Computer Hope
Software => Computer viruses and spyware => Topic started by: BeigeCat on October 09, 2008, 04:12:55 PM
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:23 PM, on 09/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.trivium.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {70BC9B99-5802-4523-8B5E-519F3AF61828} - C:\WINDOWS\system32\hgGvwvWp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {6366459B-45A6-489C-9726-429617BB05C2} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://my-remote.johnsoncontrols.com/https/jwimkns9.na.jci.com/iNotes6W.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F977E961-BC9E-4B91-ACF8-468E1CC224DD} (FixUpdate Class) - http://69.59.149.193:82/enzf/TqUpdate_Release.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll pclgna.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addpf.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11381 bytes
-
Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.1.2600 Service Pack 2
09/10/2008 4:54:55 PM
mbam-log-2008-10-09 (16-54-55).txt
Scan type: Quick Scan
Objects scanned: 50590
Time elapsed: 4 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 17
Registry Values Infected: 22
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 23
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\yqcbwter.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{498d8d78-8573-4253-be8c-2ca89b464b8d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhxvwq (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{498d8d78-8573-4253-be8c-2ca89b464b8d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8792432c-f034-4f85-990c-b6d3cc1c51ac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8792432c-f034-4f85-990c-b6d3cc1c51ac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qaccess.tchongabho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.baok (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8651dc6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ehceb1atnj (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur54.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur55.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur56.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur57.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur54.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur55.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur56.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur57.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\lfstbwvd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qmafxprs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ANTIVIRUS (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0011903-00133) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\rqRHxvWQ.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pclgna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yqcbwter.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\retwbcqy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\jkrwpezq\nqrmfole.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\ealf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysem.exe (Worm.SdBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Desktop\BEST BDSM PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Desktop\GAY FETISH SEX.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Desktop\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Desktop\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Desktop\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ash Lattanzi\Local Settings\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSerrors.log (Trojan.TDSS) -> Quarantined and deleted successfully.
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/09/2008 at 04:32 PM
Application Version : 4.21.1004
Core Rules Database Version : 3593
Trace Rules Database Version: 1580
Scan type : Complete Scan
Total Scan Time : 00:44:43
Memory items scanned : 465
Memory threats detected : 0
Registry items scanned : 5819
Registry threats detected : 94
File items scanned : 33510
File threats detected : 46
Parasite.CoolWebSearch Variant
HKLM\Software\Classes\CLSID\{9D3DCB85-C38C-2CD8-1768-75E8BDB64A72}
HKLM\Software\Classes\CLSID\{AF451484-05EA-655A-4EE7-4B4F9A677388}
HKLM\Software\Classes\CLSID\{B03430E3-E090-8CBB-E139-B55E6B313D07}
HKLM\Software\Classes\CLSID\{B8E989AC-570B-BFD4-F982-B6FA8BC18348}
HKLM\Software\Classes\CLSID\{E18E7A68-3ADC-95BD-23E5-697B5C7438E7}
HKLM\Software\Classes\CLSID\{EFBFBA2F-CC59-CEAD-D6D0-CD413F205910}
HKLM\Software\Classes\CLSID\{F01F499F-477F-58D2-D5A4-5627210822BF}
HKCR\CLSID\{9D3DCB85-C38C-2CD8-1768-75E8BDB64A72}
HKCR\CLSID\{9D3DCB85-C38C-2CD8-1768-75E8BDB64A72}\Data
HKCR\CLSID\{AF451484-05EA-655A-4EE7-4B4F9A677388}
HKCR\CLSID\{AF451484-05EA-655A-4EE7-4B4F9A677388}\Data
HKCR\CLSID\{B03430E3-E090-8CBB-E139-B55E6B313D07}
HKCR\CLSID\{B03430E3-E090-8CBB-E139-B55E6B313D07}\Data
HKCR\CLSID\{B8E989AC-570B-BFD4-F982-B6FA8BC18348}
HKCR\CLSID\{B8E989AC-570B-BFD4-F982-B6FA8BC18348}\Data
HKCR\CLSID\{E18E7A68-3ADC-95BD-23E5-697B5C7438E7}
HKCR\CLSID\{E18E7A68-3ADC-95BD-23E5-697B5C7438E7}\Data
HKCR\CLSID\{EFBFBA2F-CC59-CEAD-D6D0-CD413F205910}
HKCR\CLSID\{EFBFBA2F-CC59-CEAD-D6D0-CD413F205910}\Data
HKCR\CLSID\{F01F499F-477F-58D2-D5A4-5627210822BF}
HKCR\CLSID\{F01F499F-477F-58D2-D5A4-5627210822BF}\Data
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{B89A9C19-6168-604D-2FF8-CB8455B6D319}
HKLM\Software\Classes\CLSID\{D9E4FCE9-DD60-AD26-B07D-BFB00720C50B}
HKLM\Software\Classes\CLSID\{E20A03B0-E8BF-E901-3BC0-4FA42916EF31}
HKLM\Software\Classes\CLSID\{FC97DD7A-EAF3-5C15-ED04-6CBD8788DF3C}
HKCR\CLSID\{E20A03B0-E8BF-E901-3BC0-4FA42916EF31}
HKCR\CLSID\{E20A03B0-E8BF-E901-3BC0-4FA42916EF31}\Data
HKCR\CLSID\{B89A9C19-6168-604D-2FF8-CB8455B6D319}
HKCR\CLSID\{B89A9C19-6168-604D-2FF8-CB8455B6D319}\Data
HKCR\CLSID\{D9E4FCE9-DD60-AD26-B07D-BFB00720C50B}
HKCR\CLSID\{D9E4FCE9-DD60-AD26-B07D-BFB00720C50B}\Data
HKCR\CLSID\{FC97DD7A-EAF3-5C15-ED04-6CBD8788DF3C}
HKCR\CLSID\{FC97DD7A-EAF3-5C15-ED04-6CBD8788DF3C}\Data
Spyware.WebSearch (WinTools/HuntBar)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183}
C:\Program Files\Common Files\WinTools\rmhgxlmu.wzg
C:\Program Files\Common Files\WinTools\WToolsC.cfg
C:\Program Files\Common Files\WinTools\WToolsD.cfg
C:\Program Files\Common Files\WinTools\WToolsP.cfg
C:\Program Files\Common Files\WinTools\WToolsR.cfg
C:\Program Files\Common Files\WinTools\WToolsU.cfg
C:\Program Files\Common Files\WinTools
HKU\S-1-5-21-3513752564-1149034596-958856376-1005\Software\WinTools
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc
Trojan.Net-MSV/VPS-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}
HKCR\CLSID\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}
HKCR\CLSID\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}
HKCR\CLSID\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}\InprocServer32
HKCR\CLSID\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}\InprocServer32#ThreadingModel
HKCR\CLSID\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}\ProgID
HKCR\CLSID\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}\Programmable
HKCR\CLSID\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}\TypeLib
HKCR\CLSID\{F8DE4182-0328-438E-B5EC-0A5F5E57FA2E}\VersionIndependentProgID
HKCR\QXK.Olive
HKCR\TypeLib\{FEC11AA8-D826-4562-9223-A9A901A06B56}
HKCR\TypeLib\{FEC11AA8-D826-4562-9223-A9A901A06B56}\1.0
HKCR\TypeLib\{FEC11AA8-D826-4562-9223-A9A901A06B56}\1.0\0
HKCR\TypeLib\{FEC11AA8-D826-4562-9223-A9A901A06B56}\1.0\0\win32
HKCR\TypeLib\{FEC11AA8-D826-4562-9223-A9A901A06B56}\1.0\FLAGS
HKCR\TypeLib\{FEC11AA8-D826-4562-9223-A9A901A06B56}\1.0\HELPDIR
C:\WINDOWS\VORTSGBQTPR.DLL
HKCR\Interface\{73E37705-8560-4541-A9DB-C8DE64D7CD00}
HKCR\Interface\{73E37705-8560-4541-A9DB-C8DE64D7CD00}\ProxyStubClsid
HKCR\Interface\{73E37705-8560-4541-A9DB-C8DE64D7CD00}\ProxyStubClsid32
HKCR\Interface\{73E37705-8560-4541-A9DB-C8DE64D7CD00}\TypeLib
HKCR\Interface\{73E37705-8560-4541-A9DB-C8DE64D7CD00}\TypeLib#Version
HKCR\Interface\{AFE3DAB2-8795-45E5-BF5B-89F21F7FEBA0}
HKCR\Interface\{AFE3DAB2-8795-45E5-BF5B-89F21F7FEBA0}\ProxyStubClsid
HKCR\Interface\{AFE3DAB2-8795-45E5-BF5B-89F21F7FEBA0}\ProxyStubClsid32
HKCR\Interface\{AFE3DAB2-8795-45E5-BF5B-89F21F7FEBA0}\TypeLib
HKCR\Interface\{AFE3DAB2-8795-45E5-BF5B-89F21F7FEBA0}\TypeLib#Version
Adware.Tracking Cookie
C:\Documents and Settings\Ash Lattanzi\Cookies\ash_lattanzi@clickbank[2].txt
C:\Documents and Settings\Ash Lattanzi\Cookies\[email protected][1].txt
Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id
HKU\S-1-5-21-3513752564-1149034596-958856376-1005\Software\WhenU
C:\Documents and Settings\Ash Lattanzi\Start Menu\Programs\WhenU\Learn More About Save!.url
C:\Documents and Settings\Ash Lattanzi\Start Menu\Programs\WhenU\Learn More About SaveNow.url
C:\Documents and Settings\Ash Lattanzi\Start Menu\Programs\WhenU\WhenU.com Website.url
C:\Documents and Settings\Ash Lattanzi\Start Menu\Programs\WhenU
Adware.Avenue Media/Internet Optimizer
HKU\S-1-5-21-3513752564-1149034596-958856376-1005\Software\Avenue Media
HKLM\Software\Avenue Media
HKLM\Software\Avenue Media\Internet Optimizer
HKLM\Software\Avenue Media\Internet Optimizer#TargetDir
HKLM\Software\Avenue Media\Internet Optimizer#CLS
HKLM\Software\Avenue Media\Internet Optimizer#RID
HKLM\Software\Avenue Media\Internet Optimizer#Version
HKLM\Software\Avenue Media\Internet Optimizer#TAC
HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited
HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval
HKU\S-1-5-21-3513752564-1149034596-958856376-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKU\S-1-5-21-3513752564-1149034596-958856376-1005\SOFTWARE\Policies\Avenue Media
HKLM\SOFTWARE\Policies\Avenue Media
Trojan.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A34FA88D-8437-4634-8A60-E913011EF2E5}
C:\WINDOWS\SYSTEM32\1.ICO
C:\WINDOWS\SYSTEM32\2.ICO
C:\X
Trojan.Media-Codec
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter
Trojan.DNSChanger-Codec
HKU\S-1-5-21-3513752564-1149034596-958856376-1005\Software\uninstall
Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
Rootkit.Unclassified/KR_Done
C:\WINDOWS\system32\vx.tll
Rogue.AntiVirus 2008
HKU\S-1-5-21-3513752564-1149034596-958856376-1005\Software\Microsoft\Windows\CurrentVersion\Run#Antivirus [ C:\Program Files\VAV\vav.exe ]
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
Rogue.UltimateAntiVirus
C:\Program Files\VAV\vav.ooo
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\Program Files\VAV
Trojan.Unclassified/GTS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C1BA3EC0-6DD3-4C77-9BE2-2E0F8E04EC34}\RP1117\A0266193.DLL
Trojan.Dropper/Gen
C:\WINDOWS\QKEFTMXN.EXE
Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\ATLEB.EXE
C:\WINDOWS\SYSTEM32\CRSN32.EXE
C:\WINDOWS\SYSTEM32\D3QW.EXE
C:\WINDOWS\SYSTEM32\MSNQ32.EXE
Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\CKAPVAPA.DLL
C:\WINDOWS\SYSTEM32\JLKKKXXB.DLL
C:\WINDOWS\SYSTEM32\TTRGII.DLL
-
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
- O2 - BHO: (no name) - {70BC9B99-5802-4523-8B5E-519F3AF61828} - C:\WINDOWS\system32\hgGvwvWp.dll (file missing)
- O3 - Toolbar: (no name) - {6366459B-45A6-489C-9726-429617BB05C2} - (no file)
- O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
- O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
- O20 - AppInit_DLLs: avgrsstx.dll pclgna.dll
- O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addpf.exe (file missing)
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis.
----------
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
File::
C:\WINDOWS\system32\addpf.exe
C:\WINDOWS\system32\hgGvwvWp.dll
c:\windows\system32\drivers\uzcx.exe
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
Ok, I ran HJT and fixed those files you listed.
I saved ComboFix to my desktop and created the notepad file exactly as stated.
When I drag the notepad file onto ComboFix and release, I get a Run / Cancel prompt window saying that the publisher could not be verfied. I click Run and the progress bar for ComboFix starts and completes but I get no log file or anything else when it is done.
-
Go to Start > Run and then type combofix.txt and click OK
If a log pops up then post it here.
Let me know...
-
Nothing comes up except a window saying Windows cannot find the file.
I also ran a search for combofix.txt and no results came up.
-
OK just run ComboFix then.
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
-
Ok I disabled my antivrus programs and tried running combofix again and still I get nothing.
I followed the instructionds here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and got as far as Windows Open File Security Warning. After I hit Run a progress bar starts on my screen and then nothing. Those blue prompt screens never show up.
Am I missing something? I tried re downloading it from all 3 of the links provided in that thread as well but that didn't change anything.
-
Try this.
Go to Start > Run and copy/paste in the following:
"%userprofile%\desktop\combofix.exe" /killall
Press Enter and Combofix will begin to run.
When finished, it will produce a log file located at C:\ComboFix.txt
Post the contents of that log in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall.
-
Same thing. Maybe there is something wrong with combofix.
I clicked on the link, saved it to my desktop then proceeded to run it.
-
OK forget ComboFix for now, we will use another tool instead.
Download random's system information tool (RSIT) (http://images.malwareremoval.com/random/RSIT.exe) by random/random from and save it to your Desktop.
- Double click on RSIT.exe to run.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open.
- log.txt <will be maximized and info.txt <will be minimized
- Please post the contents of both logs in the next reply.
-
info.txt logfile of random's system information tool 1.04 2008-10-09 22:39:35
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Ahead InCD EasyWrite Reader-->C:\WINDOWS\unmrw.exe /UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 0.70-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Conquer 2.0-->C:\Program Files\InstallShield Installation Information\{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}\setup.exe -runfromtemp -l0x0009 -removeonly
DAO 3.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Your Company\DAO 3.5\Uninst.isu"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
NTI DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D31612BB-C6D7-4142-96AE-16DB062354CF}\Setup.exe" -l0x9
NTI DVD-Maker Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PartyPokerNet-->"C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Program Files\PartyGaming.Net\PartyPokerNet\install.log"
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Risk II (remove only)-->"C:\Program Files\Games\Risk II\Uninstall.exe"
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
-
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls-->MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Wrath of the Lich King Beta-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe
=====HijackThis Backups=====
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O2 - BHO: (no name) - {70BC9B99-5802-4523-8B5E-519F3AF61828} - C:\WINDOWS\system32\hgGvwvWp.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll pclgna.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
O3 - Toolbar: (no name) - {6366459B-45A6-489C-9726-429617BB05C2} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addpf.exe (file missing)
Hosts File Missing
-
Gonna take about 4 posts or so to get the log file in so give me a couple mins.
-
Logfile of random's system information tool 1.04 (written by random/random)
Run by Ash Lattanzi at 2008-10-09 22:39:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 84 GB (55%) free of 153 GB
Total RAM: 1023 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:47 PM, on 09/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Ash Lattanzi\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ash Lattanzi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.trivium.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://my-remote.johnsoncontrols.com/https/jwimkns9.na.jci.com/iNotes6W.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F977E961-BC9E-4B91-ACF8-468E1CC224DD} (FixUpdate Class) - http://69.59.149.193:82/enzf/TqUpdate_Release.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addpf.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11033 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-08 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-08 2055960]
-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-08-26 45056]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-26 67584]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-23 53408]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-01-15 180269]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-08 1234712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ares"=C:\Program Files\Ares\Ares.exe -h []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-24 68856]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{498D8D78-8573-4253-BE8C-2CA89B464B8D}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\hgGvwvWp
"notification packages"=
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"NoToolbarCustomize"=0
"NoSetFolders"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\qcSoft.exe"="D:\qcSoft.exe:*:Enabled:QC Testing Software"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\National Instruments\LabVIEW 7.0\LabVIEW.exe"="C:\Program Files\National Instruments\LabVIEW 7.0\LabVIEW.exe:*:Enabled:LabVIEW 7.0 Development System"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2008-10-09 22:39:21 ----D---- C:\rsit
2008-10-09 19:15:35 ----RASH---- C:\BOOT.BAK
2008-10-09 19:15:21 ----RSHD---- C:\cmdcons
2008-10-09 19:15:21 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-09 19:15:19 ----D---- C:\WINDOWS\setup.pss
2008-10-09 19:15:09 ----D---- C:\WINDOWS\setupupd
2008-10-09 18:37:04 ----A---- C:\Bug.txt
2008-10-09 18:37:03 ----A---- C:\WINDOWS\system32\cmd.execf
2008-10-09 18:36:56 ----D---- C:\32788R22FWJFW
2008-10-09 17:13:00 ----D---- C:\Program Files\Trend Micro
2008-10-09 17:10:15 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-09 17:10:15 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-09 17:10:15 ----A---- C:\WINDOWS\system32\java.exe
2008-10-09 17:09:32 ----D---- C:\Program Files\Java
2008-10-09 17:09:30 ----D---- C:\Program Files\Common Files\Java
2008-10-09 17:08:46 ----D---- C:\Documents and Settings\Ash Lattanzi\Application Data\Sun
2008-10-09 16:42:54 ----D---- C:\Documents and Settings\Ash Lattanzi\Application Data\Malwarebytes
2008-10-09 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-09 16:42:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 10:45:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-09 10:45:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-09 10:45:24 ----D---- C:\Documents and Settings\Ash Lattanzi\Application Data\SUPERAntiSpyware.com
2008-10-09 09:59:25 ----D---- C:\Program Files\CCleaner
2008-10-08 20:21:25 ----HD---- C:\$AVG8.VAULT$
2008-10-08 20:14:10 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-08 20:13:29 ----D---- C:\Documents and Settings\Ash Lattanzi\Application Data\AVGTOOLBAR
2008-10-08 20:13:16 ----D---- C:\Program Files\AVG
2008-10-08 20:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-08 20:12:42 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-08 19:50:13 ----SH---- C:\WINDOWS\system32\dyvkpffc.ini
2008-10-08 19:48:40 ----A---- C:\WINDOWS\system32\c346d9b8-.txt
2008-10-08 19:46:26 ----ASH---- C:\WINDOWS\system32\pWvwvGgh.ini2
2008-10-08 19:46:25 ----ASH---- C:\WINDOWS\system32\pWvwvGgh.ini
2008-10-08 17:26:43 ----D---- C:\Documents and Settings\Ash Lattanzi\Application Data\TmpRecentIcons
2008-10-08 17:26:40 ----D---- C:\Documents and Settings\All Users\Application Data\jkrwpezq
2008-10-08 17:26:12 ----D---- C:\Documents and Settings\Ash Lattanzi\Application Data\sp2
2008-10-08 17:19:54 ----D---- C:\WINDOWS\Prefetch
2008-10-08 16:59:33 ----D---- C:\WINDOWS\system32\scripting
2008-10-08 16:59:32 ----D---- C:\WINDOWS\system32\en
2008-10-08 16:59:32 ----D---- C:\WINDOWS\system32\bits
2008-10-08 16:59:32 ----D---- C:\WINDOWS\l2schemas
2008-10-08 16:54:37 ----A---- C:\WINDOWS\system32\sprecovr.exe
2008-10-08 16:51:11 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2008-10-08 16:51:10 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2008-10-08 16:51:10 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\wmpasf.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\wmp.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\wmidx.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\wmerror.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2008-10-08 16:51:09 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2008-10-08 16:51:08 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2008-10-08 16:51:08 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2008-10-08 16:51:08 ----A---- C:\WINDOWS\system32\ir50_32.dll
2008-10-08 16:51:08 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2008-10-08 16:51:08 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2008-10-08 16:51:07 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-08 16:51:07 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-10-08 16:51:07 ----A---- C:\WINDOWS\system32\verclsid.exe
2008-10-08 16:51:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-08 16:51:07 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-08 16:51:07 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\pidgen.dll
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\logman.exe
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\kbdukx.dll
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\encdec.dll
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\dsprpres.dll
2008-10-08 16:51:05 ----A---- C:\WINDOWS\system32\dpcdll.dll
2008-10-08 16:51:04 ----A---- C:\WINDOWS\system32\w3ssl.dll
2008-10-08 16:51:04 ----A---- C:\WINDOWS\system32\p2psvc.dll
2008-10-08 16:51:04 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2008-10-08 16:51:04 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2008-10-08 16:51:04 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-08 16:51:04 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-08 16:51:03 ----A---- C:\WINDOWS\system32\msftedit.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\xmlprov.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\wshbth.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\twext.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\sbeio.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\sbe.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\mssap.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\msdadiag.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\httpapi.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\hccoin.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\fwcfg.dll
2008-10-08 16:51:02 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\winshfhc.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\p2p.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\encapi.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\btpanui.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\bthserv.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\bthci.dll
2008-10-08 16:51:01 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\xpob2res.dll
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\strmfilt.dll
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\kbdno1.dll
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\kbdinben.dll
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-10-08 16:51:00 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-10-08 16:50:37 ----A---- C:\WINDOWS\winhlp32.exe
2008-10-08 16:50:37 ----A---- C:\WINDOWS\twain_32.dll
2008-10-08 16:50:37 ----A---- C:\WINDOWS\regedit.exe
2008-10-08 16:50:37 ----A---- C:\WINDOWS\hh.exe
2008-10-08 16:50:37 ----A---- C:\WINDOWS\explorer.exe
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\adsnt.dll
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\adsmsext.dll
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\adsldpc.dll
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\adsldp.dll
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\actxprxy.dll
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\activeds.dll
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\aclui.dll
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-08 16:50:35 ----A---- C:\WINDOWS\system32\6to4svc.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\authz.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\audiosrv.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\attrib.exe
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\atmlib.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\atmfd.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\atl.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\at.exe
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\asycfilt.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\asferror.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\apphelp.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\amstream.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\alrsvc.dll
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\alg.exe
2008-10-08 16:50:34 ----A---- C:\WINDOWS\system32\ahui.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\davclnt.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\datime.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\dataclen.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\danim.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\csrss.exe
-
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cscui.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cscript.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cscdll.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cryptui.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cryptnet.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cryptext.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cryptdll.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\credui.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\corpol.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\conime.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\comres.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\compstui.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\compatui.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cmutil.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cmdial32.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\clusapi.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cliconfg.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\ciodm.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cic.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cewmdm.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\certmgr.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\certcli.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cdosys.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\camocx.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cabview.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\cabinet.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\browsewm.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\browseui.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\browser.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\browselc.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\blackbox.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\bidispl.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\batmeter.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\basesrv.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\avifil32.dll
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-10-08 16:50:33 ----A---- C:\WINDOWS\system32\autofmt.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmutil.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmserver.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmime.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmband.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dispex.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dinput8.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dinput.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\digest.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\diantz.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dgnet.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dfrgui.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\devmgr.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\devenum.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\defrag.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dciman32.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2008-10-08 16:50:32 ----A---- C:\WINDOWS\system32\dbghelp.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-10-08 16:50:31 ----A---- C:\WINDOWS\system32\docprop2.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\es.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\ersvc.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\els.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dxmasf.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\duser.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dswave.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dsuiext.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dssenh.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dssec.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dsquery.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dsprop.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dsound.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dskquota.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\ds32gt.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\drprov.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\drmstor.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\drmclien.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-10-08 16:50:30 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\kbdnec.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\jscript.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ixsso.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\itss.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\itircl.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ippromon.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\input.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\initpki.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\inetppui.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\inetpp.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\inetmib1.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\imm32.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\imjp81k.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\imeshare.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\imapi.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\ifmon.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\idq.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\icmp.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\icm32.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\iccvid.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\iasrad.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\htui.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\hotplug.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\hlink.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\hid.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\help.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\glu32.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\framebuf.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\fontview.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\fontext.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\findstr.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\filemgmt.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\feclient.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\faultrep.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\exts.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\eventlog.dll
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-10-08 16:50:29 ----A---- C:\WINDOWS\system32\esent.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\mciavi32.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\mcastmib.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\makecab.exe
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\magnify.exe
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\lsass.exe
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\lprhelp.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\lpk.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\logonui.exe
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\logagent.exe
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\localui.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\localsec.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\loadperf.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\lmrt.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\linkinfo.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\licdll.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\laprxy.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\ksuser.dll
-
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\keymgr.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\kerberos.dll
2008-10-08 16:50:28 ----A---- C:\WINDOWS\system32\kd1394.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\miglibnt.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\midimap.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mfc42.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mdminst.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mciwave.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mciseq.dll
2008-10-08 16:50:27 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\msacm32.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mprapi.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mpr.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\moricons.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\more.com
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\modemui.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mobsync.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mmcshext.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mmcbase.dll
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mmc.exe
2008-10-08 16:50:26 ----A---- C:\WINDOWS\system32\mlang.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\msctfp.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\msctf.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\mscms.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\msasn1.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\msapsspc.dll
2008-10-08 16:50:25 ----A---- C:\WINDOWS\system32\msafd.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msimg32.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msihnd.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msieftp.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msidle.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msident.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msi.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msgina.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-10-08 16:50:24 ----A---- C:\WINDOWS\system32\msdart.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msscp.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msrle32.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msprivs.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\mspmsp.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\mspatcha.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msorcl32.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msorc32r.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msnsspc.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msnetobj.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\mslbui.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msisip.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msimtf.dll
2008-10-08 16:50:23 ----A---- C:\WINDOWS\system32\msimsg.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msxml2.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msxml.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\mswmdm.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msvidctl.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msvfw32.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msvcrt.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msvcp60.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msvcirt.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2008-10-08 16:50:22 ----A---- C:\WINDOWS\system32\msutb.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\netid.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\netdde.exe
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\netcfgx.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\net1.exe
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\net.exe
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\nddenb32.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\nddeapi.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\narrator.exe
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\mydocs.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-10-08 16:50:21 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\ntlanman.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\npptools.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\notepad.exe
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\nlhtml.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\newdev.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netui1.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netui0.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netstat.exe
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netshell.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netsh.exe
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netsetup.exe
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netrap.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netplwiz.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netman.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\system32\netlogon.dll
2008-10-08 16:50:20 ----A---- C:\WINDOWS\notepad.exe
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\odbc32.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\objsel.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\oakley.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\ntshrui.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2008-10-08 16:50:19 ----A---- C:\WINDOWS\system32\ntmarta.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\pautoenr.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\packager.exe
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\osuninst.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\osk.exe
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\opengl32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\olepro32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\oleprn.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\ole32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\offfilt.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odtext32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odpdx32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odfox32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odexl32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\oddbse32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbctrac.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbcji32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbcint.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbccu32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbccr32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbccp32.dll
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-10-08 16:50:18 ----A---- C:\WINDOWS\system32\odbcconf.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\psbase.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\psapi.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\proquota.exe
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\progman.exe
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\profmap.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\powrprof.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\polstore.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\pjlmon.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\ping.exe
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\pid.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\photowiz.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\perfproc.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\perfos.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\perfdisk.dll
2008-10-08 16:50:17 ----A---- C:\WINDOWS\system32\pdh.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\rastls.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\rassapi.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\rasppp.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\rasmans.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\raschap.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\query.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\quartz.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
-
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\qedit.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\qdv.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\qcap.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\qasf.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2008-10-08 16:50:16 ----A---- C:\WINDOWS\system32\pstorec.dll
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\regsvc.dll
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\regapi.dll
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\reg.exe
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rdpdd.dll
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rcp.exe
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-10-08 16:50:15 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\runonce.exe
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rtutils.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rsmps.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rsh.exe
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rsaenh.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\riched20.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\rexec.exe
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\resutils.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\regwizc.dll
2008-10-08 16:50:14 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\shdoclc.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sfc_os.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sfc.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\setup.exe
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sethc.exe
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sensapi.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sens.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sendmail.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\security.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\secur32.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\seclogon.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\scrrun.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\scrobj.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\scesrv.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\scecli.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\sccsccp.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\scarddlg.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-08 16:50:13 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-08 16:50:12 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\sort.exe
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\snmpapi.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\slbiop.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\slayerxp.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\skeys.exe
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\sigtab.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shsvcs.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shscrap.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shimgvw.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shimeng.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shgina.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shfolder.dll
2008-10-08 16:50:10 ----A---- C:\WINDOWS\system32\shell32.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\spoolss.dll
2008-10-08 16:50:09 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\tapi32.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\tapi3.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\t2embed.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\syncui.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\synceng.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\sxs.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\svchost.exe
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\stobject.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\stimon.exe
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\sti_ci.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\sti.dll
2008-10-08 16:50:08 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\udhisapi.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\txflog.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\tsddd.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\trkwks.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\tree.com
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\tracert.exe
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\tourstart.exe
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\themeui.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\termmgr.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\telnet.exe
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\tcpmon.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\tcpmib.dll
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-10-08 16:50:07 ----A---- C:\WINDOWS\system32\tapisrv.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\utilman.exe
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\usp10.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\userenv.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\user32.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\usbmon.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\ups.exe
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\upnpui.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\upnphost.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\upnp.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\uniplat.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\unimdmat.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\uniime.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2008-10-08 16:50:06 ----A---- C:\WINDOWS\system32\umandlg.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\wiascr.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\wiadss.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\wiadefui.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\wextract.exe
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\webvw.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\webclnt.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\wdigest.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\w32time.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\vssapi.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\version.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\verifier.dll
2008-10-08 16:50:05 ----A---- C:\WINDOWS\system32\vdmredir.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wmi.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wmdmps.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wmasf.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wmadmod.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wlnotify.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wldap32.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winver.exe
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winsta.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winsrv.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winscard.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winrnr.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winntbbu.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winmm.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\winipsec.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wiavideo.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wiashext.dll
2008-10-08 16:50:04 ----A---- C:\WINDOWS\system32\wiaservc.dll
2008-10-08 16:50:03 ----A---- C:\WINDOWS\system32\wmstream.dll
2008-10-08 16:50:03 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2008-10-08 16:50:03 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2008-10-08 16:50:03 ----A---- C:\WINDOWS\system32\wmpui.dll
2008-10-08 16:50:03 ----A---- C:\WINDOWS\system32\wmpshell.dll
2008-10-08 16:50:03 ----A---- C:\WINDOWS\system32\wmploc.dll
2008-10-08 16:50:03 ----A---- C:\WINDOWS\system32\wmpcore.dll
2008-10-08 16:50:03 ----A---- C:\WINDOWS\system32\wmpcd.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wsock32.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wshrm.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wship6.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wshext.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wshcon.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wscript.exe
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\ws2help.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\ws2_32.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wow32.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2008-10-08 16:50:02 ----A---- C:\WINDOWS\system32\wmvcore.dll
2008-10-08 16:50:01 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-08 16:50:01 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-10-08 16:50:01 ----A---- C:\WINDOWS\system32\xactsrv.dll
2008-10-08 16:50:01 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2008-10-08 16:50:01 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\ntvdm.exe
-
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\format.com
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-08 16:50:00 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\services.exe
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-08 16:49:59 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-08 16:49:58 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-08 16:49:58 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-08 16:49:57 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-08 16:49:57 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-08 16:49:57 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-08 16:49:57 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-08 16:49:57 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-08 16:49:54 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-08 16:49:54 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-08 16:49:54 ----A---- C:\WINDOWS\system32\hal.dll
2008-10-08 16:49:54 ----A---- C:\WINDOWS\system32\asfsipc.dll
2008-10-08 16:49:35 ----D---- C:\WINDOWS\EHome
2008-10-03 07:22:13 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-03 07:17:41 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2008-10-03 07:16:31 ----D---- C:\Program Files\Common Files\Logishrd
2008-09-14 21:37:02 ----D---- C:\Program Files\Ventrilo
2008-09-14 21:36:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
======List of files/folders modified in the last 1 months======
2008-10-09 22:39:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-09 22:35:20 ----D---- C:\WINDOWS\Temp
2008-10-09 21:57:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-09 19:15:36 ----RASH---- C:\boot.ini
2008-10-09 19:15:21 ----D---- C:\WINDOWS
2008-10-09 19:00:06 ----D---- C:\WINDOWS\system32\drivers
2008-10-09 18:37:03 ----D---- C:\WINDOWS\system32
2008-10-09 17:13:00 ----D---- C:\Program Files
2008-10-09 17:10:16 ----SHD---- C:\WINDOWS\Installer
2008-10-09 17:09:30 ----D---- C:\Program Files\Common Files
2008-10-09 15:47:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-09 10:31:04 ----D---- C:\WINDOWS\Debug
2008-10-09 10:31:01 ----D---- C:\WINDOWS\Minidump
2008-10-09 09:44:01 ----AC---- C:\WINDOWS\Explorer.EXE.Z-missing.txt
2008-10-08 23:21:09 ----D---- C:\Program Files\SearchRelevant
2008-10-08 21:51:25 ----D---- C:\Program Files\Carmageddon
2008-10-08 20:12:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-08 20:12:58 ----D---- C:\WINDOWS\WinSxS
2008-10-08 19:49:56 ----SD---- C:\Documents and Settings\Ash Lattanzi\Application Data\Microsoft
2008-10-08 19:39:08 ----D---- C:\WINDOWS\security
2008-10-08 19:19:41 ----HD---- C:\WINDOWS\inf
2008-10-08 17:26:07 ----D---- C:\Documents and Settings\Ash Lattanzi\Application Data\Adobe
2008-10-08 17:19:13 ----D---- C:\WINDOWS\system32\wbem
2008-10-08 17:19:13 ----D---- C:\WINDOWS\AppPatch
2008-10-08 17:19:06 ----RSD---- C:\WINDOWS\Fonts
2008-10-08 17:17:56 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-08 17:14:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-08 17:14:31 ----D---- C:\Program Files\Windows Media Player
2008-10-08 17:14:31 ----D---- C:\Program Files\Messenger
2008-10-08 17:14:28 ----D---- C:\WINDOWS\system32\usmt
2008-10-08 17:14:26 ----D---- C:\WINDOWS\system32\Setup
2008-10-08 17:14:26 ----D---- C:\WINDOWS\system32\Restore
2008-10-08 17:14:26 ----D---- C:\WINDOWS\system32\oobe
2008-10-08 17:14:25 ----D---- C:\WINDOWS\system32\npp
2008-10-08 17:13:02 ----D---- C:\WINDOWS\system32\Com
2008-10-08 17:11:30 ----D---- C:\WINDOWS\system
2008-10-08 17:11:30 ----D---- C:\WINDOWS\srchasst
2008-10-08 17:11:29 ----D---- C:\WINDOWS\PeerNet
2008-10-08 17:11:28 ----D---- C:\WINDOWS\network diagnostic
2008-10-08 17:11:26 ----D---- C:\WINDOWS\msagent
2008-10-08 17:11:18 ----D---- C:\WINDOWS\ime
2008-10-08 17:11:18 ----D---- C:\WINDOWS\Help
2008-10-08 17:11:12 ----D---- C:\Program Files\Windows NT
2008-10-08 17:11:11 ----D---- C:\Program Files\Outlook Express
2008-10-08 17:11:10 ----D---- C:\Program Files\NetMeeting
2008-10-08 17:11:09 ----D---- C:\Program Files\Movie Maker
2008-10-08 17:11:01 ----D---- C:\Program Files\Common Files\System
2008-10-08 17:10:18 ----SD---- C:\WINDOWS\Tasks
2008-10-08 17:03:40 ----D---- C:\WINDOWS\system32\en-US
2008-10-08 16:52:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-08 16:45:27 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-07 16:22:18 ----D---- C:\Program Files\Wrath of the Lich King Beta
2008-10-07 16:17:47 ----A---- C:\WINDOWS\winamp.ini
2008-10-03 07:17:38 ----D---- C:\Program Files\Common Files\Logitech
2008-10-03 07:16:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-29 08:56:10 ----D---- C:\Program Files\Conquer 2.0
2008-09-25 13:15:03 ----D---- C:\Program Files\World of Warcraft
2008-09-18 07:10:13 ----SD---- C:\WINDOWS\Downloaded Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-08 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-08 26824]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-08-21 25520]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-06-08 195776]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-08 76040]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2002-10-07 7140]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-30 3712]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-08-26 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-26 626204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2004-10-12 6912]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-06-08 12992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-06-08 110784]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-06-08 31936]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060614.094\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-06-08 28352]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-06-08 24768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-08-26 41984]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2006-05-10 56064]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2006-05-10 71680]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-08-26 133632]
S3 WINIO;WINIO; \??\C:\WINDOWS\system32\winio.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-08 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-08 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-23 192160]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-06-14 235168]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-23 169632]
R2 ISSVC;ISSvc; C:\Program Files\Norton Internet Security\ISSVC.exe [2005-04-18 83584]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-06-08 214720]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2005-12-27 1119888]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 11Fßä�#·ºÄÖ`I;Remote Procedure Call (RPC) Helper; C:\WINDOWS\system32\addpf.exe /s []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-07-14 79472]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SPBBCSvc;SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-05-11 1160848]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
-----------------EOF-----------------
-
And thats all of them.
-
You are running two antivirus. Which one do you want to keep, Norton/Symantec or AVG 8.0?
Download OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and save it to your Desktop.
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.
1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.
[kill explorer]
C:\WINDOWS\system32\addpf.exe
C:\WINDOWS\system32\dyvkpffc.ini
C:\WINDOWS\system32\pWvwvGgh.ini2
C:\WINDOWS\system32\pWvwvGgh.ini
C:\Documents and Settings\Ash Lattanzi\Application Data\TmpRecentIcons
C:\Documents and Settings\All Users\Application Data\jkrwpezq
C:\Documents and Settings\Ash Lattanzi\Application Data\sp2
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
-
I removed Norton/Symantec as it was about 3 years old and often annoyed me.
Heres the log file:
Explorer killed successfully
File/Folder C:\WINDOWS\system32\addpf.exe not found.
C:\WINDOWS\system32\dyvkpffc.ini moved successfully.
C:\WINDOWS\system32\pWvwvGgh.ini2 moved successfully.
C:\WINDOWS\system32\pWvwvGgh.ini moved successfully.
C:\Documents and Settings\Ash Lattanzi\Application Data\TmpRecentIcons moved successfully.
C:\Documents and Settings\All Users\Application Data\jkrwpezq moved successfully.
C:\Documents and Settings\Ash Lattanzi\Application Data\sp2 moved successfully.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\380 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10092008_232457
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib4 scheduled to be moved on reboot.
File C:\WINDOWS\temp\hsperfdata_SYSTEM\380 not found!
-
Download the Norton Removal Tool (SymNRT) (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_2000XPVista/1169144666/1) to your Desktop.
Once downloaded please close ALL open browsers, also save any work because this may require a restart.
- Go to your desktop and double click on the removal tool and then click Setup.
- Once open Click Next
- Accept the license agreement and click Next
- Type in the letters/numbers that you see into the text box then click Next.
- Then click Next and the tool will start running.
- Once finished restart the PC and run the tool again to ensure everything has been removed.
- Delete Nortonremoval tool from your Desktop.
.
----------
Please print these instructions as they will be needed later when Internet access is not available.
Download SDFix by AndyManchesta (http://download.bleepingcomputer.com/andymanchesta/SDFix.exe) and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with Administrative rights
- Double click SDFix.exe and it will extract the files to %systemdrive%
- (this is the drive that contains the Windows Directory, typically C:\SDFix).
- DO NOT use it just yet.
Reboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Open the SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
- Copy and paste the contents of the results file Report.txt in your next reply.
-
SDFix: Version 1.234
Run by Administrator on 10/10/2008 at 12:11 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
AUTOEXEC.NT Restored from backups
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\SYSTEM32\ADDBG32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDBS32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDKR.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDNQ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDPS.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDSW.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDSZ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDTF.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDUD32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDWJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\APICI.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIFK.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIHT.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIIW.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIKN32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIOF.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIQP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIWY32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIZK.EXE - Deleted
C:\WINDOWS\SYSTEM32\APIZV.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPBX.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPDR.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPGO32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPGP.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPMS.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPNS.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPPI.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPRX.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPSR32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPWS32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPXJ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPXR.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPYF.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPZS32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLAI32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLBW.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLCV.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLFP.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLGC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLHB.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLMV32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLNC.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLUK.EXE - Deleted
C:\WINDOWS\SYSTEM32\ATLXH32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRCC.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRDI.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRFI.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRJW32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRLX.EXE - Deleted
C:\WINDOWS\SYSTEM32\CROL32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRRA32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRRH32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRSB32.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRSH.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRUT.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRXR.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRYT.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3AN.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3AQ.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3CX32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3DZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3FF32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3FK.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3GS.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3IC.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3LX.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3MI32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3PB32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3XN32.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3YK32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEAA32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IECL.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEEP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEEV.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEFH.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEHZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEIL32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IELC.EXE - Deleted
C:\WINDOWS\SYSTEM32\IELN32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IERA32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IESH.EXE - Deleted
C:\WINDOWS\SYSTEM32\IETJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEVI.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEWB.EXE - Deleted
C:\WINDOWS\SYSTEM32\IEZG.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPAE32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPBK.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPFH32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPJF32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPJW.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPKC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPKJ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPLF.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPPZ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPQT32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPSA.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPUV.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPYO32.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPZE.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVACR.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAGL32.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVANU32.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAPO32.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAPR32.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVARV.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAVH.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAVW.EXE - Deleted
C:\WINDOWS\SYSTEM32\JAVAVZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCAB32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCBT32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCED.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCFZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCKP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCOS32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCPP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCQQ.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCRE32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCTJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\MFCVZ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSCC.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSGX.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSHF.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSIV.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSIY32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSJZ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSLK32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSLU32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSOR.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSPP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSQI.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSRU32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSTZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSUK32.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSXR.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETAU32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETBD32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETCG32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETCN32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETEQ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETIV.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETNL32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETQY.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETSL.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETSU.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETVE.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTCI32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTGE32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTHH32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTKD32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTNE.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTNJ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTNS.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTPH.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTPP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTQJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTTB.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTTV.EXE - Deleted
C:\WINDOWS\SYSTEM32\NTUU.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKBJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKBX.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKDF32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKIE32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKLJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKNK32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKOC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKPE.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKPQ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKVL32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSBG32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSBP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSCX32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSDF32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSFJ32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSGX32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSJI.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSLF32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSRX.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSTC.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSWO32.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINAT.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINBT32.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINEC32.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINFC.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINHP32.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINKG.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINKV.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINLS32.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINSP.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINTZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINYL32.EXE - Deleted
C:\WINDOWS\ADDDN.EXE - Deleted
C:\WINDOWS\ADDDP.EXE - Deleted
C:\WINDOWS\ADDGB32.EXE - Deleted
C:\WINDOWS\ADDGR32.EXE - Deleted
C:\WINDOWS\ADDGU32.EXE - Deleted
C:\WINDOWS\ADDKB32.EXE - Deleted
C:\WINDOWS\ADDKG32.EXE - Deleted
C:\WINDOWS\ADDTL32.EXE - Deleted
C:\WINDOWS\ADDXA.EXE - Deleted
C:\WINDOWS\APIAL32.EXE - Deleted
C:\WINDOWS\APIDJ32.EXE - Deleted
C:\WINDOWS\APIDS32.EXE - Deleted
C:\WINDOWS\APIFS32.EXE - Deleted
C:\WINDOWS\APIFZ32.EXE - Deleted
C:\WINDOWS\APIMO32.EXE - Deleted
C:\WINDOWS\APIQH32.EXE - Deleted
C:\WINDOWS\APISZ32.EXE - Deleted
C:\WINDOWS\APIUB.EXE - Deleted
C:\WINDOWS\APIXX32.EXE - Deleted
C:\WINDOWS\APIYO32.EXE - Deleted
C:\WINDOWS\APPAA32.EXE - Deleted
C:\WINDOWS\APPDA.EXE - Deleted
C:\WINDOWS\APPDV32.EXE - Deleted
C:\WINDOWS\APPJL32.EXE - Deleted
C:\WINDOWS\APPME.EXE - Deleted
C:\WINDOWS\APPPD32.EXE - Deleted
C:\WINDOWS\APPQL32.EXE - Deleted
C:\WINDOWS\APPSP.EXE - Deleted
C:\WINDOWS\APPSZ32.EXE - Deleted
C:\WINDOWS\APPTK32.EXE - Deleted
C:\WINDOWS\APPYG.EXE - Deleted
C:\WINDOWS\ATLCO.EXE - Deleted
C:\WINDOWS\ATLEO.EXE - Deleted
C:\WINDOWS\ATLEV32.EXE - Deleted
C:\WINDOWS\ATLMI.EXE - Deleted
C:\WINDOWS\ATLMP32.EXE - Deleted
C:\WINDOWS\ATLRV32.EXE - Deleted
C:\WINDOWS\ATLVQ32.EXE - Deleted
C:\WINDOWS\ATLXO32.EXE - Deleted
C:\WINDOWS\ATLYT.EXE - Deleted
C:\WINDOWS\CRDG32.EXE - Deleted
C:\WINDOWS\CRDP.EXE - Deleted
C:\WINDOWS\CREA.EXE - Deleted
C:\WINDOWS\CRGQ.EXE - Deleted
C:\WINDOWS\CRJI.EXE - Deleted
C:\WINDOWS\CRMV32.EXE - Deleted
C:\WINDOWS\CROB.EXE - Deleted
C:\WINDOWS\CROE.EXE - Deleted
C:\WINDOWS\CROP.EXE - Deleted
C:\WINDOWS\CRSA.EXE - Deleted
C:\WINDOWS\CRUH32.EXE - Deleted
C:\WINDOWS\CRXQ.EXE - Deleted
C:\WINDOWS\D3AC.EXE - Deleted
C:\WINDOWS\D3CZ.EXE - Deleted
C:\WINDOWS\D3HU.EXE - Deleted
C:\WINDOWS\D3OS.EXE - Deleted
C:\WINDOWS\D3PE.EXE - Deleted
C:\WINDOWS\D3QI32.EXE - Deleted
C:\WINDOWS\D3XZ32.EXE - Deleted
C:\WINDOWS\D3ZL32.EXE - Deleted
C:\WINDOWS\IEFA32.EXE - Deleted
C:\WINDOWS\IENC32.EXE - Deleted
C:\WINDOWS\IENI32.EXE - Deleted
C:\WINDOWS\IERN.EXE - Deleted
C:\WINDOWS\IERY32.EXE - Deleted
C:\WINDOWS\IEYV32.EXE - Deleted
C:\WINDOWS\IEZQ.EXE - Deleted
C:\WINDOWS\IPEC.EXE - Deleted
C:\WINDOWS\IPHL.EXE - Deleted
C:\WINDOWS\IPHL32.EXE - Deleted
C:\WINDOWS\IPJR32.EXE - Deleted
C:\WINDOWS\IPNW.EXE - Deleted
C:\WINDOWS\IPQQ32.EXE - Deleted
C:\WINDOWS\IPUI.EXE - Deleted
C:\WINDOWS\IPWI.EXE - Deleted
C:\WINDOWS\JAVAAH32.EXE - Deleted
C:\WINDOWS\JAVAAN.EXE - Deleted
C:\WINDOWS\JAVAGE32.EXE - Deleted
C:\WINDOWS\JAVAIW32.EXE - Deleted
C:\WINDOWS\JAVAJO32.EXE - Deleted
C:\WINDOWS\JAVAJQ32.EXE - Deleted
C:\WINDOWS\JAVAML.EXE - Deleted
C:\WINDOWS\JAVARO32.EXE - Deleted
C:\WINDOWS\JAVARW32.EXE - Deleted
C:\WINDOWS\JAVATV.EXE - Deleted
C:\WINDOWS\JAVAUE32.EXE - Deleted
C:\WINDOWS\JAVAUY32.EXE - Deleted
C:\WINDOWS\JAVAWA32.EXE - Deleted
C:\WINDOWS\JAVAXA.EXE - Deleted
C:\WINDOWS\JAVAYP32.EXE - Deleted
C:\WINDOWS\MFCDF32.EXE - Deleted
C:\WINDOWS\MFCEE.EXE - Deleted
C:\WINDOWS\MFCGT.EXE - Deleted
C:\WINDOWS\MFCJF.EXE - Deleted
C:\WINDOWS\MFCSP32.EXE - Deleted
C:\WINDOWS\MFCSR.EXE - Deleted
C:\WINDOWS\MFCUB32.EXE - Deleted
C:\WINDOWS\MFCUM32.EXE - Deleted
C:\WINDOWS\MFCWA32.EXE - Deleted
C:\WINDOWS\MSDJ.EXE - Deleted
C:\WINDOWS\MSER32.EXE - Deleted
C:\WINDOWS\MSFB.EXE - Deleted
C:\WINDOWS\MSGF.EXE - Deleted
C:\WINDOWS\MSIR32.EXE - Deleted
C:\WINDOWS\MSKC32.EXE - Deleted
C:\WINDOWS\MSKG32.EXE - Deleted
C:\WINDOWS\MSNE.EXE - Deleted
C:\WINDOWS\MSOF32.EXE - Deleted
C:\WINDOWS\MSPH.EXE - Deleted
C:\WINDOWS\MSUW.EXE - Deleted
C:\WINDOWS\MSWP32.EXE - Deleted
C:\WINDOWS\MSZH32.EXE - Deleted
C:\WINDOWS\MSZT.EXE - Deleted
C:\WINDOWS\NETCV32.EXE - Deleted
C:\WINDOWS\NETGS32.EXE - Deleted
C:\WINDOWS\NETMQ.EXE - Deleted
C:\WINDOWS\NETNW.EXE - Deleted
C:\WINDOWS\NETUK32.EXE - Deleted
C:\WINDOWS\NETWK.EXE - Deleted
C:\WINDOWS\NETYS.EXE - Deleted
C:\WINDOWS\NETZL.EXE - Deleted
C:\WINDOWS\NETZM.EXE - Deleted
C:\WINDOWS\NTBK.EXE - Deleted
C:\WINDOWS\NTCJ.EXE - Deleted
C:\WINDOWS\NTEK.EXE - Deleted
C:\WINDOWS\NTFF32.EXE - Deleted
C:\WINDOWS\NTFK32.EXE - Deleted
C:\WINDOWS\NTHC.EXE - Deleted
C:\WINDOWS\NTKL.EXE - Deleted
C:\WINDOWS\NTKS32.EXE - Deleted
C:\WINDOWS\NTND32.EXE - Deleted
C:\WINDOWS\NTOH.EXE - Deleted
C:\WINDOWS\NTQN.EXE - Deleted
C:\WINDOWS\NTQU32.EXE - Deleted
C:\WINDOWS\NTTA32.EXE - Deleted
C:\WINDOWS\NTUC32.EXE - Deleted
C:\WINDOWS\NTVH.EXE - Deleted
C:\WINDOWS\NTVM32.EXE - Deleted
C:\WINDOWS\NTWD32.EXE - Deleted
C:\WINDOWS\NTYG.EXE - Deleted
C:\WINDOWS\NTZH32.EXE - Deleted
C:\WINDOWS\SDKCQ.EXE - Deleted
C:\WINDOWS\SDKEZ.EXE - Deleted
C:\WINDOWS\SDKHP.EXE - Deleted
C:\WINDOWS\SDKKG.EXE - Deleted
C:\WINDOWS\SDKLX32.EXE - Deleted
C:\WINDOWS\SDKMC32.EXE - Deleted
C:\WINDOWS\SDKRK.EXE - Deleted
C:\WINDOWS\SDKSO.EXE - Deleted
C:\WINDOWS\SDKVA.EXE - Deleted
C:\WINDOWS\SDKVB.EXE - Deleted
C:\WINDOWS\SDKVN32.EXE - Deleted
C:\WINDOWS\SDKVP32.EXE - Deleted
C:\WINDOWS\SDKVR.EXE - Deleted
C:\WINDOWS\SDKXT32.EXE - Deleted
C:\WINDOWS\SDKYE.EXE - Deleted
C:\WINDOWS\SDKYV32.EXE - Deleted
C:\WINDOWS\SYSEZ32.EXE - Deleted
C:\WINDOWS\SYSHD.EXE - Deleted
C:\WINDOWS\SYSIZ.EXE - Deleted
C:\WINDOWS\SYSKF32.EXE - Deleted
C:\WINDOWS\SYSKJ.EXE - Deleted
C:\WINDOWS\SYSMK.EXE - Deleted
C:\WINDOWS\SYSNK.EXE - Deleted
C:\WINDOWS\SYSOM32.EXE - Deleted
C:\WINDOWS\SYSQK.EXE - Deleted
C:\WINDOWS\SYSRQ.EXE - Deleted
C:\WINDOWS\SYSYQ.EXE - Deleted
C:\WINDOWS\WINAJ.EXE - Deleted
C:\WINDOWS\WINBB.EXE - Deleted
C:\WINDOWS\WINCP.EXE - Deleted
C:\WINDOWS\WINFH32.EXE - Deleted
C:\WINDOWS\WINNF.EXE - Deleted
C:\WINDOWS\WINQT32.EXE - Deleted
C:\WINDOWS\WINRJ32.EXE - Deleted
C:\WINDOWS\WINWX.EXE - Deleted
C:\WINDOWS\WINYO.EXE - Deleted
C:\Documents and Settings\Ash Lattanzi\Application Data\Adobe\crc.dat - Deleted
C:\Documents and Settings\Ash Lattanzi\Application Data\Adobe\Player.exe.bak - Deleted
-
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 00:19:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000004c
"TracesSuccessful"=dword:00000012
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\qcSoft.exe"="D:\\qcSoft.exe:*:Enabled:QC Testing Software"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\\Program Files\\National Instruments\\LabVIEW 7.0\\LabVIEW.exe"="C:\\Program Files\\National Instruments\\LabVIEW 7.0\\LabVIEW.exe:*:Enabled:LabVIEW 7.0 Development System"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 26 Dec 2004 211 A.SHR --- "C:\BOOT.BAK"
Mon 27 Dec 2004 56 ..SHR --- "C:\WINDOWS\system32\77664107D5.sys"
Mon 27 Dec 2004 1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 12 Oct 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Tue 12 Oct 2004 1,024 A..HR --- "C:\WINDOWS\system32\ntiembed.dll"
Tue 12 Oct 2004 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat 1 Jan 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 5 Apr 2005 377,344 ...H. --- "C:\Documents and Settings\Ash Lattanzi\My Documents\My Received Files\~WRL2543.tmp"
Tue 22 Mar 2005 1,288,704 ...H. --- "C:\Documents and Settings\Ash Lattanzi\My Documents\My Received Files\~WRL3156.tmp"
Finished!
I'm gonna head to bed now so I'll pick up from here tomorrow. I can't thank you enough for your help evilfantasy.
-
Congratulations. I haven't been surprised lately. This is the worst malware I have seen in a while. (http://img291.imageshack.us/img291/6236/shockedsmileyzn3.gif)
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your Desktop.
Alternate download link (http://majorgeeks.com/ATF_Cleaner_d4949.html)
Note: Vista users must use Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)
- Under Main: Select Files to Delete choose: Select All.
- Click the Empty Selected button.
- If you use Firefox browser click Firefox at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
- If you use Opera browser click Opera at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
- Click Exit on the Main menu to close the program.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.
----------
1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
- When finished exit out of OTMoveIt2
.
Important: Restart the computer before continuing.
----------
Now download ComboFix again and see if it will run now.
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
-
ComboFix 08-10-09.06 - Ash Lattanzi 2008-10-10 9:47:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.586 [GMT -7:00]
Running from: C:\Documents and Settings\Ash Lattanzi\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\apibu.dat
C:\WINDOWS\cdxba.dat
C:\WINDOWS\devlh.dat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\dteic.dat
C:\WINDOWS\gesxu.dat
C:\WINDOWS\glgfs.dat
C:\WINDOWS\hllec.dat
C:\WINDOWS\ixvnr.dat
C:\WINDOWS\jtsce.dat
C:\WINDOWS\nabvv.dat
C:\WINDOWS\nxmao.dat
C:\WINDOWS\oupcj.dat
C:\WINDOWS\pasuw.dat
C:\WINDOWS\rffti.dat
C:\WINDOWS\rguts.dat
C:\WINDOWS\scqds.dat
C:\WINDOWS\seowl.dat
C:\WINDOWS\slowo.dat
C:\WINDOWS\system32\aigvq.dat
C:\WINDOWS\system32\akljp.dat
C:\WINDOWS\system32\bgfkh.dat
C:\WINDOWS\system32\bsmud.dat
C:\WINDOWS\system32\famln.dat
C:\WINDOWS\system32\ffadd.dat
C:\WINDOWS\system32\gaqxw.dat
C:\WINDOWS\system32\gnfnx.dat
C:\WINDOWS\system32\hnsaj.dat
C:\WINDOWS\system32\iajks.dat
C:\WINDOWS\system32\ipjnw.dat
C:\WINDOWS\system32\kvhdo.dat
C:\WINDOWS\system32\loboh.dat
C:\WINDOWS\system32\mgvko.dat
C:\WINDOWS\system32\mlygx.dat
C:\WINDOWS\system32\nqewv.dat
C:\WINDOWS\system32\olljw.dat
C:\WINDOWS\system32\qdrpi.dat
C:\WINDOWS\system32\reewn.dat
C:\WINDOWS\system32\rnxfh.dat
C:\WINDOWS\system32\sfcnm.dat
C:\WINDOWS\system32\thfld.dat
C:\WINDOWS\system32\uxhvo.dat
C:\WINDOWS\system32\vzlwj.dat
C:\WINDOWS\system32\yadrk.dat
C:\WINDOWS\system32\zasfw.dat
C:\WINDOWS\ucbir.dat
C:\WINDOWS\uhtff.dat
C:\WINDOWS\uvdrd.dat
C:\WINDOWS\ypmmi.dat
.
((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
.
2008-10-10 00:07 . 2008-10-10 00:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-10 00:07 . 2001-08-18 13:00 1,688 --a------ C:\WINDOWS\system32\AUTOEXEC.NT
2008-10-09 23:49 . 2008-10-09 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-09 22:39 . 2008-10-09 22:39 <DIR> d-------- C:\rsit
2008-10-09 17:13 . 2008-10-09 17:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-09 17:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-09 17:09 . 2008-10-09 17:10 <DIR> d-------- C:\Program Files\Java
2008-10-09 17:09 . 2008-10-09 17:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-09 16:42 . 2008-10-09 16:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 16:42 . 2008-10-09 16:42 <DIR> d-------- C:\Documents and Settings\Ash Lattanzi\Application Data\Malwarebytes
2008-10-09 16:42 . 2008-10-09 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-09 16:42 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-09 16:42 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 10:45 . 2008-10-09 10:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-09 10:45 . 2008-10-09 10:45 <DIR> d-------- C:\Documents and Settings\Ash Lattanzi\Application Data\SUPERAntiSpyware.com
2008-10-09 10:45 . 2008-10-09 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-09 09:59 . 2008-10-09 09:59 <DIR> d-------- C:\Program Files\CCleaner
2008-10-08 20:21 . 2008-10-10 04:03 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-08 20:14 . 2008-10-10 09:44 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-08 20:14 . 2008-10-08 20:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-08 20:14 . 2008-10-08 20:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-08 20:14 . 2008-10-08 20:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-08 20:13 . 2008-10-08 20:13 <DIR> d-------- C:\Program Files\AVG
2008-10-08 20:13 . 2008-10-08 22:13 <DIR> d-------- C:\Documents and Settings\Ash Lattanzi\Application Data\AVGTOOLBAR
2008-10-08 20:13 . 2008-10-08 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-08 20:12 . 2008-10-08 20:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-08 16:59 . 2008-10-08 17:03 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-08 16:59 . 2008-10-08 17:03 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-08 16:59 . 2008-10-08 17:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-08 16:59 . 2008-10-08 17:02 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-08 16:54 . 2007-08-10 20:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-10-08 16:50 . 2004-08-04 05:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-08 16:49 . 2008-10-08 16:49 <DIR> d-------- C:\WINDOWS\EHome
2008-10-03 07:22 . 2008-10-03 07:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-03 07:17 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-10-03 07:16 . 2008-10-03 07:17 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-09-14 21:37 . 2008-09-14 21:37 <DIR> d-------- C:\Program Files\Ventrilo
2008-09-14 21:36 . 2008-10-09 10:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 06:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-09 06:21 --------- d-----w C:\Program Files\SearchRelevant
2008-10-09 04:51 --------- d-----w C:\Program Files\Carmageddon
2008-10-07 23:22 --------- d-----w C:\Program Files\Wrath of the Lich King Beta
2008-10-03 14:17 --------- d-----w C:\Program Files\Common Files\Logitech
2008-10-03 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-29 15:56 --------- d-----w C:\Program Files\Conquer 2.0
2008-09-25 20:15 --------- d-----w C:\Program Files\World of Warcraft
2008-09-05 13:10 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-05 03:49 --------- d-----w C:\Program Files\Wrath of the Lich King Beta.ac29ae12.temp
2008-09-05 03:43 --------- d-----w C:\Program Files\Wrath of the Lich King Beta.temp
2008-08-17 23:49 --------- d-----w C:\Program Files\Winamp
2005-01-31 05:56 1,062 -c--a-w C:\Documents and Settings\Ash Lattanzi\Application Data\wklnhst.dat
2004-12-27 10:31 56 -csh--r C:\WINDOWS\system32\77664107D5.sys
2004-12-27 10:31 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-15 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 33792]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-08 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VTTimer"="VTTimer.exe" [2004-08-26 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-08-26 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-02 805392]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12109:TCP"= 12109:TCP:BitComet 12109 TCP
"12109:UDP"= 12109:UDP:BitComet 12109 UDP
"11773:TCP"= 11773:TCP:PORT_11773
"14714:TCP"= 14714:TCP:PORT_14714
"21438:TCP"= 21438:TCP:PORT_21438
"20207:TCP"= 20207:TCP:PORT_20207
"16379:TCP"= 16379:TCP:PORT_16379
"12958:TCP"= 12958:TCP:PORT_12958
"6566:TCP"= 6566:TCP:PORT_6566
"44239:TCP"= 44239:TCP:PORT_44239
"32461:TCP"= 32461:TCP:PORT_32461
"21159:TCP"= 21159:TCP:PORT_21159
"55992:TCP"= 55992:TCP:PORT_55992
"31348:TCP"= 31348:TCP:PORT_31348
"28184:TCP"= 28184:TCP:PORT_28184
"41814:TCP"= 41814:TCP:PORT_41814
"62898:TCP"= 62898:TCP:PORT_62898
"18474:TCP"= 18474:TCP:PORT_18474
"10178:TCP"= 10178:TCP:PORT_10178
"8883:TCP"= 8883:TCP:PORT_8883
"17792:TCP"= 17792:TCP:PORT_17792
"50330:TCP"= 50330:TCP:PORT_50330
"45983:TCP"= 45983:TCP:PORT_45983
"12283:TCP"= 12283:TCP:PORT_12283
"36570:TCP"= 36570:TCP:PORT_36570
"60824:TCP"= 60824:TCP:PORT_60824
"32242:TCP"= 32242:TCP:PORT_32242
"47030:TCP"= 47030:TCP:PORT_47030
"43461:TCP"= 43461:TCP:PORT_43461
"31242:TCP"= 31242:TCP:PORT_31242
"19789:TCP"= 19789:TCP:PORT_19789
"37430:TCP"= 37430:TCP:PORT_37430
"64832:TCP"= 64832:TCP:PORT_64832
"39923:TCP"= 39923:TCP:PORT_39923
"22603:TCP"= 22603:TCP:PORT_22603
"46272:TCP"= 46272:TCP:PORT_46272
"17207:TCP"= 17207:TCP:PORT_17207
"16547:TCP"= 16547:TCP:PORT_16547
"12945:TCP"= 12945:TCP:PORT_12945
"27678:TCP"= 27678:TCP:PORT_27678
"32727:TCP"= 32727:TCP:PORT_32727
"52389:TCP"= 52389:TCP:PORT_52389
"58884:TCP"= 58884:TCP:PORT_58884
"58548:TCP"= 58548:TCP:PORT_58548
"13754:TCP"= 13754:TCP:PORT_13754
"58391:TCP"= 58391:TCP:PORT_58391
"7973:TCP"= 7973:TCP:PORT_7973
"5161:TCP"= 5161:TCP:PORT_5161
"35124:TCP"= 35124:TCP:PORT_35124
"8337:TCP"= 8337:TCP:PORT_8337
"11398:TCP"= 11398:TCP:PORT_11398
"43096:TCP"= 43096:TCP:PORT_43096
"33075:TCP"= 33075:TCP:PORT_33075
"23726:TCP"= 23726:TCP:PORT_23726
"34445:TCP"= 34445:TCP:PORT_34445
"22340:TCP"= 22340:TCP:PORT_22340
"22006:TCP"= 22006:TCP:PORT_22006
"56691:TCP"= 56691:TCP:PORT_56691
"16460:TCP"= 16460:TCP:PORT_16460
"10625:TCP"= 10625:TCP:PORT_10625
"5758:TCP"= 5758:TCP:PORT_5758
"43641:TCP"= 43641:TCP:PORT_43641
"24383:TCP"= 24383:TCP:PORT_24383
"27070:TCP"= 27070:TCP:PORT_27070
"8871:TCP"= 8871:TCP:PORT_8871
"12898:TCP"= 12898:TCP:PORT_12898
"54941:TCP"= 54941:TCP:PORT_54941
"17332:TCP"= 17332:TCP:PORT_17332
"39242:TCP"= 39242:TCP:PORT_39242
"29611:TCP"= 29611:TCP:PORT_29611
"52660:TCP"= 52660:TCP:PORT_52660
"8726:TCP"= 8726:TCP:PORT_8726
"18836:TCP"= 18836:TCP:PORT_18836
"18301:TCP"= 18301:TCP:PORT_18301
"5930:TCP"= 5930:TCP:PORT_5930
"32707:TCP"= 32707:TCP:PORT_32707
"30488:TCP"= 30488:TCP:PORT_30488
"34063:TCP"= 34063:TCP:PORT_34063
"53070:TCP"= 53070:TCP:PORT_53070
"41798:TCP"= 41798:TCP:PORT_41798
"47950:TCP"= 47950:TCP:PORT_47950
"23508:TCP"= 23508:TCP:PORT_23508
"43855:TCP"= 43855:TCP:PORT_43855
"27211:TCP"= 27211:TCP:PORT_27211
"10034:TCP"= 10034:TCP:PORT_10034
"57855:TCP"= 57855:TCP:PORT_57855
"33973:TCP"= 33973:TCP:PORT_33973
"29223:TCP"= 29223:TCP:PORT_29223
"18958:TCP"= 18958:TCP:PORT_18958
"12270:TCP"= 12270:TCP:PORT_12270
"63153:TCP"= 63153:TCP:PORT_63153
"47281:TCP"= 47281:TCP:PORT_47281
"10508:TCP"= 10508:TCP:PORT_10508
"19570:TCP"= 19570:TCP:PORT_19570
"28000:TCP"= 28000:TCP:PORT_28000
"44903:TCP"= 44903:TCP:PORT_44903
"48113:TCP"= 48113:TCP:PORT_48113
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-08 97928]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-08 76040]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2002-10-07 7140]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 3712]
.
Contents of the 'Scheduled Tasks' folder
2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKCU-Run-eMuleAutoStart - C:\Program Files\eMule\emule.exe
ShellExecuteHooks-{498D8D78-8573-4253-BE8C-2CA89B464B8D} - (no file)
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.trivium.org
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Download with &Shareaza - C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 -: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
C:\WINDOWS\Downloaded Program Files\nps.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\npesLauncher.exe
C:\WINDOWS\system32\np_kor.ini
C:\WINDOWS\system32\np_jpn.ini
C:\WINDOWS\system32\np_chs.ini
C:\WINDOWS\system32\np_eng.ini
C:\WINDOWS\system32\nps_jpn.ini
C:\WINDOWS\system32\nps_eng.ini
C:\WINDOWS\system32\nps_kor.ini
C:\WINDOWS\system32\npcopyv.exe
C:\WINDOWS\system32\npdownv.exe
C:\WINDOWS\system32\nps.ocx
O16 -: {F977E961-BC9E-4B91-ACF8-468E1CC224DD} - hxxp://69.59.149.193:82/enzf/TqUpdate_Release.CAB
C:\WINDOWS\Downloaded Program Files\default.inf
C:\WINDOWS\Downloaded Program Files\TqUpdateFix.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 09:52:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-10 9:58:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-10 16:57:58
Pre-Run: 88,272,740,352 bytes free
Post-Run: 88,188,755,968 bytes free
336 --- E O F --- 2008-10-10 07:18:51
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:07 AM, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.trivium.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://my-remote.johnsoncontrols.com/https/jwimkns9.na.jci.com/iNotes6W.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F977E961-BC9E-4B91-ACF8-468E1CC224DD} (FixUpdate Class) - http://69.59.149.193:82/enzf/TqUpdate_Release.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addpf.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8967 bytes
-
Looks much better. Is the PC running OK now and what (if any) problems are you having?
---
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Open HijackThis and select
Do a system scan only.
Place a check mark next to the following entries: (if there)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addpf.exe (file missing)
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis.
----------
Open HijackThis, but instead of scanning, click on the Open the MISC tools section button at the bottom of the choices.
Copy this red text -> 11Fßä#·ºÄÖ`I
- In HijackThis select Delete an NT Service
- Paste the text into the box that opens and then click OK
- If you receive any error messages just ignore them and continue.
- Now repeat the above to delete the below Services (if you do not find them or get any errors, just continue):
.
Now exit HijackThis and reboot when it tells you it needs to.
----------
Run this online scan.
This scanner requires Internet Explorer
Use the ESET Nod32 Online Scanner (http://www.eset.com/onlinescan/index.php)
1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.[/list]
-
The PC seems to be running fine now, still missing some icons on the desktop but everythign else seems fine.
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3513 (20081010)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=e2b689e8fc939e4b9fabb16af70ffed5
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-10 09:56:32
# local_time=2008-10-10 02:56:32 (-0800, Pacific Daylight Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=271479
# found=3
# scan_time=2418
C:\Documents and Settings\Ash Lattanzi\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-09-2008 - 15-35-16\{741C6587-82DC-4F79-B1D0-21A096CF81B8} a variant of Win32/TrojanDownloader.Agent.HLP trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Ash Lattanzi\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-09-2008 - 15-35-16\{EAE9210D-996B-44A7-B61E-259E5FAEEF37} a variant of Win32/TrojanDownloader.Agent.HLP trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Downloads\RiskIISetup-dm[1].exe Win32/Adware.Trymedia application (unable to clean - deleted) 00000000000000000000000000000000
-
What icons are missing?
-
A couple Game icons.
The games are still on the computer, the shortcuts are all that is missing.
-
If everything else is OK then we can finish up now.
Disable the System Restore Utility to prevent re-infection from an old one
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.
Now re-enable System Restore
To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.
1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.
Concerned about Browser Security? Consider using Mozilla Firefox 3.0 (http://www.spreadfirefox.com/node&id=224248&t=324) with Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) and NoScript (http://noscript.net/)
To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
* Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.
-
Awesome.
Thank you very much evilfantasy.
-
Your welcome.
Safe surfing....