Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 ... 4 5 [6] 7  All   Go Down

Author Topic: Your system is infected! (Please help if you can)  (Read 56550 times)

0 Members and 1 Guest are viewing this topic.

KayleyBug

    Topic Starter


    Beginner

    Re: Your system is infected! (Please help if you can)
    « Reply #75 on: February 20, 2010, 05:34:28 PM »
    Here's the combofix log.

    If it's of any importance, I've noticed that suddenly, each time my computer starts up, a shortcut to Internet Explorer appears on my desktop.
    I always delete the shortcut as I use Firefox, but then the next time I start up my laptop, there it is again on the desktop!



    ComboFix 10-02-20.03 - Kayley E R 21/02/2010   0:15.3.1 - x86
    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.895.394 [GMT 0:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\ADMINI~1\LOCALS~1\Temp\21303429133.nls
    c:\documents and settings\Administrator\Local Settings\temp\21303429133.nls

    .
    (((((((((((((((((((((((((   Files Created from 2010-01-21 to 2010-02-21  )))))))))))))))))))))))))))))))
    .

    2010-02-20 18:24 . 2010-02-20 18:24   --------   d-----w-   c:\windows\system32\wbem\Repository
    2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\system32\scripting
    2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\l2schemas
    2010-02-19 22:27 . 2010-02-19 22:31   --------   d-----w-   c:\windows\ServicePackFiles
    2010-02-19 18:30 . 2004-08-04 00:56   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
    2010-02-19 18:30 . 2001-08-17 22:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-02-19 18:30 . 2001-08-17 22:36   17408   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
    2010-02-19 18:30 . 2001-08-17 22:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
    2010-02-19 18:30 . 2001-08-17 22:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
    2010-02-19 18:29 . 2001-08-17 22:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
    2010-02-19 18:29 . 2001-08-17 12:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
    2010-02-19 18:29 . 2004-08-03 22:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
    2010-02-19 18:29 . 2004-08-03 22:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
    2010-02-19 18:29 . 2004-08-03 22:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
    2010-02-19 18:29 . 2001-08-17 12:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
    2010-02-19 18:27 . 2001-08-17 12:13   19528   ----a-w-   c:\windows\system32\dllcache\w840nd.sys
    2010-02-19 18:26 . 2001-08-17 13:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
    2010-02-19 18:25 . 2001-08-17 22:36   216064   ----a-w-   c:\windows\system32\dllcache\um34scan.dll
    2010-02-19 18:24 . 2001-08-17 14:02   230912   ----a-w-   c:\windows\system32\dllcache\tosdvd03.sys
    2010-02-19 18:23 . 2001-08-17 14:07   32640   ----a-w-   c:\windows\system32\dllcache\symc8xx.sys
    2010-02-19 18:22 . 2001-08-17 12:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
    2010-02-19 18:21 . 2004-08-04 13:00   40448   ----a-w-   c:\windows\system32\dllcache\snmpthrd.dll
    2010-02-19 18:20 . 2001-08-17 12:12   91294   ----a-w-   c:\windows\system32\dllcache\skfpwin.sys
    2010-02-19 18:19 . 2001-07-21 14:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
    2010-02-19 18:18 . 2001-08-17 13:51   23936   ----a-w-   c:\windows\system32\dllcache\sccmn50m.sys
    2010-02-19 18:17 . 2004-08-04 13:00   79872   ----a-w-   c:\windows\system32\dllcache\rwia330.dll
    2010-02-19 18:16 . 2001-08-17 13:28   899146   ----a-w-   c:\windows\system32\dllcache\r2mdkxga.sys
    2010-02-19 18:15 . 2001-08-17 13:51   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
    2010-02-19 18:14 . 2001-08-17 22:36   86016   ----a-w-   c:\windows\system32\dllcache\pctspk.exe
    2010-02-19 18:13 . 2001-08-17 14:05   48000   ----a-w-   c:\windows\system32\dllcache\ovcam2.sys
    2010-02-19 18:12 . 2001-08-17 12:20   87040   ----a-w-   c:\windows\system32\dllcache\nm6wdm.sys
    2010-02-19 18:12 . 2001-08-17 12:20   126080   ----a-w-   c:\windows\system32\dllcache\nm5a2wdm.sys
    2010-02-19 18:12 . 2004-08-04 13:00   53248   ----a-w-   c:\windows\system32\dllcache\nextlink.dll
    2010-02-19 18:12 . 2001-08-17 12:12   32840   ----a-w-   c:\windows\system32\dllcache\ngrpci.sys
    2010-02-19 18:12 . 2004-08-03 22:31   132695   ----a-w-   c:\windows\system32\dllcache\netwlan5.sys
    2010-02-19 18:12 . 2001-08-17 12:11   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
    2010-02-19 18:12 . 2001-08-17 12:50   39264   ----a-w-   c:\windows\system32\dllcache\neo20xx.sys
    2010-02-19 18:12 . 2001-08-17 22:36   60480   ----a-w-   c:\windows\system32\dllcache\neo20xx.dll
    2010-02-19 18:12 . 2001-08-17 13:49   15872   ----a-w-   c:\windows\system32\dllcache\ne2000.sys
    2010-02-19 18:11 . 2001-08-17 14:56   91488   ----a-w-   c:\windows\system32\dllcache\n9i3disp.dll
    2010-02-19 18:11 . 2001-08-17 12:50   27936   ----a-w-   c:\windows\system32\dllcache\n9i3d.sys
    2010-02-19 18:11 . 2001-08-17 12:50   33088   ----a-w-   c:\windows\system32\dllcache\n9i128v2.sys
    2010-02-19 18:11 . 2001-08-17 22:36   59104   ----a-w-   c:\windows\system32\dllcache\n9i128v2.dll
    2010-02-19 18:11 . 2001-08-17 12:50   13664   ----a-w-   c:\windows\system32\dllcache\n9i128.sys
    2010-02-19 18:11 . 2001-08-17 14:56   35392   ----a-w-   c:\windows\system32\dllcache\n9i128.dll
    2010-02-19 18:11 . 2001-08-17 12:11   128000   ----a-w-   c:\windows\system32\dllcache\n100325.sys
    2010-02-19 18:09 . 2001-08-17 14:02   35200   ----a-w-   c:\windows\system32\dllcache\msgame.sys
    2010-02-19 18:08 . 2001-08-17 22:36   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
    2010-02-19 18:07 . 2001-08-17 12:12   20573   ----a-w-   c:\windows\system32\dllcache\lne100.sys
    2010-02-19 18:06 . 2001-08-17 12:12   45632   ----a-w-   c:\windows\system32\dllcache\ip5515.sys
    2010-02-19 18:05 . 2001-08-17 22:36   26624   ----a-w-   c:\windows\system32\dllcache\icam3ext.dll
    2010-02-19 18:04 . 2001-08-17 13:28   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
    2010-02-19 18:03 . 2001-08-17 22:36   31232   ----a-w-   c:\windows\system32\dllcache\hpgt42tk.dll
    2010-02-19 18:02 . 2001-08-17 12:49   320384   ----a-w-   c:\windows\system32\dllcache\g200m.sys
    2010-02-19 18:01 . 2001-08-17 12:12   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
    2010-02-19 18:00 . 2001-08-17 12:19   283904   ----a-w-   c:\windows\system32\dllcache\emu10k1m.sys
    2010-02-19 17:59 . 2001-08-17 12:11   29696   ----a-w-   c:\windows\system32\dllcache\dm9pci5.sys
    2010-02-19 17:58 . 2001-08-17 13:52   14720   ----a-w-   c:\windows\system32\dllcache\dac960nt.sys
    2010-02-19 17:57 . 2004-08-04 13:00   15872   ----a-w-   c:\windows\system32\dllcache\chgport.exe
    2010-02-19 17:56 . 2001-08-17 13:51   13824   ----a-w-   c:\windows\system32\dllcache\bulltlp3.sys
    2010-02-19 17:55 . 2004-08-03 22:29   104960   ----a-w-   c:\windows\system32\dllcache\atinrvxx.sys
    2010-02-19 17:54 . 2004-08-03 22:32   231552   ----a-w-   c:\windows\system32\dllcache\ac97ali.sys
    2010-02-19 17:53 . 2003-03-24 16:52   49210   ----a-w-   c:\windows\system32\dllcache\fp4areg.dll
    2010-02-19 17:53 . 2003-03-24 16:52   147513   ----a-w-   c:\windows\system32\dllcache\fp4apws.dll
    2010-02-19 17:53 . 2003-03-24 16:52   102509   ----a-w-   c:\windows\system32\dllcache\fp4atxt.dll
    2010-02-19 17:53 . 2004-05-13 00:39   184435   ----a-w-   c:\windows\system32\dllcache\fp4amsft.dll
    2010-02-19 17:53 . 2003-03-24 16:52   82035   ----a-w-   c:\windows\system32\dllcache\fp4anscp.dll
    2010-02-19 17:53 . 2004-08-04 13:00   46592   ----a-w-   c:\windows\system32\dllcache\coadmin.dll
    2010-02-19 17:53 . 2003-03-24 16:52   188480   ----a-w-   c:\windows\system32\dllcache\cfgwiz.exe
    2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\author.dll
    2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\author.exe
    2010-02-19 17:53 . 2004-08-04 13:00   43520   ----a-w-   c:\windows\system32\dllcache\admwprox.dll
    2010-02-19 17:53 . 2004-08-04 13:00   290816   ----a-w-   c:\windows\system32\dllcache\adsiis51.dll
    2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\admin.exe
    2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\admin.dll
    2010-02-18 19:18 . 2010-02-18 19:18   --------   d-----w-   C:\_OTM
    2010-02-18 01:43 . 2009-06-30 09:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
    2010-02-18 01:43 . 2010-02-18 01:43   --------   d-----w-   c:\program files\Panda Security
    2010-02-18 01:09 . 2010-02-18 01:09   --------   d-----w-   c:\program files\ESET
    2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
    2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
    2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
    2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8

    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-19 22:36 . 2004-08-07 13:12   91799   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-02-19 17:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
    2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
    2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
    2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
    2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
    2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
    2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
    2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
    2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
    2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
    2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ------- Sigcheck -------

    [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
    [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\ERDNT\cache\ndis.sys
    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\dllcache\ndis.sys
    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\drivers\ndis.sys
    [7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys

    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\ERDNT\cache\tcpip.sys
    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
    [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
    [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

    [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
    [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\ERDNT\cache\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
    [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
    [7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

    [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
    [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rpcss.dll
    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\ERDNT\cache\rpcss.dll
    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\rpcss.dll
    [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
    [-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
    [-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
    [7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

    [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
    [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
    [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
    [7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

    [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
    [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\60\msft\windows\common\controls\comctl32.dll
    [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
    [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comctl32.dll
    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
    [7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

    [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2gdr\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2qfe\es.dll
    [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
    [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\es.dll
    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\ERDNT\cache\es.dll
    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\dllcache\es.dll
    [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
    [7] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

    [7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
    [7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
    [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\ERDNT\cache\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\dllcache\kernel32.dll
    [7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

    [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
    [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\linkinfo.dll
    [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\ERDNT\cache\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
    [7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

    [-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
    [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
    [-] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
    [-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
    [7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
    [7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
    [-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntoskrnl.exe
    [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\system32\ntoskrnl.exe
    [-] 2005-09-29 . 25C36DBC46E8EFF2A811769A60715AC5 . 2136064 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe
    [-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    [7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

    [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
    [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tapisrv.dll
    [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\ERDNT\cache\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
    [7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

    [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
    [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
    [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\ERDNT\cache\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll
    [7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

    [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
    [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\ERDNT\cache\srsvc.dll
    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\srsvc.dll
    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\dllcache\srsvc.dll
    [7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

    [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
    [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\aec.sys
    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
    [7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

    [7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
    [7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mfc40u.dll
    [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
    [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
    [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
    [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

    [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
    [-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
    [-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
    [7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
    [7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
    [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    [-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
    [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [-] 2005-09-28 . 48472D224E1703882B4DE0E28E205E9B . 2015744 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe
    [-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    [7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
    "Kbdgui"="c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat" [2010-02-16 123392]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
    "LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
    "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
    "ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
    DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
    2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "c:\\Program Files\\AOL\\RC\\regClient.exe"=
    "c:\\Program Files\\AOL 9.0a\\waol.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/02/2010 01:43 28552]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
    S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
    S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
    S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
    S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
    S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance   REG_MULTI_SZ      ASChannel
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-21 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hp.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
    FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-21 00:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ... 

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ... 

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(896)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
    c:\windows\system32\IfxWlxEN.dll
    c:\program files\HPQ\IAM\Bin\ASChnl.dll
    c:\program files\HPQ\IAM\Bin\ItMsg.dll

    - - - - - - - > 'explorer.exe'(3616)
    c:\program files\HPQ\IAM\Bin\SFSShell.dll
    c:\program files\HPQ\IAM\bin\ItMsg.dll
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\DllHost.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\HPQ\IAM\bin\asghost.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\IFXSPMGT.exe
    c:\windows\system32\IFXTCS.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\mqsvc.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\mqtgsvc.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\Teleca Shared\Generic.exe
    c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Completion time: 2010-02-21  00:31:18 - machine was rebooted
    ComboFix-quarantined-files.txt  2010-02-21 00:31
    ComboFix2.txt  2010-02-18 00:47

    Pre-Run: 17,715,023,872 bytes free
    Post-Run: 17,701,199,872 bytes free

    - - End Of File - - CF665D58AC6EB237F728909C10C7FEB3
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Your system is infected! (Please help if you can)
    « Reply #76 on: February 20, 2010, 05:42:04 PM »
    Please go to Jotti's malware scan
    (If more than one file needs scanned they must be done separately and logs posted for each one)

    * Copy the file path in the below Code box:
    Code: [Select]
    c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat* At the upload site, click once inside the window next to Browse.
    * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    * Next click Submit file
    * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    * This will perform a scan across multiple different virus scanning engines.
    * Important: Wait for all of the scanning engines to complete.
    * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Your system is infected! (Please help if you can)
    « Reply #77 on: February 20, 2010, 05:43:42 PM »
    Also do you use any Norton software?

    Quote
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    Logged

    KayleyBug

      Topic Starter


      Beginner

      Re: Your system is infected! (Please help if you can)
      « Reply #78 on: February 20, 2010, 05:48:25 PM »
      No I'm not using any Norton software, I don't think I ever have on this laptop.
      (Jotti's malware scan in progress)
      Logged

      KayleyBug

        Topic Starter


        Beginner

        Re: Your system is infected! (Please help if you can)
        « Reply #79 on: February 20, 2010, 05:54:40 PM »
        http://virusscan.jotti.org/en-gb/scanresult/fe6a9175644fc67b8bb3c3cf22614ddea05e1c44

        Looks like VBA32 found SSCope.Trojan.Agent.084  :-\

        Checked my add or remove programs, I definitely don't have Norton.
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: Your system is infected! (Please help if you can)
        « Reply #80 on: February 20, 2010, 05:57:43 PM »
        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
        It must be Notepad, not Wordpad.
        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

        Code: [Select]
        KillAll::

        SecCenter::
        {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

        Registry::
        [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Kbdgui"=-


        3. Go to the Notepad window and click Edit > Paste
        4. Then click File > Save
        5. Name the file CFScript.txt - Save the file to your Desktop
        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



        ComboFix will begin to execute, just follow the prompts.
        After reboot (in case it asks to reboot), it will produce a log for you.
        Post that log (Combofix.txt) in your next reply.

        Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
        Logged

        KayleyBug

          Topic Starter


          Beginner

          Re: Your system is infected! (Please help if you can)
          « Reply #81 on: February 20, 2010, 06:17:26 PM »
          After re-booting, the IE icon was back on my desktop and IE had made itself the default brower, even though it was definitely set to Firefox before the re-boot! Is this anything to be concerned about?


          ComboFix 10-02-20.03 - Kayley E R 21/02/2010   1:01.4.1 - x86
          Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.895.375 [GMT 0:00]
          Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
          Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
          AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
          .

          (((((((((((((((((((((((((   Files Created from 2010-01-21 to 2010-02-21  )))))))))))))))))))))))))))))))
          .

          2010-02-20 18:24 . 2010-02-20 18:24   --------   d-----w-   c:\windows\system32\wbem\Repository
          2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\system32\scripting
          2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\l2schemas
          2010-02-19 22:27 . 2010-02-19 22:31   --------   d-----w-   c:\windows\ServicePackFiles
          2010-02-19 18:30 . 2004-08-04 00:56   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
          2010-02-19 18:30 . 2001-08-17 22:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
          2010-02-19 18:30 . 2001-08-17 22:36   17408   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
          2010-02-19 18:30 . 2001-08-17 22:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
          2010-02-19 18:30 . 2001-08-17 22:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
          2010-02-19 18:29 . 2001-08-17 22:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
          2010-02-19 18:29 . 2001-08-17 12:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
          2010-02-19 18:29 . 2004-08-03 22:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
          2010-02-19 18:29 . 2004-08-03 22:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
          2010-02-19 18:29 . 2004-08-03 22:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
          2010-02-19 18:29 . 2001-08-17 12:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
          2010-02-19 18:27 . 2001-08-17 12:13   19528   ----a-w-   c:\windows\system32\dllcache\w840nd.sys
          2010-02-19 18:26 . 2001-08-17 13:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
          2010-02-19 18:25 . 2001-08-17 22:36   216064   ----a-w-   c:\windows\system32\dllcache\um34scan.dll
          2010-02-19 18:24 . 2001-08-17 14:02   230912   ----a-w-   c:\windows\system32\dllcache\tosdvd03.sys
          2010-02-19 18:23 . 2001-08-17 14:07   32640   ----a-w-   c:\windows\system32\dllcache\symc8xx.sys
          2010-02-19 18:22 . 2001-08-17 12:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
          2010-02-19 18:21 . 2004-08-04 13:00   40448   ----a-w-   c:\windows\system32\dllcache\snmpthrd.dll
          2010-02-19 18:20 . 2001-08-17 12:12   91294   ----a-w-   c:\windows\system32\dllcache\skfpwin.sys
          2010-02-19 18:19 . 2001-07-21 14:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
          2010-02-19 18:18 . 2001-08-17 13:51   23936   ----a-w-   c:\windows\system32\dllcache\sccmn50m.sys
          2010-02-19 18:17 . 2004-08-04 13:00   79872   ----a-w-   c:\windows\system32\dllcache\rwia330.dll
          2010-02-19 18:16 . 2001-08-17 13:28   899146   ----a-w-   c:\windows\system32\dllcache\r2mdkxga.sys
          2010-02-19 18:15 . 2001-08-17 13:51   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
          2010-02-19 18:14 . 2001-08-17 22:36   86016   ----a-w-   c:\windows\system32\dllcache\pctspk.exe
          2010-02-19 18:13 . 2001-08-17 14:05   48000   ----a-w-   c:\windows\system32\dllcache\ovcam2.sys
          2010-02-19 18:12 . 2001-08-17 12:20   87040   ----a-w-   c:\windows\system32\dllcache\nm6wdm.sys
          2010-02-19 18:12 . 2001-08-17 12:20   126080   ----a-w-   c:\windows\system32\dllcache\nm5a2wdm.sys
          2010-02-19 18:12 . 2004-08-04 13:00   53248   ----a-w-   c:\windows\system32\dllcache\nextlink.dll
          2010-02-19 18:12 . 2001-08-17 12:12   32840   ----a-w-   c:\windows\system32\dllcache\ngrpci.sys
          2010-02-19 18:12 . 2004-08-03 22:31   132695   ----a-w-   c:\windows\system32\dllcache\netwlan5.sys
          2010-02-19 18:12 . 2001-08-17 12:11   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
          2010-02-19 18:12 . 2001-08-17 12:50   39264   ----a-w-   c:\windows\system32\dllcache\neo20xx.sys
          2010-02-19 18:12 . 2001-08-17 22:36   60480   ----a-w-   c:\windows\system32\dllcache\neo20xx.dll
          2010-02-19 18:12 . 2001-08-17 13:49   15872   ----a-w-   c:\windows\system32\dllcache\ne2000.sys
          2010-02-19 18:11 . 2001-08-17 14:56   91488   ----a-w-   c:\windows\system32\dllcache\n9i3disp.dll
          2010-02-19 18:11 . 2001-08-17 12:50   27936   ----a-w-   c:\windows\system32\dllcache\n9i3d.sys
          2010-02-19 18:11 . 2001-08-17 12:50   33088   ----a-w-   c:\windows\system32\dllcache\n9i128v2.sys
          2010-02-19 18:11 . 2001-08-17 22:36   59104   ----a-w-   c:\windows\system32\dllcache\n9i128v2.dll
          2010-02-19 18:11 . 2001-08-17 12:50   13664   ----a-w-   c:\windows\system32\dllcache\n9i128.sys
          2010-02-19 18:11 . 2001-08-17 14:56   35392   ----a-w-   c:\windows\system32\dllcache\n9i128.dll
          2010-02-19 18:11 . 2001-08-17 12:11   128000   ----a-w-   c:\windows\system32\dllcache\n100325.sys
          2010-02-19 18:09 . 2001-08-17 14:02   35200   ----a-w-   c:\windows\system32\dllcache\msgame.sys
          2010-02-19 18:08 . 2001-08-17 22:36   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
          2010-02-19 18:07 . 2001-08-17 12:12   20573   ----a-w-   c:\windows\system32\dllcache\lne100.sys
          2010-02-19 18:06 . 2001-08-17 12:12   45632   ----a-w-   c:\windows\system32\dllcache\ip5515.sys
          2010-02-19 18:05 . 2001-08-17 22:36   26624   ----a-w-   c:\windows\system32\dllcache\icam3ext.dll
          2010-02-19 18:04 . 2001-08-17 13:28   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
          2010-02-19 18:03 . 2001-08-17 22:36   31232   ----a-w-   c:\windows\system32\dllcache\hpgt42tk.dll
          2010-02-19 18:02 . 2001-08-17 12:49   320384   ----a-w-   c:\windows\system32\dllcache\g200m.sys
          2010-02-19 18:01 . 2001-08-17 12:12   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
          2010-02-19 18:00 . 2001-08-17 12:19   283904   ----a-w-   c:\windows\system32\dllcache\emu10k1m.sys
          2010-02-19 17:59 . 2001-08-17 12:11   29696   ----a-w-   c:\windows\system32\dllcache\dm9pci5.sys
          2010-02-19 17:58 . 2001-08-17 13:52   14720   ----a-w-   c:\windows\system32\dllcache\dac960nt.sys
          2010-02-19 17:57 . 2004-08-04 13:00   15872   ----a-w-   c:\windows\system32\dllcache\chgport.exe
          2010-02-19 17:56 . 2001-08-17 13:51   13824   ----a-w-   c:\windows\system32\dllcache\bulltlp3.sys
          2010-02-19 17:55 . 2004-08-03 22:29   104960   ----a-w-   c:\windows\system32\dllcache\atinrvxx.sys
          2010-02-19 17:54 . 2004-08-03 22:32   231552   ----a-w-   c:\windows\system32\dllcache\ac97ali.sys
          2010-02-19 17:53 . 2003-03-24 16:52   49210   ----a-w-   c:\windows\system32\dllcache\fp4areg.dll
          2010-02-19 17:53 . 2003-03-24 16:52   147513   ----a-w-   c:\windows\system32\dllcache\fp4apws.dll
          2010-02-19 17:53 . 2003-03-24 16:52   102509   ----a-w-   c:\windows\system32\dllcache\fp4atxt.dll
          2010-02-19 17:53 . 2004-05-13 00:39   184435   ----a-w-   c:\windows\system32\dllcache\fp4amsft.dll
          2010-02-19 17:53 . 2003-03-24 16:52   82035   ----a-w-   c:\windows\system32\dllcache\fp4anscp.dll
          2010-02-19 17:53 . 2004-08-04 13:00   46592   ----a-w-   c:\windows\system32\dllcache\coadmin.dll
          2010-02-19 17:53 . 2003-03-24 16:52   188480   ----a-w-   c:\windows\system32\dllcache\cfgwiz.exe
          2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\author.dll
          2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\author.exe
          2010-02-19 17:53 . 2004-08-04 13:00   43520   ----a-w-   c:\windows\system32\dllcache\admwprox.dll
          2010-02-19 17:53 . 2004-08-04 13:00   290816   ----a-w-   c:\windows\system32\dllcache\adsiis51.dll
          2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\admin.exe
          2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\admin.dll
          2010-02-18 19:18 . 2010-02-18 19:18   --------   d-----w-   C:\_OTM
          2010-02-18 01:43 . 2009-06-30 09:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
          2010-02-18 01:43 . 2010-02-18 01:43   --------   d-----w-   c:\program files\Panda Security
          2010-02-18 01:09 . 2010-02-18 01:09   --------   d-----w-   c:\program files\ESET
          2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
          2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
          2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
          2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
          2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
          2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
          2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
          2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
          2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
          2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2010-02-19 22:36 . 2004-08-07 13:12   91799   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
          2010-02-19 17:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
          2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
          2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
          2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
          2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
          2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
          2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
          2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
          2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
          2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
          2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
          2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
          .

          ------- Sigcheck -------

          [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
          [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
          [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
          [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\ERDNT\cache\ndis.sys
          [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\dllcache\ndis.sys
          [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\drivers\ndis.sys
          [7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys

          [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
          [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
          [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
          [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
          [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\ERDNT\cache\tcpip.sys
          [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
          [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
          [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
          [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
          [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
          [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
          [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

          [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
          [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netman.dll
          [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
          [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\ERDNT\cache\netman.dll
          [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
          [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
          [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
          [7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

          [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
          [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rpcss.dll
          [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
          [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\ERDNT\cache\rpcss.dll
          [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
          [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\rpcss.dll
          [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
          [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
          [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
          [-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
          [-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
          [7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

          [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
          [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
          [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
          [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
          [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe
          [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
          [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
          [7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

          [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
          [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\60\msft\windows\common\controls\comctl32.dll
          [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
          [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comctl32.dll
          [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
          [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
          [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
          [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
          [7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

          [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2gdr\es.dll
          [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
          [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
          [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2qfe\es.dll
          [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
          [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\es.dll
          [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
          [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\ERDNT\cache\es.dll
          [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
          [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\dllcache\es.dll
          [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
          [7] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

          [7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
          [7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
          [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\ERDNT\cache\kernel32.dll
          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\kernel32.dll
          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\dllcache\kernel32.dll
          [7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

          [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
          [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\linkinfo.dll
          [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
          [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
          [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\ERDNT\cache\linkinfo.dll
          [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
          [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
          [7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

          [-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
          [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
          [-] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
          [-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
          [7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
          [7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
          [-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
          [-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntoskrnl.exe
          [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
          [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntoskrnl.exe
          [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\system32\ntoskrnl.exe
          [-] 2005-09-29 . 25C36DBC46E8EFF2A811769A60715AC5 . 2136064 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe
          [-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
          [7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

          [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
          [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tapisrv.dll
          [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
          [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
          [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\ERDNT\cache\tapisrv.dll
          [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
          [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
          [7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

          [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
          [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
          [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
          [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
          [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\ERDNT\cache\user32.dll
          [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
          [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll
          [7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

          [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
          [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
          [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
          [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\ERDNT\cache\srsvc.dll
          [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\srsvc.dll
          [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\dllcache\srsvc.dll
          [7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

          [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
          [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\aec.sys
          [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
          [7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

          [7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
          [7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mfc40u.dll
          [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
          [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
          [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
          [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

          [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
          [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
          [-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
          [-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
          [7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
          [7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
          [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
          [-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
          [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
          [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\system32\ntkrnlpa.exe
          [-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntkrnlpa.exe
          [-] 2005-09-28 . 48472D224E1703882B4DE0E28E205E9B . 2015744 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe
          [-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
          [7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
          .
          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
          "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
          "LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
          "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
          "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
          "ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
          "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
          "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
          "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
          "TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
          "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
          "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
          "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
          "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
          "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

          c:\documents and settings\Administrator\Start Menu\Programs\Startup\
          Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

          c:\documents and settings\All Users\Start Menu\Programs\Startup\
          Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
          AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
          DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
          2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
          2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
          2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
          @="Service"

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\WINDOWS\\system32\\mqsvc.exe"=
          "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
          "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
          "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
          "c:\\Program Files\\AOL 9.0\\waol.exe"=
          "c:\\Program Files\\AOL\\RC\\regClient.exe"=
          "c:\\Program Files\\AOL 9.0a\\waol.exe"=
          "c:\\Program Files\\Messenger\\msmsgs.exe"=
          "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
          "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
          "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
          "c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
          "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
          "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
          "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

          R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/02/2010 01:43 28552]
          R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
          R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
          R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
          R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
          R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
          R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
          R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
          R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
          R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
          S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
          S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
          S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
          S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
          S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
          S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
          S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          Cognizance   REG_MULTI_SZ      ASChannel
          .
          Contents of the 'Scheduled Tasks' folder

          2010-02-21 c:\windows\Tasks\MP Scheduled Scan.job
          - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
          .
          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://www.hp.com/
          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
          uInternet Settings,ProxyServer = 127.0.0.1:8080
          uSearchAssistant = hxxp://www.google.com/ie
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
          IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
          FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
          FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
          .

          **************************************************************************

          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2010-02-21 01:10
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          HKLM\Software\Microsoft\Windows\CurrentVersion\Run
            LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          - - - - - - - > 'winlogon.exe'(900)
          c:\program files\SUPERAntiSpyware\SASWINLO.dll
          c:\windows\system32\Ati2evxx.dll
          c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
          c:\windows\system32\IfxWlxEN.dll
          c:\program files\HPQ\IAM\Bin\ASChnl.dll
          c:\program files\HPQ\IAM\Bin\ItMsg.dll

          - - - - - - - > 'explorer.exe'(432)
          c:\program files\HPQ\IAM\Bin\SFSShell.dll
          c:\program files\HPQ\IAM\bin\ItMsg.dll
          c:\windows\system32\msi.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          c:\windows\system32\Ati2evxx.exe
          c:\windows\system32\DllHost.exe
          c:\windows\system32\Ati2evxx.exe
          c:\program files\HPQ\IAM\bin\asghost.exe
          c:\windows\system32\msdtc.exe
          c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
          c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          c:\program files\Bonjour\mDNSResponder.exe
          c:\windows\system32\IFXSPMGT.exe
          c:\windows\system32\IFXTCS.exe
          c:\program files\Common Files\LightScribe\LSSrvc.exe
          c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
          c:\progra~1\AVG\AVG8\avgrsx.exe
          c:\progra~1\AVG\AVG8\avgnsx.exe
          c:\windows\system32\wdfmgr.exe
          c:\windows\system32\mqsvc.exe
          c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
          c:\windows\system32\mqtgsvc.exe
          c:\windows\system32\wscntfy.exe
          c:\program files\iPod\bin\iPodService.exe
          c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
          c:\program files\Common Files\Teleca Shared\Generic.exe
          c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
          .
          **************************************************************************
          .
          Completion time: 2010-02-21  01:15:42 - machine was rebooted
          ComboFix-quarantined-files.txt  2010-02-21 01:15
          ComboFix2.txt  2010-02-21 00:31
          ComboFix3.txt  2010-02-18 00:47

          Pre-Run: 17,696,894,976 bytes free
          Post-Run: 17,673,748,480 bytes free

          - - End Of File - - 464D16A82B2D35E9C2BCA84967086EA8
          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: Your system is infected! (Please help if you can)
          « Reply #82 on: February 20, 2010, 06:24:53 PM »
          Quote
          After re-booting, the IE icon was back on my desktop and IE had made itself the default brower, even though it was definitely set to Firefox before the re-boot! Is this anything to be concerned about?

          ComboFix sets IE as the default but I don't know why the icon keeps coming back. I don't think I've ever seen that before.

          Let's see if it might be something malicious.


          ESET Online Scan

          Scan your computer with the ESET FREE Online Virus Scan

          * Click the ESET Online Scanner button.

          * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
          * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
          * Place a check mark next to YES, I accept the Terms of Use.

          * Click the Start button.
          * Accept any security warnings from your browser.
          * Leave the check mark next to Remove found threats and place a check next to Scan archives.
          * Click the Start button.
          * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
          * When the scan completes, click List of found threats.
          * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
          * Click the <<Back button then click Finish.

          In your next reply please include the ESET Online Scan Log
          Logged

          KayleyBug

            Topic Starter


            Beginner

            Re: Your system is infected! (Please help if you can)
            « Reply #83 on: February 20, 2010, 06:52:35 PM »
            ESET is running successfully (unlike last time I tried it, quite a few posts ago by now!).

            As it's almost 2am here and it looks like the scan's going to take another hour at least, I'm going to set my laptop to hibernate in 3 hours and get the results to you tomorrow morning (about 4am your time).

            Thank you so much for all your help and patience so far  :)
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Your system is infected! (Please help if you can)
            « Reply #84 on: February 20, 2010, 06:54:47 PM »
            Glad it's running. Things went horribly wrong with the other scanner we used...  :-\

            Post the log whenever you get the time.

            See you then.
            Logged

            KayleyBug

              Topic Starter


              Beginner

              Re: Your system is infected! (Please help if you can)
              « Reply #85 on: February 21, 2010, 03:07:55 AM »
              Good morning! ESET scanned 100597 files in 1 hour 42 mins - No threats found.

              I'm going to update AVG and JAVA, then install OnlineArmor. If that goes well, I'll create a restore point and then get SP3, so I can just do a system restore if I get internet problems with it again.

              I'll make sure everything's definitely sorted before de-fragmenting, here's a new Hijackthis log just to be safe :)

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 10:07:40, on 21/02/2010
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16674)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Windows Defender\MsMpEng.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\Program Files\HPQ\IAM\bin\asghost.exe
              C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\WINDOWS\System32\svchost.exe
              C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\WINDOWS\system32\IFXSPMGT.exe
              C:\WINDOWS\system32\IFXTCS.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
              C:\PROGRA~1\AVG\AVG8\avgrsx.exe
              C:\PROGRA~1\AVG\AVG8\avgnsx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\mqsvc.exe
              C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
              C:\WINDOWS\system32\mqtgsvc.exe
              C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
              C:\WINDOWS\UMStor\Res.EXE
              C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\PROGRA~1\AVG\AVG8\avgtray.exe
              C:\Program Files\Windows Defender\MSASCui.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Teleca Shared\Generic.exe
              C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\WINDOWS\explorer.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\WINDOWS\system32\lxcfcoms.exe
              C:\Program Files\AVG\AVG8\avgupd.exe
              C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
              O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
              O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
              O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
              O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
              O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
              O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
              O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
              O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
              O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
              O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
              O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
              O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
              O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
              O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
              O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
              O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
              O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
              O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
              O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
              O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
              O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
              O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
              O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
              O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
              O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
              O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe
              O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
              O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

              --
              End of file - 10661 bytes
              Logged

              KayleyBug

                Topic Starter


                Beginner

                Re: Your system is infected! (Please help if you can)
                « Reply #86 on: February 21, 2010, 05:37:01 AM »
                I got as far as installing Online Armor, there are lots of 'unknown' programs its asking me to allow/block, however there is one 'untrusted' that I'm unable to find information about -

                ACQTMAPP.exe (which is named Tilt Mouse Program.)

                Should I block this?
                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: Your system is infected! (Please help if you can)
                « Reply #87 on: February 21, 2010, 11:15:45 AM »
                Logged

                KayleyBug

                  Topic Starter


                  Beginner

                  Re: Your system is infected! (Please help if you can)
                  « Reply #88 on: February 21, 2010, 04:06:03 PM »
                  I've installed SP3 and 85 other Microsoft updates (and turned on automatic updates, so the next instalment should be much smaller!!)

                  Updated AVG and Java, and got OnlineArmor set up.

                  Here's a new HijackThis log, incase there's anything still lurking around.

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 23:01:31, on 21/02/2010
                  Platform: Windows XP SP3 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16981)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Windows Defender\MsMpEng.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Tall Emu\Online Armor\OAcat.exe
                  C:\Program Files\Tall Emu\Online Armor\oasrv.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\Program Files\HPQ\IAM\bin\asghost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\WINDOWS\system32\IFXSPMGT.exe
                  C:\WINDOWS\system32\IFXTCS.exe
                  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
                  C:\Program Files\Java\jre6\bin\jqs.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                  C:\WINDOWS\UMStor\Res.EXE
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\WINDOWS\system32\mqsvc.exe
                  C:\PROGRA~1\AVG\AVG8\avgtray.exe
                  C:\Program Files\Windows Defender\MSASCui.exe
                  C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                  C:\Program Files\Common Files\Java\Java Update\jusched.exe
                  C:\Program Files\Tall Emu\Online Armor\oaui.exe
                  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
                  C:\Program Files\Common Files\Teleca Shared\Generic.exe
                  C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                  C:\Program Files\Mozilla Firefox\firefox.exe
                  C:\Program Files\Windows Live\Contacts\wlcomm.exe
                  C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
                  C:\WINDOWS\system32\wuauclt.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
                  O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
                  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
                  O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                  O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                  O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
                  O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                  O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
                  O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                  O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
                  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                  O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
                  O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
                  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
                  O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
                  O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                  O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
                  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                  O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                  O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
                  O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
                  O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266759427500
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266760712406
                  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
                  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                  O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
                  O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                  O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
                  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                  O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
                  O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
                  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe
                  O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
                  O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
                  O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                  O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

                  --
                  End of file - 12175 bytes
                  Logged

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                  • Calm like a bomb
                    • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: Your system is infected! (Please help if you can)
                  « Reply #89 on: February 21, 2010, 04:22:19 PM »
                  Looks okay. You can cut down on some of your unnecessary startups.


                  Download StartUp 1.3

                  * Open StartUp 1.3 and you will see a list of your startups.
                  * Right click any startup you do not want and choose Remove
                  * Once complete choose Apply then Exit

                  ----------

                  If you don't use Voice Input you can turn that off. What is CTFMON.EXE and How Can I Remove It

                  ----------

                  Also this.

                  Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

                  Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

                  Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

                  Exit out of MessengerDisable then delete the two files that were put on the desktop.
                  Logged
                  Pages: 1 ... 4 5 [6] 7  All   Go Up
                  « previous next »