https://brewx.qualcomm.com/bws/conte...all/isetup.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///F:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB O16 - DPF: {cc450d71-cc90-424c-8638-1f2dbac87a54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: autorunsdisabled - (no CLSID) - (no file) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: autorunsdisabled - (no CLSID) - (no file) O21 - SSODL: AplSys - {26829E71-91E2-A630-EE19-0179970B7B73} - C:\Program Files\kvlwzjd\AplSys.dll O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Capture Device Service (capture device service) - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (lightscribeservice) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Ulead Burning Helper (uleadburninghelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 12999 bytes |
|
|
|
|
10-07-2008, 06:23 PM
|
#11 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: I'm infected and some other problems
Hello again
Download ATF-Cleaner by Atribune to your desktop.Do not run just yet we will shortly ======== Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFscript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s). ========= JAVA OUTDATED Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
========= Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. If you have Firefox installed: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you have Opera installed: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. ========== Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions.
This animation will guide you through the process:  To optimize scanning time and produce a more sensible report for review:
============= Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ============= Logs Required C:\Combofix.txt Kaspersky Scan Report Hijackthis Log How is the system running now. |
|
|
|
|
|
10-08-2008, 04:30 AM
|
#13 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 40
OS: windows xp
|
Re: I'm infected and some other problems
Got back sooner than I thought. The active desktop recavery is gone and my computer is running alot faster. Thank You for helping me.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:25:52 AM, on 10/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: winsched.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [international] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {149e45d8-163e-4189-86fc-45022ab2b6c9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1208046169125 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - https://brewx.qualcomm.com/bws/conte...all/isetup.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///F:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB O16 - DPF: {cc450d71-cc90-424c-8638-1f2dbac87a54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: autorunsdisabled - (no CLSID) - (no file) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: autorunsdisabled - (no CLSID) - (no file) O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Capture Device Service (capture device service) - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (lightscribeservice) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Ulead Burning Helper (uleadburninghelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 12617 bytes KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, October 8, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, October 08, 2008 03 14Records in database: 1298821 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 116788 Threat name: 21 Infected objects: 27 Suspicious objects: 0 Duration of the scan: 02:34:18 File name / Threat name / Threats count C:\Documents and Settings\Owner\My Documents\MicroAV\MicroAV.exe Infected: not-a-virus:FraudTool.Win32.AntiVirus2008.em 1 C:\QooBox\Quarantine\C\bintheredunthat\hosts.exe.vir Infected: Backdoor.Win32.Small.czo 1 C:\QooBox\Quarantine\C\bintheredunthat\hostsmon.exe.vir Infected: Backdoor.Win32.Small.eiu 1 C:\QooBox\Quarantine\C\bintheredunthat\manager.exe.vir Infected: Backdoor.Win32.Small.cvt 1 C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Adobe\Manager.exe.vir Infected: Trojan.Win32.Agent.xjc 1 C:\QooBox\Quarantine\C\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.az 1 C:\QooBox\Quarantine\C\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.az 1 C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir Infected: not-a-virus:Downloader.Win32.PopCap.b 1 C:\QooBox\Quarantine\C\WINDOWS\stfngdvw.dll.vir Infected: Trojan.Win32.Vapsup.dms 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ecygxgij.dll.vir Infected: Backdoor.Win32.Poison.kxe 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mdoysmbf.dll.vir Infected: Trojan.Win32.KillAV.rf 1 C:\QooBox\Quarantine\C\WINDOWS\system32\obyychts.dll.vir Infected: Trojan.Win32.KillAV.rf 1 C:\QooBox\Quarantine\C\WINDOWS\system32\oojedgoi.dll.vir Infected: Trojan.Win32.Vapsup.mao 1 C:\QooBox\Quarantine\C\WINDOWS\Web\def.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.c 1 C:\QooBox\Quarantine\C\x.vir Infected: Backdoor.Win32.Frauder.jt 1 C:\QooBox\Quarantine\catchme2008-05-29_ 64339.90.zip Infected: Rootkit.Win32.Agent.aiw 1 C:\QooBox\Quarantine\[4]-Submit_2008-10-07@20.31.zip Infected: Trojan.Win32.Obfuscated.gx 4 C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1 C:\WINDOWS\system32\binR\Wvram13.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg 1 C:\WINDOWS\system32\byXrqoOh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rtg 1 C:\WINDOWS\system32\dFrnx06\dFrnx061083.exe Infected: Trojan-Downloader.Win32.VB.ehl 1 C:\WINDOWS\system32\drivers\setup\cmd.txt Infected: Trojan.BAT.Runner.s 1 C:\WINDOWS\system32\polX\roEbdll2.exe Infected: Trojan.NSIS.StartPage.d 1 C:\WINDOWS\system32\polX\roEbdll2.exe Infected: Trojan.NSIS.StartPage.c 1 The selected area was scanned. ComboFix 08-10-07.06 - Owner 2008-10-07 20:31:36.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.112 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\My Documents\CFscript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\cpgxapgr C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe C:\Documents and Settings\Owner\Application Data\uTorrent C:\Documents and Settings\Owner\Application Data\uTorrent\Batman.Gotham.Knight[2008].Dvdrip.Xvid.AC3[5.1][Eng Subs]-RoCK&BLueLadyRG.torrent C:\Documents and Settings\Owner\Application Data\uTorrent\Crystal Shawanda - Dawn Of A New Day (2008) - Country.torrent C:\Documents and Settings\Owner\Application Data\uTorrent\dht.dat C:\Documents and Settings\Owner\Application Data\uTorrent\dht.dat.old C:\Documents and Settings\Owner\Application Data\uTorrent\Go.Diego.Go.Wolf.Pup.Rescue.PAL.DVDR-HND.torrent C:\Documents and Settings\Owner\Application Data\uTorrent\Iron.Man.720p.BluRay.x264-SEPTiC.torrent C:\Documents and Settings\Owner\Application Data\uTorrent\resume.dat C:\Documents and Settings\Owner\Application Data\uTorrent\resume.dat.old C:\Documents and Settings\Owner\Application Data\uTorrent\rss.dat C:\Documents and Settings\Owner\Application Data\uTorrent\settings.dat C:\Documents and Settings\Owner\Application Data\uTorrent\settings.dat.old C:\Documents and Settings\Owner\Application Data\uTorrent\utorrent.lng C:\Program Files\kvlwzjd C:\Program Files\kvlwzjd\AplSys.dll C:\WINDOWS\system32\pidclyxs.exe C:\WINDOWS\system32\upwberod.exe . ((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 ))))))))))))))))))))))))))))))) . 2008-10-07 19:00 . 2008-10-07 19:00 <DIR> d-------- C:\WINDOWS\LastGood 2008-10-07 16:30 . 2008-10-07 16:32 <DIR> d-------- C:\rsit 2008-10-04 19:49 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-10-04 19:49 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-10-04 19:49 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-10-04 19:49 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-10-04 19:48 . 2008-10-07 11:25 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-10-04 19:48 . 2008-10-04 19:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-10-03 22:52 . 2008-10-04 18:31 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-09-16 16:40 . 2008-09-16 16:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Windows Live Writer 2008-09-16 16:38 . 2008-09-16 16:53 <DIR> d-------- C:\Documents and Settings\Owner\Contacts 2008-09-16 16:31 . 2008-09-16 16:32 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-09-16 16:31 . 2008-09-16 16:31 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-09-16 16:29 . 2008-09-16 16:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1 2008-10-07 22:50 475,118 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0 2008-10-07 21:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-04 14:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso 2008-10-03 19:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-01 23:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\XemiComputers 2008-10-01 20:18 --------- d-----w C:\Program Files\Lx_cats 2008-09-19 11:56 --------- d-----w C:\Program Files\Google 2008-09-18 19:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems 2008-09-16 20:31 --------- d-----w C:\Program Files\Windows Live 2008-09-16 20:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-16 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-11 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-05 10:35 --------- d-----w C:\Program Files\Blubster 2008-09-03 21:02 --------- d-----w C:\Program Files\Driver-Soft 2008-09-01 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-08-25 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\LxThumbs 2008-08-23 13:48 --------- d-----w C:\Program Files\Nick Arcade 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-04-23 20:13 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys 2008-04-05 19:53 12 -c--a-w C:\WINDOWS\system32\config\systemprofile\bitpim.dat 2008-04-05 19:53 12 -c--a-w C:\Documents and Settings\Owner\bitpim.dat 2008-04-05 19:53 12 -c--a-w C:\Documents and Settings\Default User\bitpim.dat 2007-12-02 17:56 284 -c--a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat 2008-04-06 14:45 2 --shatr C:\WINDOWS\winstart.bat 2008-04-11 03:14 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-04-07 02:04 458,752 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008033120080407\index.dat 2008-04-07 17:04 98,304 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040720080408\index.dat 2008-04-09 03:47 229,376 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040820080409\index.dat 2008-04-09 20:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040920080410\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 68856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 81920] "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416] "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760] "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480] "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664] "cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200] "capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296] "capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312] "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-05-01 14088] "CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [2007-08-16 410888] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "VTTimer"="VTTimer.exe" [2004-10-22 C:\WINDOWS\system32\VTTimer.exe] "LTMSG"="LTMSG.exe" [2003-07-14 C:\WINDOWS\ltmsg.exe] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ Deewoo.lnk.del [2008-04-06 686] spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ winsched.exe [2008-09-23 274418] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\lxddcoms.exe"= "C:\\Program Files\\Blubster\\Blubster.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"= "C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"= "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"= R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712] R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-10 182248] R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504] R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584] R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216] R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648] R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248] R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192] R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296] R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104] R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816] R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704] R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 mam4410c;mam4410c;C:\WINDOWS\system32\Drivers\mam4410c.sys [2005-06-16 24784] S3 mam4410m;mam4410m;C:\WINDOWS\system32\Drivers\mam4410m.sys [2005-06-16 25044] S3 mam4410u;mam4410u;C:\WINDOWS\system32\Drivers\mam4410u.sys [2007-03-19 52309] S3 misalign;Data Misalignment Exception Kernel Driver;C:\WINDOWS\system32\drivers\misalign.sys [2007-12-18 8832] S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768] S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-04-17 508544] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-09-28 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 7 26 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 21:10] 2008-10-08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2008-10-07 C:\WINDOWS\Tasks\CleanUp!.job - C:\PROGRA~1\CleanUp!\Cleanup.exe [2006-06-25 17:05] 2008-10-07 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [] 2008-05-15 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-AplApp - C:\WINDOWS\system32\pidclyxs.exe HKLM-Explorer_Run-PGZ3CxH5CO - C:\Documents and Settings\All Users\Application Data\cpgxapgr\gvmlmzwr.exe SSODL-AplSys-{26829E71-91E2-A630-EE19-0179970B7B73} - C:\Program Files\kvlwzjd\AplSys.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-07 20:34:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-07 20:40:05 ComboFix-quarantined-files.txt 2008-10-08 00:40:01 ComboFix2.txt 2008-10-07 23:04:26 Pre-Run: 111,457,144,832 bytes free Post-Run: 111,444,570,112 bytes free 214 --- E O F --- 2008-10-07 23:01:02 |
|
|
|
|
10-08-2008, 07:04 AM
|
#14 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: I'm infected and some other problems
Hello again
Please upload this file: C:\QooBox\Quarantine\[4]-Submit_2008-10-07@20.31.zip To the following website. http://www.bleepingcomputer.com/submit-malware.php?channel=4 Include this link into your submission: http://www.techsupportforum.com/security-center/hijackthis-log-help/299005-i-m-infected-some-other-problems.html Thanks. ======= Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag CFscript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall =========== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ============ Logs Required C:\Combofix.txt Hijackthis Log |
|
|
|
|
|
10-08-2008, 10:34 AM
|
#15 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 40
OS: windows xp
|
Re: I'm infected and some other problems
ComboFix 08-10-07.06 - Owner 2008-10-08 12:23:18.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.137 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\My Documents\CFscript.txt * Created a new restore point FILE :: C:\Documents and Settings\Owner\My Documents\MicroAV\MicroAV.exe C:\WINDOWS\Downloaded Program Files\popcaploader.dll C:\WINDOWS\system32\binR\Wvram13.exe C:\WINDOWS\system32\byXrqoOh.dll C:\WINDOWS\system32\dFrnx06\dFrnx061083.exe C:\WINDOWS\system32\drivers\setup\cmd.txt C:\WINDOWS\system32\polX\roEbdll2.exe C:\WINDOWS\system32\polX\roEbdll2.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ :#: . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\My Documents\MicroAV C:\Documents and Settings\Owner\My Documents\MicroAV\MicroAV.exe C:\Program Files\Enigma Software Group C:\Program Files\Enigma Software Group\Common.dll C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt C:\Program Files\Enigma Software Group\SpyHunter\Download\update.exe C:\Program Files\Enigma Software Group\SpyHunter\key.dat C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000000.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000001.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000002.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000003.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000004.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000005.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000006.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000007.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000008.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000009.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\00000a.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\00000b.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\00000c.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\00000d.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\00000e.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\00000f.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000010.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000011.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000012.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000013.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000014.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000015.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000016.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000017.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\000018.ecd C:\Program Files\Enigma Software Group\SpyHunter\Rollback\rollback.dat C:\Program Files\Enigma Software Group\SpyHunter\scan.log C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterInstance.lock C:\Program Files\Enigma Software Group\SpyHunter\support.log C:\WINDOWS\Downloaded Program Files\popcaploader.dll C:\WINDOWS\system32\binR\Wvram13.exe C:\WINDOWS\system32\byXrqoOh.dll C:\WINDOWS\system32\dFrnx06\dFrnx061083.exe C:\WINDOWS\system32\drivers\setup\cmd.txt . ((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 ))))))))))))))))))))))))))))))) . 2008-10-07 21:46 . 2008-10-07 21:46 <DIR> d-------- C:\Program Files\Common Files\Java 2008-10-07 21:46 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-10-07 19:00 . 2008-10-07 19:00 <DIR> d-------- C:\WINDOWS\LastGood 2008-10-07 16:30 . 2008-10-07 16:32 <DIR> d-------- C:\rsit 2008-10-04 19:49 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-10-04 19:49 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-10-04 19:49 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-10-04 19:49 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-10-04 19:48 . 2008-10-07 11:25 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-10-04 19:48 . 2008-10-04 19:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-09-16 16:40 . 2008-09-16 16:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Windows Live Writer 2008-09-16 16:38 . 2008-09-16 16:53 <DIR> d-------- C:\Documents and Settings\Owner\Contacts 2008-09-16 16:31 . 2008-09-16 16:32 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-09-16 16:31 . 2008-09-16 16:31 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-09-16 16:29 . 2008-09-16 16:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-08 01:46 --------- d-----w C:\Program Files\Java 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2 2008-10-07 22:50 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1 2008-10-07 22:50 475,118 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0 2008-10-07 21:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-04 14:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso 2008-10-03 19:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-01 23:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\XemiComputers 2008-10-01 20:18 --------- d-----w C:\Program Files\Lx_cats 2008-09-19 11:56 --------- d-----w C:\Program Files\Google 2008-09-18 19:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems 2008-09-16 20:31 --------- d-----w C:\Program Files\Windows Live 2008-09-16 20:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-16 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-11 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-05 10:35 --------- d-----w C:\Program Files\Blubster 2008-09-03 21:02 --------- d-----w C:\Program Files\Driver-Soft 2008-09-01 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-08-25 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\LxThumbs 2008-08-23 13:48 --------- d-----w C:\Program Files\Nick Arcade 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-04-23 20:13 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys 2008-04-05 19:53 12 -c--a-w C:\WINDOWS\system32\config\systemprofile\bitpim.dat 2008-04-05 19:53 12 -c--a-w C:\Documents and Settings\Owner\bitpim.dat 2008-04-05 19:53 12 -c--a-w C:\Documents and Settings\Default User\bitpim.dat 2007-12-02 17:56 284 -c--a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat 2008-04-06 14:45 2 --shatr C:\WINDOWS\winstart.bat 2008-04-11 03:14 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-04-07 02:04 458,752 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008033120080407\index.dat 2008-04-07 17:04 98,304 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040720080408\index.dat 2008-04-09 03:47 229,376 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040820080409\index.dat 2008-04-09 20:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040920080410\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-10-07_19.03.18.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-25 05:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2008-03-25 05:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2008-03-25 06:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 68856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 81920] "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416] "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760] "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480] "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664] "cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200] "capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296] "capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312] "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-05-01 14088] "CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [2007-08-16 410888] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "VTTimer"="VTTimer.exe" [2004-10-22 C:\WINDOWS\system32\VTTimer.exe] "LTMSG"="LTMSG.exe" [2003-07-14 C:\WINDOWS\ltmsg.exe] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutorunsDisabled OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ Deewoo.lnk.del [2008-04-06 686] spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ winsched.exe [2008-09-23 274418] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\lxddcoms.exe"= "C:\\Program Files\\Blubster\\Blubster.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"= "C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"= "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"= R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712] R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-10 182248] R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504] R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584] R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216] R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648] R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248] R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192] R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296] R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104] R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816] R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704] R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 mam4410c;mam4410c;C:\WINDOWS\system32\Drivers\mam4410c.sys [2005-06-16 24784] S3 mam4410m;mam4410m;C:\WINDOWS\system32\Drivers\mam4410m.sys [2005-06-16 25044] S3 mam4410u;mam4410u;C:\WINDOWS\system32\Drivers\mam4410u.sys [2007-03-19 52309] S3 misalign;Data Misalignment Exception Kernel Driver;C:\WINDOWS\system32\drivers\misalign.sys [2007-12-18 8832] S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768] S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-04-17 508544] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-09-28 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 7 26 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 21:10] 2008-10-08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2008-10-07 C:\WINDOWS\Tasks\CleanUp!.job - C:\PROGRA~1\CleanUp!\Cleanup.exe [2006-06-25 17:05] 2008-10-07 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [] 2008-05-15 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-08 12:27:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-08 12:31:55 ComboFix-quarantined-files.txt 2008-10-08 16:31:51 ComboFix2.txt 2008-10-08 00:40:07 ComboFix3.txt 2008-10-07 23:04:26 Pre-Run: 111,224,537,088 bytes free Post-Run: 111,264,305,152 bytes free 255 --- E O F --- 2008-10-08 16:14:53 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:38 PM, on 10/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Global Startup: winsched.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [international] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {149e45d8-163e-4189-86fc-45022ab2b6c9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1208046169125 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - https://brewx.qualcomm.com/bws/conte...all/isetup.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///F:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB O16 - DPF: {cc450d71-cc90-424c-8638-1f2dbac87a54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: autorunsdisabled - (no CLSID) - (no file) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: autorunsdisabled - (no CLSID) - (no file) O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Capture Device Service (capture device service) - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (lightscribeservice) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Ulead Burning Helper (uleadburninghelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 12403 bytes |
|
|
|
|
10-08-2008, 01:20 PM
|
#16 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: I'm infected and some other problems
Hello again
File uploaded successfully, thank you. ======== Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) O4 - Global Startup: winsched.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O11 - Options group: [international] International* O16 - DPF: {149e45d8-163e-4189-86fc-45022ab2b6c9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///F:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB O16 - DPF: {cc450d71-cc90-424c-8638-1f2dbac87a54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx O24 - Desktop Component 0: (no name) - (no file) Please remember to close all other windows, including browsers then click Fix checked. ========= If there are no further issues, follow instructions below. ========= Delete RSIT from your desktop, also delete this folder c:\rsit. Uninstall Hijackthis via add/remove, you can keep ATF-Cleaner if you wish. ========= Well done, your logs are clean. Click start>run>type(or copy/paste command into run box): ComboFix /u Click ok. ========= Clear IE7 cookies *On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab. *On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too]. *Click OK, and then click OK again. Clear Firefox cookies/cache • Select "Tools" • Select "Options". • Select "Privacy". • In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want. • Click OK. • In Private area click "Clear Now". ------------------------------------------------------------------------------------------- MICROSOFT UPDATES 1.Click Start,Run, type sysdm.cpl, and then press OK. 2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended). Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday". ------------------------------------------------------------------------------------------ Useful Information and Programs to keep you safe. TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages: * Content category * Phishing scam detection * Site reputation * Page reputation WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites. WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites. Note:Only compatible with Firefox 1.5 and higher. -------------------------------------------------------------------------------------- Alternate Browsers Try the following free alternate browsers rather than Internet Explorer Avant Firefox Opera K-Meleon ------------------------------------------------------------------------------------------ Free Antispyware Products SuperAntiSpyware Malwarebytes ' Anti-Malware SpywareBlaster to help prevent spyware from installing in the first place.
------------------------------------------------------------------ IE-Spyad™ is a freeware utility that places more than 4000 dubious websites and domains in the Internet Explorer Restricted List. Download and installation instructions for IE-Spyad™ Here ----------------------------------------- The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file. If your having trouble downloading & extracting,see link below for guidance: http://www.mvps.org/winhelp2002/hosts2.htm Once you have extracted the host file,double click on it and a new window will open. Double-click on mvps.batand follow the prompts --------------------------------------------------------------- Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer. ---------------------------------------- SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users. Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. ============================================== Also, please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Please reply to this thread once more, as we may mark this as resolved, thanks. |
|
|
|
| Thread Tools | |
|
|
