all search engines get redirected and i found rootkit problems skynetblabla.dll

[stevennashy]

please help me avg picks them up but they keep trying to come into my system and my search engine keeps redirecting me here is my dds:
DDS (Ver_09-06-26.01) - NTFSx86
Run by katie at 9:23:02.11 on Fri 03/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.1013.283 [GMT 10:00]

AV: BP Security Anti-Virus *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\ehome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\ehome\ehsched.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\katie\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\katie\AppData\Local\Temp\nspF422.tmp\apa
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\katie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.ninemsn.com.au
uDefault_Page_URL = hxxp://www.ninemsn.com.au
mStart Page = hxxp://www.ninemsn.com.au
mURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: precisead: {09ee039e-9f62-1a05-9036-c7c90bf512b1} - c:\windows\system32\nsg72E5.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245454421005
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-30 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-30 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-30 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-1 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-1 298776]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-12-10 223232]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2001-1-10 32256]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate1c9c0993032ba89;Google Update Service (gupdate1c9c0993032ba89);c:\program files\google\update\GoogleUpdate.exe [2009-4-19 133104]
S3 authfwco;authfwco;c:\windows\system32\drivers\authfwco.sys [2009-5-2 22792]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-4-10 111112]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2009-6-21 410976]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-3-27 80744]

=============== Created Last 30 ================

2009-07-02 20:10 60,026 a------- c:\windows\system32\yjrkpknvwo.dll-uninst.exe
2009-07-02 20:10 85,733 a------- c:\windows\system32\eca812ea-9d6c-ce94-7017-55171f3209e5.exe
2009-07-02 20:09 48,273 a------- c:\windows\system32\lmtbnwowvs.exe
2009-07-02 19:54 <DIR> --d----- c:\program files\LimeWire
2009-07-02 18:49 <DIR> --d--r-- c:\program files\Skype
2009-07-02 18:41 <DIR> --d----- c:\program files\uTorrent
2009-07-02 10:57 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 10:57 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-02 10:57 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-02 10:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-02 10:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 09:50 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-07-02 09:50 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-07-02 09:49 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-02 09:49 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-02 09:48 <DIR> --d----- c:\users\katie\appdata\roaming\DAEMON Tools Lite
2009-07-01 23:52 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-01 22:48 161,792 a------- c:\windows\SWREG.exe
2009-07-01 22:48 155,136 a------- c:\windows\PEV.exe
2009-07-01 22:48 98,816 a------- c:\windows\sed.exe
2009-07-01 21:45 <DIR> --d----- C:\delete
2009-07-01 11:07 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-01 08:27 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-07-01 08:27 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-07-01 02:58 <DIR> -cd-h--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-07-01 02:58 <DIR> -cd-h--- c:\progra~2\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-07-01 02:55 <DIR> --d----- c:\program files\Cute CD DVD Burner
2009-07-01 00:10 <DIR> --d----- c:\program files\Trend Micro
2009-06-30 23:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-30 23:13 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-06-30 23:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-30 23:13 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 23:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-30 23:13 <DIR> --d----- c:\program files\AVG
2009-06-30 23:13 <DIR> --d----- c:\programdata\avg8
2009-06-30 23:13 <DIR> --d----- c:\progra~2\avg8
2009-06-30 12:04 1,835,008 a------- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2009-06-30 12:04 49,152 a------- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2009-06-30 12:04 16,384 a------- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2009-06-30 11:51 <DIR> --d----- c:\program files\Microsoft ATS
2009-06-29 10:42 38 a------- c:\windows\avisplitter.ini
2009-06-29 10:42 839,680 a------- c:\windows\system32\lameACM.acm
2009-06-29 10:42 414 a------- c:\windows\system32\lame_acm.xml
2009-06-29 10:42 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-06-29 10:42 90,112 a------- c:\windows\system32\dpl100.dll
2009-06-29 10:42 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-06-29 10:42 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-06-29 10:42 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-06-29 08:35 <DIR> --d----- c:\program files\MagicISO
2009-06-29 06:24 <DIR> --d----- c:\program files\common files\NSV
2009-06-28 14:34 <DIR> --d----- c:\users\katie\appdata\roaming\Error Fix
2009-06-27 19:01 <DIR> --d----- c:\programdata\NCH Swift Sound
2009-06-27 19:00 <DIR> --d----- c:\programdata\NCH Software
2009-06-27 18:57 <DIR> --d----- c:\users\katie\appdata\roaming\NCH Software
2009-06-27 18:57 <DIR> --d----- c:\program files\NCH Software
2009-06-27 17:37 <DIR> --d----- c:\program files\ZPP
2009-06-25 12:56 <DIR> --d----- C:\Graboid
2009-06-24 19:31 <DIR> --d----- c:\users\katie\appdata\roaming\Pingus
2009-06-24 19:31 <DIR> --d----- c:\program files\Pingus
2009-06-23 13:09 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-23 13:09 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-23 13:09 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-23 13:09 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-23 13:09 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-23 13:09 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-06-23 10:23 636,928 a------- c:\windows\system32\localspl.dll
2009-06-23 10:23 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-23 10:02 <DIR> --d----- c:\program files\Microsoft Easy Assist
2009-06-23 10:02 <DIR> --d----- c:\programdata\Applications
2009-06-23 10:02 <DIR> --d----- c:\progra~2\Applications
2009-06-21 19:23 39,776 a------- c:\windows\system32\DfSdkBt64.exe
2009-06-21 19:23 33,632 a------- c:\windows\system32\DfSdkBt.exe
2009-06-21 19:22 <DIR> --d----- c:\programdata\page
2009-06-21 19:22 <DIR> --d----- c:\progra~2\page
2009-06-18 13:44 <DIR> --d----- c:\program files\Easy DVD Maker
2009-06-18 13:34 <DIR> --d----- c:\program files\Astonsoft
2009-06-18 13:25 <DIR> --d----- c:\program files\Alcohol Soft
2009-06-18 13:20 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-18 08:57 <DIR> --d----- c:\program files\Live_TV
2009-06-17 20:03 3,073,320 a------- c:\windows\system32\AdvrCntr2D6E0B790.dll
2009-06-17 20:03 638,976 a------- c:\windows\system32\NEROINSTAEC43759.DB
2009-06-17 20:03 996,648 a------- c:\windows\system32\ShellManager10E2D762.dll
2009-06-17 19:29 69 a------- c:\windows\NeroDigital.ini
2009-06-17 17:31 <DIR> --d----- c:\programdata\Ahead
2009-06-16 15:35 <DIR> --d----- c:\program files\VideoLAN
2009-06-15 21:13 60 a------- c:\windows\mhses.dat
2009-06-15 21:11 148,816 a------- c:\windows\system32\unzip32.dll
2009-06-15 21:11 53,248 a------- c:\windows\system32\quick32.dll
2009-06-15 14:05 <DIR> --d----- c:\program files\WinLemm
2009-06-14 21:32 <DIR> --d----- c:\program files\DOSBox-0.72
2009-06-14 07:58 <DIR> --d----- c:\program files\FrostWire
2009-06-12 19:15 <DIR> --d----- c:\programdata\IObit
2009-06-12 19:15 <DIR> --d----- c:\progra~2\IObit
2009-06-09 13:00 438,272 a------- c:\windows\system32\vp6vfw.dll
2009-06-09 13:00 118,832 a------- c:\windows\system32\SHW32.DLL
2009-06-09 13:00 327,680 a------- c:\windows\system32\vp6dec.ax
2009-06-09 10:54 <DIR> --d----- c:\users\katie\appdata\roaming\CCS64
2009-06-09 10:54 <DIR> --d----- c:\program files\Computerbrains C.C.S
2009-06-09 08:19 <DIR> --d----- c:\programdata\Hiro-Media
2009-06-09 08:19 <DIR> --d----- c:\progra~2\Hiro-Media
2009-06-07 20:47 <DIR> --d----- c:\program files\Toy Story
2009-06-07 20:45 <DIR> --d----- c:\program files\Tiny Toon Adventures - Buster's Hidden Treasure
2009-06-07 20:41 <DIR> --d----- c:\program files\Smurfs
2009-06-07 20:40 <DIR> --d----- c:\program files\Pocahontas
2009-06-07 20:36 <DIR> --d----- c:\program files\Aladdin
2009-06-07 20:33 <DIR> --d----- c:\program files\Lion King
2009-06-06 16:03 <DIR> --d----- C:\hospital
2009-06-06 02:13 <DIR> --d----- c:\program files\Bullfrog
2009-06-06 01:11 <DIR> --d----- c:\users\katie\appdata\roaming\.freeciv
2009-06-04 23:55 <DIR> --d----- c:\program files\Any Video Converter
2009-06-04 22:19 <DIR> --d----- c:\program files\CCleaner
2009-06-04 16:16 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-04 16:15 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-04 15:14 <DIR> --d----- c:\program files\Windows Live SkyDrive

==================== Find3M ====================

2009-06-23 10:11 174 a--sh--- c:\program files\desktop.ini
2009-06-19 10:02 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-19 10:02 143,360 a------- c:\windows\inf\infstor.dat
2009-06-19 10:02 86,016 a------- c:\windows\inf\infpub.dat
2009-06-18 11:34 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-06-14 07:22 4,608 a------- c:\windows\system32\w95inf32.dll
2009-06-14 07:22 2,272 a------- c:\windows\system32\w95inf16.dll
2009-06-02 00:33 274,224 a------- c:\program files\utorrent.exe
2009-05-31 23:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-30 07:37 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-05-30 07:31 881,664 a------- c:\windows\system32\xvidcore.dll
2009-05-14 00:25 152,904 a------- c:\windows\system32\vghd.scr
2009-05-02 07:02 685,056 a------- c:\windows\system32\divx.dll
2009-05-01 01:31 319,456 a------- c:\windows\DIFxAPI.dll
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-04-25 02:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-25 02:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 23:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-21 21:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-21 13:09 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-21 13:09 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-21 13:09 106,496 a------- c:\windows\system32\atl71.dll
2009-04-16 17:23 540,672 a------- c:\windows\RtlExUpd.dll
2009-04-15 23:44 81,984 a------- c:\windows\system32\bdod.bin
2009-04-14 16:32 1,784,352 a------- c:\windows\system32\WavesLib.dll
2009-04-14 16:31 1,123,872 a------- c:\windows\system32\RtkPgExt.dll
2009-04-14 16:31 55,840 a------- c:\windows\system32\RtkCoInst.dll
2009-04-14 16:31 2,529,824 a------- c:\windows\system32\RtkAPO.dll
2009-04-14 16:31 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-04-11 18:49 2,117,632 a------- c:\windows\system32\python25.dll
2009-04-11 18:49 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-04-11 18:49 114,688 a------- c:\windows\system32\pywintypes25.dll
2009-04-10 19:58 711,680 a------- c:\windows\system32\nsg72E5.dll
2009-04-10 14:07 201,311 a------- c:\windows\cxhg15657.exe
2009-04-10 10:43 192,512 a------- c:\windows\system32\txmlutil.dll
2009-04-06 17:09 750,984 a------- c:\windows\system32\Magentic Screensaver.scr
2009-04-06 04:32 50,688 a------- c:\windows\system32\wbhelp2.dll
2009-04-05 21:13 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-05 21:13 56 a---h--- c:\progra~2\ezsidmv.dat
2009-04-04 09:12 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-23 09:15 222 a------- c:\users\katie\appdata\roaming\wklnhst.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:24:44.77 ===============

f

[stevennashy]

f[/quote]and here is my hijack this file for some reason gmer dosnt work


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:32 AM, on 3/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\katie\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\katie\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au
O2 - BHO: precisead - {09ee039e-9f62-1a05-9036-c7c90bf512b1} - C:\Windows\system32\nsg72E5.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://files.authentium.com/bigpond/bin/wizard.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1245454421005
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate1c9c0993032ba89) (gupdate1c9c0993032ba89) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7102 bytes

[stevennashy]

and here is a picture of my avg rootkit results it cannot delete them for some reason access is denied open the attachment in mspaint

[Ried]

I see you also tried to run ComboFix. As noted in our pre-posting topic...

Quote:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

Your infection is a prime example. Let's see if we can get the gmer scan.

Open Notepad and copy/paste the contents in the code box below, into Notepad.

Quote:

@copy /y gmer.exe gamer.exe
@Start gamer.exe -protect

Save this as owned.bat Choose to "Save type as - All Files"

It should look like this:

Place the batch next to gmer & double click to launch it.


Remember to configure and carry out the scan as follows:

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  
  Click the image to enlarge it
  
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop

**Caution**
Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

[stevennashy]

here is the gmer txt you requested i had to zip it so i could send it i hope thats ok

[Ried]

Thanks Steven, :)

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations, but rename it to nashy.exe before saving it to the desktop:


Link 1
Link 2
Link 3


* IMPORTANT- Save ComboFix.exe to your Desktop


====================================================


Disable your AntiVirus and AntiSpyware applications as it will interfere with our tools and the removal.

Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.

• Click on Open AVG Interface.
• Double click on Resident Shield
• Deselect the option to "Enable Resident Shield."
• Save changes, and exit the application.
• To re-enable AVG 8.5, please select "Enable Resident Shield" again.

====================================================


Double click on the renamed combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

[stevennashy]

ok here is the combo fix log it also told me to write down some rootkit infections for later purposes witch are c:/windows/system32/drivers/SKYNETvivkcbvei.sys
c:/windows/system32/SKYNETwscspcsd.dll
c:/windows/system32/SKYNETiqtnvymn.dat
c:/windows/system32/SKYNETrxptytre.dll
c:/windows/system32/SKYNETcjigynvx.dat

ComboFix 09-07-02.02 - katie 04/07/2009 0:45.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.1013.257 [GMT 10:00]
Running from: c:\users\katie\Desktop\nashy.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1115c6.msi
c:\windows\Installer\11f8206.msi
c:\windows\Installer\21f1ac.msi
c:\windows\Installer\6dc2ba.msi
c:\windows\Installer\6dc2c1.msi
c:\windows\Installer\6dc2c8.msi
c:\windows\Installer\6dc2cf.msi
c:\windows\Installer\6dc2d6.msi
c:\windows\Installer\6dc2dd.msi
c:\windows\Installer\6dc2e4.msi
c:\windows\Installer\6dc2eb.msi
c:\windows\Installer\6dc2f2.msi
c:\windows\Installer\6dc2f9.msi
c:\windows\Installer\6dc300.msi
c:\windows\Installer\6dc307.msi
c:\windows\Installer\6dc30e.msi
c:\windows\Installer\825ae.msi
c:\windows\Installer\825b4.msi
c:\windows\Installer\825ba.msi
c:\windows\Installer\825c0.msi
c:\windows\Installer\825c6.msi
c:\windows\Installer\825cc.msi
c:\windows\Installer\825d2.msi
c:\windows\Installer\825d8.msi
c:\windows\Installer\825de.msi
c:\windows\Installer\825e4.msi
c:\windows\Installer\825ea.msi
c:\windows\Installer\825f0.msi
c:\windows\Installer\825f6.msi
c:\windows\Installer\86aca.msi
c:\windows\Installer\86ad0.msi
c:\windows\Installer\86ad6.msi
c:\windows\Installer\86adc.msi
c:\windows\Installer\86ae2.msi
c:\windows\Installer\86ae8.msi
c:\windows\Installer\86aee.msi
c:\windows\Installer\86af4.msi
c:\windows\Installer\86afa.msi
c:\windows\Installer\86b00.msi
c:\windows\Installer\86b06.msi
c:\windows\Installer\86b0c.msi
c:\windows\Installer\b952b.msi
c:\windows\Installer\c9f60.msi
c:\windows\Installer\c9f67.msi
c:\windows\Installer\c9f6e.msi
c:\windows\Installer\c9f75.msi
c:\windows\Installer\c9f7c.msi
c:\windows\Installer\c9f83.msi
c:\windows\Installer\c9f8a.msi
c:\windows\Installer\c9f91.msi
c:\windows\Installer\c9f98.msi
c:\windows\Installer\c9f9f.msi
c:\windows\Installer\c9fa6.msi
c:\windows\Installer\c9fad.msi
c:\windows\Installer\c9fb4.msi
c:\windows\system32\drivers\SKYNETvwkcbvei.sys
c:\windows\system32\eca812ea-9d6c-ce94-7017-55171f3209e5.exe
c:\windows\system32\SKYNETcjigynvx.dat
c:\windows\system32\SKYNETiqtnvymn.dat
c:\windows\system32\SKYNETrxptytre.dll
c:\windows\system32\SKYNETwscspcsd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETptppveur
-------\Service_SKYNETptppveur


((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-03 14:55 . 2009-07-03 15:00 -------- d-----w- c:\users\katie\AppData\Local\temp
2009-07-03 12:29 . 2009-07-03 14:17 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-03 12:25 . 2009-07-03 12:25 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-03 12:25 . 2009-07-03 12:25 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-03 12:25 . 2009-07-03 12:25 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-03 12:25 . 2009-07-03 12:25 325640 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 12:25 . 2009-07-03 12:25 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-03 12:24 . 2009-07-03 12:29 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-03 12:24 . 2009-07-03 12:24 -------- d-----w- c:\program files\AVG
2009-07-03 12:24 . 2009-07-03 14:44 -------- d-----w- c:\programdata\avg8
2009-07-03 11:19 . 2009-07-03 15:00 -------- d-----w- c:\windows\system32\wbem\repository
2009-07-03 06:30 . 2009-07-03 06:30 -------- d-----w- C:\Vuze
2009-07-02 09:54 . 2009-07-02 09:55 -------- d-----w- c:\program files\LimeWire
2009-07-02 08:49 . 2009-07-02 08:49 -------- d-----r- c:\program files\Skype
2009-07-02 08:41 . 2009-07-02 08:41 -------- d-----w- c:\program files\uTorrent
2009-07-02 05:00 . 2009-07-02 05:00 -------- d-----w- c:\users\katie\AppData\Local\WindowsUpdate
2009-07-01 23:50 . 2009-07-01 23:50 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-07-01 23:49 . 2009-07-01 23:50 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-01 23:49 . 2009-07-01 23:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-01 23:48 . 2009-07-01 23:52 -------- d-----w- c:\users\katie\AppData\Roaming\DAEMON Tools Lite
2009-07-01 11:45 . 2009-07-01 11:46 -------- d-----w- C:\delete
2009-06-30 16:58 . 2009-06-30 17:01 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-06-30 16:55 . 2009-06-30 16:56 -------- d-----w- c:\program files\Cute CD DVD Burner
2009-06-30 14:10 . 2009-06-30 14:10 -------- d-----w- c:\program files\Trend Micro
2009-06-30 02:08 . 2009-06-30 02:27 -------- d-----w- c:\users\katie\AppData\Local\ElevatedDiagnostics
2009-06-30 01:51 . 2009-06-30 01:54 -------- d-----w- c:\program files\Microsoft ATS
2009-06-29 00:42 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-29 00:42 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-06-29 00:42 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-29 00:42 . 2009-06-30 16:08 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-28 22:35 . 2009-06-30 16:08 -------- d-----w- c:\program files\MagicISO
2009-06-28 20:24 . 2009-06-28 20:24 -------- d-----w- c:\program files\Common Files\NSV
2009-06-28 04:34 . 2009-06-28 06:12 -------- d-----w- c:\users\katie\AppData\Roaming\Error Fix
2009-06-27 12:51 . 2009-06-27 12:51 -------- d-----w- c:\users\katie\AppData\Roaming\Recordpad
2009-06-27 09:01 . 2009-07-01 00:38 -------- d-----w- c:\programdata\NCH Swift Sound
2009-06-27 09:00 . 2009-06-28 13:19 -------- d-----w- c:\users\katie\AppData\Roaming\NCH Swift Sound
2009-06-27 09:00 . 2009-06-30 11:50 -------- d-----w- c:\programdata\NCH Software
2009-06-27 08:57 . 2009-07-03 12:28 -------- d-----w- c:\users\katie\AppData\Roaming\NCH Software
2009-06-27 08:57 . 2009-07-03 12:28 -------- d-----w- c:\program files\NCH Software
2009-06-25 12:26 . 2009-06-25 12:26 0 ----a-w- c:\users\katie\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-06-24 09:31 . 2009-06-24 09:31 -------- d-----w- c:\users\katie\AppData\Roaming\Pingus
2009-06-23 13:49 . 2009-06-23 13:49 -------- d-----w- c:\users\katie\AppData\Local\Graboid_Inc
2009-06-23 13:49 . 2009-06-23 13:56 -------- d-----w- c:\users\katie\AppData\Local\Graboid
2009-06-23 10:49 . 2009-06-30 03:56 95744 ----a-w- c:\programdata\SpeedBit\DAP\Updates\Condition.dll
2009-06-23 03:09 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-23 03:09 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-23 00:23 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-23 00:23 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-23 00:02 . 2009-06-23 00:02 -------- d-----w- c:\program files\Microsoft Easy Assist
2009-06-23 00:02 . 2009-06-23 00:02 -------- d-----w- c:\programdata\Applications
2009-06-22 08:08 . 2009-06-22 08:08 -------- d-----w- c:\windows\Sun
2009-06-21 09:23 . 2009-01-09 02:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-06-21 09:23 . 2009-01-09 02:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-06-21 09:22 . 2009-07-01 09:59 -------- d-----w- c:\programdata\page
2009-06-18 03:34 . 2009-06-30 16:08 -------- d-----w- c:\users\katie\AppData\Roaming\DeepBurner
2009-06-18 03:34 . 2009-06-18 03:34 -------- d-----w- c:\program files\Astonsoft
2009-06-18 03:20 . 2009-06-18 03:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-17 10:03 . 2007-07-02 05:02 3073320 ----a-w- c:\windows\system32\AdvrCntr2D6E0B790.dll
2009-06-17 10:03 . 2007-07-02 05:02 996648 ----a-w- c:\windows\system32\ShellManager10E2D762.dll
2009-06-17 07:40 . 2009-06-17 07:41 -------- d-----w- c:\users\katie\AppData\Local\Ahead
2009-06-17 07:32 . 2009-06-17 07:32 -------- d-----w- c:\users\katie\AppData\Roaming\Ahead
2009-06-16 05:14 . 2009-06-16 05:15 -------- d-----w- c:\users\katie\AppData\Roaming\Media Player Classic
2009-06-15 12:10 . 2009-06-15 12:37 -------- d-----w- c:\users\katie\AppData\Local\FullTiltPoker
2009-06-15 11:13 . 2009-06-15 22:52 60 ----a-w- c:\windows\mhses.dat
2009-06-15 11:11 . 2009-06-15 11:11 53248 ----a-w- c:\windows\system32\quick32.dll
2009-06-15 11:11 . 2009-06-15 11:11 148816 ----a-w- c:\windows\system32\unzip32.dll
2009-06-14 11:32 . 2009-07-01 07:18 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-13 21:58 . 2009-06-13 22:00 -------- d-----w- c:\program files\FrostWire
2009-06-13 21:22 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-06-13 21:22 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
2009-06-13 21:22 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-06-13 21:22 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-06-13 21:22 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
2009-06-13 21:22 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-06-13 21:22 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-06-13 21:22 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-06-13 21:22 . 2009-06-13 21:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-06-13 21:22 . 2009-06-13 21:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-06-12 09:15 . 2009-06-12 09:15 -------- d-----w- c:\programdata\IObit
2009-06-09 03:00 . 2004-08-30 04:25 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2009-06-09 03:00 . 2007-04-12 05:01 118832 ----a-w- c:\windows\system32\SHW32.DLL
2009-06-09 00:54 . 2009-06-09 00:54 -------- d-----w- c:\users\katie\AppData\Roaming\CCS64
2009-06-09 00:54 . 2009-06-09 00:54 -------- d-----w- c:\program files\Computerbrains C.C.S
2009-06-08 22:19 . 2009-06-08 22:19 -------- d-----w- c:\users\katie\AppData\Local\Hiro-Media
2009-06-08 22:19 . 2009-06-08 22:19 -------- d-----w- c:\programdata\Hiro-Media
2009-06-07 10:45 . 2009-06-07 10:45 -------- d-----w- c:\program files\Tiny Toon Adventures - Buster's Hidden Treasure
2009-06-07 10:41 . 2009-06-07 10:41 -------- d-----w- c:\program files\Smurfs
2009-06-07 10:36 . 2009-06-07 10:36 -------- d-----w- c:\program files\Aladdin
2009-06-06 06:03 . 2009-06-06 06:03 -------- d-----w- C:\hospital
2009-06-06 03:52 . 2009-06-06 03:52 -------- d-----w- c:\users\katie\AppData\Local\Electronic Arts
2009-06-05 16:13 . 2009-06-05 16:13 -------- d-----w- c:\program files\Bullfrog
2009-06-05 15:11 . 2009-06-05 15:11 -------- d-----w- c:\users\katie\AppData\Roaming\.freeciv
2009-06-04 13:55 . 2009-07-02 08:46 -------- d-----w- c:\program files\Any Video Converter
2009-06-04 12:19 . 2009-06-04 12:19 -------- d-----w- c:\program files\CCleaner
2009-06-04 06:16 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-04 06:15 . 2009-06-04 06:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-04 05:59 . 2009-05-08 02:33 251392 ----a-w- c:\programdata\SpeedBit\DAP\Temp\dapop.dll
2009-06-04 05:14 . 2009-06-04 05:14 -------- d-----w- c:\program files\Windows Live SkyDrive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 14:30 . 2009-04-09 08:07 -------- d-----w- c:\users\katie\AppData\Roaming\Azureus
2009-07-03 11:20 . 2009-04-09 04:41 -------- d-----w- c:\users\katie\AppData\Roaming\uTorrent
2009-07-03 11:19 . 2009-05-01 16:30 -------- d-----w- c:\program files\bigpond
2009-07-03 08:29 . 2009-04-19 02:42 -------- d-----w- c:\programdata\Google Updater
2009-07-03 07:01 . 2009-04-17 06:43 -------- d-----w- c:\programdata\SecTaskMan
2009-07-03 06:56 . 2009-04-05 17:38 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-03 06:19 . 2009-04-05 18:32 -------- d-----w- c:\program files\DAP
2009-07-03 06:09 . 2009-04-20 18:22 -------- d-----w- c:\programdata\C1FF
2009-07-03 06:08 . 2009-04-09 08:07 -------- d-----w- c:\programdata\Azureus
2009-07-03 05:59 . 2009-04-16 15:03 -------- d-----w- c:\program files\Uniblue
2009-07-03 05:55 . 2009-04-06 12:09 -------- d-----w- c:\program files\IObit
2009-07-02 10:13 . 2009-03-21 10:55 -------- d-----w- c:\users\katie\AppData\Roaming\LimeWire
2009-07-02 08:49 . 2009-04-05 11:08 -------- d-----w- c:\programdata\Skype
2009-07-02 08:46 . 2009-04-11 12:50 -------- d-----w- c:\users\katie\AppData\Roaming\Any Video Converter
2009-07-02 05:34 . 2001-01-10 12:57 -------- d-----w- c:\programdata\Microsoft Help
2009-07-02 05:32 . 2001-01-10 12:58 -------- d-----w- c:\program files\Microsoft Works
2009-07-02 04:54 . 2009-05-15 23:32 -------- d-----w- c:\users\katie\AppData\Roaming\Systweak
2009-07-01 12:23 . 2009-05-09 09:49 -------- d-----w- c:\users\katie\AppData\Roaming\FrostWire
2009-07-01 09:59 . 2009-05-06 08:17 -------- d-----w- c:\program files\Ashampoo
2009-07-01 04:58 . 2009-05-26 17:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-01 04:12 . 2009-03-31 04:35 1356 ----a-w- c:\users\katie\AppData\Local\d3d9caps.dat
2009-06-30 16:08 . 2009-05-15 07:47 -------- d-----w- c:\program files\Vuze
2009-06-28 20:40 . 2009-04-05 11:09 -------- d-----w- c:\users\katie\AppData\Roaming\Skype
2009-06-28 13:18 . 2009-05-11 13:31 -------- d-----w- c:\program files\Common Files\Real
2009-06-27 14:26 . 2009-03-19 20:26 72504 ----a-w- c:\users\katie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-23 13:51 . 2009-04-02 03:48 -------- d-----w- c:\users\katie\AppData\Roaming\MozillaControl
2009-06-21 06:05 . 2009-05-01 08:58 -------- d-----w- c:\users\katie\AppData\Roaming\Yahoo!
2009-06-18 12:59 . 2001-01-10 11:58 -------- d-----w- c:\program files\Intel
2009-06-18 12:55 . 2001-01-10 12:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 03:44 . 2009-04-08 15:45 -------- d-----w- c:\users\katie\AppData\Roaming\GetRightToGo
2009-06-18 01:34 . 2009-04-06 02:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-09 08:55 . 2009-06-01 00:41 -------- d-----w- c:\users\katie\AppData\Roaming\Shareaza
2009-06-08 18:23 . 2009-04-09 08:11 175 ----a-w- c:\users\katie\AppData\Roaming\Azureus\restart.bat
2009-06-08 15:25 . 2009-05-15 23:39 16437296 ----a-w- c:\users\katie\AppData\Roaming\Systweak\avo\PS2.exe
2009-06-08 15:23 . 2009-05-15 23:38 4862232 ----a-w- c:\users\katie\AppData\Roaming\Systweak\avo\AEB.exe
2009-06-08 15:23 . 2009-05-15 23:37 4786288 ----a-w- c:\users\katie\AppData\Roaming\Systweak\avo\PT.exe
2009-06-08 13:58 . 2009-04-03 10:17 -------- d-----w- c:\users\katie\AppData\Roaming\DMCache
2009-06-04 06:17 . 2009-04-03 11:30 -------- d-----w- c:\program files\Windows Live
2009-06-04 05:01 . 2009-04-05 13:52 -------- d-----w- c:\program files\Yahoo!
2009-06-01 14:33 . 2009-06-01 14:32 274224 ----a-w- c:\program files\utorrent.exe
2009-06-01 08:34 . 2009-03-22 23:04 -------- d-----w- c:\users\katie\AppData\Roaming\Ashampoo
2009-06-01 08:06 . 2009-06-01 08:06 -------- d-----w- c:\programdata\DVD Shrink
2009-05-31 13:35 . 2009-04-01 04:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-31 13:05 . 2009-05-31 13:05 -------- d-----w- c:\program files\filehippo.com
2009-05-30 15:41 . 2009-05-30 12:20 -------- d-----w- c:\program files\Winamp
2009-05-30 14:06 . 2009-05-30 12:20 -------- d-----w- c:\users\katie\AppData\Roaming\Winamp
2009-05-30 12:20 . 2009-05-11 13:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-29 21:37 . 2009-04-08 16:33 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-04-08 16:33 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-28 18:12 . 2009-04-19 02:42 -------- d-----w- c:\program files\Google
2009-05-22 17:43 . 2009-04-02 08:24 -------- d-----w- c:\users\katie\AppData\Roaming\HP
2009-05-22 16:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-05-22 15:32 . 2001-01-10 12:50 -------- d-----w- c:\program files\Acer Arcade Deluxe
2009-05-22 15:17 . 2009-05-20 12:45 -------- d-----w- c:\users\katie\AppData\Roaming\Paltalk
2009-05-22 09:25 . 2009-05-22 09:25 432 ----a-w- c:\windows\EReg072.dat
2009-05-22 08:47 . 2009-05-22 08:41 -------- d-----w- c:\users\katie\AppData\Roaming\ImgBurn
2009-05-22 07:16 . 2009-05-22 07:16 -------- d-----w- c:\program files\ImgBurn
2009-05-22 01:49 . 2009-05-22 01:49 -------- d-----w- c:\programdata\pixelStorm
2009-05-18 22:28 . 2009-05-18 22:28 -------- d-----w- c:\programdata\WorldWinner.com
2009-05-17 23:32 . 2009-05-17 08:38 -------- d-----w- c:\programdata\Rising
2009-05-17 12:19 . 2009-05-17 12:19 -------- d-----w- c:\programdata\PopCap
2009-05-17 06:42 . 2009-04-20 18:20 -------- d-----w- c:\program files\iMesh Applications
2009-05-17 03:55 . 2009-05-17 03:55 10684866 ----a-w- c:\users\katie\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-05-16 00:15 . 2009-05-15 23:40 30996544 ----a-w- c:\users\katie\AppData\Roaming\Systweak\avo\ASP.exe
2009-05-15 19:02 . 2009-04-06 12:09 -------- d-----w- c:\users\katie\AppData\Roaming\IObit
2009-05-15 07:47 . 2009-05-15 07:47 -------- d-----w- c:\program files\Common Files\i4j_jres
2009-05-14 07:23 . 2009-05-14 07:17 -------- d-----w- c:\users\katie\AppData\Roaming\VoipStunt
2009-05-14 02:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-14 01:25 . 2009-05-13 14:25 -------- d-----w- c:\users\katie\AppData\Roaming\vghd
2009-05-14 01:24 . 2009-05-13 14:27 5 ----a-w- c:\windows\sbacknt.bin
2009-05-13 18:02 . 2009-05-13 18:02 -------- d-----w- c:\program files\Conduit
2009-05-13 14:25 . 2009-05-13 14:25 152904 ----a-w- c:\windows\system32\vghd.scr
2009-05-13 11:57 . 2009-05-13 11:26 -------- d-----w- c:\programdata\Norton
2009-05-13 11:31 . 2001-01-10 13:08 -------- d-----w- c:\programdata\Symantec
2009-05-13 11:25 . 2009-05-13 11:25 -------- d-----w- c:\programdata\NortonInstaller
2009-05-12 07:02 . 2009-05-08 04:30 -------- d-----w- c:\users\katie\AppData\Roaming\SpeedBit
2009-05-11 14:58 . 2009-05-11 13:38 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-11 14:35 . 2009-05-11 13:38 -------- d-----w- c:\programdata\PC Tools
2009-05-11 13:38 . 2009-05-11 13:38 -------- d-----w- c:\users\katie\AppData\Roaming\PC Tools
2009-05-10 04:34 . 2009-04-05 18:33 -------- d-----w- c:\programdata\SpeedBit
2009-05-09 04:17 . 2009-03-31 04:04 -------- d-----w- c:\program files\MSXML 4.0
2009-05-08 07:51 . 2009-05-08 07:51 -------- d-----w- c:\users\katie\AppData\Roaming\IDM
2009-05-08 07:34 . 2001-01-10 12:30 -------- d-----w- c:\program files\Common Files\LightScribe
2009-05-08 02:38 . 2009-05-08 02:38 2169880 ----a-w- c:\programdata\SpeedBit\DAP\Offers\spo3.exe
2009-05-04 15:33 . 2009-05-04 15:33 -------- d-----w- c:\program files\ReflexiveArcade
2009-05-04 13:28 . 2009-05-04 13:28 23 --sha-w- c:\windows\system32\edacded0_x.dat
2009-05-01 21:02 . 2009-04-08 16:33 685056 ----a-w- c:\windows\system32\divx.dll
2009-04-30 15:31 . 2001-01-10 12:07 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-27 10:50 . 2009-04-23 10:22 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-26 14:42 . 2009-04-10 10:04 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-24 16:05 . 2009-06-23 00:24 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-23 00:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-23 00:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-21 11:55 . 2009-06-23 00:24 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-21 03:09 . 2003-03-18 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-21 03:09 . 2003-03-18 08:05 106496 ----a-w- c:\windows\system32\atl71.dll
2009-04-21 03:09 . 2003-02-20 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-16 15:49 . 2009-04-16 15:49 2824728 ----a-w- c:\users\katie\AppData\Roaming\Uniblue\DriverScanner\Download\pci_ven_8086_dev_28158_6_1_1002.exe
2009-04-16 07:23 . 2009-04-30 15:31 540672 ----a-w- c:\windows\RtlExUpd.dll
2009-04-15 13:44 . 2009-04-10 03:22 81984 ----a-w- c:\windows\system32\bdod.bin
.

((((((((((((((((((((((((((((( SnapShot@2009-07-01_13.53.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-07-03 15:01 96528 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-23 04:09 . 2009-07-03 15:01 23010 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-258263905-4180165134-3641565259-1000_UserData.bin
+ 2003-09-04 04:14 . 2003-09-04 04:14 94208 c:\windows\System32\Macromed\Flash\GetFlash.exe
+ 2009-03-23 04:00 . 2009-07-03 12:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-23 04:00 . 2009-07-01 13:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-23 04:00 . 2009-07-03 12:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-23 04:00 . 2009-07-01 13:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-03 17:22 . 2009-07-02 08:44 78562 c:\windows\System32\Adobe\Shockwave 11\uninstaller.exe
- 2009-04-28 10:23 . 2009-04-28 10:23 94208 c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-06-04 12:15 . 2009-06-04 12:15 94208 c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 79488 c:\windows\System32\Adobe\Shockwave 11\gtapi.dll
- 2009-03-23 04:37 . 2009-07-01 10:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-23 04:37 . 2009-07-02 03:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-23 04:37 . 2009-07-01 10:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-23 04:37 . 2009-07-02 03:28 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-23 04:37 . 2009-07-01 10:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-23 04:37 . 2009-07-02 03:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-04 06:14 . 2009-06-04 06:14 28160 c:\windows\Installer\a39af.msi
+ 2009-06-04 06:13 . 2009-06-04 06:13 59904 c:\windows\Installer\a39a1.msi
+ 2009-04-01 12:05 . 2009-04-01 12:05 51712 c:\windows\Installer\9b26ab.msi
+ 2009-04-01 11:02 . 2009-04-01 11:02 30720 c:\windows\Installer\514fdc.msi
+ 2009-05-03 17:18 . 2009-05-03 17:18 26624 c:\windows\Installer\4c3d83.msi
+ 2009-04-03 11:30 . 2009-04-03 11:30 25088 c:\windows\Installer\3949dd.msi
+ 2009-04-02 13:24 . 2009-04-02 13:24 62464 c:\windows\Installer\342ec3.msi
+ 2009-06-12 12:12 . 2009-06-12 12:12 21504 c:\windows\Installer\3000717.msp
+ 2009-06-12 12:12 . 2009-06-12 12:12 26624 c:\windows\Installer\3000710.msp
+ 2009-06-12 12:12 . 2009-06-12 12:12 39424 c:\windows\Installer\3000708.msi
+ 2009-06-30 09:59 . 2009-06-30 09:59 22528 c:\windows\Installer\124380e.msi
- 2009-04-01 10:52 . 2009-05-14 02:05 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-01 10:52 . 2009-07-02 05:34 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-01 10:52 . 2009-05-14 02:05 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-01 10:52 . 2009-07-02 05:34 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-04-01 10:52 . 2009-05-14 02:05 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-01 10:52 . 2009-07-02 05:34 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2001-01-10 12:58 . 2009-07-02 05:32 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
- 2001-01-10 12:58 . 2009-04-01 11:00 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
- 2001-01-10 12:58 . 2009-04-01 11:00 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2001-01-10 12:58 . 2009-07-02 05:32 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
- 2001-01-10 12:58 . 2009-04-01 11:00 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2001-01-10 12:58 . 2009-07-02 05:32 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
- 2001-01-10 12:58 . 2009-04-01 11:00 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2001-01-10 12:58 . 2009-07-02 05:32 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2009-04-02 04:23 . 2009-04-02 04:23 10104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XLCALL32.DLL
+ 2009-04-03 08:01 . 2009-04-03 08:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-03 07:57 . 2009-04-03 07:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WRD12EXE.EXE
- 2009-04-28 10:26 . 2009-04-28 10:26 9216 c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-06-04 12:17 . 2009-06-04 12:17 9216 c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2001-01-10 12:58 . 2009-07-02 05:32 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
- 2001-01-10 12:58 . 2009-04-01 11:00 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2001-01-10 12:58 . 2009-07-02 05:32 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2001-01-10 12:58 . 2009-04-01 11:00 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
+ 2001-01-10 12:03 . 2009-07-03 14:45 119338 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:33 . 2009-07-01 13:37 669994 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-03 14:51 669994 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-01 13:37 131020 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-03 14:51 131020 c:\windows\System32\perfc009.dat
- 2009-03-23 04:00 . 2009-07-01 13:50 196608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-23 04:00 . 2009-07-03 12:28 196608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-04 11:45 . 2009-06-04 11:45 132472 c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-06-04 12:15 . 2009-06-04 12:15 114688 c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
- 2009-04-28 10:24 . 2009-04-28 10:24 114688 c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
+ 2009-06-05 11:38 . 2009-06-05 11:38 468408 c:\windows\System32\Adobe\Shockwave 11\SwHelper_1150600.exe
+ 2009-06-04 12:17 . 2009-06-04 12:17 446464 c:\windows\System32\Adobe\Shockwave 11\Proj.dll
- 2009-04-28 10:26 . 2009-04-28 10:26 446464 c:\windows\System32\Adobe\Shockwave 11\Proj.dll
- 2009-04-28 10:24 . 2009-04-28 10:24 372736 c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2009-06-04 12:16 . 2009-06-04 12:16 372736 c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2009-06-05 11:34 . 2009-06-05 11:34 714752 c:\windows\System32\Adobe\Shockwave 11\gi.dll
+ 2009-06-04 12:15 . 2009-06-04 12:15 614400 c:\windows\System32\Adobe\Shockwave 11\Control.dll
- 2009-04-28 10:26 . 2009-04-28 10:26 614400 c:\windows\System32\Adobe\Shockwave 11\Control.dll
+ 2009-06-05 11:38 . 2009-06-05 11:38 202168 c:\windows\System32\Adobe\Director\SwDir.dll
- 2009-04-29 10:29 . 2009-04-29 10:29 202168 c:\windows\System32\Adobe\Director\SwDir.dll
- 2009-04-28 10:25 . 2009-04-28 10:25 131072 c:\windows\System32\Adobe\Director\np32dsw.dll
+ 2009-06-04 12:17 . 2009-06-04 12:17 131072 c:\windows\System32\Adobe\Director\np32dsw.dll
+ 2009-03-31 16:50 . 2009-03-31 16:50 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-03-25 20:39 . 1998-10-29 06:45 306688 c:\windows\IsUninst.exe
+ 2009-05-22 03:53 . 2007-07-25 07:53 785920 c:\windows\Installer\iProData\v_mWMI.msi
+ 2001-01-10 12:30 . 2001-01-10 12:30 997376 c:\windows\Installer\b9531.msi
+ 2009-07-01 04:58 . 2009-07-01 04:58 211968 c:\windows\Installer\b04ab.msp
+ 2009-07-01 04:57 . 2009-07-01 04:57 426496 c:\windows\Installer\b049e.msp
+ 2009-06-04 06:18 . 2009-06-04 06:18 212992 c:\windows\Installer\a39cd.msi
+ 2009-06-04 06:17 . 2009-06-04 06:17 781824 c:\windows\Installer\a39c5.msi
+ 2009-06-04 06:15 . 2009-06-04 06:15 891904 c:\windows\Installer\a39be.msi
+ 2009-06-04 06:14 . 2009-06-04 06:14 431104 c:\windows\Installer\a39b7.msi
+ 2009-06-04 06:14 . 2009-06-04 06:14 152576 c:\windows\Installer\a39a8.msi
+ 2009-06-04 06:13 . 2009-06-04 06:13 107008 c:\windows\Installer\a399a.msi
+ 2001-01-10 12:58 . 2001-01-10 12:58 501248 c:\windows\Installer\951a7.msi
+ 2001-01-10 12:57 . 2001-01-10 12:57 506880 c:\windows\Installer\951a1.msi
+ 2001-01-10 12:57 . 2001-01-10 12:57 513024 c:\windows\Installer\95192.msi
+ 2001-01-10 12:57 . 2001-01-10 12:57 501248 c:\windows\Installer\9517a.msi
+ 2009-03-31 04:04 . 2009-03-31 04:04 432640 c:\windows\Installer\8da4ee.msi
+ 2009-03-31 16:51 . 2009-03-31 16:51 648192 c:\windows\Installer\89989f.msi
+ 2007-10-14 12:46 . 2007-10-14 12:46 324608 c:\windows\Installer\870522.msp
+ 2009-06-30 17:01 . 2009-06-30 17:01 408064 c:\windows\Installer\777a56.msi
+ 2009-06-23 00:02 . 2009-06-23 00:02 158720 c:\windows\Installer\75c7f6.msi
+ 2009-06-17 07:41 . 2009-06-17 07:41 100352 c:\windows\Installer\6b8a38d.msi
+ 2009-06-04 05:14 . 2009-06-04 05:14 140288 c:\windows\Installer\6b7910.msi
+ 2009-06-04 05:14 . 2009-06-04 05:14 202752 c:\windows\Installer\6b7909.msi
+ 2008-12-12 22:58 . 2008-12-12 22:58 754688 c:\windows\Installer\514eee.msp
+ 2009-06-15 06:36 . 2009-06-15 06:36 170496 c:\windows\Installer\3c3ffc5.msp
+ 2009-06-15 06:36 . 2009-06-15 06:36 162304 c:\windows\Installer\3c3ffbd.msp
+ 2009-06-15 06:36 . 2009-06-15 06:36 189440 c:\windows\Installer\3c3ffb5.msp
+ 2009-06-15 06:36 . 2009-06-15 06:36 217088 c:\windows\Installer\3c3ffad.msp
+ 2009-04-21 10:02 . 2009-04-21 10:02 228352 c:\windows\Installer\3b45cf6.msi
+ 2009-04-11 08:16 . 2009-04-11 08:16 236032 c:\windows\Installer\3aa1829.msi
+ 2009-04-03 11:39 . 2009-04-03 11:39 483328 c:\windows\Installer\394a60.msi
+ 2009-04-03 11:37 . 2009-04-03 11:37 464896 c:\windows\Installer\394a4d.msi
+ 2009-04-03 11:29 . 2009-04-03 11:29 301056 c:\windows\Installer\3949b2.msi
+ 2009-07-02 05:35 . 2009-07-02 05:35 177664 c:\windows\Installer\3467e34.msi
+ 2009-05-26 08:53 . 2009-05-26 08:53 579072 c:\windows\Installer\3467dcd.msp
+ 2009-03-20 01:48 . 2009-03-20 01:48 183808 c:\windows\Installer\32748bd.msp
+ 2009-05-22 03:55 . 2009-05-22 03:55 473600 c:\windows\Installer\317186.msi
+ 2009-05-22 03:55 . 2009-05-22 03:55 672768 c:\windows\Installer\317180.msi
+ 2009-05-22 03:54 . 2009-05-22 03:54 577536 c:\windows\Installer\317174.msi
+ 2009-05-22 03:53 . 2009-05-22 03:53 538624 c:\windows\Installer\31716d.msi
+ 2009-06-12 12:12 . 2009-06-12 12:12 374784 c:\windows\Installer\3000720.msp
+ 2009-06-09 00:54 . 2009-06-09 00:54 188928 c:\windows\Installer\25128d3.msi
+ 2009-06-14 05:49 . 2009-06-14 05:49 265728 c:\windows\Installer\20261a0.msi
+ 2009-05-15 11:29 . 2009-05-15 11:29 331264 c:\windows\Installer\1bb1594.msi
+ 2009-06-21 08:36 . 2009-06-21 08:36 106496 c:\windows\Installer\15286c4.msp
+ 2009-04-02 08:23 . 2009-04-02 08:23 252416 c:\windows\Installer\1293a3.msi
+ 2009-04-02 08:22 . 2009-04-02 08:22 239616 c:\windows\Installer\12939c.msi
+ 2009-04-02 08:22 . 2009-04-02 08:22 325120 c:\windows\Installer\129396.msi
+ 2009-04-02 08:22 . 2009-04-02 08:22 551936 c:\windows\Installer\12938f.msi
+ 2009-04-02 08:20 . 2009-04-02 08:20 312320 c:\windows\Installer\129386.msi
+ 2009-04-02 08:20 . 2009-04-02 08:20 491008 c:\windows\Installer\129380.msi
+ 2009-04-02 08:20 . 2009-04-02 08:20 898560 c:\windows\Installer\12937a.msi
+ 2009-04-02 08:19 . 2009-04-02 08:19 472576 c:\windows\Installer\12935b.msi
+ 2009-04-02 08:19 . 2009-04-02 08:19 343040 c:\windows\Installer\129354.msi
+ 2009-04-02 08:18 . 2009-04-02 08:18 121344 c:\windows\Installer\12934a.msi
+ 2009-04-02 08:18 . 2009-04-02 08:18 586240 c:\windows\Installer\129344.msi
+ 2009-04-02 08:18 . 2009-04-02 08:18 121344 c:\windows\Installer\12933a.msi
+ 2009-04-02 08:18 . 2009-04-02 08:18 426496 c:\windows\Installer\129334.msi
+ 2009-04-02 08:18 . 2009-04-02 08:18 452608 c:\windows\Installer\12932e.msi
+ 2009-04-02 08:18 . 2009-04-02 08:18 600576 c:\windows\Installer\129323.msi
+ 2009-04-02 08:18 . 2009-04-02 08:18 532480 c:\windows\Installer\129314.msi
+ 2009-04-02 08:18 . 2009-04-02 08:18 646656 c:\windows\Installer\12930d.msi
+ 2009-04-02 08:17 . 2009-04-02 08:17 121344 c:\windows\Installer\1292f3.msi
+ 2009-04-02 08:17 . 2009-04-02 08:17 628736 c:\windows\Installer\1292ed.msi
+ 2009-04-02 08:17 . 2009-04-02 08:17 526336 c:\windows\Installer\1292d3.msi
+ 2009-04-02 08:17 . 2009-04-02 08:17 121344 c:\windows\Installer\1292cd.msi
+ 2009-04-02 08:16 . 2009-04-02 08:16 514560 c:\windows\Installer\1292c7.msi
+ 2009-04-02 08:16 . 2009-04-02 08:16 305664 c:\windows\Installer\1292c1.msi
+ 2009-04-02 08:16 . 2009-04-02 08:16 425472 c:\windows\Installer\1292bb.msi
+ 2009-04-02 08:16 . 2009-04-02 08:16 811520 c:\windows\Installer\1292ad.msi
+ 2009-04-02 08:16 . 2009-04-02 08:16 326144 c:\windows\Installer\129283.msi
+ 2009-04-02 08:16 . 2009-04-02 08:16 500736 c:\windows\Installer\12927d.msi
+ 2009-04-02 08:16 . 2009-04-02 08:16 391168 c:\windows\Installer\129276.msi
+ 2009-04-02 08:15 . 2009-04-02 08:15 592384 c:\windows\Installer\129270.msi
+ 2009-07-02 08:49 . 2009-07-02 08:49 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2009-04-01 10:52 . 2009-05-14 02:05 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-01 10:52 . 2009-07-02 05:34 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-01 10:52 . 2009-07-02 05:34 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-01 10:52 . 2009-05-14 02:05 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-01 10:52 . 2009-07-02 05:34 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-01 10:52 . 2009-05-14 02:05 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-01 10:52 . 2009-05-14 02:05 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-01 10:52 . 2009-07-02 05:34 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2001-01-10 12:58 . 2009-04-01 11:00 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2001-01-10 12:58 . 2009-07-02 05:32 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2005-08-22 19:16 . 2005-08-22 19:16 929792 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20987_wkwpqd.dll
+ 2005-08-22 19:18 . 2005-08-22 19:18 147456 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20985_wkwpqrtf.dll
+ 2009-04-03 08:11 . 2009-04-03 08:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-07-03 03:14 . 2009-07-03 03:14 708152 c:\windows\Downloaded Program Files\wizard.exe
+ 2001-01-10 12:30 . 2007-01-17 03:24 2830336 c:\windows\System32\LS_HSI.msi
+ 2009-06-04 11:51 . 2009-06-04 11:51 1011712 c:\windows\System32\Adobe\Shockwave 11\iml32.dll
- 2009-04-28 10:00 . 2009-04-28 10:00 1011712 c:\windows\System32\Adobe\Shockwave 11\iml32.dll
+ 2009-06-04 11:45 . 2009-06-04 11:45 1886320 c:\windows\System32\Adobe\Shockwave 11\gt.exe
- 2009-04-28 10:04 . 2009-04-28 10:04 1798144 c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
+ 2009-06-04 11:55 . 2009-06-04 11:55 1798144 c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
+ 2007-05-25 02:37 . 2007-05-25 02:37 9433600 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp
+ 2009-05-22 03:53 . 2007-07-25 07:50 1400320 c:\windows\Installer\iProData\v_mTools.msi
+ 2009-05-22 03:53 . 2007-07-25 07:50 2145792 c:\windows\Installer\iProData\v_mMH.msi
+ 2009-05-22 03:53 . 2007-07-17 01:30 4167156 c:\windows\Installer\iProData\v_mHelp.msi
+ 2009-05-22 03:53 . 2007-08-09 06:28 2461184 c:\windows\Installer\iProData\v_mDrivr.msi
+ 2009-05-22 03:53 . 2007-07-25 07:48 4899840 c:\windows\Installer\iProData\v_mCore.msi
+ 2009-05-22 03:53 . 2007-07-25 07:52 1157120 c:\windows\Installer\iProData\mPfWiz.msi
+ 2009-05-22 03:53 . 2007-07-25 07:51 2033152 c:\windows\Installer\iProData\mPfMgr.msi
+ 2009-05-02 16:56 . 2009-05-02 16:56 1201664 c:\windows\Installer\fb1dc0.msp
+ 2009-06-27 04:10 . 2009-06-27 04:10 1719296 c:\windows\Installer\f41b82.msp
+ 2009-04-07 05:34 . 2009-04-07 05:34 6669824 c:\windows\Installer\c080b8.msi
+ 2009-06-10 09:21 . 2009-06-10 09:21 1691648 c:\windows\Installer\a122b.msp
+ 2009-01-14 16:35 . 2009-01-14 16:35 4830720 c:\windows\Installer\9b26b3.msp
+ 2001-01-10 13:01 . 2001-01-10 13:01 1046016 c:\windows\Installer\951e4.msi
+ 2001-01-10 13:00 . 2001-01-10 13:00 4537344 c:\windows\Installer\951de.msi
+ 2001-01-10 12:58 . 2007-03-21 21:46 2047488 c:\windows\Installer\951d8.msp
+ 2001-01-10 12:58 . 2007-03-21 21:46 8198656 c:\windows\Installer\951c6.msp
+ 2001-01-10 12:59 . 2001-01-10 12:59 9613312 c:\windows\Installer\951b4.msi
+ 2001-01-10 12:58 . 2001-01-10 12:58 1652736 c:\windows\Installer\951ad.msi
+ 2001-01-10 12:57 . 2001-01-10 12:57 1640960 c:\windows\Installer\9518c.msi
+ 2001-01-10 12:57 . 2001-01-10 12:57 1640960 c:\windows\Installer\95186.msi
+ 2001-01-10 12:57 . 2001-01-10 12:57 1713152 c:\windows\Installer\95180.msi
+ 2001-01-10 12:57 . 2001-01-10 12:57 2397184 c:\windows\Installer\95174.msi
+ 2009-05-31 04:52 . 2009-05-31 04:52 1708032 c:\windows\Installer\88853.msp
+ 2008-04-11 07:48 . 2008-04-11 07:48 6774272 c:\windows\Installer\87053e.msp
+ 2007-10-14 12:43 . 2007-10-14 12:43 5749760 c:\windows\Installer\870500.msp
+ 2009-07-02 08:49 . 2009-07-02 08:49 1565696 c:\windows\Installer\807e98.msi
+ 2009-05-07 00:34 . 2009-05-07 00:34 1656320 c:\windows\Installer\7b1361.msp
+ 2009-06-26 03:19 . 2009-06-26 03:19 1568256 c:\windows\Installer\794e1.msp
+ 2009-06-28 06:11 . 2009-06-28 06:11 1922048 c:\windows\Installer\78bd3f.msp
+ 2009-06-12 21:51 . 2009-06-12 21:51 1747968 c:\windows\Installer\756f7.msp
+ 2009-04-04 07:10 . 2009-04-04 07:10 7888384 c:\windows\Installer\747f1.msp
+ 2009-04-04 07:10 . 2009-04-04 07:10 9926144 c:\windows\Installer\747e7.msp
+ 2009-05-20 01:06 . 2009-05-20 01:06 1719808 c:\windows\Installer\6ca11.msp
+ 2009-07-03 03:28 . 2009-07-03 03:28 8641024 c:\windows\Installer\6a619.msp
+ 2009-06-24 22:38 . 2009-06-24 22:38 1749504 c:\windows\Installer\68ad3.msp
+ 2009-05-21 05:50 . 2009-05-21 05:50 1657344 c:\windows\Installer\62dc3.msp
+ 2009-05-09 00:20 . 2009-05-09 00:20 1701376 c:\windows\Installer\612e12.msp
+ 2009-06-16 00:31 . 2009-06-16 00:31 1673216 c:\windows\Installer\5e1cc7.msp
+ 2009-05-01 16:39 . 2009-05-01 16:39 8564736 c:\windows\Installer\59f25.msp
+ 2009-05-04 21:48 . 2009-05-04 21:48 1077248 c:\windows\Installer\51f8f.msp
+ 2008-02-14 21:54 . 2008-02-14 21:54 9736192 c:\windows\Installer\51506f.msp
+ 2007-03-30 11:20 . 2007-03-30 11:20 5800960 c:\windows\Installer\51502e.msp
+ 2008-10-09 19:52 . 2008-10-09 19:52 5195264 c:\windows\Installer\51501b.msp
+ 2008-10-09 19:39 . 2008-10-09 19:39 1926144 c:\windows\Installer\514fe3.msp
+ 2008-11-26 00:01 . 2008-11-26 00:01 3667456 c:\windows\Installer\514f94.msp
+ 2008-05-20 13:45 . 2008-05-20 13:45 5246976 c:\windows\Installer\514f06.msp
+ 2008-08-18 01:37 . 2008-08-18 01:37 3561984 c:\windows\Installer\514ee2.msp
+ 2007-06-01 04:54 . 2007-06-01 04:54 9626624 c:\windows\Installer\514ecb.msp
+ 2008-10-19 23:18 . 2008-10-19 23:18 6474240 c:\windows\Installer\514eb8.msp
+ 2008-11-12 15:55 . 2008-11-12 15:55 1306624 c:\windows\Installer\514ea4.msp
+ 2009-05-13 10:41 . 2009-05-13 10:41 1133056 c:\windows\Installer\4bef9.msp
+ 2009-05-12 08:28 . 2009-05-12 08:28 8584192 c:\windows\Installer\4b544.msp
+ 2009-05-14 22:34 . 2009-05-14 22:34 1614848 c:\windows\Installer\4ac63.msp
+ 2001-01-10 12:40 . 2001-01-10 12:40 2857984 c:\windows\Installer\42849.msi
+ 2009-06-03 11:52 . 2009-06-03 11:52 1227264 c:\windows\Installer\34869cd.msp
+ 2009-05-03 21:46 . 2009-05-03 21:46 8299008 c:\windows\Installer\3467e1f.msp
+ 2009-05-03 21:47 . 2009-05-03 21:47 9124864 c:\windows\Installer\3467e0b.msp
+ 2009-04-24 02:30 . 2009-04-24 02:30 2583552 c:\windows\Installer\3467df7.msp
+ 2009-04-22 05:14 . 2009-04-22 05:14 4869632 c:\windows\Installer\3467de3.msp
+ 2009-04-24 02:29 . 2009-04-24 02:29 9013760 c:\windows\Installer\3467dbb.msp
+ 2009-05-22 03:54 . 2009-05-22 03:54 1420288 c:\windows\Installer\31717a.msi
+ 2009-04-24 02:28 . 2009-04-24 02:28 4450816 c:\windows\Installer\2ad24c.msp
+ 2009-04-09 17:38 . 2009-04-09 17:38 3449344 c:\windows\Installer\21f19e.msi
+ 2009-05-29 07:25 . 2009-05-29 07:25 8589312 c:\windows\Installer\20799d.msp
+ 2009-06-18 02:10 . 2009-06-18 02:10 1155584 c:\windows\Installer\1f5e57.msp
+ 2009-05-05 23:57 . 2009-05-05 23:57 1490944 c:\windows\Installer\1f4b208.msp
+ 2009-05-25 08:56 . 2009-05-25 08:56 1696256 c:\windows\Installer\1e4bde.msp
+ 2009-05-08 00:59 . 2009-05-08 00:59 1694720 c:\windows\Installer\1e3a54a.msp
+ 2009-04-13 18:49 . 2009-04-13 18:49 1922560 c:\windows\Installer\1c67137.msp
+ 2009-04-13 18:51 . 2009-04-13 18:51 1303040 c:\windows\Installer\1c6711e.msp
+ 2009-02-25 09:08 . 2009-02-25 09:08 8311808 c:\windows\Installer\1c6710f.msp
+ 2009-04-13 18:50 . 2009-04-13 18:50 5191680 c:\windows\Installer\1c670fa.msp
+ 2009-06-20 07:59 . 2009-06-20 07:59 1490432 c:\windows\Installer\183dc44.msp
+ 2009-05-31 13:35 . 2009-05-31 13:35 1563648 c:\windows\Installer\1592a9b.msi
+ 2009-06-06 00:10 . 2009-06-06 00:10 1734656 c:\windows\Installer\1402035.msp
+ 2009-06-23 03:42 . 2009-06-23 03:42 1721344 c:\windows\Installer\12ab10.msp
+ 2009-06-09 05:41 . 2009-06-09 05:41 1683456 c:\windows\Installer\118c3a.msp
+ 2009-05-27 13:56 . 2009-05-27 13:56 1721856 c:\windows\Installer\108128c.msp
+ 2009-05-20 07:46 . 2009-05-20 07:46 2150400 c:\windows\Installer\102b195.msp
+ 2009-06-30 09:23 . 2009-06-30 09:23 9287168 c:\windows\Installer\1028937.msp
+ 2009-04-01 10:52 . 2009-07-02 05:34 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-04-01 10:52 . 2009-05-14 02:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 07:57 . 2009-04-03 07:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2001-01-10 12:55 . 2004-12-14 13:47 2728960 c:\windows\adobe\Adobe Reader 7.0.msi
+ 2009-04-01 09:49 . 2007-01-19 02:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2009-04-10 14:49 . 2009-04-10 14:49 19210240 c:\windows\Installer\fe57d1.msp
+ 2009-06-30 09:05 . 2009-06-30 09:05 22120960 c:\windows\Installer\f22b01.msp
+ 2007-10-14 12:43 . 2007-10-14 12:43 12743168 c:\windows\Installer\870513.msp
+ 2007-10-14 12:43 . 2007-10-14 12:43 21981184 c:\windows\Installer\8704e0.msp
+ 2009-04-04 01:36 . 2009-04-04 01:36 21390848 c:\windows\Installer\746ef.msp
+ 2009-04-04 07:09 . 2009-04-04 07:09 15190016 c:\windows\Installer\746df.msp
+ 2009-04-07 16:48 . 2009-04-07 16:48 21084160 c:\windows\Installer\53fcbb.msi
+ 2008-10-19 23:22 . 2008-10-19 23:22 11758592 c:\windows\Installer\51505d.msp
+ 2008-10-09 19:51 . 2008-10-09 19:51 14699520 c:\windows\Installer\51504a.msp
+ 2008-10-19 23:21 . 2008-10-19 23:21 11937280 c:\windows\Installer\515042.msp
+ 2008-10-09 19:45 . 2008-10-09 19:45 12962816 c:\windows\Installer\515012.msp
+ 2008-08-11 00:51 . 2008-08-11 00:51 15916544 c:\windows\Installer\51500a.msp
+ 2008-10-19 23:16 . 2008-10-19 23:16 13211648 c:\windows\Installer\514ff7.msp
+ 2008-08-11 00:49 . 2008-08-11 00:49 22457344 c:\windows\Installer\514fd4.msp
+ 2008-09-24 01:05 . 2008-09-24 01:05 16381440 c:\windows\Installer\514fc1.msp
+ 2008-10-09 19:31 . 2008-10-09 19:31 18447872 c:\windows\Installer\514f9b.msp
+ 2009-02-25 09:05 . 2009-02-25 09:05 11840000 c:\windows\Installer\50945b.msp
+ 2009-02-25 09:07 . 2009-02-25 09:07 11646464 c:\windows\Installer\509449.msp
+ 2009-04-13 18:21 . 2009-04-13 18:21 15303168 c:\windows\Installer\1c67130.msp
+ 2009-04-13 17:46 . 2009-04-13 17:46 15438848 c:\windows\Installer\1c67127.msp
+ 2009-04-13 18:56 . 2009-04-13 18:56 20498944 c:\windows\Installer\1c67116.msp
+ 2009-04-11 09:13 . 2009-04-11 09:13 14939136 c:\windows\Installer\1178bd.msp
+ 2009-04-03 08:01 . 2009-04-03 08:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 08:11 . 2009-04-03 08:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-04-03 08:11 . 2009-04-03 08:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\EXCEL.EXE
+ 2009-05-14 08:03 . 2009-07-02 05:07 147989149 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2007-10-14 12:43 . 2007-10-14 12:43 229852160 c:\windows\Installer\8704d7.msp
+ 2009-04-04 07:08 . 2009-04-04 07:08 343058432 c:\windows\Installer\747dc.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-02 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-14 7416352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-03 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-258263905-4180165134-3641565259-1000]
"EnableNotificationsRef"=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\BigPond News Ticker\\BigPond__News_Ticker.exe"= c:\program files\BigPond News Ticker\BigPond__News_Ticker.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{520E938F-5F52-4115-9941-4199E2D12BED}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7A713E5B-B81A-4D7F-BEBC-1CECBAAF47FB}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{30E95597-3044-446F-9233-EC638CEF4128}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4D3AF8FB-BEC3-427C-B9B8-F34D0135BBD2}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{917BF2D5-84D8-40B0-9F27-33CB400C1922}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D8AFE044-7721-4667-9FB7-7F96A29E659B}"= UDP:c:\windows\explorer.exe:Windows Shell
"{321B0E01-C3D7-4867-B48F-7AF2F34CD3BB}"= TCP:c:\windows\explorer.exe:Windows Shell
"{0CBEBF2D-F680-45D9-B408-14B8A226B5A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{73A943B2-9003-4BE3-9672-8D95009D2337}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D42FA3EB-4CF3-4B7F-BBA6-8263E1AC1F9B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{C29D2B58-577C-4C8D-809C-BC3B258D9CCA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{5133E423-90D8-45FB-BA3F-333A948F328C}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{253E00D5-9409-46B5-8671-D7DB8C309204}c:\\vuze\\azureus.exe"= UDP:c:\vuze\azureus.exe:Azureus
"UDP Query User{04098863-85A3-4CE0-BC49-340C5C6F8400}c:\\vuze\\azureus.exe"= TCP:c:\vuze\azureus.exe:Azureus
"{19FBD24E-3981-47DF-B1ED-A04531FC691A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8BBC5B0A-418D-49E3-8274-D21E7A5DDA51}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{0A699020-EB7A-451D-96D9-090A277EA9A2}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{B74EF37D-860C-47A3-8C31-69EBB923FAF3}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{E35AD6D9-DCE8-4439-A968-67C65CDCAC18}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{B7664AF4-8200-4C02-8747-4561242107C2}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{A016B99E-B034-414F-8836-FE1BA953EEDA}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{DF07A664-DEAF-4302-B184-E4E9352F36BD}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{89153B2A-9F9E-47EB-A96A-6269CD4AB893}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{44CB98AC-0121-47C5-BAB0-728F3A542C6E}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{CA2D2FDD-05F0-42B4-A055-1AB0A7612AE3}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{885CB5AB-D2BF-45F5-AA18-DF9557449388}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"TCP Query User{5F22ED8B-325C-48F0-9863-E1E063AF429A}c:\\users\\katie\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\katie\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{E100E0E6-95E7-4C74-BB1A-25FB70A9DBC0}c:\\users\\katie\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\katie\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{06ACA00F-86CE-44DF-9B6F-DE712DF1889A}c:\\vuze\\azureus.exe"= UDP:c:\vuze\azureus.exe:Azureus
"UDP Query User{F5ED4FE0-D5F2-4065-A5F7-69621144B798}c:\\vuze\\azureus.exe"= TCP:c:\vuze\azureus.exe:Azureus
"TCP Query User{6F57CD4C-FF95-4CCF-81D0-F841217B9B59}d:\\limewire\\limewire.exe"= UDP:d:\limewire\limewire.exe:LimeWire
"UDP Query User{EF2094C7-80DE-4C82-AEEA-8E79D963BE0E}d:\\limewire\\limewire.exe"= TCP:d:\limewire\limewire.exe:LimeWire
"TCP Query User{8BFB92BC-D0D8-41CE-AE35-216B1B3377F4}d:\\vuze\\azureus.exe"= UDP:d:\vuze\azureus.exe:Azureus
"UDP Query User{B5F9F78A-DC64-4F73-A019-3670A29181CE}d:\\vuze\\azureus.exe"= TCP:d:\vuze\azureus.exe:Azureus
"TCP Query User{B8A5702C-AA2D-4433-B258-0966C9257B8B}c:\\program files\\dap premium\\dap.exe"= UDP:c:\program files\dap premium\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{CAE62236-69E1-43C4-9B18-FEEC25300B4A}c:\\program files\\dap premium\\dap.exe"= TCP:c:\program files\dap premium\dap.exe:Download Accelerator Plus (DAP)
"TCP Query User{96CFA8B6-735E-416E-BD29-C40ACA529340}c:\\westwood\\ra2\\gamemd.exe"= Disabled:UDP:c:\westwood\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{1A49DFFD-FB04-42A4-BB99-B0B6D96E83DC}c:\\westwood\\ra2\\gamemd.exe"= Disabled:TCP:c:\westwood\ra2\gamemd.exe:Main executable for Yuri's Revenge
"{68D8574D-072B-4B5A-A60B-A19A6D52B585}"= Disabled:UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{9FA11DD9-DAC7-47E7-B90F-AC39E80BEE3F}"= Disabled:TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"TCP Query User{5D625B63-77D1-409D-85CB-A16A7BD00F9D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{153EBD0B-70E9-47CD-A032-65F22178DC34}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{61D7CCD6-5492-488D-B295-C656D978D1F7}c:\\program files\\utherverse digital inc\\utherverse 3d client\\utherverse.exe"= UDP:c:\program files\utherverse digital inc\utherverse 3d client\utherverse.exe:Utherverse
"UDP Query User{E091FC5A-A89B-4CB3-8CDF-F6AAA879D2E8}c:\\program files\\utherverse digital inc\\utherverse 3d client\\utherverse.exe"= TCP:c:\program files\utherverse digital inc\utherverse 3d client\utherverse.exe:Utherverse
"{58A4B4B4-EE48-4F76-8CA4-7C722E9FA101}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6AC5BC75-CC79-40D0-BBA1-75BB7F4E3F1F}"= UDP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{749CC6AF-AE98-4CDE-90D0-6E3D39E9256C}"= TCP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{C3354A49-4B1C-4167-B236-8482F4091F76}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22B68913-D491-4AE4-B3A0-C93FFCBD3B0A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EF57FA77-A304-4E15-932E-C6179A9D30E8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3336F49D-7283-4006-8CDB-36CE564C4123}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C8BFEB8B-D0B3-4DAA-8CD3-4DAE1298C114}"= UDP:c:\users\katie\Desktop\utorrent.exe:µTorrent (TCP-In)
"{79885F25-78BB-40BF-9801-4A6D731F7080}"= TCP:c:\users\katie\Desktop\utorrent.exe:µTorrent (UDP-In)
"{CAAE562B-26ED-4222-B773-12B855541CA5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{553A5860-C5BC-44CF-BCBB-81C4A2A02F19}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{971EB680-3BD6-454C-AD54-AF8A524308E2}c:\\windows\\system32\\sys32dll.exe"= UDP:c:\windows\system32\sys32dll.exe:SYS32DLL
"UDP Query User{CFE8CFE2-CCDC-4ED6-B275-E29F93C4E1CF}c:\\windows\\system32\\sys32dll.exe"= TCP:c:\windows\system32\sys32dll.exe:SYS32DLL
"{6899F663-D2D1-4349-AF78-A06C9C547472}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D8C6C9D2-CFFB-48AF-90A1-59D24BDB54D7}"= UDP:c:\program files\7-Zip\7zFM.exe:7-Zip File Manager
"{66CC6106-BDD6-49D1-9D7A-ADCB88182140}"= TCP:c:\program files\7-Zip\7zFM.exe:7-Zip File Manager
"TCP Query User{B41DC1DC-0841-4BCD-B029-43E6035C4188}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"UDP Query User{EAEA5B6C-9EC6-483F-8110-866738ABE349}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"TCP Query User{E188B5D5-C0CA-4528-9D77-D54650F66DF7}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F0AD4E0E-F643-4F83-99DD-0B1AF6937C4D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{31D50AAF-67B9-4E48-9379-31611B36DB9E}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{F4F2A2DE-6767-4F68-A02E-14626A598A71}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{6536E6E2-E8C1-4654-B6D8-36423E4031B1}c:\\program files\\need for speed 3 vista edition\\nfs3.exe"= UDP:c:\program files\need for speed 3 vista edition\nfs3.exe:Need For Speed III for Win32
"UDP Query User{A04D7A4B-C41D-4A2A-8E43-FC55E2F16454}c:\\program files\\need for speed 3 vista edition\\nfs3.exe"= TCP:c:\program files\need for speed 3 vista edition\nfs3.exe:Need For Speed III for Win32
"{3E634FAE-A5BC-42BA-9234-3009224225A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9198252D-6C76-49D4-9286-221923BE11F8}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{70CE7DE7-669C-46A8-852C-C1A8E1D4EFBF}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{9DF1A4B3-3664-4D31-B1FF-967143594FA7}"= UDP:C:\utorrent.exe:µTorrent (TCP-In)
"{1A82F8FF-7964-42F5-80CF-4ECF8CA7F667}"= TCP:C:\utorrent.exe:µTorrent (UDP-In)
"{1A911859-054C-46E4-A76E-D1FF35C3DAEB}"= UDP:86:BroadCam Web Server
"{BA9E2761-A467-4001-9083-63362BC3B6DA}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)
"{7318AA9D-1CFD-4E06-9EF2-773736C55177}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)
"{37CF789D-3CDB-411F-9C51-9F2134BAAA22}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{030774C9-D8FB-457A-B930-DCCC1748A4AC}"= UDP:94:VRS Recording System Web Control Panel
"{6292BE7F-74DB-445C-8249-B0118A440821}"= UDP:29529:utorrent
"{222CDB84-7901-4A7E-BC00-C0881C93E51A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2E359BDC-3CFD-4F35-B4CD-D9B93E1D6319}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{82F1B61C-0506-4ECB-9EF4-8895F021C0DC}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{9265B03F-DDF7-48A0-AC96-6A635DB2F5C5}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{0891D236-4FDB-415C-ADA2-CEBAE32BBCA8}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{57354FAC-4E57-4AA4-97CE-C9151954F36A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{FB14130D-4BF9-45EE-8797-97E0DF20B536}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{2283502F-C616-44FD-9DE3-77966C8CD6EA}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

R1 jvznklrt;jvznklrt; [x]
R1 sinoylog;sinoylog; [x]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; [x]
R2 gupdate1c9c0993032ba89;Google Update Service (gupdate1c9c0993032ba89);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 133104]
R3 ABTIVC;ABTIVC;c:\users\katie\AppData\Local\Temp\ABTIVC.exe [x]
R3 authfwco;authfwco;c:\windows\system32\DRIVERS\authfwco.sys [2009-01-27 22792]
R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]
R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-04-10 111112]
R3 BJCYIC;BJCYIC;c:\users\katie\AppData\Local\Temp\BJCYIC.exe [x]
R3 BzeekDM;BzeekDM; [x]
R3 BzeekDP;BzeekDP Drone Service; [x]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
R3 MXQPMGTP;MXQPMGTP;c:\users\katie\AppData\Local\Temp\MXQPMGTP.exe [x]
R3 RFNNBYMAJG;RFNNBYMAJG;c:\users\katie\AppData\Local\Temp\RFNNBYMAJG.exe [x]
R3 RQXHAYCE;RQXHAYCE;c:\users\katie\AppData\Local\Temp\RQXHAYCE.exe [x]
R3 UNEQYUFHTALR;UNEQYUFHTALR;c:\users\katie\AppData\Local\Temp\UNEQYUFHTALR.exe [x]
R3 VBLW;VBLW;c:\users\katie\AppData\Local\Temp\VBLW.exe [x]
R3 VNDQGKL;VNDQGKL;c:\users\katie\AppData\Local\Temp\VNDQGKL.exe [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-07-03 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-03 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-03 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-03 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-03 298264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-12-10 223232]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-16 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 02:42]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 02:47]

2009-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258263905-4180165134-3641565259-1000.job
- c:\users\katie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-02 18:11]

2009-06-28 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-29 08:15]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{E26F8D07-A920-4A37-813F-CC870228C24B}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 07:33]

2009-07-02 c:\windows\Tasks\{AD8C5A98-0BF2-456F-8310-74191FB91C70}.job
- c:\program files\Skype\Phone\Skype.exe [2009-06-26 05:56]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.ninemsn.com.au/
mStart Page = hxxp://www.ninemsn.com.au
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 01:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,7a,d3,ee,c8,e9,98,4b,86,b4,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,7a,d3,ee,c8,e9,98,4b,86,b4,94,\

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehsched.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\igfxsrvc.exe
c:\users\katie\AppData\Local\temp\RtkBtMnt.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-03 1:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 15:07
ComboFix2.txt 2009-07-01 14:00

Pre-Run: 10,968,109,056 bytes free
Post-Run: 11,179,982,848 bytes free

818 --- E O F --- 2009-07-02 05:35

[Ried]

Hi stevennashy,

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D8AFE044-7721-4667-9FB7-7F96A29E659B}"=-
"{321B0E01-C3D7-4867-B48F-7AF2F34CD3BB}"=-
"TCP Query User{971EB680-3BD6-454C-AD54-AF8A524308E2}c:\\windows\\system32\\sys32dll.exe"=-
"UDP Query User{CFE8CFE2-CCDC-4ED6-B275-E29F93C4E1CF}c:\\windows\\system32\\sys32dll.exe"=-

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt


--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior

[Ried]

After you've completed the above, I'll also need you to do the following:

Open Notepad and copy/paste the contents in the quote box below, into Notepad.

Quote:

@echo off
for %%g in (
"C:\QooBox\Quarantine\c:\windows\Installer\6dc30e.msi.vir"
"C:\QooBox\Quarantine\c:\windows\Installer\86afa.msi.vir"
) do zip Files_for_submission %%g
del %0

Save this as steven.bat Choose to "Save type as - All Files"
It should look like this:

Double click on steven.bat & allow it to run.

This batchfile will create a zipped file on your desktop named Files_for_submission.zip

Please visit this site. Click the browse button and browse to Files_for_submission.zip on your desktop. Click 'Send File'

=======================================


Download & extract this file to it's own folder - http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip

Launch Registry Search
In the search box, enter ...

c9f83.msi
86b00.msi
1115c6.msi

Then click "Ok".

Notepad will open with some text in it (the file will also be saved in the program's folder as well). Post the contents of the Regsearch.txt


=======================================


Open Notepad and copy/paste the contents in the code box below, into Notepad.

Quote:

@SWREG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData /s >Log.txt
@Notepad Log.txt
@DEL %0

Save this as look.bat Choose to "Save type as - All Files"
It should look like this:

Double click on look.bat & allow it to run. A log.txt will pop open, please be patient. The file will appear on your desktop. Right click the file and select Send To>Compressed (zipped file) and attach that zipped file in your next reply.

[stevennashy]

here is combofix log running with batch and also the kaspersky online scan results
and my searh browser hasnt been redirecting me as of yet
plus pc is still a bit slow

ComboFix 09-07-02.02 - katie 04/07/2009 10:12.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.1013.240 [GMT 10:00]
Running from: c:\users\katie\Desktop\nashy.exe
Command switches used :: c:\users\katie\Desktop\cfscript.txt
.

((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 00:22 . 2009-07-04 00:22 -------- d-----w- c:\users\katie\AppData\Local\temp
2009-07-04 00:05 . 2009-07-03 12:25 108552 ----a-w- c:\programdata\avg8\update\backup\avgtdix.sys
2009-07-04 00:05 . 2009-07-03 12:25 325640 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-04 00:05 . 2009-07-03 12:25 12552 ----a-w- c:\programdata\avg8\update\backup\avgrkx86.sys
2009-07-04 00:05 . 2009-07-03 12:25 10520 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-07-04 00:05 . 2009-07-03 12:25 27656 ----a-w- c:\programdata\avg8\update\backup\avgmfx86.sys
2009-07-04 00:05 . 2009-07-03 12:24 485144 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-07-04 00:05 . 2009-07-04 00:05 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-07-03 23:59 . 2009-07-03 12:24 1423640 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-07-03 23:59 . 2009-07-03 12:24 1057048 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-07-03 23:59 . 2009-07-03 12:24 582936 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-07-03 23:59 . 2009-07-03 12:24 746264 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-07-03 12:29 . 2009-07-03 14:17 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-03 12:25 . 2009-07-04 00:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-03 12:25 . 2009-07-04 00:02 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-03 12:25 . 2009-07-04 00:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-03 12:25 . 2009-07-04 00:02 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 12:25 . 2009-07-04 00:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-03 12:24 . 2009-07-04 00:06 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-03 12:24 . 2009-07-03 12:24 -------- d-----w- c:\program files\AVG
2009-07-03 12:24 . 2009-07-03 14:44 -------- d-----w- c:\programdata\avg8
2009-07-03 11:19 . 2009-07-03 23:56 -------- d-----w- c:\windows\system32\wbem\repository
2009-07-03 06:30 . 2009-07-03 06:30 -------- d-----w- C:\Vuze
2009-07-02 09:54 . 2009-07-02 09:55 -------- d-----w- c:\program files\LimeWire
2009-07-02 08:49 . 2009-07-02 08:49 -------- d-----r- c:\program files\Skype
2009-07-02 08:41 . 2009-07-02 08:41 -------- d-----w- c:\program files\uTorrent
2009-07-02 05:00 . 2009-07-02 05:00 -------- d-----w- c:\users\katie\AppData\Local\WindowsUpdate
2009-07-01 23:50 . 2009-07-01 23:50 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-07-01 23:49 . 2009-07-01 23:50 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-01 23:49 . 2009-07-01 23:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-01 23:48 . 2009-07-01 23:52 -------- d-----w- c:\users\katie\AppData\Roaming\DAEMON Tools Lite
2009-07-01 11:45 . 2009-07-01 11:46 -------- d-----w- C:\delete
2009-06-30 16:58 . 2009-06-30 17:01 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-06-30 16:55 . 2009-06-30 16:56 -------- d-----w- c:\program files\Cute CD DVD Burner
2009-06-30 14:10 . 2009-06-30 14:10 -------- d-----w- c:\program files\Trend Micro
2009-06-30 02:08 . 2009-06-30 02:27 -------- d-----w- c:\users\katie\AppData\Local\ElevatedDiagnostics
2009-06-30 01:51 . 2009-06-30 01:54 -------- d-----w- c:\program files\Microsoft ATS
2009-06-29 00:42 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-29 00:42 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-06-29 00:42 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-29 00:42 . 2009-06-30 16:08 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-28 22:35 . 2009-06-30 16:08 -------- d-----w- c:\program files\MagicISO
2009-06-28 20:24 . 2009-06-28 20:24 -------- d-----w- c:\program files\Common Files\NSV
2009-06-28 04:34 . 2009-06-28 06:12 -------- d-----w- c:\users\katie\AppData\Roaming\Error Fix
2009-06-27 12:51 . 2009-06-27 12:51 -------- d-----w- c:\users\katie\AppData\Roaming\Recordpad
2009-06-27 09:01 . 2009-07-01 00:38 -------- d-----w- c:\programdata\NCH Swift Sound
2009-06-27 09:00 . 2009-06-28 13:19 -------- d-----w- c:\users\katie\AppData\Roaming\NCH Swift Sound
2009-06-27 09:00 . 2009-06-30 11:50 -------- d-----w- c:\programdata\NCH Software
2009-06-27 08:57 . 2009-07-03 12:28 -------- d-----w- c:\users\katie\AppData\Roaming\NCH Software
2009-06-27 08:57 . 2009-07-03 12:28 -------- d-----w- c:\program files\NCH Software
2009-06-25 12:26 . 2009-06-25 12:26 0 ----a-w- c:\users\katie\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-06-24 09:31 . 2009-06-24 09:31 -------- d-----w- c:\users\katie\AppData\Roaming\Pingus
2009-06-23 13:49 . 2009-06-23 13:49 -------- d-----w- c:\users\katie\AppData\Local\Graboid_Inc
2009-06-23 13:49 . 2009-06-23 13:56 -------- d-----w- c:\users\katie\AppData\Local\Graboid
2009-06-23 10:49 . 2009-06-30 03:56 95744 ----a-w- c:\programdata\SpeedBit\DAP\Updates\Condition.dll
2009-06-23 03:09 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-23 03:09 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-23 00:23 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-23 00:23 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-23 00:02 . 2009-06-23 00:02 -------- d-----w- c:\program files\Microsoft Easy Assist
2009-06-23 00:02 . 2009-06-23 00:02 -------- d-----w- c:\programdata\Applications
2009-06-22 08:08 . 2009-06-22 08:08 -------- d-----w- c:\windows\Sun
2009-06-21 09:23 . 2009-01-09 02:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-06-21 09:23 . 2009-01-09 02:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-06-21 09:22 . 2009-07-01 09:59 -------- d-----w- c:\programdata\page
2009-06-18 03:34 . 2009-06-30 16:08 -------- d-----w- c:\users\katie\AppData\Roaming\DeepBurner
2009-06-18 03:34 . 2009-06-18 03:34 -------- d-----w- c:\program files\Astonsoft
2009-06-18 03:20 . 2009-06-18 03:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-17 10:03 . 2007-07-02 05:02 3073320 ----a-w- c:\windows\system32\AdvrCntr2D6E0B790.dll
2009-06-17 10:03 . 2007-07-02 05:02 996648 ----a-w- c:\windows\system32\ShellManager10E2D762.dll
2009-06-17 07:40 . 2009-06-17 07:41 -------- d-----w- c:\users\katie\AppData\Local\Ahead
2009-06-17 07:32 . 2009-06-17 07:32 -------- d-----w- c:\users\katie\AppData\Roaming\Ahead
2009-06-16 05:14 . 2009-06-16 05:15 -------- d-----w- c:\users\katie\AppData\Roaming\Media Player Classic
2009-06-15 12:10 . 2009-06-15 12:37 -------- d-----w- c:\users\katie\AppData\Local\FullTiltPoker
2009-06-15 11:13 . 2009-06-15 22:52 60 ----a-w- c:\windows\mhses.dat
2009-06-15 11:11 . 2009-06-15 11:11 53248 ----a-w- c:\windows\system32\quick32.dll
2009-06-15 11:11 . 2009-06-15 11:11 148816 ----a-w- c:\windows\system32\unzip32.dll
2009-06-14 11:32 . 2009-07-01 07:18 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-13 21:58 . 2009-06-13 22:00 -------- d-----w- c:\program files\FrostWire
2009-06-13 21:22 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-06-13 21:22 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
2009-06-13 21:22 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-06-13 21:22 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-06-13 21:22 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
2009-06-13 21:22 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-06-13 21:22 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-06-13 21:22 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-06-13 21:22 . 2009-06-13 21:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-06-13 21:22 . 2009-06-13 21:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-06-12 09:15 . 2009-06-12 09:15 -------- d-----w- c:\programdata\IObit
2009-06-09 03:00 . 2004-08-30 04:25 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2009-06-09 03:00 . 2007-04-12 05:01 118832 ----a-w- c:\windows\system32\SHW32.DLL
2009-06-09 00:54 . 2009-06-09 00:54 -------- d-----w- c:\users\katie\AppData\Roaming\CCS64
2009-06-09 00:54 . 2009-06-09 00:54 -------- d-----w- c:\program files\Computerbrains C.C.S
2009-06-08 22:19 . 2009-06-08 22:19 -------- d-----w- c:\users\katie\AppData\Local\Hiro-Media
2009-06-08 22:19 . 2009-06-08 22:19 -------- d-----w- c:\programdata\Hiro-Media
2009-06-07 10:45 . 2009-06-07 10:45 -------- d-----w- c:\program files\Tiny Toon Adventures - Buster's Hidden Treasure
2009-06-07 10:41 . 2009-06-07 10:41 -------- d-----w- c:\program files\Smurfs
2009-06-07 10:36 . 2009-06-07 10:36 -------- d-----w- c:\program files\Aladdin
2009-06-06 06:03 . 2009-06-06 06:03 -------- d-----w- C:\hospital
2009-06-06 03:52 . 2009-06-06 03:52 -------- d-----w- c:\users\katie\AppData\Local\Electronic Arts
2009-06-05 16:13 . 2009-06-05 16:13 -------- d-----w- c:\program files\Bullfrog
2009-06-05 15:11 . 2009-06-05 15:11 -------- d-----w- c:\users\katie\AppData\Roaming\.freeciv
2009-06-04 13:55 . 2009-07-02 08:46 -------- d-----w- c:\program files\Any Video Converter
2009-06-04 12:19 . 2009-06-04 12:19 -------- d-----w- c:\program files\CCleaner
2009-06-04 06:16 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-04 06:15 . 2009-06-04 06:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-04 05:59 . 2009-05-08 02:33 251392 ----a-w- c:\programdata\SpeedBit\DAP\Temp\dapop.dll
2009-06-04 05:14 . 2009-06-04 05:14 -------- d-----w- c:\program files\Windows Live SkyDrive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 00:07 . 2009-04-09 04:41 -------- d-----w- c:\users\katie\AppData\Roaming\uTorrent
2009-07-03 15:41 . 2009-04-09 08:07 -------- d-----w- c:\users\katie\AppData\Roaming\Azureus
2009-07-03 11:19 . 2009-05-01 16:30 -------- d-----w- c:\program files\bigpond
2009-07-03 08:29 . 2009-04-19 02:42 -------- d-----w- c:\programdata\Google Updater
2009-07-03 07:01 . 2009-04-17 06:43 -------- d-----w- c:\programdata\SecTaskMan
2009-07-03 06:56 . 2009-04-05 17:38 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-03 06:19 . 2009-04-05 18:32 -------- d-----w- c:\program files\DAP
2009-07-03 06:09 . 2009-04-20 18:22 -------- d-----w- c:\programdata\C1FF
2009-07-03 06:08 . 2009-04-09 08:07 -------- d-----w- c:\programdata\Azureus
2009-07-03 05:59 . 2009-04-16 15:03 -------- d-----w- c:\program files\Uniblue
2009-07-03 05:55 . 2009-04-06 12:09 -------- d-----w- c:\program files\IObit
2009-07-02 10:13 . 2009-03-21 10:55 -------- d-----w- c:\users\katie\AppData\Roaming\LimeWire
2009-07-02 08:49 . 2009-04-05 11:08 -------- d-----w- c:\programdata\Skype
2009-07-02 08:46 . 2009-04-11 12:50 -------- d-----w- c:\users\katie\AppData\Roaming\Any Video Converter
2009-07-02 05:34 . 2001-01-10 12:57 -------- d-----w- c:\programdata\Microsoft Help
2009-07-02 05:32 . 2001-01-10 12:58 -------- d-----w- c:\program files\Microsoft Works
2009-07-02 04:54 . 2009-05-15 23:32 -------- d-----w- c:\users\katie\AppData\Roaming\Systweak
2009-07-01 12:23 . 2009-05-09 09:49 -------- d-----w- c:\users\katie\AppData\Roaming\FrostWire
2009-07-01 09:59 . 2009-05-06 08:17 -------- d-----w- c:\program files\Ashampoo
2009-07-01 04:58 . 2009-05-26 17:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-01 04:12 . 2009-03-31 04:35 1356 ----a-w- c:\users\katie\AppData\Local\d3d9caps.dat
2009-06-30 16:08 . 2009-05-15 07:47 -------- d-----w- c:\program files\Vuze
2009-06-28 20:40 . 2009-04-05 11:09 -------- d-----w- c:\users\katie\AppData\Roaming\Skype
2009-06-28 13:18 . 2009-05-11 13:31 -------- d-----w- c:\program files\Common Files\Real
2009-06-27 14:26 . 2009-03-19 20:26 72504 ----a-w- c:\users\katie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-23 13:51 . 2009-04-02 03:48 -------- d-----w- c:\users\katie\AppData\Roaming\MozillaControl
2009-06-21 06:05 . 2009-05-01 08:58 -------- d-----w- c:\users\katie\AppData\Roaming\Yahoo!
2009-06-18 12:59 . 2001-01-10 11:58 -------- d-----w- c:\program files\Intel
2009-06-18 12:55 . 2001-01-10 12:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 03:44 . 2009-04-08 15:45 -------- d-----w- c:\users\katie\AppData\Roaming\GetRightToGo
2009-06-18 01:34 . 2009-04-06 02:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-09 08:55 . 2009-06-01 00:41 -------- d-----w- c:\users\katie\AppData\Roaming\Shareaza
2009-06-08 18:23 . 2009-04-09 08:11 175 ----a-w- c:\users\katie\AppData\Roaming\Azureus\restart.bat
2009-06-08 15:25 . 2009-05-15 23:39 16437296 ----a-w- c:\users\katie\AppData\Roaming\Systweak\avo\PS2.exe
2009-06-08 15:23 . 2009-05-15 23:38 4862232 ----a-w- c:\users\katie\AppData\Roaming\Systweak\avo\AEB.exe
2009-06-08 15:23 . 2009-05-15 23:37 4786288 ----a-w- c:\users\katie\AppData\Roaming\Systweak\avo\PT.exe
2009-06-08 13:58 . 2009-04-03 10:17 -------- d-----w- c:\users\katie\AppData\Roaming\DMCache
2009-06-04 06:17 . 2009-04-03 11:30 -------- d-----w- c:\program files\Windows Live
2009-06-04 05:01 . 2009-04-05 13:52 -------- d-----w- c:\program files\Yahoo!
2009-06-01 14:33 . 2009-06-01 14:32 274224 ----a-w- c:\program files\utorrent.exe
2009-06-01 08:34 . 2009-03-22 23:04 -------- d-----w- c:\users\katie\AppData\Roaming\Ashampoo
2009-06-01 08:06 . 2009-06-01 08:06 -------- d-----w- c:\programdata\DVD Shrink
2009-05-31 13:35 . 2009-04-01 04:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-31 13:05 . 2009-05-31 13:05 -------- d-----w- c:\program files\filehippo.com
2009-05-30 15:41 . 2009-05-30 12:20 -------- d-----w- c:\program files\Winamp
2009-05-30 14:06 . 2009-05-30 12:20 -------- d-----w- c:\users\katie\AppData\Roaming\Winamp
2009-05-30 12:20 . 2009-05-11 13:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-29 21:37 . 2009-04-08 16:33 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-04-08 16:33 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-28 18:12 . 2009-04-19 02:42 -------- d-----w- c:\program files\Google
2009-05-22 17:43 . 2009-04-02 08:24 -------- d-----w- c:\users\katie\AppData\Roaming\HP
2009-05-22 16:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-05-22 15:32 . 2001-01-10 12:50 -------- d-----w- c:\program files\Acer Arcade Deluxe
2009-05-22 15:17 . 2009-05-20 12:45 -------- d-----w- c:\users\katie\AppData\Roaming\Paltalk
2009-05-22 09:25 . 2009-05-22 09:25 432 ----a-w- c:\windows\EReg072.dat
2009-05-22 08:47 . 2009-05-22 08:41 -------- d-----w- c:\users\katie\AppData\Roaming\ImgBurn
2009-05-22 07:16 . 2009-05-22 07:16 -------- d-----w- c:\program files\ImgBurn
2009-05-22 01:49 . 2009-05-22 01:49 -------- d-----w- c:\programdata\pixelStorm
2009-05-18 22:28 . 2009-05-18 22:28 -------- d-----w- c:\programdata\WorldWinner.com
2009-05-17 23:32 . 2009-05-17 08:38 -------- d-----w- c:\programdata\Rising
2009-05-17 12:19 . 2009-05-17 12:19 -------- d-----w- c:\programdata\PopCap
2009-05-17 06:42 . 2009-04-20 18:20 -------- d-----w- c:\program files\iMesh Applications
2009-05-17 03:55 . 2009-05-17 03:55 10684866 ----a-w- c:\users\katie\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-05-16 00:15 . 2009-05-15 23:40 30996544 ----a-w- c:\users\katie\AppData\Roaming\Systweak\avo\ASP.exe
2009-05-15 19:02 . 2009-04-06 12:09 -------- d-----w- c:\users\katie\AppData\Roaming\IObit
2009-05-15 07:47 . 2009-05-15 07:47 -------- d-----w- c:\program files\Common Files\i4j_jres
2009-05-14 07:23 . 2009-05-14 07:17 -------- d-----w- c:\users\katie\AppData\Roaming\VoipStunt
2009-05-14 02:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-14 01:25 . 2009-05-13 14:25 -------- d-----w- c:\users\katie\AppData\Roaming\vghd
2009-05-14 01:24 . 2009-05-13 14:27 5 ----a-w- c:\windows\sbacknt.bin
2009-05-13 18:02 . 2009-05-13 18:02 -------- d-----w- c:\program files\Conduit
2009-05-13 14:25 . 2009-05-13 14:25 152904 ----a-w- c:\windows\system32\vghd.scr
2009-05-13 11:57 . 2009-05-13 11:26 -------- d-----w- c:\programdata\Norton
2009-05-13 11:31 . 2001-01-10 13:08 -------- d-----w- c:\programdata\Symantec
2009-05-13 11:25 . 2009-05-13 11:25 -------- d-----w- c:\programdata\NortonInstaller
2009-05-12 07:02 . 2009-05-08 04:30 -------- d-----w- c:\users\katie\AppData\Roaming\SpeedBit
2009-05-11 14:58 . 2009-05-11 13:38 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-11 14:35 . 2009-05-11 13:38 -------- d-----w- c:\programdata\PC Tools
2009-05-11 13:38 . 2009-05-11 13:38 -------- d-----w- c:\users\katie\AppData\Roaming\PC Tools
2009-05-10 04:34 . 2009-04-05 18:33 -------- d-----w- c:\programdata\SpeedBit
2009-05-09 04:17 . 2009-03-31 04:04 -------- d-----w- c:\program files\MSXML 4.0
2009-05-08 07:51 . 2009-05-08 07:51 -------- d-----w- c:\users\katie\AppData\Roaming\IDM
2009-05-08 07:34 . 2001-01-10 12:30 -------- d-----w- c:\program files\Common Files\LightScribe
2009-05-08 02:38 . 2009-05-08 02:38 2169880 ----a-w- c:\programdata\SpeedBit\DAP\Offers\spo3.exe
2009-05-04 13:28 . 2009-05-04 13:28 23 --sha-w- c:\windows\system32\edacded0_x.dat
2009-05-01 21:02 . 2009-04-08 16:33 685056 ----a-w- c:\windows\system32\divx.dll
2009-04-30 15:31 . 2001-01-10 12:07 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-27 10:50 . 2009-04-23 10:22 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-26 14:42 . 2009-04-10 10:04 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-24 16:05 . 2009-06-23 00:24 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-23 00:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-23 00:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-21 11:55 . 2009-06-23 00:24 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-21 03:09 . 2003-03-18 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-21 03:09 . 2003-03-18 08:05 106496 ----a-w- c:\windows\system32\atl71.dll
2009-04-21 03:09 . 2003-02-20 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-16 15:49 . 2009-04-16 15:49 2824728 ----a-w- c:\users\katie\AppData\Roaming\Uniblue\DriverScanner\Download\pci_ven_8086_dev_28158_6_1_1002.exe
2009-04-16 07:23 . 2009-04-30 15:31 540672 ----a-w- c:\windows\RtlExUpd.dll
2009-04-15 13:44 . 2009-04-10 03:22 81984 ----a-w- c:\windows\system32\bdod.bin
2009-04-14 14:53 . 2009-04-13 08:59 0 ----a-w- c:\users\katie\AppData\Local\Vrokesecoq.bin
.

((((((((((((((((((((((((((((( SnapShot_2009-07-03_15.00.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-07-03 23:58 96598 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-23 04:09 . 2009-07-03 23:58 23050 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-258263905-4180165134-3641565259-1000_UserData.bin
+ 2001-01-10 12:03 . 2009-07-03 23:58 119566 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-07-04 00:02 669994 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-03 14:51 669994 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-04 00:02 131020 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-03 14:51 131020 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-02 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-14 7416352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-03 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-258263905-4180165134-3641565259-1000]
"EnableNotificationsRef"=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\BigPond News Ticker\\BigPond__News_Ticker.exe"= c:\program files\BigPond News Ticker\BigPond__News_Ticker.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{520E938F-5F52-4115-9941-4199E2D12BED}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7A713E5B-B81A-4D7F-BEBC-1CECBAAF47FB}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{30E95597-3044-446F-9233-EC638CEF4128}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4D3AF8FB-BEC3-427C-B9B8-F34D0135BBD2}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{917BF2D5-84D8-40B0-9F27-33CB400C1922}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{0CBEBF2D-F680-45D9-B408-14B8A226B5A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{73A943B2-9003-4BE3-9672-8D95009D2337}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D42FA3EB-4CF3-4B7F-BBA6-8263E1AC1F9B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{C29D2B58-577C-4C8D-809C-BC3B258D9CCA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{5133E423-90D8-45FB-BA3F-333A948F328C}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{253E00D5-9409-46B5-8671-D7DB8C309204}c:\\vuze\\azureus.exe"= UDP:c:\vuze\azureus.exe:Azureus
"UDP Query User{04098863-85A3-4CE0-BC49-340C5C6F8400}c:\\vuze\\azureus.exe"= TCP:c:\vuze\azureus.exe:Azureus
"{19FBD24E-3981-47DF-B1ED-A04531FC691A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8BBC5B0A-418D-49E3-8274-D21E7A5DDA51}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{0A699020-EB7A-451D-96D9-090A277EA9A2}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{B74EF37D-860C-47A3-8C31-69EBB923FAF3}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{E35AD6D9-DCE8-4439-A968-67C65CDCAC18}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{B7664AF4-8200-4C02-8747-4561242107C2}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{A016B99E-B034-414F-8836-FE1BA953EEDA}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{DF07A664-DEAF-4302-B184-E4E9352F36BD}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{89153B2A-9F9E-47EB-A96A-6269CD4AB893}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{44CB98AC-0121-47C5-BAB0-728F3A542C6E}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{CA2D2FDD-05F0-42B4-A055-1AB0A7612AE3}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{885CB5AB-D2BF-45F5-AA18-DF9557449388}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"TCP Query User{5F22ED8B-325C-48F0-9863-E1E063AF429A}c:\\users\\katie\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\katie\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{E100E0E6-95E7-4C74-BB1A-25FB70A9DBC0}c:\\users\\katie\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\katie\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{06ACA00F-86CE-44DF-9B6F-DE712DF1889A}c:\\vuze\\azureus.exe"= UDP:c:\vuze\azureus.exe:Azureus
"UDP Query User{F5ED4FE0-D5F2-4065-A5F7-69621144B798}c:\\vuze\\azureus.exe"= TCP:c:\vuze\azureus.exe:Azureus
"TCP Query User{6F57CD4C-FF95-4CCF-81D0-F841217B9B59}d:\\limewire\\limewire.exe"= UDP:d:\limewire\limewire.exe:LimeWire
"UDP Query User{EF2094C7-80DE-4C82-AEEA-8E79D963BE0E}d:\\limewire\\limewire.exe"= TCP:d:\limewire\limewire.exe:LimeWire
"TCP Query User{8BFB92BC-D0D8-41CE-AE35-216B1B3377F4}d:\\vuze\\azureus.exe"= UDP:d:\vuze\azureus.exe:Azureus
"UDP Query User{B5F9F78A-DC64-4F73-A019-3670A29181CE}d:\\vuze\\azureus.exe"= TCP:d:\vuze\azureus.exe:Azureus
"TCP Query User{B8A5702C-AA2D-4433-B258-0966C9257B8B}c:\\program files\\dap premium\\dap.exe"= UDP:c:\program files\dap premium\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{CAE62236-69E1-43C4-9B18-FEEC25300B4A}c:\\program files\\dap premium\\dap.exe"= TCP:c:\program files\dap premium\dap.exe:Download Accelerator Plus (DAP)
"TCP Query User{96CFA8B6-735E-416E-BD29-C40ACA529340}c:\\westwood\\ra2\\gamemd.exe"= Disabled:UDP:c:\westwood\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{1A49DFFD-FB04-42A4-BB99-B0B6D96E83DC}c:\\westwood\\ra2\\gamemd.exe"= Disabled:TCP:c:\westwood\ra2\gamemd.exe:Main executable for Yuri's Revenge
"{68D8574D-072B-4B5A-A60B-A19A6D52B585}"= Disabled:UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{9FA11DD9-DAC7-47E7-B90F-AC39E80BEE3F}"= Disabled:TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"TCP Query User{5D625B63-77D1-409D-85CB-A16A7BD00F9D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{153EBD0B-70E9-47CD-A032-65F22178DC34}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{61D7CCD6-5492-488D-B295-C656D978D1F7}c:\\program files\\utherverse digital inc\\utherverse 3d client\\utherverse.exe"= UDP:c:\program files\utherverse digital inc\utherverse 3d client\utherverse.exe:Utherverse
"UDP Query User{E091FC5A-A89B-4CB3-8CDF-F6AAA879D2E8}c:\\program files\\utherverse digital inc\\utherverse 3d client\\utherverse.exe"= TCP:c:\program files\utherverse digital inc\utherverse 3d client\utherverse.exe:Utherverse
"{58A4B4B4-EE48-4F76-8CA4-7C722E9FA101}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6AC5BC75-CC79-40D0-BBA1-75BB7F4E3F1F}"= UDP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{749CC6AF-AE98-4CDE-90D0-6E3D39E9256C}"= TCP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{C3354A49-4B1C-4167-B236-8482F4091F76}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22B68913-D491-4AE4-B3A0-C93FFCBD3B0A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EF57FA77-A304-4E15-932E-C6179A9D30E8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3336F49D-7283-4006-8CDB-36CE564C4123}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C8BFEB8B-D0B3-4DAA-8CD3-4DAE1298C114}"= UDP:c:\users\katie\Desktop\utorrent.exe:µTorrent (TCP-In)
"{79885F25-78BB-40BF-9801-4A6D731F7080}"= TCP:c:\users\katie\Desktop\utorrent.exe:µTorrent (UDP-In)
"{CAAE562B-26ED-4222-B773-12B855541CA5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{553A5860-C5BC-44CF-BCBB-81C4A2A02F19}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{6899F663-D2D1-4349-AF78-A06C9C547472}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D8C6C9D2-CFFB-48AF-90A1-59D24BDB54D7}"= UDP:c:\program files\7-Zip\7zFM.exe:7-Zip File Manager
"{66CC6106-BDD6-49D1-9D7A-ADCB88182140}"= TCP:c:\program files\7-Zip\7zFM.exe:7-Zip File Manager
"TCP Query User{B41DC1DC-0841-4BCD-B029-43E6035C4188}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"UDP Query User{EAEA5B6C-9EC6-483F-8110-866738ABE349}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"TCP Query User{E188B5D5-C0CA-4528-9D77-D54650F66DF7}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F0AD4E0E-F643-4F83-99DD-0B1AF6937C4D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{31D50AAF-67B9-4E48-9379-31611B36DB9E}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{F4F2A2DE-6767-4F68-A02E-14626A598A71}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{6536E6E2-E8C1-4654-B6D8-36423E4031B1}c:\\program files\\need for speed 3 vista edition\\nfs3.exe"= UDP:c:\program files\need for speed 3 vista edition\nfs3.exe:Need For Speed III for Win32
"UDP Query User{A04D7A4B-C41D-4A2A-8E43-FC55E2F16454}c:\\program files\\need for speed 3 vista edition\\nfs3.exe"= TCP:c:\program files\need for speed 3 vista edition\nfs3.exe:Need For Speed III for Win32
"{3E634FAE-A5BC-42BA-9234-3009224225A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9198252D-6C76-49D4-9286-221923BE11F8}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{70CE7DE7-669C-46A8-852C-C1A8E1D4EFBF}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{9DF1A4B3-3664-4D31-B1FF-967143594FA7}"= UDP:C:\utorrent.exe:µTorrent (TCP-In)
"{1A82F8FF-7964-42F5-80CF-4ECF8CA7F667}"= TCP:C:\utorrent.exe:µTorrent (UDP-In)
"{1A911859-054C-46E4-A76E-D1FF35C3DAEB}"= UDP:86:BroadCam Web Server
"{BA9E2761-A467-4001-9083-63362BC3B6DA}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)
"{7318AA9D-1CFD-4E06-9EF2-773736C55177}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)
"{37CF789D-3CDB-411F-9C51-9F2134BAAA22}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{030774C9-D8FB-457A-B930-DCCC1748A4AC}"= UDP:94:VRS Recording System Web Control Panel
"{6292BE7F-74DB-445C-8249-B0118A440821}"= UDP:29529:utorrent
"{222CDB84-7901-4A7E-BC00-C0881C93E51A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2E359BDC-3CFD-4F35-B4CD-D9B93E1D6319}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{82F1B61C-0506-4ECB-9EF4-8895F021C0DC}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{9265B03F-DDF7-48A0-AC96-6A635DB2F5C5}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{0891D236-4FDB-415C-ADA2-CEBAE32BBCA8}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{57354FAC-4E57-4AA4-97CE-C9151954F36A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{FB14130D-4BF9-45EE-8797-97E0DF20B536}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{2283502F-C616-44FD-9DE3-77966C8CD6EA}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

R1 jvznklrt;jvznklrt; [x]
R1 sinoylog;sinoylog; [x]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; [x]
R2 gupdate1c9c0993032ba89;Google Update Service (gupdate1c9c0993032ba89);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 133104]
R3 ABTIVC;ABTIVC;c:\users\katie\AppData\Local\Temp\ABTIVC.exe [x]
R3 authfwco;authfwco;c:\windows\system32\DRIVERS\authfwco.sys [2009-01-27 22792]
R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]
R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-04-10 111112]
R3 BJCYIC;BJCYIC;c:\users\katie\AppData\Local\Temp\BJCYIC.exe [x]
R3 BzeekDM;BzeekDM; [x]
R3 BzeekDP;BzeekDP Drone Service; [x]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
R3 MXQPMGTP;MXQPMGTP;c:\users\katie\AppData\Local\Temp\MXQPMGTP.exe [x]
R3 RFNNBYMAJG;RFNNBYMAJG;c:\users\katie\AppData\Local\Temp\RFNNBYMAJG.exe [x]
R3 RQXHAYCE;RQXHAYCE;c:\users\katie\AppData\Local\Temp\RQXHAYCE.exe [x]
R3 UNEQYUFHTALR;UNEQYUFHTALR;c:\users\katie\AppData\Local\Temp\UNEQYUFHTALR.exe [x]
R3 VBLW;VBLW;c:\users\katie\AppData\Local\Temp\VBLW.exe [x]
R3 VNDQGKL;VNDQGKL;c:\users\katie\AppData\Local\Temp\VNDQGKL.exe [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-07-04 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-04 327688]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-04 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-03 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-03 298264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-12-10 223232]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-16 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 02:42]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 02:47]

2009-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258263905-4180165134-3641565259-1000.job
- c:\users\katie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-02 18:11]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{E26F8D07-A920-4A37-813F-CC870228C24B}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 07:33]

2009-07-02 c:\windows\Tasks\{AD8C5A98-0BF2-456F-8310-74191FB91C70}.job
- c:\program files\Skype\Phone\Skype.exe [2009-06-26 05:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.ninemsn.com.au/
mStart Page = hxxp://www.ninemsn.com.au
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 10:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
Completion time: 2009-07-04 10:25
ComboFix-quarantined-files.txt 2009-07-04 00:25
ComboFix2.txt 2009-07-03 15:07
ComboFix3.txt 2009-07-01 14:00

Pre-Run: 10,612,666,368 bytes free
Post-Run: 10,350,559,232 bytes free

443 --- E O F --- 2009-07-02 05:35

[stevennashy]

and this program info you sent wont work i tried it twice Open Notepad and copy/paste the contents in the quote box below, into Notepad.

Quote:
@echo off
for %%g in (
"C:\QooBox\Quarantine\c:\windows\Installer\6dc30e.msi.vir"
"C:\QooBox\Quarantine\c:\windows\Installer\86afa.msi.vir"
) do zip Files_for_submission %%g
del %0
Save this as steven.bat Choose to "Save type as - All Files"
It should look like this:

Double click on steven.bat & allow it to run.

This batchfile will create a zipped file on your desktop named Files_for_submission.zip
BASICALLY I CLICK IT AND IT DISSAPEARS
BUT NOTHING ELSE HAPPENS NO ZIP

[stevennashy]

here is my avg report of the rootkits now

[Ried]

Press the Windows Logo key and the letter R to open the Run command box. Copy/paste the following bolded text into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A report should pop open for you. Please post the contents in your next reply.

==================================

Please carry out the other 2 instructions in my last post.

==================================

I'd like to see another gmer scan. This time, please be sure to configure as follows:

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

• Sections
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Once done click on the [Save..] button, and in the File name area, type in "ark2.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply

[stevennashy]

here is a couple of things you want im still scanning and registry searching so shouldnt be too long now im sending the combofix quarantined files and the look.bat files that you requested the gmer and reg search r coming 2009-07-04 00:23:54 . 2009-07-04 00:23:54 490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat
2009-07-04 00:12:09 . 2009-07-04 00:12:09 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2009-07-03 03:19:48 . 2009-07-03 03:19:48 32,256 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9fb4.msi.vir
2009-07-03 03:19:47 . 2009-07-03 03:19:47 27,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9fad.msi.vir
2009-07-03 03:19:46 . 2009-07-03 03:19:46 33,280 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9fa6.msi.vir
2009-07-03 03:19:44 . 2009-07-03 03:19:44 38,912 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f9f.msi.vir
2009-07-03 03:19:41 . 2009-07-03 03:19:41 42,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f98.msi.vir
2009-07-03 03:19:40 . 2009-07-03 03:19:40 48,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f91.msi.vir
2009-07-03 03:19:37 . 2009-07-03 03:19:37 60,416 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f8a.msi.vir
2009-07-03 03:19:32 . 2009-07-03 03:19:32 1,418,240 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f83.msi.vir
2009-07-03 03:19:27 . 2009-07-03 03:19:27 55,296 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f7c.msi.vir
2009-07-03 03:19:24 . 2009-07-03 03:19:24 515,584 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f75.msi.vir
2009-07-03 03:19:20 . 2009-07-03 03:19:20 41,984 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f6e.msi.vir
2009-07-03 03:19:17 . 2009-07-03 03:19:17 41,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f67.msi.vir
2009-07-03 03:18:53 . 2009-07-03 03:18:54 24,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\c9f60.msi.vir
2009-07-02 10:10:26 . 2009-07-02 10:10:32 85,733 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\eca812ea-9d6c-ce94-7017-55171f3209e5.exe.vir
2009-07-01 13:43:54 . 2009-07-01 13:43:54 74 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_gxvxcserv.reg.dat
2009-07-01 13:42:54 . 2009-07-01 13:42:54 802 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2009-07-01 13:42:53 . 2009-07-01 13:42:53 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2009-07-01 13:41:44 . 2009-07-04 00:20:28 7,355 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-07-01 12:51:30 . 2009-07-01 13:19:47 682 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_GXVXCSERV.SYS.reg.dat
2009-07-01 12:51:17 . 2009-07-01 12:51:17 65,085 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\_SKYNETvwkcbvei_.sys.zip
2009-07-01 12:51:14 . 2009-07-03 14:55:11 74 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SKYNETptppveur.reg.dat
2009-07-01 12:47:43 . 2009-07-04 00:10:24 634 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-06-27 08:11:46 . 2009-07-03 11:19:19 93 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SKYNETcjigynvx.dat.vir
2009-06-27 08:09:03 . 2009-07-03 11:19:19 170,011 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SKYNETiqtnvymn.dat.vir
2009-06-27 08:09:02 . 2009-06-27 08:09:02 43,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SKYNETwscspcsd.dll.vir
2009-06-27 08:09:02 . 2009-07-01 12:51:19 68,096 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\SKYNETvwkcbvei.sys.vir
2009-06-13 22:03:40 . 2009-06-13 22:03:40 1,372 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Hw9AM.vbs.vir
2009-06-13 22:03:25 . 2009-06-13 22:03:45 11 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d609S.manifest.vir
2009-06-13 22:03:25 . 2009-06-14 03:58:30 516 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d609O.manifest.vir
2009-06-13 22:03:25 . 2009-06-14 03:58:40 5,493 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d609C.manifest.vir
2009-06-13 22:03:25 . 2009-06-14 05:32:31 1,813 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d609P.manifest.vir
2009-06-13 22:03:24 . 2009-06-13 22:03:24 1,372 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\qj4f6op.vbs.vir
2009-06-13 21:10:40 . 2009-06-13 21:10:40 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\npf.sys.vir
2009-06-13 21:10:40 . 2009-06-13 21:10:40 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\packet.dll.vir
2009-06-13 21:10:40 . 2009-06-13 21:10:40 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wpcap.dll.vir
2009-05-29 06:48:13 . 2009-05-29 06:48:13 32,256 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc30e.msi.vir
2009-05-29 06:48:12 . 2009-05-29 06:48:12 27,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc307.msi.vir
2009-05-29 06:48:10 . 2009-05-29 06:48:10 33,280 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc300.msi.vir
2009-05-29 06:48:08 . 2009-05-29 06:48:08 38,912 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2f9.msi.vir
2009-05-29 06:48:06 . 2009-05-29 06:48:07 42,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2f2.msi.vir
2009-05-29 06:48:03 . 2009-05-29 06:48:03 48,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2eb.msi.vir
2009-05-29 06:48:00 . 2009-05-29 06:48:00 60,416 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2e4.msi.vir
2009-05-29 06:47:54 . 2009-05-29 06:47:54 1,418,240 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2dd.msi.vir
2009-05-29 06:47:48 . 2009-05-29 06:47:48 55,296 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2d6.msi.vir
2009-05-29 06:47:45 . 2009-05-29 06:47:45 515,584 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2cf.msi.vir
2009-05-29 06:47:42 . 2009-05-29 06:47:42 41,984 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2c8.msi.vir
2009-05-29 06:47:37 . 2009-05-29 06:47:37 41,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2c1.msi.vir
2009-05-29 06:47:18 . 2009-05-29 06:47:18 24,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\6dc2ba.msi.vir
2009-05-13 12:08:09 . 2009-05-14 00:27:44 4,762 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\DKkTvyxx.ini2.vir
2009-05-13 12:08:09 . 2009-05-14 00:27:55 4,940 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\DKkTvyxx.ini.vir
2009-05-12 08:22:18 . 2009-05-12 08:22:18 32,256 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825f6.msi.vir
2009-05-12 08:22:17 . 2009-05-12 08:22:17 27,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825f0.msi.vir
2009-05-12 08:22:16 . 2009-05-12 08:22:16 33,280 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825ea.msi.vir
2009-05-12 08:22:14 . 2009-05-12 08:22:14 38,912 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825e4.msi.vir
2009-05-12 08:22:12 . 2009-05-12 08:22:12 42,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825de.msi.vir
2009-05-12 08:22:11 . 2009-05-12 08:22:11 48,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825d8.msi.vir
2009-05-12 08:22:07 . 2009-05-12 08:22:07 60,416 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825d2.msi.vir
2009-05-12 08:22:00 . 2009-05-12 08:22:00 1,418,240 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825cc.msi.vir
2009-05-12 08:21:54 . 2009-05-12 08:21:54 55,296 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825c6.msi.vir
2009-05-12 08:21:50 . 2009-05-12 08:21:50 515,584 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825c0.msi.vir
2009-05-12 08:21:48 . 2009-05-12 08:21:48 41,984 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825ba.msi.vir
2009-05-12 08:21:41 . 2009-05-12 08:21:41 41,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825b4.msi.vir
2009-05-12 08:21:29 . 2009-05-12 08:21:29 24,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\825ae.msi.vir
2009-05-08 22:24:53 . 2009-05-08 22:24:53 42,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\1115c6.msi.vir
2009-05-01 16:31:41 . 2009-05-01 16:31:41 32,256 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86b0c.msi.vir
2009-05-01 16:31:36 . 2009-05-01 16:31:36 27,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86b06.msi.vir
2009-05-01 16:31:32 . 2009-05-01 16:31:32 33,280 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86b00.msi.vir
2009-05-01 16:31:28 . 2009-05-01 16:31:29 38,912 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86afa.msi.vir
2009-05-01 16:31:24 . 2009-05-01 16:31:24 48,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86af4.msi.vir
2009-05-01 16:31:20 . 2009-05-01 16:31:20 60,416 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86aee.msi.vir
2009-05-01 16:31:10 . 2009-05-01 16:31:10 1,418,240 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86ae8.msi.vir
2009-05-01 16:31:01 . 2009-05-01 16:31:01 55,296 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86ae2.msi.vir
2009-05-01 16:30:58 . 2009-05-01 16:30:58 515,584 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86adc.msi.vir
2009-05-01 16:30:53 . 2009-05-01 16:30:53 41,984 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86ad6.msi.vir
2009-05-01 16:30:49 . 2009-05-01 16:30:49 41,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86ad0.msi.vir
2009-05-01 16:30:35 . 2009-05-01 16:30:35 24,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\86aca.msi.vir
2009-04-15 01:48:29 . 2009-04-15 01:48:29 1,372 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\JivZe0wYPBrBS.vbs.vir
2009-04-15 00:59:21 . 2009-04-15 00:59:21 1,372 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\oJInDjr.vbs.vir
2009-04-14 11:43:47 . 2009-04-14 11:43:47 1,372 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\0ArLY.vbs.vir
2009-04-14 09:41:24 . 2009-04-14 09:41:24 1,372 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\QdjcY.vbs.vir
2009-04-14 09:40:40 . 2009-04-15 08:12:55 11 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d577S.manifest.vir
2009-04-14 09:40:40 . 2009-04-15 08:12:48 11 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d577O.manifest.vir
2009-04-14 09:40:40 . 2009-04-15 08:12:55 5,737 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d577C.manifest.vir
2009-04-14 09:40:40 . 2009-04-15 08:12:55 1,248 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d577P.manifest.vir
2009-04-14 09:40:29 . 2009-04-14 09:40:29 1,372 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\209MfWYV8rHeW.vbs.vir
2009-04-09 17:42:53 . 2009-04-09 17:43:06 11,672,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\21f1ac.msi.vir
2009-04-06 00:33:43 . 2009-04-06 00:33:43 9,229 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Local\{464F936D-2CD0-48EC-B9AE-3B6BF856CFC8}\chrome\content\overlay.xul.vir
2009-04-06 00:33:43 . 2009-04-06 00:33:43 3,323 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Local\{464F936D-2CD0-48EC-B9AE-3B6BF856CFC8}\chrome\content\c.js.vir
2009-04-06 00:33:43 . 2009-04-06 00:33:44 2,127 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Local\{464F936D-2CD0-48EC-B9AE-3B6BF856CFC8}\chrome\content\_cfg.js.vir
2009-04-06 00:33:43 . 2009-04-06 00:33:43 770 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Local\{464F936D-2CD0-48EC-B9AE-3B6BF856CFC8}\install.rdf.vir
2009-04-06 00:33:43 . 2009-04-06 00:33:43 120 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Local\{464F936D-2CD0-48EC-B9AE-3B6BF856CFC8}\chrome.manifest.vir
2009-04-04 21:54:28 . 2009-04-04 21:54:28 1,418 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\GroupPolicy000.dat.vir
2009-04-04 13:46:51 . 2009-04-04 13:46:51 615 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\bLJ2yca.vbs.vir
2009-04-04 13:44:24 . 2009-04-04 13:44:24 615 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\F7DE5DiGUwKaCqE.vbs.vir
2009-04-04 12:45:13 . 2009-04-04 12:45:13 615 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Kv8kuA3.vbs.vir
2009-04-04 12:44:37 . 2009-04-06 12:42:03 11 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d573S.manifest.vir
2009-04-04 12:44:37 . 2009-04-06 12:42:11 408 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d573O.manifest.vir
2009-04-04 12:44:37 . 2009-04-06 12:42:03 5,737 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d573C.manifest.vir
2009-04-04 12:44:37 . 2009-04-06 18:07:47 1,770 ----a-w- C:\Qoobox\Quarantine\C\Users\katie\AppData\Roaming\0200000041d5b95d573P.manifest.vir
2009-04-04 12:44:35 . 2009-04-04 12:44:35 615 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\to3YJ.vbs.vir
2009-04-03 09:29:14 . 2009-04-03 09:29:15 1,378,304 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\11f8206.msi.vir
2009-04-02 20:41:26 . 2009-04-02 20:41:26 185 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\msblcd32.dll.vir
2001-01-10 12:29:57 . 2001-01-10 12:29:57 7,726,592 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\b952b.msi.vir

[Ried]

My mistake on the syntax in that batch file, sorry about that. Copy/paste the following into Notepad, and same as before, save as steven.bat and as type 'All Files'.

Quote:

@echo off
for %%g in (
"C:\QooBox\Quarantine\c\windows\Installer\6dc30e.msi.vir"
"C:\QooBox\Quarantine\c\windows\Installer\86afa.msi.vir"
) do zip Files_for_submission %%g
del %0

Then please upload the zipped file it created, here

[stevennashy]

and her are the other two gmer and regsearch results
and im so sorry for not unticking show all on gmer i must of miss read wat you said before here is a proper one this time i hope lol
i think thats everything you have asked for so far please let me know if it isnt...
and once again i had to zip the ark2.txt sorry for any incovenience

[stevennashy]

and it worked this time im sending it now

[stevennashy]

the file was succesfully sent to bleeping computer just thought id let you know

[Ried]

File received, thank you.

Were you able to get this log for me?

Open Notepad and copy/paste the contents in the code box below, into Notepad.

Quote:

@SWREG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData /s >Log.txt
@Notepad Log.txt
@DEL %0

Save this as look.bat Choose to "Save type as - All Files"
It should look like this:

Double click on look.bat & allow it to run. A log.txt will pop open, please be patient. The file will appear on your desktop. Right click the file and select Send To>Compressed (zipped file) and attach that zipped file in your next reply.

[stevennashy]

i already sent it a couple of messages up