Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] The most stubborn virus EVER!

Started by anton123 , Nov 14 2007 02:15 PM

  • This topic is locked This topic is locked
20 replies to this topic

#1 anton123

anton123

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 14 November 2007 - 02:15 PM

Hi there, I desperately need help!!!!

Let me start off with thanking you guys for this forum. My laptop is infected with a spyware type virus and I get the constant system balloon security alert pop-ups, IE browsers open up on weird pages (like www.brandarama.com , www.smileycentral.com ), I also get two shortcuts on my desktop: “Live Safety Center” and “Online Security Guide” with suspect urls.

I have been struggling for 4 days to get rid of this virus with no joy!!

The names of viruses mentioned by the fake system alerts are:

W32.myzor.fk@yf
Spyware-cyberlog-x
Networm i.virus@fp
Trojan-spy.win32.mx
Trojan-downloader.win32.agent.erf
PSW.X-vir Trojan


I’ve done everything I’ve read on forums and websites and NOTHING has worked:

I’ve turned off system restore, rebooted in Safe mode. Run fully updated antivirus (Kaspersky 7.0) and anti spywares: AVG antispyware 7.5 plus SUPERantispyware. I’ve also run ASmitfraudFix after these and rebooted………..

The popup system warning always returns after I reboot – especially when opening a browser.

Every now and again Kapersky detects another virus trying to access called: Trojan.win32.obfuscated.kp and then the trouble usually starts all over again.

I’ve also tried both VundoFix and VirtumundoBeGone which seemed to work for about 10 minutes until the above Kapersky warning comes up and the popup warnings and Browser popups start again.

Additionally, no matter what I do – there are always a few suspect IE add-ons that are enabled after I’ve rebooted, like: urqno.dll, sttxjykt.dll and owvojwwn.dll and the two shortcuts appear on my desktop again: “Live Safety Center” and “Online Security Guide”

If anyone can advise on how to get rid of this thing for good – I will be forever grateful!!

Thanks

Anton

See below my latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:12:40, on 14/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anton\Desktop\spybotsd15.exe
C:\DOCUME~1\Anton\LOCALS~1\Temp\is-J33JC.tmp\is-UD2DC.tmp
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\ypuhdshr.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D78A853-2EA2-45A1-B621-C98FF625398F}: NameServer = 196.207.35.29 196.207.35.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\chkfxbli.exe (file missing)
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)

    Advertisements

Register to Remove

#2 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 19 November 2007 - 01:17 PM

Hi and sorry for the delay in getting to your post. If you still need help I would recommend you do the following.

Please download SDFix and save it to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the SDFix folder and double click on RunThis.bat to start the script.
  • Type Y and press Enter to begin the script.
  • It will start cleaning your PC and then prompt you to press any key to Reboot.
  • Press any key to restart the PC.
  • Your system will take longer than normal to restart as the fixtool will be removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished.
  • Press any key to end the script and to load your desktop icons.
  • A text file should automatically open, so please copy the contents and post them here. We also need you to post a new HijackThis log

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#3 anton123

anton123

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 20 November 2007 - 12:22 AM

Hi there! Thanks a lot!

OK see below the logs - After I ran SDFIX and connected to the internet to post this message, I got another browser window popup trying to sell porn again - I checked the IE add-onns and the following .dll are there: urqno.dll and rqldxyih.dll - they always come in after reboot although I've disbled them?

Here goes: (Thanks again)



SDFix: Version 1.115

Run by Anton on 20/11/2007 at 07:47

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Temp\1cb\syscheck.log - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\TFTP1760 - Deleted



Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\WinAble - Removed
Folder C:\Temp\1cb - Removed
Folder C:\WINDOWS\system32\m2 - Removed
Folder C:\WINDOWS\system32\o1 - Removed
Folder C:\WINDOWS\system32\v4 - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-20 07:59:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys1641d1a845]
"001b9841a51b"=hex:8c,f2,83,00,39,71,92,3a,99,d6,30,28,1b,5a,91,b6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys1641d1a845]
"001b9841a51b"=hex:8c,f2,83,00,39,71,92,3a,99,d6,30,28,1b,5a,91,b6

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{499999E0-1726-3FDD-D54E-884DCD42CB67}]
"iamnmgpjejfgpbiakb"=hex:6b,61,6a,6b,67,65,63,64,61,65,6b,6d,65,63,65,67,66,6c,61,67,70,..
"hagocmpjdmlolpoc"=hex:6b,61,6a,6b,67,65,63,64,61,65,6b,6d,65,63,65,67,66,6c,61,67,70,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\eMule\\LinkCreator.exe"="C:\\Program Files\\eMule\\LinkCreator.exe:*:Disabled:LinkCreator"
"C:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"="C:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe:*:Enabled:FreeHand 10"
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\CoreFTP\\coreftp.exe"="C:\\Program Files\\CoreFTP\\coreftp.exe:*:Enabled:Core FTP App"
"C:\\Program Files\\FreeFTP\\FreeFTP.exe"="C:\\Program Files\\FreeFTP\\FreeFTP.exe:*:Enabled:FreeFTP (Internet File Transfer Program)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\chkfxbli.exe"="C:\\WINDOWS\\system32\\chk"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 19 Nov 2007 343,040 ...H. --- "C:\Anton\Canvas\~WRL0338.tmp"
Mon 19 Nov 2007 342,016 ...H. --- "C:\Anton\Canvas\~WRL0762.tmp"
Mon 19 Nov 2007 342,528 ...H. --- "C:\Anton\Canvas\~WRL1249.tmp"
Mon 19 Nov 2007 891,904 ...H. --- "C:\Anton\Canvas\~WRL1605.tmp"
Mon 19 Nov 2007 342,528 ...H. --- "C:\Anton\Canvas\~WRL1723.tmp"
Thu 15 Nov 2007 340,992 ...H. --- "C:\Anton\Canvas\~WRL1802.tmp"
Wed 7 Nov 2007 891,904 ...H. --- "C:\Anton\Canvas\~WRL2328.tmp"
Mon 19 Nov 2007 343,040 ...H. --- "C:\Anton\Canvas\~WRL2593.tmp"
Mon 19 Nov 2007 342,528 ...H. --- "C:\Anton\Canvas\~WRL3490.tmp"
Mon 19 Nov 2007 893,440 ...H. --- "C:\Anton\Canvas\~WRL4067.tmp"
Mon 5 Feb 2007 59,904 ...H. --- "C:\Anton\STUFF\~WRL0004.tmp"
Wed 21 Feb 2007 298,496 ...H. --- "C:\Anton\STUFF\~WRL0010.tmp"
Wed 6 Jun 2007 56,832 ...H. --- "C:\Anton\STUFF\~WRL0023.tmp"
Wed 21 Feb 2007 306,176 ...H. --- "C:\Anton\STUFF\~WRL0031.tmp"
Wed 21 Feb 2007 306,176 ...H. --- "C:\Anton\STUFF\~WRL0037.tmp"
Wed 21 Feb 2007 305,152 ...H. --- "C:\Anton\STUFF\~WRL0051.tmp"
Wed 21 Feb 2007 305,152 ...H. --- "C:\Anton\STUFF\~WRL0080.tmp"
Tue 21 Aug 2007 30,720 ...H. --- "C:\Anton\STUFF\~WRL0084.tmp"
Wed 14 Mar 2007 24,064 ...H. --- "C:\Anton\STUFF\~WRL0095.tmp"
Mon 29 Jan 2007 1,462,272 ...H. --- "C:\Anton\STUFF\~WRL0097.tmp"
Wed 21 Feb 2007 303,104 ...H. --- "C:\Anton\STUFF\~WRL0102.tmp"
Mon 29 Jan 2007 20,992 ...H. --- "C:\Anton\STUFF\~WRL0120.tmp"
Wed 7 Feb 2007 66,048 ...H. --- "C:\Anton\STUFF\~WRL0148.tmp"
Wed 21 Feb 2007 307,712 ...H. --- "C:\Anton\STUFF\~WRL0149.tmp"
Mon 29 Jan 2007 36,864 ...H. --- "C:\Anton\STUFF\~WRL0175.tmp"
Wed 14 Feb 2007 95,744 ...H. --- "C:\Anton\STUFF\~WRL0187.tmp"
Wed 21 Feb 2007 307,712 ...H. --- "C:\Anton\STUFF\~WRL0188.tmp"
Tue 13 Mar 2007 353,280 ...H. --- "C:\Anton\STUFF\~WRL0214.tmp"
Mon 29 Jan 2007 33,792 ...H. --- "C:\Anton\STUFF\~WRL0224.tmp"
Wed 21 Feb 2007 310,784 ...H. --- "C:\Anton\STUFF\~WRL0225.tmp"
Mon 29 Jan 2007 1,463,808 ...H. --- "C:\Anton\STUFF\~WRL0233.tmp"
Wed 7 Feb 2007 62,464 ...H. --- "C:\Anton\STUFF\~WRL0236.tmp"
Wed 21 Feb 2007 304,128 ...H. --- "C:\Anton\STUFF\~WRL0243.tmp"
Mon 29 Jan 2007 22,016 ...H. --- "C:\Anton\STUFF\~WRL0249.tmp"
Mon 29 Jan 2007 32,768 ...H. --- "C:\Anton\STUFF\~WRL0269.tmp"
Wed 21 Feb 2007 310,784 ...H. --- "C:\Anton\STUFF\~WRL0280.tmp"
Thu 15 Mar 2007 362,496 ...H. --- "C:\Anton\STUFF\~WRL0281.tmp"
Mon 29 Jan 2007 1,462,784 ...H. --- "C:\Anton\STUFF\~WRL0310.tmp"
Wed 6 Jun 2007 56,320 ...H. --- "C:\Anton\STUFF\~WRL0334.tmp"
Thu 26 Jul 2007 71,168 ...H. --- "C:\Anton\STUFF\~WRL0353.tmp"
Wed 14 Mar 2007 355,840 ...H. --- "C:\Anton\STUFF\~WRL0365.tmp"
Mon 29 Jan 2007 1,260,544 ...H. --- "C:\Anton\STUFF\~WRL0368.tmp"
Wed 14 Mar 2007 28,160 ...H. --- "C:\Anton\STUFF\~WRL0401.tmp"
Wed 14 Mar 2007 358,912 ...H. --- "C:\Anton\STUFF\~WRL0428.tmp"
Mon 29 Jan 2007 1,462,272 ...H. --- "C:\Anton\STUFF\~WRL0447.tmp"
Tue 25 Sep 2007 32,768 ...H. --- "C:\Anton\STUFF\~WRL0498.tmp"
Mon 29 Jan 2007 1,262,592 ...H. --- "C:\Anton\STUFF\~WRL0504.tmp"
Tue 13 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL0572.tmp"
Wed 14 Feb 2007 253,952 ...H. --- "C:\Anton\STUFF\~WRL0610.tmp"
Wed 21 Feb 2007 309,248 ...H. --- "C:\Anton\STUFF\~WRL0611.tmp"
Wed 14 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL0626.tmp"
Mon 19 Mar 2007 362,496 ...H. --- "C:\Anton\STUFF\~WRL0670.tmp"
Tue 6 Mar 2007 330,752 ...H. --- "C:\Anton\STUFF\~WRL0671.tmp"
Wed 14 Mar 2007 27,136 ...H. --- "C:\Anton\STUFF\~WRL0680.tmp"
Wed 7 Feb 2007 63,488 ...H. --- "C:\Anton\STUFF\~WRL0681.tmp"
Wed 14 Feb 2007 255,488 ...H. --- "C:\Anton\STUFF\~WRL0708.tmp"
Wed 6 Jun 2007 57,856 ...H. --- "C:\Anton\STUFF\~WRL0712.tmp"
Mon 29 Jan 2007 20,480 ...H. --- "C:\Anton\STUFF\~WRL0715.tmp"
Mon 29 Jan 2007 35,328 ...H. --- "C:\Anton\STUFF\~WRL0717.tmp"
Wed 14 Feb 2007 254,976 ...H. --- "C:\Anton\STUFF\~WRL0718.tmp"
Wed 21 Feb 2007 298,496 ...H. --- "C:\Anton\STUFF\~WRL0723.tmp"
Wed 14 Feb 2007 255,488 ...H. --- "C:\Anton\STUFF\~WRL0748.tmp"
Wed 21 Feb 2007 306,176 ...H. --- "C:\Anton\STUFF\~WRL0766.tmp"
Thu 26 Jul 2007 72,704 ...H. --- "C:\Anton\STUFF\~WRL0771.tmp"
Wed 21 Feb 2007 300,032 ...H. --- "C:\Anton\STUFF\~WRL0795.tmp"
Wed 21 Feb 2007 306,176 ...H. --- "C:\Anton\STUFF\~WRL0805.tmp"
Wed 14 Mar 2007 356,352 ...H. --- "C:\Anton\STUFF\~WRL0813.tmp"
Wed 14 Feb 2007 251,904 ...H. --- "C:\Anton\STUFF\~WRL0821.tmp"
Mon 29 Jan 2007 35,328 ...H. --- "C:\Anton\STUFF\~WRL0824.tmp"
Wed 14 Mar 2007 29,184 ...H. --- "C:\Anton\STUFF\~WRL0835.tmp"
Wed 21 Feb 2007 296,960 ...H. --- "C:\Anton\STUFF\~WRL0851.tmp"
Mon 2 Jul 2007 24,064 ...H. --- "C:\Anton\STUFF\~WRL0873.tmp"
Mon 29 Jan 2007 33,792 ...H. --- "C:\Anton\STUFF\~WRL0892.tmp"
Mon 2 Jul 2007 28,672 ...H. --- "C:\Anton\STUFF\~WRL0897.tmp"
Tue 27 Feb 2007 329,728 ...H. --- "C:\Anton\STUFF\~WRL0899.tmp"
Wed 6 Jun 2007 57,344 ...H. --- "C:\Anton\STUFF\~WRL0935.tmp"
Thu 7 Jun 2007 24,576 ...H. --- "C:\Anton\STUFF\~WRL0939.tmp"
Mon 29 Jan 2007 1,260,544 ...H. --- "C:\Anton\STUFF\~WRL0959.tmp"
Thu 6 Sep 2007 82,944 ...H. --- "C:\Anton\STUFF\~WRL1008.tmp"
Fri 17 Aug 2007 3,661,312 ...H. --- "C:\Anton\STUFF\~WRL1024.tmp"
Wed 21 Feb 2007 296,960 ...H. --- "C:\Anton\STUFF\~WRL1026.tmp"
Wed 21 Feb 2007 311,808 ...H. --- "C:\Anton\STUFF\~WRL1033.tmp"
Wed 14 Feb 2007 253,952 ...H. --- "C:\Anton\STUFF\~WRL1036.tmp"
Thu 26 Jul 2007 73,216 ...H. --- "C:\Anton\STUFF\~WRL1040.tmp"
Wed 14 Mar 2007 29,184 ...H. --- "C:\Anton\STUFF\~WRL1046.tmp"
Mon 19 Mar 2007 363,008 ...H. --- "C:\Anton\STUFF\~WRL1053.tmp"
Mon 23 Apr 2007 147,456 ...H. --- "C:\Anton\STUFF\~WRL1070.tmp"
Thu 6 Sep 2007 447,488 ...H. --- "C:\Anton\STUFF\~WRL1071.tmp"
Wed 6 Jun 2007 57,856 ...H. --- "C:\Anton\STUFF\~WRL1079.tmp"
Thu 16 Aug 2007 1,360,896 ...H. --- "C:\Anton\STUFF\~WRL1086.tmp"
Wed 21 Feb 2007 303,104 ...H. --- "C:\Anton\STUFF\~WRL1087.tmp"
Wed 14 Feb 2007 256,512 ...H. --- "C:\Anton\STUFF\~WRL1100.tmp"
Wed 21 Feb 2007 305,152 ...H. --- "C:\Anton\STUFF\~WRL1104.tmp"
Mon 29 Jan 2007 35,328 ...H. --- "C:\Anton\STUFF\~WRL1163.tmp"
Wed 21 Feb 2007 305,152 ...H. --- "C:\Anton\STUFF\~WRL1164.tmp"
Mon 29 Jan 2007 1,262,080 ...H. --- "C:\Anton\STUFF\~WRL1175.tmp"
Wed 14 Feb 2007 91,136 ...H. --- "C:\Anton\STUFF\~WRL1179.tmp"
Wed 14 Mar 2007 29,696 ...H. --- "C:\Anton\STUFF\~WRL1198.tmp"
Mon 29 Jan 2007 46,080 ...H. --- "C:\Anton\STUFF\~WRL1206.tmp"
Wed 24 Jan 2007 25,088 ...H. --- "C:\Anton\STUFF\~WRL1207.tmp"
Thu 25 Jan 2007 52,224 ...H. --- "C:\Anton\STUFF\~WRL1213.tmp"
Wed 14 Mar 2007 30,208 ...H. --- "C:\Anton\STUFF\~WRL1225.tmp"
Wed 14 Feb 2007 89,600 ...H. --- "C:\Anton\STUFF\~WRL1229.tmp"
Wed 6 Jun 2007 57,344 ...H. --- "C:\Anton\STUFF\~WRL1237.tmp"
Wed 21 Feb 2007 309,248 ...H. --- "C:\Anton\STUFF\~WRL1252.tmp"
Mon 2 Jul 2007 24,064 ...H. --- "C:\Anton\STUFF\~WRL1255.tmp"
Mon 12 Feb 2007 85,504 ...H. --- "C:\Anton\STUFF\~WRL1263.tmp"
Tue 20 Feb 2007 295,424 ...H. --- "C:\Anton\STUFF\~WRL1264.tmp"
Wed 6 Jun 2007 57,856 ...H. --- "C:\Anton\STUFF\~WRL1274.tmp"
Wed 21 Feb 2007 306,176 ...H. --- "C:\Anton\STUFF\~WRL1295.tmp"
Wed 14 Mar 2007 30,208 ...H. --- "C:\Anton\STUFF\~WRL1296.tmp"
Wed 21 Feb 2007 305,664 ...H. --- "C:\Anton\STUFF\~WRL1317.tmp"
Wed 14 Feb 2007 95,744 ...H. --- "C:\Anton\STUFF\~WRL1327.tmp"
Thu 22 Mar 2007 373,760 ...H. --- "C:\Anton\STUFF\~WRL1339.tmp"
Wed 14 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL1340.tmp"
Wed 14 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL1365.tmp"
Wed 7 Feb 2007 64,512 ...H. --- "C:\Anton\STUFF\~WRL1381.tmp"
Wed 14 Feb 2007 252,928 ...H. --- "C:\Anton\STUFF\~WRL1384.tmp"
Wed 14 Mar 2007 26,112 ...H. --- "C:\Anton\STUFF\~WRL1389.tmp"
Wed 14 Mar 2007 29,184 ...H. --- "C:\Anton\STUFF\~WRL1419.tmp"
Tue 7 Aug 2007 68,096 ...H. --- "C:\Anton\STUFF\~WRL1427.tmp"
Wed 14 Mar 2007 357,888 ...H. --- "C:\Anton\STUFF\~WRL1429.tmp"
Tue 4 Sep 2007 41,984 ...H. --- "C:\Anton\STUFF\~WRL1445.tmp"
Wed 14 Mar 2007 359,424 ...H. --- "C:\Anton\STUFF\~WRL1462.tmp"
Mon 29 Jan 2007 37,376 ...H. --- "C:\Anton\STUFF\~WRL1489.tmp"
Wed 14 Mar 2007 357,376 ...H. --- "C:\Anton\STUFF\~WRL1494.tmp"
Tue 6 Mar 2007 331,264 ...H. --- "C:\Anton\STUFF\~WRL1502.tmp"
Thu 26 Jul 2007 72,192 ...H. --- "C:\Anton\STUFF\~WRL1506.tmp"
Thu 26 Jul 2007 69,120 ...H. --- "C:\Anton\STUFF\~WRL1519.tmp"
Wed 14 Mar 2007 29,696 ...H. --- "C:\Anton\STUFF\~WRL1521.tmp"
Wed 21 Feb 2007 303,616 ...H. --- "C:\Anton\STUFF\~WRL1538.tmp"
Wed 7 Feb 2007 67,072 ...H. --- "C:\Anton\STUFF\~WRL1539.tmp"
Wed 21 Feb 2007 315,904 ...H. --- "C:\Anton\STUFF\~WRL1566.tmp"
Wed 6 Jun 2007 57,856 ...H. --- "C:\Anton\STUFF\~WRL1578.tmp"
Wed 14 Mar 2007 30,208 ...H. --- "C:\Anton\STUFF\~WRL1606.tmp"
Wed 21 Feb 2007 315,904 ...H. --- "C:\Anton\STUFF\~WRL1608.tmp"
Wed 14 Feb 2007 252,416 ...H. --- "C:\Anton\STUFF\~WRL1614.tmp"
Wed 14 Mar 2007 25,600 ...H. --- "C:\Anton\STUFF\~WRL1680.tmp"
Fri 23 Mar 2007 376,320 ...H. --- "C:\Anton\STUFF\~WRL1687.tmp"
Wed 14 Mar 2007 359,424 ...H. --- "C:\Anton\STUFF\~WRL1688.tmp"
Thu 6 Sep 2007 447,488 ...H. --- "C:\Anton\STUFF\~WRL1715.tmp"
Wed 21 Feb 2007 296,960 ...H. --- "C:\Anton\STUFF\~WRL1774.tmp"
Wed 14 Feb 2007 253,952 ...H. --- "C:\Anton\STUFF\~WRL1795.tmp"
Wed 6 Jun 2007 57,344 ...H. --- "C:\Anton\STUFF\~WRL1814.tmp"
Thu 6 Sep 2007 446,464 ...H. --- "C:\Anton\STUFF\~WRL1834.tmp"
Mon 2 Jul 2007 24,576 ...H. --- "C:\Anton\STUFF\~WRL1842.tmp"
Wed 14 Feb 2007 253,952 ...H. --- "C:\Anton\STUFF\~WRL1846.tmp"
Wed 14 Mar 2007 28,160 ...H. --- "C:\Anton\STUFF\~WRL1851.tmp"
Mon 29 Jan 2007 1,464,832 ...H. --- "C:\Anton\STUFF\~WRL1878.tmp"
Mon 26 Mar 2007 29,184 ...H. --- "C:\Anton\STUFF\~WRL1883.tmp"
Wed 21 Feb 2007 306,688 ...H. --- "C:\Anton\STUFF\~WRL1896.tmp"
Mon 29 Jan 2007 1,463,808 ...H. --- "C:\Anton\STUFF\~WRL1897.tmp"
Wed 6 Jun 2007 56,832 ...H. --- "C:\Anton\STUFF\~WRL1940.tmp"
Wed 7 Feb 2007 67,072 ...H. --- "C:\Anton\STUFF\~WRL1953.tmp"
Tue 4 Sep 2007 35,328 ...H. --- "C:\Anton\STUFF\~WRL1969.tmp"
Wed 7 Feb 2007 64,512 ...H. --- "C:\Anton\STUFF\~WRL1974.tmp"
Mon 29 Jan 2007 1,460,736 ...H. --- "C:\Anton\STUFF\~WRL1982.tmp"
Thu 26 Jul 2007 70,144 ...H. --- "C:\Anton\STUFF\~WRL1987.tmp"
Mon 19 Mar 2007 363,520 ...H. --- "C:\Anton\STUFF\~WRL2013.tmp"
Wed 6 Jun 2007 57,856 ...H. --- "C:\Anton\STUFF\~WRL2014.tmp"
Wed 14 Feb 2007 254,464 ...H. --- "C:\Anton\STUFF\~WRL2025.tmp"
Mon 26 Mar 2007 29,184 ...H. --- "C:\Anton\STUFF\~WRL2045.tmp"
Mon 29 Jan 2007 1,463,808 ...H. --- "C:\Anton\STUFF\~WRL2091.tmp"
Wed 14 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL2102.tmp"
Mon 19 Mar 2007 364,032 ...H. --- "C:\Anton\STUFF\~WRL2128.tmp"
Wed 14 Feb 2007 253,952 ...H. --- "C:\Anton\STUFF\~WRL2133.tmp"
Wed 14 Feb 2007 254,976 ...H. --- "C:\Anton\STUFF\~WRL2135.tmp"
Wed 14 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL2140.tmp"
Wed 14 Mar 2007 359,936 ...H. --- "C:\Anton\STUFF\~WRL2187.tmp"
Wed 21 Feb 2007 307,712 ...H. --- "C:\Anton\STUFF\~WRL2203.tmp"
Mon 29 Jan 2007 1,463,808 ...H. --- "C:\Anton\STUFF\~WRL2241.tmp"
Mon 29 Jan 2007 32,256 ...H. --- "C:\Anton\STUFF\~WRL2246.tmp"
Tue 23 Jan 2007 19,968 ...H. --- "C:\Anton\STUFF\~WRL2291.tmp"
Wed 6 Jun 2007 56,832 ...H. --- "C:\Anton\STUFF\~WRL2322.tmp"
Tue 4 Sep 2007 37,888 ...H. --- "C:\Anton\STUFF\~WRL2340.tmp"
Wed 14 Feb 2007 252,928 ...H. --- "C:\Anton\STUFF\~WRL2364.tmp"
Wed 6 Jun 2007 57,856 ...H. --- "C:\Anton\STUFF\~WRL2390.tmp"
Mon 29 Jan 2007 1,463,808 ...H. --- "C:\Anton\STUFF\~WRL2408.tmp"
Wed 14 Mar 2007 355,328 ...H. --- "C:\Anton\STUFF\~WRL2428.tmp"
Fri 17 Aug 2007 3,291,136 ...H. --- "C:\Anton\STUFF\~WRL2445.tmp"
Wed 14 Feb 2007 254,976 ...H. --- "C:\Anton\STUFF\~WRL2454.tmp"
Wed 14 Feb 2007 89,088 ...H. --- "C:\Anton\STUFF\~WRL2472.tmp"
Wed 21 Feb 2007 310,784 ...H. --- "C:\Anton\STUFF\~WRL2486.tmp"
Wed 14 Feb 2007 254,976 ...H. --- "C:\Anton\STUFF\~WRL2497.tmp"
Mon 29 Jan 2007 1,260,544 ...H. --- "C:\Anton\STUFF\~WRL2499.tmp"
Tue 4 Sep 2007 41,984 ...H. --- "C:\Anton\STUFF\~WRL2527.tmp"
Wed 14 Mar 2007 24,064 ...H. --- "C:\Anton\STUFF\~WRL2540.tmp"
Wed 21 Feb 2007 305,152 ...H. --- "C:\Anton\STUFF\~WRL2541.tmp"
Fri 17 Aug 2007 1,749,504 ...H. --- "C:\Anton\STUFF\~WRL2542.tmp"
Wed 25 Jul 2007 68,608 ...H. --- "C:\Anton\STUFF\~WRL2562.tmp"
Wed 14 Feb 2007 254,976 ...H. --- "C:\Anton\STUFF\~WRL2566.tmp"
Mon 29 Jan 2007 19,968 ...H. --- "C:\Anton\STUFF\~WRL2589.tmp"
Thu 26 Jul 2007 70,656 ...H. --- "C:\Anton\STUFF\~WRL2592.tmp"
Mon 29 Jan 2007 101,888 ...H. --- "C:\Anton\STUFF\~WRL2626.tmp"
Mon 29 Jan 2007 1,262,080 ...H. --- "C:\Anton\STUFF\~WRL2642.tmp"
Wed 21 Feb 2007 295,936 ...H. --- "C:\Anton\STUFF\~WRL2643.tmp"
Mon 29 Jan 2007 1,463,808 ...H. --- "C:\Anton\STUFF\~WRL2664.tmp"
Tue 4 Sep 2007 38,912 ...H. --- "C:\Anton\STUFF\~WRL2667.tmp"
Tue 6 Mar 2007 330,752 ...H. --- "C:\Anton\STUFF\~WRL2681.tmp"
Wed 14 Mar 2007 25,600 ...H. --- "C:\Anton\STUFF\~WRL2684.tmp"
Wed 7 Feb 2007 67,072 ...H. --- "C:\Anton\STUFF\~WRL2690.tmp"
Wed 6 Jun 2007 55,296 ...H. --- "C:\Anton\STUFF\~WRL2707.tmp"
Mon 29 Jan 2007 38,400 ...H. --- "C:\Anton\STUFF\~WRL2722.tmp"
Mon 29 Jan 2007 34,304 ...H. --- "C:\Anton\STUFF\~WRL2739.tmp"
Wed 14 Mar 2007 25,088 ...H. --- "C:\Anton\STUFF\~WRL2809.tmp"
Wed 21 Feb 2007 296,960 ...H. --- "C:\Anton\STUFF\~WRL2820.tmp"
Mon 19 Mar 2007 362,496 ...H. --- "C:\Anton\STUFF\~WRL2823.tmp"
Mon 29 Jan 2007 20,992 ...H. --- "C:\Anton\STUFF\~WRL2841.tmp"
Wed 14 Feb 2007 95,744 ...H. --- "C:\Anton\STUFF\~WRL2843.tmp"
Wed 21 Feb 2007 303,104 ...H. --- "C:\Anton\STUFF\~WRL2846.tmp"
Thu 6 Sep 2007 450,048 ...H. --- "C:\Anton\STUFF\~WRL2851.tmp"
Mon 29 Jan 2007 30,720 ...H. --- "C:\Anton\STUFF\~WRL2878.tmp"
Mon 29 Jan 2007 39,424 ...H. --- "C:\Anton\STUFF\~WRL2886.tmp"
Mon 2 Jul 2007 27,648 ...H. --- "C:\Anton\STUFF\~WRL2891.tmp"
Wed 14 Feb 2007 254,976 ...H. --- "C:\Anton\STUFF\~WRL2922.tmp"
Wed 14 Feb 2007 254,976 ...H. --- "C:\Anton\STUFF\~WRL2936.tmp"
Wed 14 Mar 2007 355,840 ...H. --- "C:\Anton\STUFF\~WRL3006.tmp"
Wed 21 Feb 2007 298,496 ...H. --- "C:\Anton\STUFF\~WRL3063.tmp"
Mon 29 Jan 2007 35,328 ...H. --- "C:\Anton\STUFF\~WRL3084.tmp"
Mon 29 Jan 2007 1,259,008 ...H. --- "C:\Anton\STUFF\~WRL3101.tmp"
Mon 29 Jan 2007 1,255,424 ...H. --- "C:\Anton\STUFF\~WRL3120.tmp"
Wed 6 Jun 2007 56,832 ...H. --- "C:\Anton\STUFF\~WRL3135.tmp"
Mon 29 Jan 2007 46,080 ...H. --- "C:\Anton\STUFF\~WRL3161.tmp"
Wed 14 Feb 2007 252,416 ...H. --- "C:\Anton\STUFF\~WRL3162.tmp"
Wed 14 Mar 2007 361,472 ...H. --- "C:\Anton\STUFF\~WRL3163.tmp"
Wed 21 Feb 2007 309,248 ...H. --- "C:\Anton\STUFF\~WRL3170.tmp"
Wed 21 Feb 2007 299,008 ...H. --- "C:\Anton\STUFF\~WRL3180.tmp"
Wed 5 Sep 2007 88,576 ...H. --- "C:\Anton\STUFF\~WRL3201.tmp"
Wed 14 Mar 2007 361,472 ...H. --- "C:\Anton\STUFF\~WRL3203.tmp"
Wed 14 Feb 2007 95,744 ...H. --- "C:\Anton\STUFF\~WRL3233.tmp"
Wed 21 Feb 2007 305,664 ...H. --- "C:\Anton\STUFF\~WRL3238.tmp"
Mon 29 Jan 2007 1,462,784 ...H. --- "C:\Anton\STUFF\~WRL3251.tmp"
Thu 26 Jul 2007 73,216 ...H. --- "C:\Anton\STUFF\~WRL3253.tmp"
Tue 4 Sep 2007 39,424 ...H. --- "C:\Anton\STUFF\~WRL3261.tmp"
Thu 25 Jan 2007 19,968 ...H. --- "C:\Anton\STUFF\~WRL3268.tmp"
Wed 21 Feb 2007 303,104 ...H. --- "C:\Anton\STUFF\~WRL3271.tmp"
Wed 21 Feb 2007 303,104 ...H. --- "C:\Anton\STUFF\~WRL3277.tmp"
Wed 25 Apr 2007 148,992 ...H. --- "C:\Anton\STUFF\~WRL3287.tmp"
Wed 7 Feb 2007 67,072 ...H. --- "C:\Anton\STUFF\~WRL3288.tmp"
Wed 14 Feb 2007 89,600 ...H. --- "C:\Anton\STUFF\~WRL3310.tmp"
Thu 26 Jul 2007 70,144 ...H. --- "C:\Anton\STUFF\~WRL3333.tmp"
Tue 13 Feb 2007 89,088 ...H. --- "C:\Anton\STUFF\~WRL3423.tmp"
Mon 26 Mar 2007 29,184 ...H. --- "C:\Anton\STUFF\~WRL3424.tmp"
Thu 6 Sep 2007 83,968 ...H. --- "C:\Anton\STUFF\~WRL3445.tmp"
Wed 21 Feb 2007 306,688 ...H. --- "C:\Anton\STUFF\~WRL3452.tmp"
Fri 17 Aug 2007 2,373,632 ...H. --- "C:\Anton\STUFF\~WRL3459.tmp"
Wed 21 Feb 2007 296,960 ...H. --- "C:\Anton\STUFF\~WRL3460.tmp"
Mon 29 Jan 2007 45,056 ...H. --- "C:\Anton\STUFF\~WRL3502.tmp"
Mon 29 Jan 2007 1,464,832 ...H. --- "C:\Anton\STUFF\~WRL3519.tmp"
Mon 29 Jan 2007 39,424 ...H. --- "C:\Anton\STUFF\~WRL3520.tmp"
Mon 19 Mar 2007 365,568 ...H. --- "C:\Anton\STUFF\~WRL3521.tmp"
Wed 14 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL3544.tmp"
Mon 29 Jan 2007 1,263,104 ...H. --- "C:\Anton\STUFF\~WRL3553.tmp"
Thu 26 Jul 2007 70,656 ...H. --- "C:\Anton\STUFF\~WRL3556.tmp"
Tue 4 Sep 2007 38,400 ...H. --- "C:\Anton\STUFF\~WRL3581.tmp"
Thu 18 Jan 2007 62,464 ...H. --- "C:\Anton\STUFF\~WRL3587.tmp"
Wed 14 Feb 2007 251,904 ...H. --- "C:\Anton\STUFF\~WRL3599.tmp"
Wed 25 Jul 2007 68,608 ...H. --- "C:\Anton\STUFF\~WRL3604.tmp"
Mon 29 Jan 2007 1,260,544 ...H. --- "C:\Anton\STUFF\~WRL3608.tmp"
Wed 14 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL3618.tmp"
Wed 6 Jun 2007 58,368 ...H. --- "C:\Anton\STUFF\~WRL3623.tmp"
Wed 14 Feb 2007 254,976 ...H. --- "C:\Anton\STUFF\~WRL3624.tmp"
Wed 14 Mar 2007 358,912 ...H. --- "C:\Anton\STUFF\~WRL3632.tmp"
Wed 14 Feb 2007 256,512 ...H. --- "C:\Anton\STUFF\~WRL3692.tmp"
Wed 14 Feb 2007 251,392 ...H. --- "C:\Anton\STUFF\~WRL3698.tmp"
Thu 6 Sep 2007 83,456 ...H. --- "C:\Anton\STUFF\~WRL3701.tmp"
Mon 2 Jul 2007 28,672 ...H. --- "C:\Anton\STUFF\~WRL3714.tmp"
Wed 14 Mar 2007 25,600 ...H. --- "C:\Anton\STUFF\~WRL3725.tmp"
Tue 4 Sep 2007 35,840 ...H. --- "C:\Anton\STUFF\~WRL3726.tmp"
Mon 29 Jan 2007 1,263,104 ...H. --- "C:\Anton\STUFF\~WRL3732.tmp"
Wed 21 Feb 2007 307,200 ...H. --- "C:\Anton\STUFF\~WRL3737.tmp"
Mon 19 Mar 2007 363,520 ...H. --- "C:\Anton\STUFF\~WRL3764.tmp"
Wed 6 Jun 2007 58,880 ...H. --- "C:\Anton\STUFF\~WRL3786.tmp"
Wed 14 Mar 2007 361,472 ...H. --- "C:\Anton\STUFF\~WRL3789.tmp"
Wed 6 Jun 2007 58,368 ...H. --- "C:\Anton\STUFF\~WRL3805.tmp"
Wed 7 Feb 2007 64,512 ...H. --- "C:\Anton\STUFF\~WRL3824.tmp"
Wed 21 Feb 2007 305,152 ...H. --- "C:\Anton\STUFF\~WRL3826.tmp"
Wed 14 Feb 2007 89,600 ...H. --- "C:\Anton\STUFF\~WRL3851.tmp"
Mon 29 Jan 2007 36,864 ...H. --- "C:\Anton\STUFF\~WRL3870.tmp"
Wed 21 Feb 2007 306,176 ...H. --- "C:\Anton\STUFF\~WRL3879.tmp"
Fri 17 Aug 2007 4,176,384 ...H. --- "C:\Anton\STUFF\~WRL3911.tmp"
Mon 29 Jan 2007 38,400 ...H. --- "C:\Anton\STUFF\~WRL3918.tmp"
Wed 21 Feb 2007 299,008 ...H. --- "C:\Anton\STUFF\~WRL3919.tmp"
Wed 21 Feb 2007 298,496 ...H. --- "C:\Anton\STUFF\~WRL3920.tmp"
Thu 22 Mar 2007 64,512 ...H. --- "C:\Anton\STUFF\~WRL3924.tmp"
Wed 14 Mar 2007 354,816 ...H. --- "C:\Anton\STUFF\~WRL3951.tmp"
Wed 14 Mar 2007 357,888 ...H. --- "C:\Anton\STUFF\~WRL3956.tmp"
Wed 21 Feb 2007 309,248 ...H. --- "C:\Anton\STUFF\~WRL3982.tmp"
Thu 6 Sep 2007 443,904 ...H. --- "C:\Anton\STUFF\~WRL4022.tmp"
Thu 26 Jul 2007 73,216 ...H. --- "C:\Anton\STUFF\~WRL4033.tmp"
Thu 6 Sep 2007 84,480 ...H. --- "C:\Anton\STUFF\~WRL4034.tmp"
Wed 14 Feb 2007 91,648 ...H. --- "C:\Anton\STUFF\~WRL4066.tmp"
Wed 21 Feb 2007 305,152 ...H. --- "C:\Anton\STUFF\~WRL4067.tmp"
Mon 29 Jan 2007 38,400 ...H. --- "C:\Anton\STUFF\~WRL4071.tmp"
Wed 14 Feb 2007 95,744 ...H. --- "C:\Anton\STUFF\~WRL4072.tmp"
Thu 1 Feb 2007 111,104 ...H. --- "C:\Anton\Unison Productions\~WRL0001.tmp"
Thu 1 Feb 2007 52,224 ...H. --- "C:\Anton\Unison Productions\~WRL0004.tmp"
Wed 14 Feb 2007 262,656 ...H. --- "C:\Anton\Unison Productions\~WRL0456.tmp"
Wed 14 Feb 2007 261,120 ...H. --- "C:\Anton\Unison Productions\~WRL0638.tmp"
Wed 21 Feb 2007 280,064 ...H. --- "C:\Anton\Unison Productions\~WRL1083.tmp"
Tue 20 Feb 2007 279,552 ...H. --- "C:\Anton\Unison Productions\~WRL1587.tmp"
Wed 14 Feb 2007 262,656 ...H. --- "C:\Anton\Unison Productions\~WRL1838.tmp"
Wed 21 Feb 2007 279,552 ...H. --- "C:\Anton\Unison Productions\~WRL2136.tmp"
Mon 5 Feb 2007 111,104 ...H. --- "C:\Anton\Unison Productions\~WRL2303.tmp"
Tue 13 Feb 2007 261,632 ...H. --- "C:\Anton\Unison Productions\~WRL2846.tmp"
Fri 24 Aug 2007 24,064 ...H. --- "C:\Anton\Unison Productions\~WRL3091.tmp"
Wed 21 Feb 2007 282,112 ...H. --- "C:\Anton\Unison Productions\~WRL3106.tmp"
Mon 5 Feb 2007 111,104 ...H. --- "C:\Anton\Unison Productions\~WRL3534.tmp"
Wed 21 Feb 2007 279,552 ...H. --- "C:\Anton\Unison Productions\~WRL3731.tmp"
Wed 14 Feb 2007 262,144 ...H. --- "C:\Anton\Unison Productions\~WRL4079.tmp"
Wed 4 Aug 2004 16 ...H. --- "C:\WINDOWS\system32\blvw6en.dll"
Wed 14 Nov 2007 20,640 ..SH. --- "C:\WINDOWS\system32\iagntqjb.dllbox"
Sat 27 Jan 2007 534,354 ..SH. --- "C:\WINDOWS\system32\iijlm.tmp"
Tue 23 Jan 2007 439,346 ..SH. --- "C:\WINDOWS\system32\iijlm.bak1"
Thu 8 Nov 2007 112,764 ..SH. --- "C:\WINDOWS\system32\onqru.tmp"
Wed 14 Nov 2007 128,381 ..SH. --- "C:\WINDOWS\system32\onqru.bak1"
Mon 19 Nov 2007 115,937 ..SH. --- "C:\WINDOWS\system32\onqru.bak2"
Wed 14 Nov 2007 20,640 ..SH. --- "C:\WINDOWS\system32\rwfnihyn.dllbox"
Wed 14 Nov 2007 20,640 ..SH. --- "C:\WINDOWS\system32\sasuhmli.dllbox"
Wed 14 Nov 2007 20,640 ..SH. --- "C:\WINDOWS\system32\uxoncaup.dllbox"
Mon 22 Jan 2007 466,599 A.SH. --- "C:\WINDOWS\system32\xxxyb.tmp"
Sun 21 Jan 2007 444,160 A.SH. --- "C:\WINDOWS\system32\xxxyb.bak1"
Wed 14 Nov 2007 669,302 ..SH. --- "C:\WINDOWS\system32\yftcgdid.tmp"
Wed 14 Nov 2007 20,640 ..SH. --- "C:\WINDOWS\system32\zvngooef.dllbox"
Fri 16 Nov 2007 5,498,880 ...H. --- "C:\Anton\Canvas\Stockphotos\~WRL3018.tmp"
Mon 19 Mar 2007 118,784 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0061.tmp"
Wed 11 Apr 2007 144,384 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0062.tmp"
Tue 6 Mar 2007 91,648 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0110.tmp"
Tue 20 Mar 2007 119,808 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0181.tmp"
Tue 6 Mar 2007 92,160 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0254.tmp"
Mon 7 May 2007 173,056 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0273.tmp"
Wed 2 May 2007 166,912 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0275.tmp"
Tue 6 Mar 2007 89,600 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0282.tmp"
Wed 2 May 2007 165,376 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0305.tmp"
Mon 26 Mar 2007 124,928 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0314.tmp"
Thu 26 Apr 2007 163,328 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0316.tmp"
Tue 6 Mar 2007 91,648 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0543.tmp"
Wed 14 Mar 2007 117,760 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0569.tmp"
Tue 6 Mar 2007 97,280 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0574.tmp"
Tue 6 Mar 2007 90,624 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0621.tmp"
Thu 28 Jun 2007 285,184 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0692.tmp"
Mon 26 Mar 2007 119,808 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0720.tmp"
Thu 3 May 2007 166,912 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0763.tmp"
Tue 6 Mar 2007 92,160 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0780.tmp"
Tue 6 Mar 2007 89,088 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0789.tmp"
Tue 6 Mar 2007 100,864 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0791.tmp"
Tue 6 Mar 2007 95,232 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0806.tmp"
Tue 6 Mar 2007 99,840 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0854.tmp"
Tue 6 Mar 2007 92,160 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0868.tmp"
Thu 7 Jun 2007 237,056 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0901.tmp"
Tue 6 Mar 2007 95,232 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0916.tmp"
Mon 7 May 2007 173,056 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0947.tmp"
Mon 26 Mar 2007 122,368 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL0992.tmp"
Tue 6 Mar 2007 102,912 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1048.tmp"
Tue 6 Mar 2007 95,744 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1055.tmp"
Wed 14 Mar 2007 116,224 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1056.tmp"
Mon 19 Mar 2007 118,272 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1058.tmp"
Thu 8 Mar 2007 111,616 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1270.tmp"
Thu 28 Jun 2007 285,184 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1299.tmp"
Mon 7 May 2007 173,056 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1309.tmp"
Thu 26 Apr 2007 163,840 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1446.tmp"
Mon 26 Mar 2007 121,856 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1483.tmp"
Mon 7 May 2007 168,960 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1540.tmp"
Tue 6 Mar 2007 103,936 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1544.tmp"
Tue 6 Mar 2007 100,864 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1579.tmp"
Mon 7 May 2007 169,984 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1584.tmp"
Tue 6 Mar 2007 99,840 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1738.tmp"
Mon 7 May 2007 176,128 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1805.tmp"
Mon 7 May 2007 174,592 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1818.tmp"
Tue 6 Mar 2007 96,768 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1820.tmp"
Tue 6 Mar 2007 87,040 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1843.tmp"
Tue 5 Jun 2007 260,096 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1881.tmp"
Mon 26 Mar 2007 124,928 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1969.tmp"
Mon 19 Mar 2007 118,272 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL1988.tmp"
Tue 6 Mar 2007 102,912 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2002.tmp"
Mon 7 May 2007 174,080 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2006.tmp"
Mon 26 Mar 2007 121,856 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2084.tmp"
Mon 26 Mar 2007 123,904 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2101.tmp"
Mon 7 May 2007 173,056 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2120.tmp"
Mon 7 May 2007 171,520 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2166.tmp"
Tue 6 Mar 2007 102,912 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2201.tmp"
Mon 7 May 2007 174,592 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2254.tmp"
Mon 7 May 2007 174,592 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2289.tmp"
Tue 6 Mar 2007 92,160 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2312.tmp"
Tue 26 Jun 2007 284,160 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2321.tmp"
Mon 7 May 2007 170,496 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2346.tmp"
Mon 2 Apr 2007 142,848 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2369.tmp"
Tue 6 Mar 2007 96,768 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2408.tmp"
Mon 26 Mar 2007 126,464 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2546.tmp"
Tue 6 Mar 2007 102,912 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2554.tmp"
Tue 6 Mar 2007 91,136 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2607.tmp"
Tue 6 Mar 2007 104,448 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2616.tmp"
Mon 26 Mar 2007 121,856 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2668.tmp"
Mon 7 May 2007 172,544 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2675.tmp"
Tue 6 Mar 2007 92,672 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2760.tmp"
Mon 7 May 2007 169,472 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2813.tmp"
Tue 6 Mar 2007 100,864 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2847.tmp"
Tue 6 Mar 2007 90,624 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL2990.tmp"
Tue 6 Mar 2007 89,088 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3052.tmp"
Thu 28 Jun 2007 285,184 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3064.tmp"
Mon 7 May 2007 169,472 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3067.tmp"
Mon 26 Mar 2007 128,512 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3109.tmp"
Tue 6 Mar 2007 103,936 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3134.tmp"
Mon 7 May 2007 171,520 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3148.tmp"
Tue 6 Mar 2007 94,720 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3150.tmp"
Mon 7 May 2007 171,520 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3155.tmp"
Tue 6 Mar 2007 103,936 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3181.tmp"
Mon 7 May 2007 175,104 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3232.tmp"
Mon 7 May 2007 176,128 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3252.tmp"
Mon 7 May 2007 175,104 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3265.tmp"
Thu 26 Apr 2007 163,840 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3299.tmp"
Mon 7 May 2007 173,056 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3318.tmp"
Mon 5 Mar 2007 86,016 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3385.tmp"
Tue 6 Mar 2007 94,720 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3452.tmp"
Mon 7 May 2007 173,568 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3479.tmp"
Mon 7 May 2007 169,472 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3480.tmp"
Wed 14 Mar 2007 117,760 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3520.tmp"
Mon 19 Mar 2007 118,272 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3534.tmp"
Mon 7 May 2007 173,568 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3559.tmp"
Tue 24 Apr 2007 162,816 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3570.tmp"
Mon 7 May 2007 174,592 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3584.tmp"
Tue 6 Mar 2007 99,840 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3603.tmp"
Mon 26 Mar 2007 121,856 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3647.tmp"
Tue 6 Mar 2007 97,792 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3667.tmp"
Mon 7 May 2007 176,128 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3716.tmp"
Tue 6 Mar 2007 91,648 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3728.tmp"
Wed 11 Apr 2007 144,384 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3741.tmp"
Wed 2 May 2007 166,912 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3742.tmp"
Tue 6 Mar 2007 99,840 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3781.tmp"
Mon 26 Mar 2007 123,904 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3825.tmp"
Mon 7 May 2007 171,520 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3915.tmp"
Mon 7 May 2007 175,104 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3919.tmp"
Wed 2 May 2007 166,400 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL3944.tmp"
Tue 6 Mar 2007 88,576 ...H. --- "C:\Anton\Unison Productions\gallo\~WRL4026.tmp"
Wed 11 Apr 2007 31,744 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL0234.tmp"
Wed 11 Apr 2007 29,696 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL0475.tmp"
Wed 11 Apr 2007 30,208 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL0647.tmp"
Wed 11 Apr 2007 31,744 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL1083.tmp"
Wed 11 Apr 2007 31,232 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL1145.tmp"
Wed 11 Apr 2007 29,696 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL1267.tmp"
Wed 11 Apr 2007 29,696 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL1314.tmp"
Wed 11 Apr 2007 30,720 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL1633.tmp"
Wed 11 Apr 2007 31,232 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL1749.tmp"
Wed 11 Apr 2007 29,696 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL2216.tmp"
Wed 11 Apr 2007 33,792 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL2352.tmp"
Wed 11 Apr 2007 30,720 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL2394.tmp"
Wed 11 Apr 2007 31,744 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL2794.tmp"
Wed 11 Apr 2007 32,256 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL2974.tmp"
Wed 11 Apr 2007 31,744 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL2979.tmp"
Wed 11 Apr 2007 29,696 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL3035.tmp"
Tue 10 Apr 2007 26,112 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL3171.tmp"
Wed 11 Apr 2007 33,792 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL3273.tmp"
Wed 11 Apr 2007 31,744 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL3789.tmp"
Wed 11 Apr 2007 31,744 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL3818.tmp"
Wed 11 Apr 2007 33,792 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL3880.tmp"
Wed 11 Apr 2007 30,720 ...H. --- "C:\Anton\Unison Productions\Studio Work\~WRL3900.tmp"
Sat 27 Jan 2007 30,720 ...H. --- "C:\Documents and Settings\Anton\Desktop\~WRL0001.tmp"
Mon 5 Dec 2005 106,496 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Adder\jpegtcl10.dll"
Tue 19 Jul 2005 28,672 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Adder\tbcload14.dll"
Thu 20 Oct 2005 154,624 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Adder\tile072t.dll"
Mon 5 Dec 2005 24,576 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Adder\tkimg13.dll"
Mon 5 Dec 2005 24,576 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Adder\tkimgjpeg13.dll"
Mon 5 Dec 2005 106,496 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Commenter\jpegtcl10.dll"
Tue 19 Jul 2005 28,672 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Commenter\tbcload14.dll"
Thu 20 Oct 2005 154,624 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Commenter\tile072t.dll"
Mon 5 Dec 2005 24,576 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Commenter\tkimg13.dll"
Mon 5 Dec 2005 24,576 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Commenter\tkimgjpeg13.dll"
Mon 5 Dec 2005 106,496 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Messenger\jpegtcl10.dll"
Tue 19 Jul 2005 28,672 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Messenger\tbcload14.dll"
Thu 20 Oct 2005 154,624 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Messenger\tile072t.dll"
Mon 5 Dec 2005 24,576 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Messenger\tkimg13.dll"
Mon 5 Dec 2005 24,576 A..H. --- "C:\Program Files\FriendAdder Combo Pack\Friend Messenger\tkimgjpeg13.dll"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico38.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico39.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico3A.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico3B.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico3C.tmp"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Mon 5 Mar 2007 52,224 ...H. --- "C:\Anton\Unison Productions\press release\english\5fm\~WRL2009.tmp"
Thu 6 Sep 2007 82,432 ...H. --- "C:\Documents and Settings\Anton\Application Data\Microsoft\Word\~WRL2363.tmp"
Tue 30 Oct 2007 2,668 A..H. --- "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\KPT Collection\MetaImage.dll"

Finished!



---------------------------------------------------------------------------------------------------------------------------------------------------------------------




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:20:39, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qfchkbwy.dll (file missing)
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\ucceqhuv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D78A853-2EA2-45A1-B621-C98FF625398F}: NameServer = 196.207.35.29 196.207.35.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\chkfxbli.exe (file missing)
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 6672 bytes

#4 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 20 November 2007 - 06:01 AM

I need you to rename Hijackthis because I suspect that you may have the Vundo infection that can hide some entries in your log.
  • Please go to the folder where you saved Hijackthis.exe:
  • Right-click on it, then select Rename.
  • Name it something like: FindVundo.exe (or whatever you want) - Just make sure to keep the .exe part.
  • Then double-click the renamed HJT to scan and then post the new logfile.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#5 anton123

anton123

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 20 November 2007 - 06:10 AM

Thanks man, there you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:12, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Anton\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Anton\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\FindVundo.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04A50AA9-E066-4168-B8F9-670D744492C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0f68a09b-ce1a-4581-939c-69384dd8e0fb} - (no file)
O2 - BHO: (no name) - {20c39dc0-cfe4-4e48-b3f6-6dae93b09383} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {25A12E63-12C4-4526-8BB5-D9E72167CF92} - (no file)
O2 - BHO: {49e1f78d-5c64-016a-8664-bcab92d4f7a4} - {4a7f4d29-bacb-4668-a610-46c5d87f1e94} - C:\WINDOWS\system32\pdpbpdeb.dll
O2 - BHO: (no name) - {5027D158-47A4-46B3-A07C-A9FB0D7D0799} - C:\WINDOWS\system32\urqno.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {599cb252-b932-491c-b1be-207786fb76a4} - (no file)
O2 - BHO: (no name) - {6020c6ca-08d1-4876-9cf3-a0aa8e916910} - (no file)
O2 - BHO: (no name) - {624694C5-D9E3-4534-AA84-E80368A9A308} - C:\Program Files\Adobe\mexokaroC:\WINDOWS\system32\v4\caws83122.exe.dll (file missing)
O2 - BHO: (no name) - {6B53F42F-BA41-419E-A427-B567DC09C967} - (no file)
O2 - BHO: (no name) - {6E0F8E72-16A9-4430-BA7B-B028570D516F} - (no file)
O2 - BHO: (no name) - {8D911365-4A3C-452E-B3F0-CC2D750FDFC7} - (no file)
O2 - BHO: (no name) - {9B22B9D1-7F1F-42F9-81E5-1606DE23708D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qfchkbwy.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b47dbfba-e866-4b1e-a167-af88b635a5b3} - (no file)
O2 - BHO: (no name) - {c5834da1-2720-4ccc-93a7-5c30d25ceb29} - (no file)
O2 - BHO: (no name) - {c58a6214-9035-4965-bf16-d4fbb076a104} - (no file)
O2 - BHO: (no name) - {C932B390-4685-49D7-8458-F8E6166DA9C1} - (no file)
O2 - BHO: (no name) - {D951DD00-0AE7-4593-AD43-D91457AD1C69} - (no file)
O2 - BHO: (no name) - {E08400A7-CF77-40C1-8246-05A721367985} - (no file)
O2 - BHO: (no name) - {e5115a54-83a6-4246-9c06-37336abb1609} - (no file)
O2 - BHO: (no name) - {F5434312-49C4-41B7-A59D-16C1B94958BA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qfchkbwy.dll (file missing)
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\kuwsbvbn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D78A853-2EA2-45A1-B621-C98FF625398F}: NameServer = 196.207.35.29 196.207.35.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxxx - C:\WINDOWS\system32\byxxx.dll (file missing)
O20 - Winlogon Notify: mljii - C:\WINDOWS\system32\mljii.dll (file missing)
O20 - Winlogon Notify: nnnklmk - nnnklmk.dll (file missing)
O20 - Winlogon Notify: qfchkbwy - C:\WINDOWS\
O20 - Winlogon Notify: tuvspnl - C:\WINDOWS\
O20 - Winlogon Notify: uxoncaup - uxoncaup.dll (file missing)
O20 - Winlogon Notify: winkgg32 - winkgg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\chkfxbli.exe (file missing)
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 10371 bytes

#6 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 20 November 2007 - 06:34 AM

OK, yikes, there it is. I know you tried Vundofix before and it didn't completely remove it. But I would like you to run it again. There will likely need to be some steps to take after running it to keep this from coming back. Unfortunately, one of the best tools we have for dealing with this is not available at the moment. Remove your current version of Vundofix and download a new one. I will also need you to run a Deckards scan after.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click Yes
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from Click the Scan for Vundo button when VundoFix appears at reboot.

----------------------------------------------------------------------

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#7 anton123

anton123

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 20 November 2007 - 07:55 AM

Hey there,

See below: The other suspect dll's in my IE add-onns are now gone, but there is a new one (without publisher details) : pdpbpdeb.dll

Thanks once again!


Main.txt:

Deckard's System Scanner v20071014.68
Run by Anton on 2007-11-20 15:29:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.61 GiB (less than 15%) free.


-- HijackThis (run as Anton.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:47, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Documents and Settings\Anton\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anton.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04A50AA9-E066-4168-B8F9-670D744492C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0f68a09b-ce1a-4581-939c-69384dd8e0fb} - (no file)
O2 - BHO: (no name) - {20c39dc0-cfe4-4e48-b3f6-6dae93b09383} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {25A12E63-12C4-4526-8BB5-D9E72167CF92} - (no file)
O2 - BHO: {49e1f78d-5c64-016a-8664-bcab92d4f7a4} - {4a7f4d29-bacb-4668-a610-46c5d87f1e94} - C:\WINDOWS\system32\pdpbpdeb.dll
O2 - BHO: (no name) - {5027D158-47A4-46B3-A07C-A9FB0D7D0799} - C:\WINDOWS\system32\urqno.dll (file missing)
O2 - BHO: (no name) - {51deea14-4a45-4ab8-bc22-de0889aeecfd} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {599cb252-b932-491c-b1be-207786fb76a4} - (no file)
O2 - BHO: (no name) - {6020c6ca-08d1-4876-9cf3-a0aa8e916910} - (no file)
O2 - BHO: (no name) - {624694C5-D9E3-4534-AA84-E80368A9A308} - C:\Program Files\Adobe\mexokaroC:\WINDOWS\system32\v4\caws83122.exe.dll (file missing)
O2 - BHO: (no name) - {6B53F42F-BA41-419E-A427-B567DC09C967} - (no file)
O2 - BHO: (no name) - {6E0F8E72-16A9-4430-BA7B-B028570D516F} - (no file)
O2 - BHO: (no name) - {8D911365-4A3C-452E-B3F0-CC2D750FDFC7} - (no file)
O2 - BHO: (no name) - {9B22B9D1-7F1F-42F9-81E5-1606DE23708D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b47dbfba-e866-4b1e-a167-af88b635a5b3} - (no file)
O2 - BHO: (no name) - {c5834da1-2720-4ccc-93a7-5c30d25ceb29} - (no file)
O2 - BHO: (no name) - {c58a6214-9035-4965-bf16-d4fbb076a104} - (no file)
O2 - BHO: (no name) - {C932B390-4685-49D7-8458-F8E6166DA9C1} - (no file)
O2 - BHO: (no name) - {D951DD00-0AE7-4593-AD43-D91457AD1C69} - (no file)
O2 - BHO: (no name) - {E08400A7-CF77-40C1-8246-05A721367985} - (no file)
O2 - BHO: (no name) - {e5115a54-83a6-4246-9c06-37336abb1609} - (no file)
O2 - BHO: (no name) - {F5434312-49C4-41B7-A59D-16C1B94958BA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\cilttncb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxxx - C:\WINDOWS\system32\byxxx.dll (file missing)
O20 - Winlogon Notify: mljii - C:\WINDOWS\system32\mljii.dll (file missing)
O20 - Winlogon Notify: nnnklmk - nnnklmk.dll (file missing)
O20 - Winlogon Notify: qfchkbwy - C:\WINDOWS\
O20 - Winlogon Notify: tuvspnl - C:\WINDOWS\
O20 - Winlogon Notify: uxoncaup - C:\WINDOWS\
O20 - Winlogon Notify: winkgg32 - winkgg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\chkfxbli.exe (file missing)
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 9608 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S2 EmgicUsb (emagic USB kernel driver) - c:\windows\system32\drivers\emgicusb.sys <Not Verified; emagic Soft- und Hardware GmbH, Germany; >
S2 EMGM4U2K (emagic MT4 configuration node) - c:\windows\system32\drivers\emgm4u2k.sys <Not Verified; emagic Soft- und Hardware GmbH, Germany; >
S3 catchme - c:\docume~1\anton\locals~1\temp\catchme.sys (file missing)
S3 TSClient (Tatara Protocol Driver) - c:\windows\system32\drivers\tsclient.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 DomainService - c:\windows\system32\chkfxbli.exe /service (file missing)
S2 PREVXAgent - "c:\program files\prevx2\pxagent.exe" -f (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: O2Micro SmartCardBus_Reader
Device ID: PCMCIA\O2MICRO-SMARTCARDBUS_READER-2E10\1
Manufacturer:
Name: O2Micro SmartCardBus_Reader
PNP Device ID: PCMCIA\O2MICRO-SMARTCARDBUS_READER-2E10\1
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&39A85202&0&18F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&39A85202&0&18F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_542214F1&REV_01\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_542214F1&REV_01\3&61AAA01&0&FE
Service:


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 10:04:16 84544 --a------ C:\WINDOWS\system32\pdpbpdeb.dll
2007-11-20 09:07:14 88640 --a------ C:\WINDOWS\system32\kuwsbvbn.dll
2007-11-20 09:01:14 84544 --a------ C:\WINDOWS\system32\amgstxww.dll
2007-11-20 08:16:22 84544 --a------ C:\WINDOWS\system32\vnmeuouj.dll
2007-11-20 07:45:51 0 d-------- C:\WINDOWS\ERUNT
2007-11-20 07:27:57 0 d-------- C:\Program Files\Trend Micro
2007-11-20 07:23:04 84544 --a------ C:\WINDOWS\system32\rqldxyih.dll
2007-11-19 23:21:46 83008 --a------ C:\WINDOWS\system32\clexyrqh.dll
2007-11-19 16:30:06 0 d-------- C:\Program Files\JAlbumWin
2007-11-19 16:18:49 83008 --a------ C:\WINDOWS\system32\awendgnl.dll
2007-11-19 12:40:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 12:13:15 0 d-------- C:\Documents and Settings\Anton\Application Data\uTorrent
2007-11-19 12:13:13 0 d-------- C:\Program Files\uTorrent
2007-11-19 12:12:07 0 d-------- C:\Anton
2007-11-19 11:49:55 0 d--hs---- C:\Documents and Settings\Anton\UserData
2007-11-19 09:48:02 83008 --a------ C:\WINDOWS\system32\mkenxuic.dll
2007-11-19 08:39:00 89152 --a------ C:\WINDOWS\system32\hfscmmpp.dll
2007-11-19 08:36:04 83008 --a------ C:\WINDOWS\system32\plsttrlq.dll
2007-11-19 03:12:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-19 03:09:59 0 d-------- C:\Documents and Settings\Anton\Application Data\Macromedia
2007-11-19 03:09:53 0 d-------- C:\Program Files\Yahoo!
2007-11-19 02:52:57 0 d-------- C:\Documents and Settings\Anton\Application Data\Vodafone Mobile Connect
2007-11-19 02:51:20 237568 --a----c- C:\WINDOWS\VMC9SavedNwtGatewayDLL.dll <Not Verified; ; NwtGatewayDLL Dynamic Link Library>
2007-11-19 02:51:20 196608 --a----c- C:\WINDOWS\VMC9Savedloader.dll <Not Verified; Novatel Wireless Inc.; Novatel Wireless Inc. Loader>
2007-11-19 02:51:18 4480 --a------ C:\WINDOWS\system32\drivers\g3grpm.sys <Not Verified; Option N.V.; >
2007-11-19 02:51:15 0 d-------- C:\Documents and Settings\Anton\Application Data\ICS
2007-11-19 02:49:47 0 d-------- C:\Program Files\Vodafone
2007-11-19 02:49:05 8464 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-11-19 02:45:23 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-19 02:44:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-19 02:44:38 0 d-------- C:\Program Files\Intel
2007-11-19 02:43:36 0 d-------- C:\Program Files\ATI Technologies
2007-11-19 02:42:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-19 02:42:33 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-19 02:42:30 0 d-------- C:\dell
2007-11-19 02:38:11 0 d--hs---- C:\WINDOWS\Installer
2007-11-19 02:38:07 0 d-------- C:\Documents and Settings\Anton\Application Data\Identities
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\Templates
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\Start Menu
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\SendTo
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\Recent
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\PrintHood
2007-11-19 02:37:57 8388608 --ah----- C:\Documents and Settings\Anton\NTUSER.DAT
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\NetHood
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\My Documents
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\Local Settings
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\Favorites
2007-11-19 02:37:57 0 d-------- C:\Documents and Settings\Anton\Desktop
2007-11-19 02:37:57 0 d--hs---- C:\Documents and Settings\Anton\Cookies
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\Application Data
2007-11-19 02:37:14 0 d--hs---- C:\System Volume Information
2007-11-19 02:37:13 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-19 02:37:13 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-11-19 02:37:13 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-11-19 02:37:13 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-19 02:37:13 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-19 02:37:12 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-19 02:37:12 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-11-19 02:37:12 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-11-19 02:37:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-19 02:37:12 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-19 02:34:01 0 d-------- C:\WINDOWS\system32\xircom
2007-11-19 02:34:00 0 d-------- C:\Program Files\microsoft frontpage
2007-11-19 02:33:57 229376 ---h---c- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-19 02:33:02 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-19 02:32:55 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-19 02:32:55 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-19 02:32:28 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-19 02:31:51 0 d---s---- C:\WINDOWS\Tasks
2007-11-19 02:31:49 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-19 02:31:45 0 d-------- C:\WINDOWS\srchasst
2007-11-19 02:31:44 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-19 02:31:43 0 d-------- C:\Program Files\Movie Maker
2007-11-19 02:31:39 0 d-------- C:\WINDOWS\system32\Restore
2007-11-19 02:31:39 0 d-------- C:\WINDOWS\PCHealth
2007-11-19 02:31:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-19 02:31:06 0 d-------- C:\WINDOWS\Registration
2007-11-19 02:30:40 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-19 02:30:39 0 d-------- C:\Program Files\Online Services
2007-11-19 02:30:34 0 d-------- C:\Program Files\Messenger
2007-11-19 02:30:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-19 02:29:58 0 d-------- C:\Program Files\Windows NT
2007-11-19 02:29:55 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-19 02:29:55 0 d-------- C:\WINDOWS\system32\Com
2007-11-18 18:15:47 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-18 18:15:44 0 dr------- C:\Program Files
2007-11-18 18:15:44 0 d-------- C:\Program Files\Common Files
2007-11-18 18:15:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-11-18 18:15:21 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-11-18 18:15:21 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-11-18 18:15:21 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\All Users\Documents
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-11-18 18:15:09 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-18 18:15:09 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-18 18:15:03 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-18 18:15:03 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-18 18:15:03 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-18 18:15:03 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-18 18:14:44 0 d-------- C:\Documents and Settings
2007-11-18 18:10:47 0 d-------- C:\WINDOWS
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\WinSxS
2007-11-18 18:10:47 0 dr------- C:\WINDOWS\Web
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\twain_32
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\wins
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\wbem
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\usmt
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\spool
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\Setup
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ras
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\oobe
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\npp
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\mui
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\IME
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ias
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\export
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-18 18:10:47 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\config
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\3076
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\2052
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1054
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1042
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1041
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1037
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1033
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1031
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1028
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1025
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\security
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Resources
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\repair
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\mui
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\msapps
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\msagent
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Media
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\java
2007-11-18 18:10:47 0 d--h----- C:\WINDOWS\inf
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\ime
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Help
2007-11-18 18:10:47 0 dr--s---- C:\WINDOWS\Fonts
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Driver Cache
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Debug
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Cursors
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Config
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\AppPatch
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\addins
2007-11-18 10:59:57 79424 --a------ C:\WINDOWS\system32\jduuxsei.dll
2007-11-17 15:16:50 0 d-------- C:\Documents and Settings\Anton\Application Data\Mask Pro 4.0
2007-11-17 13:44:58 0 d-------- C:\Program Files\PSD2FLA
2007-11-17 13:41:30 0 d-------- C:\Documents and Settings\Anton\SiteGrinderData
2007-11-17 13:04:17 82496 --a------ C:\WINDOWS\system32\vcrtseos.dll
2007-11-17 13:04:10 88128 --a------ C:\WINDOWS\system32\ojwgnnda.dll
2007-11-17 12:59:24 82496 --a------ C:\WINDOWS\system32\mvfxnvoi.dll
2007-11-17 12:41:17 82496 --a------ C:\WINDOWS\system32\gipgwmqh.dll
2007-11-17 11:51:35 24047608 --a------ C:\Program Files\Install SiteGrinder 2 and PSD2FLA.exe <INSTAL~1.EXE>
2007-11-17 10:56:54 82496 --a------ C:\WINDOWS\system32\ydwwrygv.dll
2007-11-16 18:40:32 81984 --a------ C:\WINDOWS\system32\cbfreggo.dll
2007-11-16 11:45:57 81984 --a------ C:\WINDOWS\system32\mwejeovx.dll
2007-11-16 10:48:56 81984 --a------ C:\WINDOWS\system32\povfvrmc.dll
2007-11-16 08:53:10 81984 --a------ C:\WINDOWS\system32\hhwgnqoh.dll
2007-11-15 11:35:31 79936 --a------ C:\WINDOWS\system32\ndtshlxd.dll
2007-11-15 10:43:55 79936 --a------ C:\WINDOWS\system32\xbpsfoua.dll
2007-11-15 10:37:58 86080 --a------ C:\WINDOWS\system32\hhjpnrdq.dll
2007-11-15 08:15:37 86080 --a------ C:\WINDOWS\system32\snbvvepg.dll
2007-11-14 22:28:47 79424 --a------ C:\WINDOWS\system32\rbqvhejf.dll
2007-11-14 22:12:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 21:31:07 79424 --a------ C:\WINDOWS\system32\owvojwwm.dll
2007-11-14 17:04:47 79424 --a------ C:\WINDOWS\system32\ieemvpfy.dll
2007-11-14 16:57:59 0 d-------- C:\Documents and Settings\Anton\Application Data\Prevx
2007-11-14 16:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-14 15:20:54 0 d-------- C:\VundoFix Backups
2007-11-14 07:38:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 07:37:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-14 07:37:01 0 d-------- C:\Documents and Settings\Anton\Application Data\SUPERAntiSpyware.com
2007-11-13 21:54:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 21:46:19 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-13 14:17:03 88128 --a------ C:\WINDOWS\system32\ulmsevee.dll
2007-11-08 18:58:07 0 d-------- C:\Documents and Settings\Anton\Application Data\Grisoft
2007-11-08 18:56:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 18:05:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vodafone
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-08 18:03:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-08 18:03:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-08 18:03:00 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-08 18:03:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-08 18:03:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-08 18:02:59 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-08 17:08:50 2078 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-08 10:24:36 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-08 10:24:36 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-08 10:16:24 0 d-------- C:\Program Files\Kaspersky Lab
2007-11-08 10:14:46 79648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-08 10:14:46 10470688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-08 09:59:54 0 d-------- C:\kav
2007-11-07 15:13:47 0 d-------- C:\WINDOWS\system32\Mz02r
2007-11-07 15:13:45 0 d-------- C:\Temp
2007-11-07 15:07:35 0 d-------- C:\Documents and Settings\Anton\Application Data\Thinstall
2007-11-05 17:54:02 923136 --a------ C:\WINDOWS\Gear32sd.dll <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-11-04 12:24:39 0 d-------- C:\Program Files\Cartoon Maker
2007-11-02 13:30:14 0 d-------- C:\Program Files\TwistingPixels
2007-11-02 12:20:12 0 d-------- C:\Program Files\Microsoft Silverlight
2007-11-01 14:16:00 0 d-------- C:\Documents and Settings\Anton\Application Data\GibbHill Properties Ltd
2007-11-01 12:33:39 0 d-------- C:\Program Files\RapidFinder 2.0
2007-10-30 22:51:57 0 d-------- C:\Documents and Settings\Anton\Application Data\Filter Forge
2007-10-30 22:50:57 11 --a------ C:\WINDOWS\system32\tscrip22.dll
2007-10-30 22:40:41 39 --a------ C:\WINDOWS\buZZP3lic.dll
2007-10-30 22:25:11 0 d-------- C:\New Folder
2007-10-30 18:30:47 0 d-------- C:\WINDOWS\ulead.dat
2007-10-30 18:09:38 0 d-------- C:\Documents and Settings\Anton\Application Data\PictoColor
2007-10-30 17:58:02 0 d-------- C:\Documents and Settings\Anton\Application Data\Tiffen
2007-10-30 17:55:52 286720 --a------ C:\WINDOWS\iun502.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2007-10-30 17:40:16 1030144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows®>
2007-10-30 17:40:06 0 d-------- C:\Program Files\Filter Forge
2007-10-30 17:38:00 0 d-------- C:\Documents and Settings\Anton\Application Data\Extensis
2007-10-30 17:21:56 0 d-------- C:\Program Files\Extensis
2007-10-30 16:49:17 0 d-------- C:\WINDOWS\system32\embedded
2007-10-30 16:49:17 0 d-------- C:\Program Files\Quasar
2007-10-30 16:46:45 0 d-------- C:\Program Files\Anti Red Eye
2007-10-30 16:42:34 0 d-------- C:\Program Files\Vertus Fluid Mask 3
2007-10-30 16:33:02 0 d-------- C:\Program Files\Ulead FantasyWarp.Plugin
2007-10-30 16:32:19 0 d-------- C:\Program Files\Ulead ArtTexture.Plugin
2007-10-30 16:31:33 4528 -----n--- C:\WINDOWS\SETBROWS.EXE
2007-10-30 16:31:33 35328 -----n--- C:\WINDOWS\INETWH32.DLL
2007-10-30 16:31:33 9136 -----n--- C:\WINDOWS\INETWH16.DLL
2007-10-30 16:31:33 26832 -----n--- C:\WINDOWS\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-10-30 16:31:32 0 d-------- C:\WINDOWS\Noslip
2007-10-30 16:31:32 0 d-------- C:\Program Files\Ulead Particle.Plugin
2007-10-30 16:06:38 0 d-------- C:\Program Files\LightMachine
2007-10-30 15:56:54 847872 --a------ C:\WINDOWS\system32\_ISource22.dll <Not Verified; Smaller Animals Software, Inc.; _ISource22.DLL>
2007-10-30 15:56:48 0 d-------- C:\Program Files\HyperTyle
2007-10-30 15:53:12 0 d-------- C:\Program Files\ColorWasher2
2007-10-30 15:51:19 0 d-------- C:\Program Files\Shortcut
2007-10-30 15:38:36 0 d-------- C:\Documents and Settings\Anton\Application Data\Digital Film Tools
2007-10-30 15:37:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2007-10-30 15:35:29 0 d-------- C:\Program Files\Satori FilmFX v3.20
2007-10-30 15:34:42 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-10-30 14:52:25 0 d-------- C:\Program Files\RAYflect
2007-10-30 14:52:25 0 d-------- C:\PhotoTracer
2007-10-30 14:50:17 0 d-------- C:\Program Files\ParallelGraphics
2007-10-30 14:50:13 0 d-------- C:\Program Files\Common Files\ParallelGraphics
2007-10-30 14:49:35 0 d-------- C:\Program Files\Room Arranger
2007-10-30 14:46:11 0 d-------- C:\Program Files\Imagenomic
2007-10-30 12:22:18 0 d-------- C:\Program Files\HumanSoftware
2007-10-30 11:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
2007-10-30 11:23:57 143500 --a------ C:\WINDOWS\Curves 2 Uninstaller.exe
2007-10-30 11:23:56 0 d-------- C:\Program Files\Curvemeister.com
2007-10-30 11:15:16 0 d-------- C:\WINDOWS\Corel
2007-10-29 10:10:01 326656 --a------ C:\WINDOWS\system\MSVCRT40.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2007-10-29 10:10:01 900608 --a------ C:\WINDOWS\system\GEAR32PD.DLL <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-10-29 10:09:16 20976 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2007-10-29 10:09:13 246784 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2007-10-29 10:07:36 0 d-------- C:\Program Files\Aurelon PhotoPro
2007-10-29 09:00:35 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2007-10-28 22:26:03 0 d-------- C:\Splat
2007-10-28 17:16:40 0 d-------- C:\Program Files\AKVIS
2007-10-28 17:06:35 0 d-------- C:\WINDOWS\Xaos Folder
2007-10-28 17:06:35 0 d-------- C:\Segmation
2007-10-28 17:04:28 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-10-28 17:04:27 0 d-------- C:\Documents and Settings\Anton\WINDOWS
2007-10-28 16:27:11 0 d-------- C:\Documents and Settings\Anton\Application Data\Mr Retro
2007-10-26 10:53:58 0 d-------- C:\Program Files\Kodak
2007-10-26 08:15:17 0 d-------- C:\Documents and Settings\Anton\Application Data\Corel
2007-10-26 08:13:21 0 d-------- C:\Program Files\Corel
2007-10-25 22:11:31 0 d-------- C:\Program Files\PowerISO
2007-10-25 18:12:21 0 d-------- C:\Documents and Settings\Anton\Application Data\onOne Software
2007-10-25 18:07:31 0 d-------- C:\Program Files\Common Files\onOne Software Shared
2007-10-25 18:07:29 0 d-------- C:\Program Files\onOne Software
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-24 20:06:37 0 d-------- C:\Program Files\Magic Gallery 5
2007-10-24 20:02:39 0 d-------- C:\Documents and Settings\Anton\Application Data\Web Gallery Builder
2007-10-24 20:02:27 0 d-------- C:\Program Files\Web Gallery Builder
2007-10-23 13:25:58 0 d-------- C:\Program Files\Common Files\LizardTech Shared
2007-10-23 13:25:54 227840 --a------ C:\WINDOWS\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2007-10-23 12:19:29 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-21 14:45:05 0 d-------- C:\Program Files\SigmaTel


-- Find3M Report ---------------------------------------------------------------

2007-11-19 23:19:56 0 d-------- C:\Documents and Settings\Anton\Application Data\CoreFTP
2007-11-19 12:33:25 0 d-------- C:\Program Files\eMule
2007-11-18 18:15:21 62 --ahs---- C:\Documents and Settings\Anton\Application Data\desktop.ini
2007-11-07 09:47:25 0 d-------- C:\Documents and Settings\Anton\Application Data\Skype
2007-11-05 17:54:06 40172 --a------ C:\Program Files\INSTALL.LOG
2007-10-30 16:43:01 1024 --a------ C:\WINDOWS\system32\t7vjvc6.dll
2007-10-30 16:43:01 204 --a------ C:\WINDOWS\system32\edmuvtf.dll
2007-10-30 16:43:00 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2007-10-30 16:43:00 1024 --a------ C:\WINDOWS\system32\grcauth2.dll
2007-10-30 16:43:00 1024 --a------ C:\WINDOWS\system32\grcauth1.dll
2007-10-30 15:55:18 0 d-------- C:\Program Files\FocalBlade
2007-10-29 08:52:17 0 d-------- C:\Documents and Settings\Anton\Application Data\Alien Skin
2007-10-29 08:35:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-21 14:39:13 0 d-------- C:\Program Files\NCH Swift Sound
2007-10-21 14:38:35 0 d-------- C:\Program Files\True Audio
2007-10-21 14:38:10 0 d-------- C:\Program Files\Monkey's Audio
2007-10-21 14:37:28 0 d-------- C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo
2007-10-21 14:37:06 0 d-------- C:\Program Files\MagicISO
2007-10-11 16:52:36 0 d-------- C:\Documents and Settings\Anton\Application Data\Adobe
2007-10-10 21:43:53 0 d-------- C:\Documents and Settings\Anton\Application Data\Eltima Software
2007-10-10 21:33:11 0 d-------- C:\Program Files\Save Flash
2007-10-09 21:17:48 0 d-------- C:\Program Files\Pop Art Studio 2.1
2007-10-07 01:56:05 0 d-------- C:\Program Files\Alien Skin
2007-10-02 09:25:05 0 d-------- C:\Documents and Settings\Anton\Application Data\Temporary
2007-09-25 16:49:33 0 d-------- C:\Program Files\emagic


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04A50AA9-E066-4168-B8F9-670D744492C8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f68a09b-ce1a-4581-939c-69384dd8e0fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20c39dc0-cfe4-4e48-b3f6-6dae93b09383}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25A12E63-12C4-4526-8BB5-D9E72167CF92}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a7f4d29-bacb-4668-a610-46c5d87f1e94}]
20/11/2007 10:04 84544 --a------ C:\WINDOWS\system32\pdpbpdeb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5027D158-47A4-46B3-A07C-A9FB0D7D0799}]
C:\WINDOWS\system32\urqno.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51deea14-4a45-4ab8-bc22-de0889aeecfd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{599cb252-b932-491c-b1be-207786fb76a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6020c6ca-08d1-4876-9cf3-a0aa8e916910}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{624694C5-D9E3-4534-AA84-E80368A9A308}]
C:\Program Files\Adobe\mexokaroC:\WINDOWS\system32\v4\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B53F42F-BA41-419E-A427-B567DC09C967}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E0F8E72-16A9-4430-BA7B-B028570D516F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D911365-4A3C-452E-B3F0-CC2D750FDFC7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B22B9D1-7F1F-42F9-81E5-1606DE23708D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b47dbfba-e866-4b1e-a167-af88b635a5b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5834da1-2720-4ccc-93a7-5c30d25ceb29}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c58a6214-9035-4965-bf16-d4fbb076a104}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C932B390-4685-49D7-8458-F8E6166DA9C1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D951DD00-0AE7-4593-AD43-D91457AD1C69}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E08400A7-CF77-40C1-8246-05A721367985}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5115a54-83a6-4246-9c06-37336abb1609}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5434312-49C4-41B7-A59D-16C1B94958BA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [12/05/2006 01:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 00:56 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 01:25]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [28/06/2007 12:51]
"70625938"="C:\WINDOWS\system32\cilttncb.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"MobileConnect.EXE"="C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [13/07/2007 15:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]
"WinAble"="C:\Program Files\WinAble\winable.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxx]
C:\WINDOWS\system32\byxxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljii]
C:\WINDOWS\system32\mljii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnklmk]
nnnklmk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qfchkbwy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvspnl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uxoncaup]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkgg32]
winkgg32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqno.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk
backup=C:\WINDOWS\pss\Register Mask Pro 3.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Anton^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Anton\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f658685-968b-11dc-bc74-9b6686c28826}]
Auto\command- RavMon.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e




-- End of Deckard's System Scanner: finished at 2007-11-20 15:33:31 ------------



Extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1400MHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 511.23 MiB / 159.61 MiB
Pagefile Memory (total/avail): 1249.53 MiB / 869 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.73 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 3.61 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541640J9AT00 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.
Windows Internal Firewall is enabled.

AV: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab)
AV: Prevx 2.0 v1.0.1.33 (Prevx Ltd.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\eMule\\LinkCreator.exe"="C:\\Program Files\\eMule\\LinkCreator.exe:*:Disabled:LinkCreator"
"C:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"="C:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe:*:Enabled:FreeHand 10"
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\CoreFTP\\coreftp.exe"="C:\\Program Files\\CoreFTP\\coreftp.exe:*:Enabled:Core FTP App"
"C:\\Program Files\\FreeFTP\\FreeFTP.exe"="C:\\Program Files\\FreeFTP\\FreeFTP.exe:*:Enabled:FreeFTP (Internet File Transfer Program)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\chkfxbli.exe"="C:\\WINDOWS\\system32\\chk"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Anton\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=UNISON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Anton
LOGONSERVER=\\UNISON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Anton\LOCALS~1\Temp
TMP=C:\DOCUME~1\Anton\LOCALS~1\Temp
USERDOMAIN=UNISON
USERNAME=Anton
USERPROFILE=C:\Documents and Settings\Anton
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Anton (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
55mm v6 for Adobe Photoshop & Compatible Applications --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs2\plug-ins\55mm_v6_uninstal.log
Access.Virus.Trance.Source.X.Soundset --> C:\PROGRA~1\ACCESS~1.SOU\UNWISE.EXE C:\PROGRA~1\ACCESS~1.SOU\INSTALL.LOG
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro 1.5 --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x0009
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Alien Skin Blow Up --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\INSTALL.LOG
Alien Skin Exposure --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Exposure\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\Exposure\INSTALL.LOG
Alien Skin Eye Candy 5 Textures --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Image Doctor 1.0 --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\IMAGED~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\IMAGED~1\INSTALL.LOG
Anti Red Eye 1.0 --> C:\Program Files\Anti Red Eye\uninst.exe
ArtStudioPro --> "C:\Program Files\TwistingPixels\ArtStudioPro\unins000.exe"
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atmosphere --> "C:\Program Files\Spectrasonics\Atmosphere\unins000.exe"
Aurelon PhotoPro PhotoTools --> MsiExec.exe /X{43C5B1AC-B3F7-4362-AE32-AB12A0A55BCB}
AutoCorrect 1.53 --> C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\UnInstall_41581.exe
AutoMask 4_68 --> C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\UnInstall_19293.exe
AutoSmooth 1_00 --> C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\UnInstall_21821.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
buZZ.Pro 3.0 --> MsiExec.exe /I{50458446-8DF1-46C4-9FE1-7401FB8C87F9}
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Cartoon Maker 4.71 --> "C:\Program Files\Cartoon Maker\unins000.exe"
Celemony Melodyne v3.0.1.5 Studio Edition --> C:\PROGRA~1\Celemony\MELODY~1.0\UNWISE.EXE C:\PROGRA~1\Celemony\MELODY~1.0\INSTALL.LOG
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
ColorWasher 2.02 --> C:\Program Files\ColorWasher2\SXUNINST.EXE
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Cortona® VRML Client --> "C:\Program Files\ParallelGraphics\Cortona VRML Client\UNWISE32.EXE" "C:\Program Files\ParallelGraphics\Cortona VRML Client\Install.log"
Curves 2 --> C:\WINDOWS\Curves 2 Uninstaller.exe
CuteFTP 8 Home --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
Digital Anarchy Texture Anarchy V1.0 for Photoshop --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop CS2\Plug-Ins\uninstal.log
Digital Element Aurora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC4ECCC8-11CE-4542-A3DB-78947BC11D1D}\Setup.exe"
DIGITAL FILM LAB 2.0 for Adobe Photoshop & Compatible Applications --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs2\plug-ins\dfl_uninstal.log
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Emagic Logic Audio Platinum 5.5 --> C:\PROGRA~1\emagic\LOGIC5~1\UNWISE.EXE C:\PROGRA~1\emagic\LOGIC5~1\INSTALL.LOG
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Extensis Intellihance Pro 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C7FDDF-8D18-4B29-B81A-CDA512093274}\setup.exe" -l0x9 -uninst -removeonly
Extensis Mask Pro 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BDB9ADF-17E3-4EDC-94E0-443B91AC46C3}\setup.exe" -l0x9 -uninst -removeonly
Extensis PhotoBevel Solo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Extensis\PhotoBevel Solo\Uninst.isu"
Extensis PhotoFrame 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA53DF31-06F5-11D7-B1E5-0050DA6C326B}\setup.exe" -l0x9 -uninst -removeonly
Extensis PhotoGraphics 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Extensis\PhotoGraphics 1.0\Uninst.isu"
Extensis pxl SmartScale 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFAA3B4-CCF0-40CA-9E82-3D0B9162A1ED}\setup.exe" -l0x9 -uninst -removeonly
Filter Forge 1.009 --> "C:\Program Files\Filter Forge\unins000.exe"
Filters Unlimited 2.0 --> "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Filters Unlimited 2.0\unins000.exe"
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Flash Decompiler --> "C:\Program Files\Eltima Software\Flash Decompiler\unins000.exe"
FocalBlade --> C:\Program Files\FocalBlade\SXUNINST.EXE
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FreeFTP --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\FreeFTP\ST5UNST.LOG"
FreeRIP v3.00 --> "C:\Program Files\FreeRIP3\unins000.exe"
FriendAdder Combo Pack --> "C:\Program Files\FriendAdder Combo Pack\uninstall.exe"
Genesis V2 PROps V2.00 --> C:\WINDOWS\iun502.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\irunin.ini
Genuine Fractals 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Harry's Filters --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\HRRYFIL2.INF, DefaultUninstall.ntx86
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HyperTyle 1.02 --> C:\Program Files\HyperTyle\SXUNINST.EXE
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
JAlbum 7.3 --> C:\Program Files\JAlbumWin\Uninstall.exe
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Knoll Light Factory 2.5 --> C:\WINDOWS\unvise32.exe C:\Program Files\KLF2.5GPU.log
Kodak DIGITAL GEM Airbrush Professional Plug-In 2.0.0 --> MsiExec.exe /I{E33350DF-0A12-4387-B6E8-128C08C0F1FF}
Kodak DIGITAL GEM Professional Plug-In 2.0.0 --> MsiExec.exe /I{67F21D99-D525-4A09-826D-F61B3059C0CE}
Kodak DIGITAL ROC Professional Plug-In 2.0.0 --> MsiExec.exe /I{08365B6E-F1DC-458F-A47E-FD99109118CD}
Kodak DIGITAL SHO Professional Plug-In 2.0.0 --> MsiExec.exe /I{F45C0410-1348-4F25-8F28-F8E044E11222}
KPT® Collection --> C:\WINDOWS\IsUninst.exe -f"c:\program files\adobe\adobe photoshop cs2\plug-ins\KPT Collection\KPT Collection.isu"
Light v3.5 for Adobe Photoshop & Compatible Applications --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs2\plug-ins\light_v3.5_uninstal.log
LightMachine 1.0b --> C:\Program Files\LightMachine\SXUNINST.EXE
Macromedia Director MX 2004 --> C:\PROGRA~1\MACROM~1\DIRECT~1\UNWISE.EXE C:\PROGRA~1\MACROM~1\DIRECT~1\install.log
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Magic Gallery 5 --> "C:\Program Files\Magic Gallery 5\unins000.exe"
MagicFrames 2.03 --> C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\UnInstall_19090.exe
Mask Pro 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DFAC810-6DD8-4E23-96A4-BEB118408203}\setup.exe" -l0x9 -uninst -removeonly
Media Lab SiteGrinder 2 (Basic & Pro) --> C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Media Lab SiteGrinder 2\Uninstall SiteGrinder 2.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{EDE4AA32-ECD4-4FC2-BAD2-E50ED86219E6}
nik Color Efex Pro 2.0 Complete --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\nik Color Efex Pro 2.0 Complete\uninstal.log
Noiseware Professional Plug-in --> MsiExec.exe /I{A0B70B7A-6698-4C79-8E32-EB13987066A3}
Novation K-Station "factory presets" --> C:\Anton\plugs\KSTATI~1\K-STAT~1\UNWISE.EXE C:\Anton\plugs\KSTATI~1\K-STAT~1\INSTALL.LOG
Ozone for Adobe Photoshop --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs2\plug-ins\ozone_uninstal.log
PAN Lens Pro III 3.8 --> "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Panopticum\Panopticum\unins000.exe"
Panopticum Digitalizer 1.1 --> "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Panopticum\unins000.exe"
PhotoFrame Pro 3.0 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E871B6E5-6B93-4A69-AF76-1F8270AAA2F7}\setup.exe" -l0x9 -uninst -removeonly
PhotoFreebies --> C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\SXUNINST.EXE
PhotoKit Color 2 Plug-In Module --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Automate\PixelGenius Toolbox Plug-In Module\pkc2_uninstal.log
PhotoKit Plug-in Module --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Automate\PhotoKit Plug-in Module\uninstal.log
PhotoKit Sharpener Plug-in Module --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Adobe Photoshop Only\Automate\PhotoKit SHARPENER Plug-in Module\uninstal.log
PhotoLight --> C:\Program Files\Adobe\Photoshop CS\Plug-Ins\UnInstall_37481.exe
Photomatix Tone Mapping Plug-In version 1.0 --> "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Photomatix\unins000.exe"
PhotoSurface 3.0 --> C:\Program Files\Adobe\Photoshop CS\Plug-Ins\UnInstall_21533.exe
Plugin Galaxy 1.50 --> "C:\WINDOWS\UNISTB32.EXE" /U "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\PluginGalaxy15\UNINST0.000" "C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\PluginGalaxy15\UNINST1.000"
Pop Art Studio 2.1 --> MsiExec.exe /I{6521DDC6-6637-4B2A-87FD-C8C41C5EAD46}
Portraiture Plug-in --> MsiExec.exe /I{D301EE05-D1E1-4A58-B89C-A0EFDAB491E2}
Power Mask v1.0 for Photoshop --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs2\plug-ins\DFT Power Mask v1\powermask_uninstal.log
Power Matte v1.0 for Adobe After Effects --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs2\plug-ins\DFT Power Matte v1\powermatte_uninstal.log
Power Retouche Pro --> C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\PowerRetouche\UnInstall_PRPro.exe
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prevx 2.0 Agent --> MsiExec.exe /X{259682D2-C528-479C-BEA0-6F793E73B99F}
Pro-sounds.Virus.Dream.Bank1 --> E:\PLUGS\REFX-V~1\PRESETS\PRESETS\UNWISE.EXE E:\PLUGS\REFX-V~1\PRESETS\PRESETS\INSTALL.LOG
Quasar 1.0 --> "C:\Program Files\Quasar\unins000.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RapidFinder 2.5 --> C:\Program Files\RapidFinder 2.0\Uninstal.exe
RAYflect PhotoTracer 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RAYflect\Uninst.isu"
Rob Papen and LinPlug Albino Presets Addon --> C:\Anton\plugs\ROBPAP~1.0-7\AlbinoFx\ADDONU~1\UNWISE.EXE C:\Anton\plugs\ROBPAP~1.0-7\AlbinoFx\ADDONU~1\INSTALL.LOG
Room Arranger --> "C:\Program Files\Room Arranger\uninstall.exe"
S-Spline PRO --> C:\Program Files\Shortcut\S-Spline PRO\Uninstall.exe
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Satori FilmFX v3.20 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Satori FilmFX v3.20\DeIsL1.isu" -c"C:\Program Files\Satori FilmFX v3.20\_ISREG32.DLL"
Satori PaintFX v1.01 --> C:\WINDOWS\uninst.exe -f"c:\program files\adobe\adobe photoshop cs2\plug-ins\DeIsL2.isu" -c"c:\program files\adobe\adobe photoshop cs2\plug-ins\_ISREG32.DLL"
Save Flash 4.1 --> C:\Program Files\Save Flash\uninst.exe
Segmation 1.0 Evaluation --> C:\WINDOWS\IsUninst.exe -fC:\Segmation\Uninst.isu
Sketch --> "C:\Program Files\AKVIS\Sketch\Uninstall\Uninstall.exe" "C:\Program Files\AKVIS\Sketch\Uninstall\install.log" -u
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snap for Adobe Photoshop & Photoshop Elements --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs2\plug-ins\snap_uninstal.log
Sonic Charge µTonic VSTi v2.0 --> C:\PROGRA~1\emagic\LOGIC5~1\VSTPLU~1\SONICC~1\MICROT~1\UNWISE.EXE C:\PROGRA~1\emagic\LOGIC5~1\VSTPLU~1\SONICC~1\MICROT~1\INSTALL.LOG
Splat! 1.0 --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\Splat\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\Splat\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stamp Uninstall --> C:\Program Files\NCH Swift Sound\Stamp\uninst.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Palette - Melody Composing Tool 4.4.3 --> "C:\Program Files\The Palette - Melody Composing Tool 4.4.3\uninstall.exe"
Tiffen Dfx v1.0 for Photoshop (Team V.R Private Edition) --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\\TIFFEN~1.0\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\\TIFFEN~1.0\INSTALL.LOG
Total Recorder 6.0 --> "C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Total Xaos-Demo --> C:\WINDOWS\IsUninst.exe -f"c:\program files\adobe\adobe photoshop cs2\plug-ins\Uninst.isu"
Ulead ArtTexture.Plugin 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead ArtTexture.Plugin\At10f.isu"
Ulead FantasyWarp.Plugin 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead FantasyWarp.Plugin\Fw10f.isu"
Ulead Particle.Plugin 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Particle.Plugin\Pp10f.isu"
Uninstall AutoEye --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\AutoEye\AutoEye Uninstall.log
Uninstall DreamSuite --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\DreamSuite\DreamSuite Uninstall.log
Uninstall Mystical --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Mystical\Mystical Uninstall.log
Uninstall MysticalTTC --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\MysticalTTC\MysticalTTC Uninstall.log
Vertigo 3D PopArt 2.0 DEMO --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe illustrator cs2\plug-ins\uninstal.log
Vertus Fluid Mask 3 3.0.2 --> "C:\Program Files\Vertus Fluid Mask 3\Uninstall.exe"
Vodafone Mobile Connect --> MsiExec.exe /I{1ECCE5C7-7C28-4384-8711-90228FCFDFA8}
VSAdd-in for Internet Explorer --> regsvr32.exe /u /s "C:\Program Files\VSAdd-in\VSAdd-in.dll"
Waves Vocal Bundle v1.1 --> C:\PROGRA~1\Waves\AIRLOG~1\WAVESV~1\UNWISE.EXE C:\PROGRA~1\Waves\AIRLOG~1\WAVESV~1\INSTALL.LOG
Web Gallery Builder version 1.87 --> "C:\Program Files\Web Gallery Builder\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
zMatte v2.5 for Adobe Photoshop --> C:\WINDOWS\unvise32.exe c:\program files\adobe\adobe photoshop cs2\plug-ins\zMatte_v2.5_uninstal.log


-- Application Event Log -------------------------------------------------------

Event Record #/Type4698 / Error
Event Submitted/Written: 11/17/2007 01:31:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4697 / Error
Event Submitted/Written: 11/17/2007 01:25:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4694 / Error
Event Submitted/Written: 11/17/2007 01:14:51 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4690 / Error
Event Submitted/Written: 11/17/2007 01:07:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4689 / Error
Event Submitted/Written: 11/17/2007 01:04:04 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5430 / Warning
Event Submitted/Written: 11/20/2007 03:26:35 PM / 11/20/2007 03:27:05 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

Event Record #/Type5429 / Error
Event Submitted/Written: 11/20/2007 03:27:00 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%2

Event Record #/Type5428 / Error
Event Submitted/Written: 11/20/2007 03:27:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The emagic MT4 configuration node service failed to start due to the following error:
%%1058

Event Record #/Type5427 / Error
Event Submitted/Written: 11/20/2007 03:27:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The emagic USB kernel driver service failed to start due to the following error:
%%1058

Event Record #/Type5426 / Error
Event Submitted/Written: 11/20/2007 03:26:59 PM
Event ID/Source: 104 / SRService
Event Description:
The System Restore initialization process failed.



-- End of Deckard's System Scanner: finished at 2007-11-20 15:33:31 ------------

#8 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 20 November 2007 - 12:18 PM

Hi,

Well that is quite a mess you have there. This may/will take several more posts to get this all cleaned up. This is a bad one. You need to stay away from the Torrents.

Click Start->Run...
Enter the following commands one at a time into the window and click OK each time.

sc stop DomainService
sc delete DomainService

------------------------------

Run HijackThis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: (no name) - {04A50AA9-E066-4168-B8F9-670D744492C8} - (no file)
O2 - BHO: (no name) - {0f68a09b-ce1a-4581-939c-69384dd8e0fb} - (no file)
O2 - BHO: (no name) - {20c39dc0-cfe4-4e48-b3f6-6dae93b09383} - (no file)
O2 - BHO: (no name) - {25A12E63-12C4-4526-8BB5-D9E72167CF92} - (no file)
O2 - BHO: {49e1f78d-5c64-016a-8664-bcab92d4f7a4} - {4a7f4d29-bacb-4668-a610-46c5d87f1e94} - C:\WINDOWS\system32\pdpbpdeb.dll
O2 - BHO: (no name) - {5027D158-47A4-46B3-A07C-A9FB0D7D0799} - C:\WINDOWS\system32\urqno.dll (file missing)
O2 - BHO: (no name) - {51deea14-4a45-4ab8-bc22-de0889aeecfd} - (no file)
O2 - BHO: (no name) - {599cb252-b932-491c-b1be-207786fb76a4} - (no file)
O2 - BHO: (no name) - {6020c6ca-08d1-4876-9cf3-a0aa8e916910} - (no file)
O2 - BHO: (no name) - {624694C5-D9E3-4534-AA84-E80368A9A308} - C:\Program Files\Adobe\mexokaroC:\WINDOWS\system32\v4\caws83122.exe.dll (file missing)
O2 - BHO: (no name) - {6B53F42F-BA41-419E-A427-B567DC09C967} - (no file)
O2 - BHO: (no name) - {6E0F8E72-16A9-4430-BA7B-B028570D516F} - (no file)
O2 - BHO: (no name) - {8D911365-4A3C-452E-B3F0-CC2D750FDFC7} - (no file)
O2 - BHO: (no name) - {9B22B9D1-7F1F-42F9-81E5-1606DE23708D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {b47dbfba-e866-4b1e-a167-af88b635a5b3} - (no file)
O2 - BHO: (no name) - {c5834da1-2720-4ccc-93a7-5c30d25ceb29} - (no file)
O2 - BHO: (no name) - {c58a6214-9035-4965-bf16-d4fbb076a104} - (no file)
O2 - BHO: (no name) - {C932B390-4685-49D7-8458-F8E6166DA9C1} - (no file)
O2 - BHO: (no name) - {D951DD00-0AE7-4593-AD43-D91457AD1C69} - (no file)
O2 - BHO: (no name) - {E08400A7-CF77-40C1-8246-05A721367985} - (no file)
O2 - BHO: (no name) - {e5115a54-83a6-4246-9c06-37336abb1609} - (no file)
O2 - BHO: (no name) - {F5434312-49C4-41B7-A59D-16C1B94958BA} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\cilttncb.dll",b
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O20 - Winlogon Notify: byxxx - C:\WINDOWS\system32\byxxx.dll (file missing)
O20 - Winlogon Notify: mljii - C:\WINDOWS\system32\mljii.dll (file missing)
O20 - Winlogon Notify: nnnklmk - nnnklmk.dll (file missing)
O20 - Winlogon Notify: qfchkbwy - C:\WINDOWS\
O20 - Winlogon Notify: tuvspnl - C:\WINDOWS\
O20 - Winlogon Notify: uxoncaup - C:\WINDOWS\
O20 - Winlogon Notify: winkgg32 - winkgg32.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\chkfxbli.exe (file missing)

Then close all windows except this one and press Fix checked.

-----------------------------------

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\system32\pdpbpdeb.dll
    C:\WINDOWS\system32\kuwsbvbn.dll
    C:\WINDOWS\system32\amgstxww.dll
    C:\WINDOWS\system32\vnmeuouj.dll
    C:\WINDOWS\system32\rqldxyih.dll
    C:\WINDOWS\system32\clexyrqh.dll
    C:\WINDOWS\system32\awendgnl.dll
    C:\WINDOWS\system32\mkenxuic.dll
    C:\WINDOWS\system32\hfscmmpp.dll
    C:\WINDOWS\system32\plsttrlq.dll
    C:\WINDOWS\system32\jduuxsei.dll
    C:\WINDOWS\system32\vcrtseos.dll
    C:\WINDOWS\system32\ojwgnnda.dll
    C:\WINDOWS\system32\mvfxnvoi.dll
    C:\WINDOWS\system32\gipgwmqh.dll
    C:\WINDOWS\system32\ydwwrygv.dll
    C:\WINDOWS\system32\cbfreggo.dll
    C:\WINDOWS\system32\mwejeovx.dll
    C:\WINDOWS\system32\povfvrmc.dll
    C:\WINDOWS\system32\hhwgnqoh.dll
    C:\WINDOWS\system32\ndtshlxd.dll
    C:\WINDOWS\system32\xbpsfoua.dll
    C:\WINDOWS\system32\hhjpnrdq.dll
    C:\WINDOWS\system32\snbvvepg.dll
    C:\WINDOWS\system32\rbqvhejf.dll
    C:\WINDOWS\system32\owvojwwm.dll
    C:\WINDOWS\system32\ieemvpfy.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Reboot and post a fresh Deckards log.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#9 anton123

anton123

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 21 November 2007 - 12:56 AM

Yeah, I don't think I got this from torrents....I'm sure it was from a website by accident (malware type one...)

OK logs to follow - (Deckard's only did a main.txt this time?)

Thanks agaon for your time - much appreciated!


OTMoveIt:

File/Folder C:\WINDOWS\system32\pdpbpdeb.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kuwsbvbn.dll
C:\WINDOWS\system32\kuwsbvbn.dll NOT unregistered.
C:\WINDOWS\system32\kuwsbvbn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\amgstxww.dll
C:\WINDOWS\system32\amgstxww.dll NOT unregistered.
C:\WINDOWS\system32\amgstxww.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vnmeuouj.dll
C:\WINDOWS\system32\vnmeuouj.dll NOT unregistered.
C:\WINDOWS\system32\vnmeuouj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqldxyih.dll
C:\WINDOWS\system32\rqldxyih.dll NOT unregistered.
C:\WINDOWS\system32\rqldxyih.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\clexyrqh.dll
C:\WINDOWS\system32\clexyrqh.dll NOT unregistered.
C:\WINDOWS\system32\clexyrqh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\awendgnl.dll
C:\WINDOWS\system32\awendgnl.dll NOT unregistered.
C:\WINDOWS\system32\awendgnl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mkenxuic.dll
C:\WINDOWS\system32\mkenxuic.dll NOT unregistered.
C:\WINDOWS\system32\mkenxuic.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hfscmmpp.dll
C:\WINDOWS\system32\hfscmmpp.dll NOT unregistered.
C:\WINDOWS\system32\hfscmmpp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\plsttrlq.dll
C:\WINDOWS\system32\plsttrlq.dll NOT unregistered.
C:\WINDOWS\system32\plsttrlq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jduuxsei.dll
C:\WINDOWS\system32\jduuxsei.dll NOT unregistered.
C:\WINDOWS\system32\jduuxsei.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vcrtseos.dll
C:\WINDOWS\system32\vcrtseos.dll NOT unregistered.
C:\WINDOWS\system32\vcrtseos.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ojwgnnda.dll
C:\WINDOWS\system32\ojwgnnda.dll NOT unregistered.
C:\WINDOWS\system32\ojwgnnda.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mvfxnvoi.dll
C:\WINDOWS\system32\mvfxnvoi.dll NOT unregistered.
C:\WINDOWS\system32\mvfxnvoi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gipgwmqh.dll
C:\WINDOWS\system32\gipgwmqh.dll NOT unregistered.
C:\WINDOWS\system32\gipgwmqh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ydwwrygv.dll
C:\WINDOWS\system32\ydwwrygv.dll NOT unregistered.
C:\WINDOWS\system32\ydwwrygv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbfreggo.dll
C:\WINDOWS\system32\cbfreggo.dll NOT unregistered.
C:\WINDOWS\system32\cbfreggo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mwejeovx.dll
C:\WINDOWS\system32\mwejeovx.dll NOT unregistered.
C:\WINDOWS\system32\mwejeovx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\povfvrmc.dll
C:\WINDOWS\system32\povfvrmc.dll NOT unregistered.
C:\WINDOWS\system32\povfvrmc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hhwgnqoh.dll
C:\WINDOWS\system32\hhwgnqoh.dll NOT unregistered.
C:\WINDOWS\system32\hhwgnqoh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ndtshlxd.dll
C:\WINDOWS\system32\ndtshlxd.dll NOT unregistered.
C:\WINDOWS\system32\ndtshlxd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xbpsfoua.dll
C:\WINDOWS\system32\xbpsfoua.dll NOT unregistered.
C:\WINDOWS\system32\xbpsfoua.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hhjpnrdq.dll
C:\WINDOWS\system32\hhjpnrdq.dll NOT unregistered.
C:\WINDOWS\system32\hhjpnrdq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\snbvvepg.dll
C:\WINDOWS\system32\snbvvepg.dll NOT unregistered.
C:\WINDOWS\system32\snbvvepg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rbqvhejf.dll
C:\WINDOWS\system32\rbqvhejf.dll NOT unregistered.
C:\WINDOWS\system32\rbqvhejf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\owvojwwm.dll
C:\WINDOWS\system32\owvojwwm.dll NOT unregistered.
C:\WINDOWS\system32\owvojwwm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ieemvpfy.dll
C:\WINDOWS\system32\ieemvpfy.dll NOT unregistered.
C:\WINDOWS\system32\ieemvpfy.dll moved successfully.

Created on 11/21/2007 08:34:25



Deckard's System Scanner v20071014.68
Run by Anton on 2007-11-21 08:42:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.5 GiB (less than 15%) free.


-- HijackThis (run as Anton.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:42:53, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Documents and Settings\Anton\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anton.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04A50AA9-E066-4168-B8F9-670D744492C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0f68a09b-ce1a-4581-939c-69384dd8e0fb} - (no file)
O2 - BHO: (no name) - {20c39dc0-cfe4-4e48-b3f6-6dae93b09383} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {25A12E63-12C4-4526-8BB5-D9E72167CF92} - (no file)
O2 - BHO: (no name) - {4a7f4d29-bacb-4668-a610-46c5d87f1e94} - (no file)
O2 - BHO: (no name) - {5027D158-47A4-46B3-A07C-A9FB0D7D0799} - (no file)
O2 - BHO: (no name) - {51deea14-4a45-4ab8-bc22-de0889aeecfd} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {599cb252-b932-491c-b1be-207786fb76a4} - (no file)
O2 - BHO: (no name) - {6020c6ca-08d1-4876-9cf3-a0aa8e916910} - (no file)
O2 - BHO: (no name) - {624694C5-D9E3-4534-AA84-E80368A9A308} - (no file)
O2 - BHO: (no name) - {6B53F42F-BA41-419E-A427-B567DC09C967} - (no file)
O2 - BHO: (no name) - {6E0F8E72-16A9-4430-BA7B-B028570D516F} - (no file)
O2 - BHO: (no name) - {8D911365-4A3C-452E-B3F0-CC2D750FDFC7} - (no file)
O2 - BHO: (no name) - {9B22B9D1-7F1F-42F9-81E5-1606DE23708D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b47dbfba-e866-4b1e-a167-af88b635a5b3} - (no file)
O2 - BHO: (no name) - {c5834da1-2720-4ccc-93a7-5c30d25ceb29} - (no file)
O2 - BHO: (no name) - {c58a6214-9035-4965-bf16-d4fbb076a104} - (no file)
O2 - BHO: (no name) - {C932B390-4685-49D7-8458-F8E6166DA9C1} - (no file)
O2 - BHO: (no name) - {D951DD00-0AE7-4593-AD43-D91457AD1C69} - (no file)
O2 - BHO: (no name) - {E08400A7-CF77-40C1-8246-05A721367985} - (no file)
O2 - BHO: (no name) - {e5115a54-83a6-4246-9c06-37336abb1609} - (no file)
O2 - BHO: (no name) - {F5434312-49C4-41B7-A59D-16C1B94958BA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\cilttncb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxxx - C:\WINDOWS\
O20 - Winlogon Notify: mljii - C:\WINDOWS\
O20 - Winlogon Notify: nnnklmk - C:\WINDOWS\
O20 - Winlogon Notify: qfchkbwy - C:\WINDOWS\
O20 - Winlogon Notify: tuvspnl - C:\WINDOWS\
O20 - Winlogon Notify: uxoncaup - C:\WINDOWS\
O20 - Winlogon Notify: winkgg32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 9251 bytes

-- Files created between 2007-10-21 and 2007-11-21 -----------------------------

2007-11-20 07:45:51 0 d-------- C:\WINDOWS\ERUNT
2007-11-20 07:27:57 0 d-------- C:\Program Files\Trend Micro
2007-11-19 16:30:06 0 d-------- C:\Program Files\JAlbumWin
2007-11-19 12:40:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 12:13:15 0 d-------- C:\Documents and Settings\Anton\Application Data\uTorrent
2007-11-19 12:13:13 0 d-------- C:\Program Files\uTorrent
2007-11-19 12:12:07 0 d-------- C:\Anton
2007-11-19 11:49:55 0 d--hs---- C:\Documents and Settings\Anton\UserData
2007-11-19 03:12:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-19 03:09:59 0 d-------- C:\Documents and Settings\Anton\Application Data\Macromedia
2007-11-19 03:09:53 0 d-------- C:\Program Files\Yahoo!
2007-11-19 02:52:57 0 d-------- C:\Documents and Settings\Anton\Application Data\Vodafone Mobile Connect
2007-11-19 02:51:20 237568 --a----c- C:\WINDOWS\VMC9SavedNwtGatewayDLL.dll <Not Verified; ; NwtGatewayDLL Dynamic Link Library>
2007-11-19 02:51:20 196608 --a----c- C:\WINDOWS\VMC9Savedloader.dll <Not Verified; Novatel Wireless Inc.; Novatel Wireless Inc. Loader>
2007-11-19 02:51:18 4480 --a------ C:\WINDOWS\system32\drivers\g3grpm.sys <Not Verified; Option N.V.; >
2007-11-19 02:51:15 0 d-------- C:\Documents and Settings\Anton\Application Data\ICS
2007-11-19 02:49:47 0 d-------- C:\Program Files\Vodafone
2007-11-19 02:49:05 8464 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-11-19 02:45:23 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-19 02:44:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-19 02:44:38 0 d-------- C:\Program Files\Intel
2007-11-19 02:43:36 0 d-------- C:\Program Files\ATI Technologies
2007-11-19 02:42:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-19 02:42:33 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-19 02:42:30 0 d-------- C:\dell
2007-11-19 02:38:11 0 d--hs---- C:\WINDOWS\Installer
2007-11-19 02:38:07 0 d-------- C:\Documents and Settings\Anton\Application Data\Identities
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\Templates
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\Start Menu
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\SendTo
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\Recent
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\PrintHood
2007-11-19 02:37:57 8388608 --ah----- C:\Documents and Settings\Anton\NTUSER.DAT
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\NetHood
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\My Documents
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\Local Settings
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\Favorites
2007-11-19 02:37:57 0 d-------- C:\Documents and Settings\Anton\Desktop
2007-11-19 02:37:57 0 d--hs---- C:\Documents and Settings\Anton\Cookies
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\Application Data
2007-11-19 02:37:14 0 d--hs---- C:\System Volume Information
2007-11-19 02:37:13 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-19 02:37:13 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-11-19 02:37:13 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-11-19 02:37:13 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-19 02:37:13 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-19 02:37:12 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-19 02:37:12 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-11-19 02:37:12 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-11-19 02:37:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-19 02:37:12 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-19 02:34:01 0 d-------- C:\WINDOWS\system32\xircom
2007-11-19 02:34:00 0 d-------- C:\Program Files\microsoft frontpage
2007-11-19 02:33:57 229376 ---h---c- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-19 02:33:02 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-19 02:32:55 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-19 02:32:55 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-19 02:32:28 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-19 02:31:51 0 d---s---- C:\WINDOWS\Tasks
2007-11-19 02:31:49 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-19 02:31:45 0 d-------- C:\WINDOWS\srchasst
2007-11-19 02:31:44 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-19 02:31:43 0 d-------- C:\Program Files\Movie Maker
2007-11-19 02:31:39 0 d-------- C:\WINDOWS\system32\Restore
2007-11-19 02:31:39 0 d-------- C:\WINDOWS\PCHealth
2007-11-19 02:31:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-19 02:31:06 0 d-------- C:\WINDOWS\Registration
2007-11-19 02:30:40 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-19 02:30:39 0 d-------- C:\Program Files\Online Services
2007-11-19 02:30:34 0 d-------- C:\Program Files\Messenger
2007-11-19 02:30:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-19 02:29:58 0 d-------- C:\Program Files\Windows NT
2007-11-19 02:29:55 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-19 02:29:55 0 d-------- C:\WINDOWS\system32\Com
2007-11-18 18:15:47 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-18 18:15:44 0 dr------- C:\Program Files
2007-11-18 18:15:44 0 d-------- C:\Program Files\Common Files
2007-11-18 18:15:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-11-18 18:15:21 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-11-18 18:15:21 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-11-18 18:15:21 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\All Users\Documents
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-11-18 18:15:09 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-18 18:15:09 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-18 18:15:03 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-18 18:15:03 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-18 18:15:03 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-18 18:15:03 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-18 18:14:44 0 d-------- C:\Documents and Settings
2007-11-18 18:10:47 0 d-------- C:\WINDOWS
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\WinSxS
2007-11-18 18:10:47 0 dr------- C:\WINDOWS\Web
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\twain_32
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\wins
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\wbem
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\usmt
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\spool
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\Setup
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ras
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\oobe
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\npp
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\mui
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\IME
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ias
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\export
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-18 18:10:47 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\config
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\3076
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\2052
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1054
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1042
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1041
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1037
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1033
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1031
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1028
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1025
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\security
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Resources
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\repair
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\mui
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\msapps
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\msagent
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Media
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\java
2007-11-18 18:10:47 0 d--h----- C:\WINDOWS\inf
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\ime
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Help
2007-11-18 18:10:47 0 dr--s---- C:\WINDOWS\Fonts
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Driver Cache
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Debug
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Cursors
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Config
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\AppPatch
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\addins
2007-11-17 15:16:50 0 d-------- C:\Documents and Settings\Anton\Application Data\Mask Pro 4.0
2007-11-17 13:44:58 0 d-------- C:\Program Files\PSD2FLA
2007-11-17 13:41:30 0 d-------- C:\Documents and Settings\Anton\SiteGrinderData
2007-11-17 11:51:35 24047608 --a------ C:\Program Files\Install SiteGrinder 2 and PSD2FLA.exe <INSTAL~1.EXE>
2007-11-14 22:12:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 16:57:59 0 d-------- C:\Documents and Settings\Anton\Application Data\Prevx
2007-11-14 16:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-14 15:20:54 0 d-------- C:\VundoFix Backups
2007-11-14 07:38:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 07:37:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-14 07:37:01 0 d-------- C:\Documents and Settings\Anton\Application Data\SUPERAntiSpyware.com
2007-11-13 21:54:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 21:46:19 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-13 14:17:03 88128 --a------ C:\WINDOWS\system32\ulmsevee.dll
2007-11-08 18:58:07 0 d-------- C:\Documents and Settings\Anton\Application Data\Grisoft
2007-11-08 18:56:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 18:05:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vodafone
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-08 18:03:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-08 18:03:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-08 18:03:00 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-08 18:03:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-08 18:03:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-08 18:02:59 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-08 17:08:50 2078 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-08 10:24:36 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-08 10:24:36 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-08 10:16:24 0 d-------- C:\Program Files\Kaspersky Lab
2007-11-08 10:14:46 89120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-08 10:14:46 10676768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-08 09:59:54 0 d-------- C:\kav
2007-11-07 15:13:47 0 d-------- C:\WINDOWS\system32\Mz02r
2007-11-07 15:13:45 0 d-------- C:\Temp
2007-11-07 15:07:35 0 d-------- C:\Documents and Settings\Anton\Application Data\Thinstall
2007-11-05 17:54:02 923136 --a------ C:\WINDOWS\Gear32sd.dll <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-11-04 12:24:39 0 d-------- C:\Program Files\Cartoon Maker
2007-11-02 13:30:14 0 d-------- C:\Program Files\TwistingPixels
2007-11-02 12:20:12 0 d-------- C:\Program Files\Microsoft Silverlight
2007-11-01 14:16:00 0 d-------- C:\Documents and Settings\Anton\Application Data\GibbHill Properties Ltd
2007-11-01 12:33:39 0 d-------- C:\Program Files\RapidFinder 2.0
2007-10-30 22:51:57 0 d-------- C:\Documents and Settings\Anton\Application Data\Filter Forge
2007-10-30 22:50:57 11 --a------ C:\WINDOWS\system32\tscrip22.dll
2007-10-30 22:40:41 39 --a------ C:\WINDOWS\buZZP3lic.dll
2007-10-30 22:25:11 0 d-------- C:\New Folder
2007-10-30 18:30:47 0 d-------- C:\WINDOWS\ulead.dat
2007-10-30 18:09:38 0 d-------- C:\Documents and Settings\Anton\Application Data\PictoColor
2007-10-30 17:58:02 0 d-------- C:\Documents and Settings\Anton\Application Data\Tiffen
2007-10-30 17:55:52 286720 --a------ C:\WINDOWS\iun502.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2007-10-30 17:40:16 1030144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows®>
2007-10-30 17:40:06 0 d-------- C:\Program Files\Filter Forge
2007-10-30 17:38:00 0 d-------- C:\Documents and Settings\Anton\Application Data\Extensis
2007-10-30 17:21:56 0 d-------- C:\Program Files\Extensis
2007-10-30 16:49:17 0 d-------- C:\WINDOWS\system32\embedded
2007-10-30 16:49:17 0 d-------- C:\Program Files\Quasar
2007-10-30 16:46:45 0 d-------- C:\Program Files\Anti Red Eye
2007-10-30 16:42:34 0 d-------- C:\Program Files\Vertus Fluid Mask 3
2007-10-30 16:33:02 0 d-------- C:\Program Files\Ulead FantasyWarp.Plugin
2007-10-30 16:32:19 0 d-------- C:\Program Files\Ulead ArtTexture.Plugin
2007-10-30 16:31:33 4528 -----n--- C:\WINDOWS\SETBROWS.EXE
2007-10-30 16:31:33 35328 -----n--- C:\WINDOWS\INETWH32.DLL
2007-10-30 16:31:33 9136 -----n--- C:\WINDOWS\INETWH16.DLL
2007-10-30 16:31:33 26832 -----n--- C:\WINDOWS\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-10-30 16:31:32 0 d-------- C:\WINDOWS\Noslip
2007-10-30 16:31:32 0 d-------- C:\Program Files\Ulead Particle.Plugin
2007-10-30 16:06:38 0 d-------- C:\Program Files\LightMachine
2007-10-30 15:56:54 847872 --a------ C:\WINDOWS\system32\_ISource22.dll <Not Verified; Smaller Animals Software, Inc.; _ISource22.DLL>
2007-10-30 15:56:48 0 d-------- C:\Program Files\HyperTyle
2007-10-30 15:53:12 0 d-------- C:\Program Files\ColorWasher2
2007-10-30 15:51:19 0 d-------- C:\Program Files\Shortcut
2007-10-30 15:38:36 0 d-------- C:\Documents and Settings\Anton\Application Data\Digital Film Tools
2007-10-30 15:37:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2007-10-30 15:35:29 0 d-------- C:\Program Files\Satori FilmFX v3.20
2007-10-30 15:34:42 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-10-30 14:52:25 0 d-------- C:\Program Files\RAYflect
2007-10-30 14:52:25 0 d-------- C:\PhotoTracer
2007-10-30 14:50:17 0 d-------- C:\Program Files\ParallelGraphics
2007-10-30 14:50:13 0 d-------- C:\Program Files\Common Files\ParallelGraphics
2007-10-30 14:49:35 0 d-------- C:\Program Files\Room Arranger
2007-10-30 14:46:11 0 d-------- C:\Program Files\Imagenomic
2007-10-30 12:22:18 0 d-------- C:\Program Files\HumanSoftware
2007-10-30 11:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
2007-10-30 11:23:57 143500 --a------ C:\WINDOWS\Curves 2 Uninstaller.exe
2007-10-30 11:23:56 0 d-------- C:\Program Files\Curvemeister.com
2007-10-30 11:15:16 0 d-------- C:\WINDOWS\Corel
2007-10-29 10:10:01 326656 --a------ C:\WINDOWS\system\MSVCRT40.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2007-10-29 10:10:01 900608 --a------ C:\WINDOWS\system\GEAR32PD.DLL <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-10-29 10:09:16 20976 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2007-10-29 10:09:13 246784 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2007-10-29 10:07:36 0 d-------- C:\Program Files\Aurelon PhotoPro
2007-10-29 09:00:35 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2007-10-28 22:26:03 0 d-------- C:\Splat
2007-10-28 17:16:40 0 d-------- C:\Program Files\AKVIS
2007-10-28 17:06:35 0 d-------- C:\WINDOWS\Xaos Folder
2007-10-28 17:06:35 0 d-------- C:\Segmation
2007-10-28 17:04:28 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-10-28 17:04:27 0 d-------- C:\Documents and Settings\Anton\WINDOWS
2007-10-28 16:27:11 0 d-------- C:\Documents and Settings\Anton\Application Data\Mr Retro
2007-10-26 10:53:58 0 d-------- C:\Program Files\Kodak
2007-10-26 08:15:17 0 d-------- C:\Documents and Settings\Anton\Application Data\Corel
2007-10-26 08:13:21 0 d-------- C:\Program Files\Corel
2007-10-25 22:11:31 0 d-------- C:\Program Files\PowerISO
2007-10-25 18:12:21 0 d-------- C:\Documents and Settings\Anton\Application Data\onOne Software
2007-10-25 18:07:31 0 d-------- C:\Program Files\Common Files\onOne Software Shared
2007-10-25 18:07:29 0 d-------- C:\Program Files\onOne Software
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-24 20:06:37 0 d-------- C:\Program Files\Magic Gallery 5
2007-10-24 20:02:39 0 d-------- C:\Documents and Settings\Anton\Application Data\Web Gallery Builder
2007-10-24 20:02:27 0 d-------- C:\Program Files\Web Gallery Builder
2007-10-23 13:25:58 0 d-------- C:\Program Files\Common Files\LizardTech Shared
2007-10-23 13:25:54 227840 --a------ C:\WINDOWS\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2007-10-23 12:19:29 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-21 14:45:05 0 d-------- C:\Program Files\SigmaTel


-- Find3M Report ---------------------------------------------------------------

2007-11-20 16:39:40 0 d-------- C:\Documents and Settings\Anton\Application Data\CoreFTP
2007-11-19 12:33:25 0 d-------- C:\Program Files\eMule
2007-11-18 18:15:21 62 --ahs---- C:\Documents and Settings\Anton\Application Data\desktop.ini
2007-11-07 09:47:25 0 d-------- C:\Documents and Settings\Anton\Application Data\Skype
2007-11-05 17:54:06 40172 --a------ C:\Program Files\INSTALL.LOG
2007-10-30 16:43:01 1024 --a------ C:\WINDOWS\system32\t7vjvc6.dll
2007-10-30 16:43:01 204 --a------ C:\WINDOWS\system32\edmuvtf.dll
2007-10-30 16:43:00 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2007-10-30 16:43:00 1024 --a------ C:\WINDOWS\system32\grcauth2.dll
2007-10-30 16:43:00 1024 --a------ C:\WINDOWS\system32\grcauth1.dll
2007-10-30 15:55:18 0 d-------- C:\Program Files\FocalBlade
2007-10-29 08:52:17 0 d-------- C:\Documents and Settings\Anton\Application Data\Alien Skin
2007-10-29 08:35:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-21 14:39:13 0 d-------- C:\Program Files\NCH Swift Sound
2007-10-21 14:38:35 0 d-------- C:\Program Files\True Audio
2007-10-21 14:38:10 0 d-------- C:\Program Files\Monkey's Audio
2007-10-21 14:37:28 0 d-------- C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo
2007-10-21 14:37:06 0 d-------- C:\Program Files\MagicISO
2007-10-11 16:52:36 0 d-------- C:\Documents and Settings\Anton\Application Data\Adobe
2007-10-10 21:43:53 0 d-------- C:\Documents and Settings\Anton\Application Data\Eltima Software
2007-10-10 21:33:11 0 d-------- C:\Program Files\Save Flash
2007-10-09 21:17:48 0 d-------- C:\Program Files\Pop Art Studio 2.1
2007-10-07 01:56:05 0 d-------- C:\Program Files\Alien Skin
2007-10-02 09:25:05 0 d-------- C:\Documents and Settings\Anton\Application Data\Temporary
2007-09-25 16:49:33 0 d-------- C:\Program Files\emagic


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04A50AA9-E066-4168-B8F9-670D744492C8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f68a09b-ce1a-4581-939c-69384dd8e0fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20c39dc0-cfe4-4e48-b3f6-6dae93b09383}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25A12E63-12C4-4526-8BB5-D9E72167CF92}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a7f4d29-bacb-4668-a610-46c5d87f1e94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5027D158-47A4-46B3-A07C-A9FB0D7D0799}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51deea14-4a45-4ab8-bc22-de0889aeecfd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{599cb252-b932-491c-b1be-207786fb76a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6020c6ca-08d1-4876-9cf3-a0aa8e916910}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{624694C5-D9E3-4534-AA84-E80368A9A308}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B53F42F-BA41-419E-A427-B567DC09C967}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E0F8E72-16A9-4430-BA7B-B028570D516F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D911365-4A3C-452E-B3F0-CC2D750FDFC7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B22B9D1-7F1F-42F9-81E5-1606DE23708D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b47dbfba-e866-4b1e-a167-af88b635a5b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5834da1-2720-4ccc-93a7-5c30d25ceb29}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c58a6214-9035-4965-bf16-d4fbb076a104}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C932B390-4685-49D7-8458-F8E6166DA9C1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D951DD00-0AE7-4593-AD43-D91457AD1C69}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E08400A7-CF77-40C1-8246-05A721367985}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5115a54-83a6-4246-9c06-37336abb1609}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5434312-49C4-41B7-A59D-16C1B94958BA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [12/05/2006 01:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 00:56 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 01:25]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [28/06/2007 12:51]
"70625938"="C:\WINDOWS\system32\cilttncb.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"MobileConnect.EXE"="C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [13/07/2007 15:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]
"WinAble"="C:\Program Files\WinAble\winable.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljii]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnklmk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qfchkbwy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvspnl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uxoncaup]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkgg32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqno.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk
backup=C:\WINDOWS\pss\Register Mask Pro 3.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Anton^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Anton\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f658685-968b-11dc-bc74-9b6686c28826}]
Auto\command- RavMon.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e




-- End of Deckard's System Scanner: finished at 2007-11-21 08:45:12 ------------

#10 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 21 November 2007 - 05:26 AM

Did you run and fix all the items I asked you to with HijackThis in your last step? If not please go back and do so, even if you think you did, please go back and do that step.

Run HijackThis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: (no name) - {04A50AA9-E066-4168-B8F9-670D744492C8} - (no file)
O2 - BHO: (no name) - {0f68a09b-ce1a-4581-939c-69384dd8e0fb} - (no file)
O2 - BHO: (no name) - {20c39dc0-cfe4-4e48-b3f6-6dae93b09383} - (no file)
O2 - BHO: (no name) - {25A12E63-12C4-4526-8BB5-D9E72167CF92} - (no file)
O2 - BHO: {49e1f78d-5c64-016a-8664-bcab92d4f7a4} - {4a7f4d29-bacb-4668-a610-46c5d87f1e94} - C:\WINDOWS\system32\pdpbpdeb.dll
O2 - BHO: (no name) - {5027D158-47A4-46B3-A07C-A9FB0D7D0799} - C:\WINDOWS\system32\urqno.dll (file missing)
O2 - BHO: (no name) - {51deea14-4a45-4ab8-bc22-de0889aeecfd} - (no file)
O2 - BHO: (no name) - {599cb252-b932-491c-b1be-207786fb76a4} - (no file)
O2 - BHO: (no name) - {6020c6ca-08d1-4876-9cf3-a0aa8e916910} - (no file)
O2 - BHO: (no name) - {624694C5-D9E3-4534-AA84-E80368A9A308} - C:\Program Files\Adobe\mexokaroC:\WINDOWS\system32\v4\caws83122.exe.dll (file missing)
O2 - BHO: (no name) - {6B53F42F-BA41-419E-A427-B567DC09C967} - (no file)
O2 - BHO: (no name) - {6E0F8E72-16A9-4430-BA7B-B028570D516F} - (no file)
O2 - BHO: (no name) - {8D911365-4A3C-452E-B3F0-CC2D750FDFC7} - (no file)
O2 - BHO: (no name) - {9B22B9D1-7F1F-42F9-81E5-1606DE23708D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {b47dbfba-e866-4b1e-a167-af88b635a5b3} - (no file)
O2 - BHO: (no name) - {c5834da1-2720-4ccc-93a7-5c30d25ceb29} - (no file)
O2 - BHO: (no name) - {c58a6214-9035-4965-bf16-d4fbb076a104} - (no file)
O2 - BHO: (no name) - {C932B390-4685-49D7-8458-F8E6166DA9C1} - (no file)
O2 - BHO: (no name) - {D951DD00-0AE7-4593-AD43-D91457AD1C69} - (no file)
O2 - BHO: (no name) - {E08400A7-CF77-40C1-8246-05A721367985} - (no file)
O2 - BHO: (no name) - {e5115a54-83a6-4246-9c06-37336abb1609} - (no file)
O2 - BHO: (no name) - {F5434312-49C4-41B7-A59D-16C1B94958BA} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\cilttncb.dll",b
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O20 - Winlogon Notify: byxxx - C:\WINDOWS\system32\byxxx.dll (file missing)
O20 - Winlogon Notify: mljii - C:\WINDOWS\system32\mljii.dll (file missing)
O20 - Winlogon Notify: nnnklmk - nnnklmk.dll (file missing)
O20 - Winlogon Notify: qfchkbwy - C:\WINDOWS\
O20 - Winlogon Notify: tuvspnl - C:\WINDOWS\
O20 - Winlogon Notify: uxoncaup - C:\WINDOWS\
O20 - Winlogon Notify: winkgg32 - winkgg32.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\chkfxbli.exe (file missing)

Then close all windows except this one and press Fix checked.


Edited by IndiGenus, 21 November 2007 - 05:28 AM.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

    Advertisements

Register to Remove

#11 anton123

anton123

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 21 November 2007 - 10:11 AM

That's weird, I did fix them?

Ok did it again, here's the hijack + deckard log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:17, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Anton\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Anton\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Trend Micro\HijackThis\FindVundo.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D78A853-2EA2-45A1-B621-C98FF625398F}: NameServer = 196.207.35.29 196.207.35.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 7410 bytes




Deckard's System Scanner v20071014.68
Run by Anton on 2007-11-21 18:06:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.46 GiB (less than 15%) free.


-- HijackThis (run as Anton.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:49, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Anton\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Anton\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anton\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anton.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D78A853-2EA2-45A1-B621-C98FF625398F}: NameServer = 196.207.35.29 196.207.35.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 7490 bytes

-- Files created between 2007-10-21 and 2007-11-21 -----------------------------

2007-11-20 07:45:51 0 d-------- C:\WINDOWS\ERUNT
2007-11-20 07:27:57 0 d-------- C:\Program Files\Trend Micro
2007-11-19 16:30:06 0 d-------- C:\Program Files\JAlbumWin
2007-11-19 12:40:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 12:13:15 0 d-------- C:\Documents and Settings\Anton\Application Data\uTorrent
2007-11-19 12:13:13 0 d-------- C:\Program Files\uTorrent
2007-11-19 12:12:07 0 d-------- C:\Anton
2007-11-19 11:49:55 0 d--hs---- C:\Documents and Settings\Anton\UserData
2007-11-19 03:12:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-19 03:09:59 0 d-------- C:\Documents and Settings\Anton\Application Data\Macromedia
2007-11-19 03:09:53 0 d-------- C:\Program Files\Yahoo!
2007-11-19 02:52:57 0 d-------- C:\Documents and Settings\Anton\Application Data\Vodafone Mobile Connect
2007-11-19 02:51:20 237568 --a----c- C:\WINDOWS\VMC9SavedNwtGatewayDLL.dll <Not Verified; ; NwtGatewayDLL Dynamic Link Library>
2007-11-19 02:51:20 196608 --a----c- C:\WINDOWS\VMC9Savedloader.dll <Not Verified; Novatel Wireless Inc.; Novatel Wireless Inc. Loader>
2007-11-19 02:51:18 4480 --a------ C:\WINDOWS\system32\drivers\g3grpm.sys <Not Verified; Option N.V.; >
2007-11-19 02:51:15 0 d-------- C:\Documents and Settings\Anton\Application Data\ICS
2007-11-19 02:49:47 0 d-------- C:\Program Files\Vodafone
2007-11-19 02:49:05 8464 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-11-19 02:45:23 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-19 02:44:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-19 02:44:38 0 d-------- C:\Program Files\Intel
2007-11-19 02:43:36 0 d-------- C:\Program Files\ATI Technologies
2007-11-19 02:42:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-19 02:42:33 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-19 02:42:30 0 d-------- C:\dell
2007-11-19 02:38:11 0 d--hs---- C:\WINDOWS\Installer
2007-11-19 02:38:07 0 d-------- C:\Documents and Settings\Anton\Application Data\Identities
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\Templates
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\Start Menu
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\SendTo
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\Recent
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\PrintHood
2007-11-19 02:37:57 8388608 --ah----- C:\Documents and Settings\Anton\NTUSER.DAT
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\NetHood
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\My Documents
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\Local Settings
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\Favorites
2007-11-19 02:37:57 0 d-------- C:\Documents and Settings\Anton\Desktop
2007-11-19 02:37:57 0 d--hs---- C:\Documents and Settings\Anton\Cookies
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\Application Data
2007-11-19 02:37:14 0 d--hs---- C:\System Volume Information
2007-11-19 02:37:13 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-19 02:37:13 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-11-19 02:37:13 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-11-19 02:37:13 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-19 02:37:13 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-19 02:37:12 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-19 02:37:12 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-11-19 02:37:12 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-11-19 02:37:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-19 02:37:12 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-19 02:34:01 0 d-------- C:\WINDOWS\system32\xircom
2007-11-19 02:34:00 0 d-------- C:\Program Files\microsoft frontpage
2007-11-19 02:33:57 229376 ---h---c- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-19 02:33:02 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-19 02:32:55 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-19 02:32:55 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-19 02:32:28 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-19 02:31:51 0 d---s---- C:\WINDOWS\Tasks
2007-11-19 02:31:49 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-19 02:31:45 0 d-------- C:\WINDOWS\srchasst
2007-11-19 02:31:44 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-19 02:31:43 0 d-------- C:\Program Files\Movie Maker
2007-11-19 02:31:39 0 d-------- C:\WINDOWS\system32\Restore
2007-11-19 02:31:39 0 d-------- C:\WINDOWS\PCHealth
2007-11-19 02:31:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-19 02:31:06 0 d-------- C:\WINDOWS\Registration
2007-11-19 02:30:40 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-19 02:30:39 0 d-------- C:\Program Files\Online Services
2007-11-19 02:30:34 0 d-------- C:\Program Files\Messenger
2007-11-19 02:30:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-19 02:29:58 0 d-------- C:\Program Files\Windows NT
2007-11-19 02:29:55 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-19 02:29:55 0 d-------- C:\WINDOWS\system32\Com
2007-11-18 18:15:47 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-18 18:15:44 0 dr------- C:\Program Files
2007-11-18 18:15:44 0 d-------- C:\Program Files\Common Files
2007-11-18 18:15:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-11-18 18:15:21 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-11-18 18:15:21 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-11-18 18:15:21 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\All Users\Documents
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-11-18 18:15:09 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-18 18:15:09 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-18 18:15:03 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-18 18:15:03 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-18 18:15:03 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-18 18:15:03 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-18 18:14:44 0 d-------- C:\Documents and Settings
2007-11-18 18:10:47 0 d-------- C:\WINDOWS
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\WinSxS
2007-11-18 18:10:47 0 dr------- C:\WINDOWS\Web
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\twain_32
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\wins
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\wbem
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\usmt
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\spool
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\Setup
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ras
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\oobe
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\npp
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\mui
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\IME
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ias
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\export
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-18 18:10:47 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\config
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\3076
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\2052
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1054
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1042
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1041
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1037
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1033
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1031
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1028
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1025
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\security
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Resources
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\repair
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\mui
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\msapps
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\msagent
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Media
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\java
2007-11-18 18:10:47 0 d--h----- C:\WINDOWS\inf
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\ime
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Help
2007-11-18 18:10:47 0 dr--s---- C:\WINDOWS\Fonts
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Driver Cache
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Debug
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Cursors
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Config
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\AppPatch
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\addins
2007-11-17 15:16:50 0 d-------- C:\Documents and Settings\Anton\Application Data\Mask Pro 4.0
2007-11-17 13:44:58 0 d-------- C:\Program Files\PSD2FLA
2007-11-17 13:41:30 0 d-------- C:\Documents and Settings\Anton\SiteGrinderData
2007-11-17 11:51:35 24047608 --a------ C:\Program Files\Install SiteGrinder 2 and PSD2FLA.exe <INSTAL~1.EXE>
2007-11-14 22:12:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 16:57:59 0 d-------- C:\Documents and Settings\Anton\Application Data\Prevx
2007-11-14 16:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-14 15:20:54 0 d-------- C:\VundoFix Backups
2007-11-14 07:38:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 07:37:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-14 07:37:01 0 d-------- C:\Documents and Settings\Anton\Application Data\SUPERAntiSpyware.com
2007-11-13 21:54:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 21:46:19 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-13 14:17:03 88128 --a------ C:\WINDOWS\system32\ulmsevee.dll
2007-11-08 18:58:07 0 d-------- C:\Documents and Settings\Anton\Application Data\Grisoft
2007-11-08 18:56:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 18:05:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vodafone
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-08 18:03:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-08 18:03:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-08 18:03:00 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-08 18:03:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-08 18:03:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-08 18:02:59 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-08 17:08:50 2078 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-08 10:24:36 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-08 10:24:36 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-08 10:16:24 0 d-------- C:\Program Files\Kaspersky Lab
2007-11-08 10:14:46 92704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-08 10:14:46 10766368 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-08 09:59:54 0 d-------- C:\kav
2007-11-07 15:13:47 0 d-------- C:\WINDOWS\system32\Mz02r
2007-11-07 15:13:45 0 d-------- C:\Temp
2007-11-07 15:07:35 0 d-------- C:\Documents and Settings\Anton\Application Data\Thinstall
2007-11-05 17:54:02 923136 --a------ C:\WINDOWS\Gear32sd.dll <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-11-04 12:24:39 0 d-------- C:\Program Files\Cartoon Maker
2007-11-02 13:30:14 0 d-------- C:\Program Files\TwistingPixels
2007-11-02 12:20:12 0 d-------- C:\Program Files\Microsoft Silverlight
2007-11-01 14:16:00 0 d-------- C:\Documents and Settings\Anton\Application Data\GibbHill Properties Ltd
2007-11-01 12:33:39 0 d-------- C:\Program Files\RapidFinder 2.0
2007-10-30 22:51:57 0 d-------- C:\Documents and Settings\Anton\Application Data\Filter Forge
2007-10-30 22:50:57 11 --a------ C:\WINDOWS\system32\tscrip22.dll
2007-10-30 22:40:41 39 --a------ C:\WINDOWS\buZZP3lic.dll
2007-10-30 22:25:11 0 d-------- C:\New Folder
2007-10-30 18:30:47 0 d-------- C:\WINDOWS\ulead.dat
2007-10-30 18:09:38 0 d-------- C:\Documents and Settings\Anton\Application Data\PictoColor
2007-10-30 17:58:02 0 d-------- C:\Documents and Settings\Anton\Application Data\Tiffen
2007-10-30 17:55:52 286720 --a------ C:\WINDOWS\iun502.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2007-10-30 17:40:16 1030144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows®>
2007-10-30 17:40:06 0 d-------- C:\Program Files\Filter Forge
2007-10-30 17:38:00 0 d-------- C:\Documents and Settings\Anton\Application Data\Extensis
2007-10-30 17:21:56 0 d-------- C:\Program Files\Extensis
2007-10-30 16:49:17 0 d-------- C:\WINDOWS\system32\embedded
2007-10-30 16:49:17 0 d-------- C:\Program Files\Quasar
2007-10-30 16:46:45 0 d-------- C:\Program Files\Anti Red Eye
2007-10-30 16:42:34 0 d-------- C:\Program Files\Vertus Fluid Mask 3
2007-10-30 16:33:02 0 d-------- C:\Program Files\Ulead FantasyWarp.Plugin
2007-10-30 16:32:19 0 d-------- C:\Program Files\Ulead ArtTexture.Plugin
2007-10-30 16:31:33 4528 -----n--- C:\WINDOWS\SETBROWS.EXE
2007-10-30 16:31:33 35328 -----n--- C:\WINDOWS\INETWH32.DLL
2007-10-30 16:31:33 9136 -----n--- C:\WINDOWS\INETWH16.DLL
2007-10-30 16:31:33 26832 -----n--- C:\WINDOWS\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-10-30 16:31:32 0 d-------- C:\WINDOWS\Noslip
2007-10-30 16:31:32 0 d-------- C:\Program Files\Ulead Particle.Plugin
2007-10-30 16:06:38 0 d-------- C:\Program Files\LightMachine
2007-10-30 15:56:54 847872 --a------ C:\WINDOWS\system32\_ISource22.dll <Not Verified; Smaller Animals Software, Inc.; _ISource22.DLL>
2007-10-30 15:56:48 0 d-------- C:\Program Files\HyperTyle
2007-10-30 15:53:12 0 d-------- C:\Program Files\ColorWasher2
2007-10-30 15:51:19 0 d-------- C:\Program Files\Shortcut
2007-10-30 15:38:36 0 d-------- C:\Documents and Settings\Anton\Application Data\Digital Film Tools
2007-10-30 15:37:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2007-10-30 15:35:29 0 d-------- C:\Program Files\Satori FilmFX v3.20
2007-10-30 15:34:42 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-10-30 14:52:25 0 d-------- C:\Program Files\RAYflect
2007-10-30 14:52:25 0 d-------- C:\PhotoTracer
2007-10-30 14:50:17 0 d-------- C:\Program Files\ParallelGraphics
2007-10-30 14:50:13 0 d-------- C:\Program Files\Common Files\ParallelGraphics
2007-10-30 14:49:35 0 d-------- C:\Program Files\Room Arranger
2007-10-30 14:46:11 0 d-------- C:\Program Files\Imagenomic
2007-10-30 12:22:18 0 d-------- C:\Program Files\HumanSoftware
2007-10-30 11:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
2007-10-30 11:23:57 143500 --a------ C:\WINDOWS\Curves 2 Uninstaller.exe
2007-10-30 11:23:56 0 d-------- C:\Program Files\Curvemeister.com
2007-10-30 11:15:16 0 d-------- C:\WINDOWS\Corel
2007-10-29 10:10:01 326656 --a------ C:\WINDOWS\system\MSVCRT40.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2007-10-29 10:10:01 900608 --a------ C:\WINDOWS\system\GEAR32PD.DLL <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-10-29 10:09:16 20976 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2007-10-29 10:09:13 246784 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2007-10-29 10:07:36 0 d-------- C:\Program Files\Aurelon PhotoPro
2007-10-29 09:00:35 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2007-10-28 22:26:03 0 d-------- C:\Splat
2007-10-28 17:16:40 0 d-------- C:\Program Files\AKVIS
2007-10-28 17:06:35 0 d-------- C:\WINDOWS\Xaos Folder
2007-10-28 17:06:35 0 d-------- C:\Segmation
2007-10-28 17:04:28 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-10-28 17:04:27 0 d-------- C:\Documents and Settings\Anton\WINDOWS
2007-10-28 16:27:11 0 d-------- C:\Documents and Settings\Anton\Application Data\Mr Retro
2007-10-26 10:53:58 0 d-------- C:\Program Files\Kodak
2007-10-26 08:15:17 0 d-------- C:\Documents and Settings\Anton\Application Data\Corel
2007-10-26 08:13:21 0 d-------- C:\Program Files\Corel
2007-10-25 22:11:31 0 d-------- C:\Program Files\PowerISO
2007-10-25 18:12:21 0 d-------- C:\Documents and Settings\Anton\Application Data\onOne Software
2007-10-25 18:07:31 0 d-------- C:\Program Files\Common Files\onOne Software Shared
2007-10-25 18:07:29 0 d-------- C:\Program Files\onOne Software
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-24 20:06:37 0 d-------- C:\Program Files\Magic Gallery 5
2007-10-24 20:02:39 0 d-------- C:\Documents and Settings\Anton\Application Data\Web Gallery Builder
2007-10-24 20:02:27 0 d-------- C:\Program Files\Web Gallery Builder
2007-10-23 13:25:58 0 d-------- C:\Program Files\Common Files\LizardTech Shared
2007-10-23 13:25:54 227840 --a------ C:\WINDOWS\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2007-10-23 12:19:29 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-21 14:45:05 0 d-------- C:\Program Files\SigmaTel


-- Find3M Report ---------------------------------------------------------------

2007-11-20 16:39:40 0 d-------- C:\Documents and Settings\Anton\Application Data\CoreFTP
2007-11-19 12:33:25 0 d-------- C:\Program Files\eMule
2007-11-18 18:15:21 62 --ahs---- C:\Documents and Settings\Anton\Application Data\desktop.ini
2007-11-07 09:47:25 0 d-------- C:\Documents and Settings\Anton\Application Data\Skype
2007-11-05 17:54:06 40172 --a------ C:\Program Files\INSTALL.LOG
2007-10-30 16:43:01 1024 --a------ C:\WINDOWS\system32\t7vjvc6.dll
2007-10-30 16:43:01 204 --a------ C:\WINDOWS\system32\edmuvtf.dll
2007-10-30 16:43:00 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2007-10-30 16:43:00 1024 --a------ C:\WINDOWS\system32\grcauth2.dll
2007-10-30 16:43:00 1024 --a------ C:\WINDOWS\system32\grcauth1.dll
2007-10-30 15:55:18 0 d-------- C:\Program Files\FocalBlade
2007-10-29 08:52:17 0 d-------- C:\Documents and Settings\Anton\Application Data\Alien Skin
2007-10-29 08:35:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-21 14:39:13 0 d-------- C:\Program Files\NCH Swift Sound
2007-10-21 14:38:35 0 d-------- C:\Program Files\True Audio
2007-10-21 14:38:10 0 d-------- C:\Program Files\Monkey's Audio
2007-10-21 14:37:28 0 d-------- C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo
2007-10-21 14:37:06 0 d-------- C:\Program Files\MagicISO
2007-10-11 16:52:36 0 d-------- C:\Documents and Settings\Anton\Application Data\Adobe
2007-10-10 21:43:53 0 d-------- C:\Documents and Settings\Anton\Application Data\Eltima Software
2007-10-10 21:33:11 0 d-------- C:\Program Files\Save Flash
2007-10-09 21:17:48 0 d-------- C:\Program Files\Pop Art Studio 2.1
2007-10-07 01:56:05 0 d-------- C:\Program Files\Alien Skin
2007-10-02 09:25:05 0 d-------- C:\Documents and Settings\Anton\Application Data\Temporary
2007-09-25 16:49:33 0 d-------- C:\Program Files\emagic


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [12/05/2006 01:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 00:56 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 01:25]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [28/06/2007 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"MobileConnect.EXE"="C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [13/07/2007 15:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqno.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk
backup=C:\WINDOWS\pss\Register Mask Pro 3.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Anton^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Anton\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f658685-968b-11dc-bc74-9b6686c28826}]
Auto\command- RavMon.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e




-- End of Deckard's System Scanner: finished at 2007-11-21 18:09:05 ------------

#12 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 21 November 2007 - 11:11 AM

That's better, just noticed you have Spybot's TeaTimer running. That may have blocked the last time you did it. I should have notified you on that.

We need to fix your registry.

Backup Your Registry with ERUNT

* Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
* For version with the Installer:
Use the setup program to install ERUNT on your computer
* For the zipped version:
Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Open Notepad (press Start->Run, enter notepad and press OK)
Copy everything inside the code box below (Starting with REGEDIT4) and paste it into a new notepad file.
Change the Save As Type to All Files and save it as fix.reg to your Desktop.

Note: Please copy and paste all the text at once, and check that there is NO blank line above REGEDIT4 and one blank line at the bottom.
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


----------------------------------------------

I would also like to see you run an online virus scan.

Using Internet Explorer, click on Kaspersky Online Scanner * Click 'Accept' in the window that pops up.
* You will be prompted to install an ActiveX component from Kaspersky, Click on the information bar and select Install ActiveX Control if so. This may happen more than once. That is OK. You also may get a warning from your Windows Firewall. You can tell it to unblock.
* The program will launch and then start to download the latest definition files.
* Once the scanner is installed and the definitions downloaded, click 'Next'.
* Now click on 'Scan Settings'
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
* Click 'OK'
* Now under 'Select a target to scan' select 'My Computer'
* The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
* Now click on the 'Save Report As...' button:
* Make sure it says Save as a text file - change it if not
* Save the file to your desktop.
Please post the Kaspersky report and a new HijackThis log.

Then double-click on the fix.reg file, and when it prompts to merge say yes.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#13 anton123

anton123

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 22 November 2007 - 09:38 AM

Indi, thanks

See attached the Kaspersky Log and below the HJT:

Well hopefully we're almost there - I'd like to get some advice from you on how to avoid this in future - also I have about a hundred anti spyware / virus tools running which is slowing my laptop to a grind: What tools would you recommend I keep / use in future?

Thanks again for your time!

A


Deckard's System Scanner v20071014.68
Run by Anton on 2007-11-22 17:20:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.36 GiB (less than 15%) free.


-- HijackThis (run as Anton.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:30, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Anton\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anton.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04A50AA9-E066-4168-B8F9-670D744492C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0f68a09b-ce1a-4581-939c-69384dd8e0fb} - (no file)
O2 - BHO: (no name) - {20c39dc0-cfe4-4e48-b3f6-6dae93b09383} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {25A12E63-12C4-4526-8BB5-D9E72167CF92} - (no file)
O2 - BHO: (no name) - {4a7f4d29-bacb-4668-a610-46c5d87f1e94} - (no file)
O2 - BHO: (no name) - {5027D158-47A4-46B3-A07C-A9FB0D7D0799} - (no file)
O2 - BHO: (no name) - {51deea14-4a45-4ab8-bc22-de0889aeecfd} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {599cb252-b932-491c-b1be-207786fb76a4} - (no file)
O2 - BHO: (no name) - {6020c6ca-08d1-4876-9cf3-a0aa8e916910} - (no file)
O2 - BHO: (no name) - {624694C5-D9E3-4534-AA84-E80368A9A308} - (no file)
O2 - BHO: (no name) - {6B53F42F-BA41-419E-A427-B567DC09C967} - (no file)
O2 - BHO: (no name) - {6E0F8E72-16A9-4430-BA7B-B028570D516F} - (no file)
O2 - BHO: (no name) - {8D911365-4A3C-452E-B3F0-CC2D750FDFC7} - (no file)
O2 - BHO: (no name) - {9B22B9D1-7F1F-42F9-81E5-1606DE23708D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b47dbfba-e866-4b1e-a167-af88b635a5b3} - (no file)
O2 - BHO: (no name) - {c5834da1-2720-4ccc-93a7-5c30d25ceb29} - (no file)
O2 - BHO: (no name) - {c58a6214-9035-4965-bf16-d4fbb076a104} - (no file)
O2 - BHO: (no name) - {C932B390-4685-49D7-8458-F8E6166DA9C1} - (no file)
O2 - BHO: (no name) - {D951DD00-0AE7-4593-AD43-D91457AD1C69} - (no file)
O2 - BHO: (no name) - {E08400A7-CF77-40C1-8246-05A721367985} - (no file)
O2 - BHO: (no name) - {e5115a54-83a6-4246-9c06-37336abb1609} - (no file)
O2 - BHO: (no name) - {F5434312-49C4-41B7-A59D-16C1B94958BA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\cilttncb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D78A853-2EA2-45A1-B621-C98FF625398F}: NameServer = 196.207.35.29 196.207.35.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxxx - C:\WINDOWS\
O20 - Winlogon Notify: mljii - C:\WINDOWS\
O20 - Winlogon Notify: nnnklmk - C:\WINDOWS\
O20 - Winlogon Notify: qfchkbwy - C:\WINDOWS\
O20 - Winlogon Notify: tuvspnl - C:\WINDOWS\
O20 - Winlogon Notify: uxoncaup - C:\WINDOWS\
O20 - Winlogon Notify: winkgg32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 9714 bytes

-- Files created between 2007-10-22 and 2007-11-22 -----------------------------

2007-11-22 13:49:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 13:49:38 0 d-------- C:\WINDOWS\LastGood
2007-11-21 21:51:25 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-21 21:51:16 0 d-------- C:\Documents and Settings\Anton\Application Data\Mozilla
2007-11-20 07:45:51 0 d-------- C:\WINDOWS\ERUNT
2007-11-20 07:27:57 0 d-------- C:\Program Files\Trend Micro
2007-11-19 16:30:06 0 d-------- C:\Program Files\JAlbumWin
2007-11-19 12:40:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-19 12:13:15 0 d-------- C:\Documents and Settings\Anton\Application Data\uTorrent
2007-11-19 12:13:13 0 d-------- C:\Program Files\uTorrent
2007-11-19 12:12:07 0 d-------- C:\Anton
2007-11-19 11:49:55 0 d--hs---- C:\Documents and Settings\Anton\UserData
2007-11-19 03:12:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-19 03:09:59 0 d-------- C:\Documents and Settings\Anton\Application Data\Macromedia
2007-11-19 03:09:53 0 d-------- C:\Program Files\Yahoo!
2007-11-19 02:52:57 0 d-------- C:\Documents and Settings\Anton\Application Data\Vodafone Mobile Connect
2007-11-19 02:51:20 237568 --a----c- C:\WINDOWS\VMC9SavedNwtGatewayDLL.dll <Not Verified; ; NwtGatewayDLL Dynamic Link Library>
2007-11-19 02:51:20 196608 --a----c- C:\WINDOWS\VMC9Savedloader.dll <Not Verified; Novatel Wireless Inc.; Novatel Wireless Inc. Loader>
2007-11-19 02:51:18 4480 --a------ C:\WINDOWS\system32\drivers\g3grpm.sys <Not Verified; Option N.V.; >
2007-11-19 02:51:15 0 d-------- C:\Documents and Settings\Anton\Application Data\ICS
2007-11-19 02:49:47 0 d-------- C:\Program Files\Vodafone
2007-11-19 02:49:05 8464 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-11-19 02:45:23 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-19 02:44:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-19 02:44:38 0 d-------- C:\Program Files\Intel
2007-11-19 02:43:36 0 d-------- C:\Program Files\ATI Technologies
2007-11-19 02:42:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-19 02:42:33 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-19 02:42:30 0 d-------- C:\dell
2007-11-19 02:38:11 0 d--hs---- C:\WINDOWS\Installer
2007-11-19 02:38:07 0 d-------- C:\Documents and Settings\Anton\Application Data\Identities
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\Templates
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\Start Menu
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\SendTo
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\Recent
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\PrintHood
2007-11-19 02:37:57 8388608 --ah----- C:\Documents and Settings\Anton\NTUSER.DAT
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\NetHood
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\My Documents
2007-11-19 02:37:57 0 d--h----- C:\Documents and Settings\Anton\Local Settings
2007-11-19 02:37:57 0 dr------- C:\Documents and Settings\Anton\Favorites
2007-11-19 02:37:57 0 d-------- C:\Documents and Settings\Anton\Desktop
2007-11-19 02:37:57 0 d--hs---- C:\Documents and Settings\Anton\Cookies
2007-11-19 02:37:57 0 dr-h----- C:\Documents and Settings\Anton\Application Data
2007-11-19 02:37:14 0 d--hs---- C:\System Volume Information
2007-11-19 02:37:13 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-19 02:37:13 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-11-19 02:37:13 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-11-19 02:37:13 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-19 02:37:13 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-19 02:37:12 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-19 02:37:12 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-11-19 02:37:12 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-11-19 02:37:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-19 02:37:12 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-19 02:34:01 0 d-------- C:\WINDOWS\system32\xircom
2007-11-19 02:34:00 0 d-------- C:\Program Files\microsoft frontpage
2007-11-19 02:33:57 229376 ---h---c- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-19 02:33:02 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-19 02:32:55 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-19 02:32:55 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-19 02:32:28 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-19 02:31:51 0 d---s---- C:\WINDOWS\Tasks
2007-11-19 02:31:49 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-19 02:31:45 0 d-------- C:\WINDOWS\srchasst
2007-11-19 02:31:44 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-19 02:31:43 0 d-------- C:\Program Files\Movie Maker
2007-11-19 02:31:39 0 d-------- C:\WINDOWS\system32\Restore
2007-11-19 02:31:39 0 d-------- C:\WINDOWS\PCHealth
2007-11-19 02:31:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-19 02:31:06 0 d-------- C:\WINDOWS\Registration
2007-11-19 02:30:40 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-19 02:30:39 0 d-------- C:\Program Files\Online Services
2007-11-19 02:30:34 0 d-------- C:\Program Files\Messenger
2007-11-19 02:30:30 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-19 02:29:58 0 d-------- C:\Program Files\Windows NT
2007-11-19 02:29:55 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-19 02:29:55 0 d-------- C:\WINDOWS\system32\Com
2007-11-18 18:15:47 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-18 18:15:44 0 dr------- C:\Program Files
2007-11-18 18:15:44 0 d-------- C:\Program Files\Common Files
2007-11-18 18:15:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-11-18 18:15:21 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-11-18 18:15:21 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-11-18 18:15:21 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-11-18 18:15:21 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-11-18 18:15:21 0 dr------- C:\Documents and Settings\All Users\Documents
2007-11-18 18:15:21 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-11-18 18:15:09 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-18 18:15:09 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-18 18:15:03 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-18 18:15:03 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-18 18:15:03 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-18 18:15:03 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-18 18:14:44 0 d-------- C:\Documents and Settings
2007-11-18 18:10:47 0 d-------- C:\WINDOWS
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\WinSxS
2007-11-18 18:10:47 0 dr------- C:\WINDOWS\Web
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\twain_32
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\wins
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\wbem
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\usmt
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\spool
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\Setup
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ras
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\oobe
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\npp
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\mui
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\IME
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\ias
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\export
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-18 18:10:47 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\config
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\3076
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\2052
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1054
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1042
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1041
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1037
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1033
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1031
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1028
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system32\1025
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\system
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\security
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Resources
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\repair
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\mui
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\msapps
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\msagent
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Media
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\java
2007-11-18 18:10:47 0 d--h----- C:\WINDOWS\inf
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\ime
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Help
2007-11-18 18:10:47 0 dr--s---- C:\WINDOWS\Fonts
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Driver Cache
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Debug
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Cursors
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\Config
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\AppPatch
2007-11-18 18:10:47 0 d-------- C:\WINDOWS\addins
2007-11-17 15:16:50 0 d-------- C:\Documents and Settings\Anton\Application Data\Mask Pro 4.0
2007-11-17 13:44:58 0 d-------- C:\Program Files\PSD2FLA
2007-11-17 13:41:30 0 d-------- C:\Documents and Settings\Anton\SiteGrinderData
2007-11-17 11:51:35 24047608 --a------ C:\Program Files\Install SiteGrinder 2 and PSD2FLA.exe <INSTAL~1.EXE>
2007-11-14 22:12:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 16:57:59 0 d-------- C:\Documents and Settings\Anton\Application Data\Prevx
2007-11-14 16:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-14 15:20:54 0 d-------- C:\VundoFix Backups
2007-11-14 07:38:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 07:37:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-14 07:37:01 0 d-------- C:\Documents and Settings\Anton\Application Data\SUPERAntiSpyware.com
2007-11-13 21:54:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 21:46:19 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-13 14:17:03 88128 --a------ C:\WINDOWS\system32\ulmsevee.dll
2007-11-08 18:58:07 0 d-------- C:\Documents and Settings\Anton\Application Data\Grisoft
2007-11-08 18:56:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 18:05:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vodafone
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-08 18:03:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-08 18:03:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-11-08 18:03:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-11-08 18:03:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-08 18:03:00 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-08 18:03:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-08 18:03:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-08 18:02:59 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-08 17:08:50 2078 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-08 10:24:36 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-08 10:24:36 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-08 10:16:24 0 d-------- C:\Program Files\Kaspersky Lab
2007-11-08 10:14:46 98848 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-08 10:14:46 10864928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-08 09:59:54 0 d-------- C:\kav
2007-11-07 15:13:47 0 d-------- C:\WINDOWS\system32\Mz02r
2007-11-07 15:13:45 0 d-------- C:\Temp
2007-11-07 15:07:35 0 d-------- C:\Documents and Settings\Anton\Application Data\Thinstall
2007-11-05 17:54:02 923136 --a------ C:\WINDOWS\Gear32sd.dll <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-11-04 12:24:39 0 d-------- C:\Program Files\Cartoon Maker
2007-11-02 13:30:14 0 d-------- C:\Program Files\TwistingPixels
2007-11-02 12:20:12 0 d-------- C:\Program Files\Microsoft Silverlight
2007-11-01 14:16:00 0 d-------- C:\Documents and Settings\Anton\Application Data\GibbHill Properties Ltd
2007-11-01 12:33:39 0 d-------- C:\Program Files\RapidFinder 2.0
2007-10-30 22:51:57 0 d-------- C:\Documents and Settings\Anton\Application Data\Filter Forge
2007-10-30 22:50:57 11 --a------ C:\WINDOWS\system32\tscrip22.dll
2007-10-30 22:40:41 39 --a------ C:\WINDOWS\buZZP3lic.dll
2007-10-30 22:25:11 0 d-------- C:\New Folder
2007-10-30 18:30:47 0 d-------- C:\WINDOWS\ulead.dat
2007-10-30 18:09:38 0 d-------- C:\Documents and Settings\Anton\Application Data\PictoColor
2007-10-30 17:58:02 0 d-------- C:\Documents and Settings\Anton\Application Data\Tiffen
2007-10-30 17:55:52 286720 --a------ C:\WINDOWS\iun502.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2007-10-30 17:40:16 1030144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows®>
2007-10-30 17:40:06 0 d-------- C:\Program Files\Filter Forge
2007-10-30 17:38:00 0 d-------- C:\Documents and Settings\Anton\Application Data\Extensis
2007-10-30 17:21:56 0 d-------- C:\Program Files\Extensis
2007-10-30 16:49:17 0 d-------- C:\WINDOWS\system32\embedded
2007-10-30 16:49:17 0 d-------- C:\Program Files\Quasar
2007-10-30 16:46:45 0 d-------- C:\Program Files\Anti Red Eye
2007-10-30 16:42:34 0 d-------- C:\Program Files\Vertus Fluid Mask 3
2007-10-30 16:33:02 0 d-------- C:\Program Files\Ulead FantasyWarp.Plugin
2007-10-30 16:32:19 0 d-------- C:\Program Files\Ulead ArtTexture.Plugin
2007-10-30 16:31:33 4528 -----n--- C:\WINDOWS\SETBROWS.EXE
2007-10-30 16:31:33 35328 -----n--- C:\WINDOWS\INETWH32.DLL
2007-10-30 16:31:33 9136 -----n--- C:\WINDOWS\INETWH16.DLL
2007-10-30 16:31:33 26832 -----n--- C:\WINDOWS\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-10-30 16:31:32 0 d-------- C:\WINDOWS\Noslip
2007-10-30 16:31:32 0 d-------- C:\Program Files\Ulead Particle.Plugin
2007-10-30 16:06:38 0 d-------- C:\Program Files\LightMachine
2007-10-30 15:56:54 847872 --a------ C:\WINDOWS\system32\_ISource22.dll <Not Verified; Smaller Animals Software, Inc.; _ISource22.DLL>
2007-10-30 15:56:48 0 d-------- C:\Program Files\HyperTyle
2007-10-30 15:53:12 0 d-------- C:\Program Files\ColorWasher2
2007-10-30 15:51:19 0 d-------- C:\Program Files\Shortcut
2007-10-30 15:38:36 0 d-------- C:\Documents and Settings\Anton\Application Data\Digital Film Tools
2007-10-30 15:37:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2007-10-30 15:35:29 0 d-------- C:\Program Files\Satori FilmFX v3.20
2007-10-30 15:34:42 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-10-30 14:52:25 0 d-------- C:\Program Files\RAYflect
2007-10-30 14:52:25 0 d-------- C:\PhotoTracer
2007-10-30 14:50:17 0 d-------- C:\Program Files\ParallelGraphics
2007-10-30 14:50:13 0 d-------- C:\Program Files\Common Files\ParallelGraphics
2007-10-30 14:49:35 0 d-------- C:\Program Files\Room Arranger
2007-10-30 14:46:11 0 d-------- C:\Program Files\Imagenomic
2007-10-30 12:22:18 0 d-------- C:\Program Files\HumanSoftware
2007-10-30 11:29:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
2007-10-30 11:23:57 143500 --a------ C:\WINDOWS\Curves 2 Uninstaller.exe
2007-10-30 11:23:56 0 d-------- C:\Program Files\Curvemeister.com
2007-10-30 11:15:16 0 d-------- C:\WINDOWS\Corel
2007-10-29 10:10:01 326656 --a------ C:\WINDOWS\system\MSVCRT40.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2007-10-29 10:10:01 900608 --a------ C:\WINDOWS\system\GEAR32PD.DLL <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-10-29 10:09:16 20976 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2007-10-29 10:09:13 246784 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2007-10-29 10:07:36 0 d-------- C:\Program Files\Aurelon PhotoPro
2007-10-29 09:00:35 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2007-10-28 22:26:03 0 d-------- C:\Splat
2007-10-28 17:16:40 0 d-------- C:\Program Files\AKVIS
2007-10-28 17:06:35 0 d-------- C:\WINDOWS\Xaos Folder
2007-10-28 17:06:35 0 d-------- C:\Segmation
2007-10-28 17:04:28 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-10-28 17:04:27 0 d-------- C:\Documents and Settings\Anton\WINDOWS
2007-10-28 16:27:11 0 d-------- C:\Documents and Settings\Anton\Application Data\Mr Retro
2007-10-26 10:53:58 0 d-------- C:\Program Files\Kodak
2007-10-26 08:15:17 0 d-------- C:\Documents and Settings\Anton\Application Data\Corel
2007-10-26 08:13:21 0 d-------- C:\Program Files\Corel
2007-10-25 22:11:31 0 d-------- C:\Program Files\PowerISO
2007-10-25 18:12:21 0 d-------- C:\Documents and Settings\Anton\Application Data\onOne Software
2007-10-25 18:07:31 0 d-------- C:\Program Files\Common Files\onOne Software Shared
2007-10-25 18:07:29 0 d-------- C:\Program Files\onOne Software
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-24 20:06:37 0 d-------- C:\Program Files\Magic Gallery 5
2007-10-24 20:02:39 0 d-------- C:\Documents and Settings\Anton\Application Data\Web Gallery Builder
2007-10-24 20:02:27 0 d-------- C:\Program Files\Web Gallery Builder
2007-10-23 13:25:58 0 d-------- C:\Program Files\Common Files\LizardTech Shared
2007-10-23 13:25:54 227840 --a------ C:\WINDOWS\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2007-10-23 12:19:29 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Find3M Report ---------------------------------------------------------------

2007-11-22 10:33:41 0 d-------- C:\Documents and Settings\Anton\Application Data\TransRender
2007-11-20 16:39:40 0 d-------- C:\Documents and Settings\Anton\Application Data\CoreFTP
2007-11-19 12:33:25 0 d-------- C:\Program Files\eMule
2007-11-18 18:15:21 62 --ahs---- C:\Documents and Settings\Anton\Application Data\desktop.ini
2007-11-07 09:47:25 0 d-------- C:\Documents and Settings\Anton\Application Data\Skype
2007-11-05 17:54:06 40172 --a------ C:\Program Files\INSTALL.LOG
2007-10-30 16:43:01 1024 --a------ C:\WINDOWS\system32\t7vjvc6.dll
2007-10-30 16:43:01 204 --a------ C:\WINDOWS\system32\edmuvtf.dll
2007-10-30 16:43:00 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2007-10-30 16:43:00 1024 --a------ C:\WINDOWS\system32\grcauth2.dll
2007-10-30 16:43:00 1024 --a------ C:\WINDOWS\system32\grcauth1.dll
2007-10-30 15:55:18 0 d-------- C:\Program Files\FocalBlade
2007-10-29 08:52:17 0 d-------- C:\Documents and Settings\Anton\Application Data\Alien Skin
2007-10-29 08:35:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-21 14:45:05 0 d-------- C:\Program Files\SigmaTel
2007-10-21 14:39:13 0 d-------- C:\Program Files\NCH Swift Sound
2007-10-21 14:38:35 0 d-------- C:\Program Files\True Audio
2007-10-21 14:38:10 0 d-------- C:\Program Files\Monkey's Audio
2007-10-21 14:37:28 0 d-------- C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo
2007-10-21 14:37:06 0 d-------- C:\Program Files\MagicISO
2007-10-11 16:52:36 0 d-------- C:\Documents and Settings\Anton\Application Data\Adobe
2007-10-10 21:43:53 0 d-------- C:\Documents and Settings\Anton\Application Data\Eltima Software
2007-10-10 21:33:11 0 d-------- C:\Program Files\Save Flash
2007-10-09 21:17:48 0 d-------- C:\Program Files\Pop Art Studio 2.1
2007-10-07 01:56:05 0 d-------- C:\Program Files\Alien Skin
2007-10-02 09:25:05 0 d-------- C:\Documents and Settings\Anton\Application Data\Temporary
2007-09-25 16:49:33 0 d-------- C:\Program Files\emagic


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04A50AA9-E066-4168-B8F9-670D744492C8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f68a09b-ce1a-4581-939c-69384dd8e0fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20c39dc0-cfe4-4e48-b3f6-6dae93b09383}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25A12E63-12C4-4526-8BB5-D9E72167CF92}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a7f4d29-bacb-4668-a610-46c5d87f1e94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5027D158-47A4-46B3-A07C-A9FB0D7D0799}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51deea14-4a45-4ab8-bc22-de0889aeecfd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{599cb252-b932-491c-b1be-207786fb76a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6020c6ca-08d1-4876-9cf3-a0aa8e916910}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{624694C5-D9E3-4534-AA84-E80368A9A308}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B53F42F-BA41-419E-A427-B567DC09C967}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E0F8E72-16A9-4430-BA7B-B028570D516F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D911365-4A3C-452E-B3F0-CC2D750FDFC7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B22B9D1-7F1F-42F9-81E5-1606DE23708D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b47dbfba-e866-4b1e-a167-af88b635a5b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5834da1-2720-4ccc-93a7-5c30d25ceb29}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c58a6214-9035-4965-bf16-d4fbb076a104}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C932B390-4685-49D7-8458-F8E6166DA9C1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D951DD00-0AE7-4593-AD43-D91457AD1C69}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E08400A7-CF77-40C1-8246-05A721367985}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5115a54-83a6-4246-9c06-37336abb1609}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5434312-49C4-41B7-A59D-16C1B94958BA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [12/05/2006 01:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 00:56 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 01:25]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [28/06/2007 12:51]
"70625938"="C:\WINDOWS\system32\cilttncb.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"MobileConnect.EXE"="C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [13/07/2007 15:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]
"WinAble"="C:\Program Files\WinAble\winable.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljii]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnklmk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qfchkbwy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvspnl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uxoncaup]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkgg32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqno.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk
backup=C:\WINDOWS\pss\Register Mask Pro 3.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Anton^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Anton\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f658685-968b-11dc-bc74-9b6686c28826}]
Auto\command- RavMon.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e




-- End of Deckard's System Scanner: finished at 2007-11-22 17:23:32 ------------

Attached Files


#14 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 22 November 2007 - 10:42 AM

Ahhrrggg...all those items came back into HJT. Might be because either TeaTimer wasn't disabled or SAS was protecting them. Temporarily disable TeaTimer and any other real time protection you're running and fix those same items again. From the quotebox of my earlier post. Reboot, and just post a HijackThis log. Don't need the Deckards logs.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#15 anton123

anton123

    New Member

  • New Member
  • Pip
  • 10 posts

Posted 23 November 2007 - 12:37 PM

Indi, This is weird!

I disabled Teatimer, rebooted - checked and fixed the HJT files - see log below, it looks like the files are gone right?

So I enabled teatimer again and reran HJT and the files are back !!! (see log below this one): So could SSD be the culprit?

Thanks again,

A




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:42, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Trend Micro\HijackThis\FindVundo.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 7080 bytes


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:45, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\Trend Micro\HijackThis\FindVundo.exe.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04A50AA9-E066-4168-B8F9-670D744492C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0f68a09b-ce1a-4581-939c-69384dd8e0fb} - (no file)
O2 - BHO: (no name) - {20c39dc0-cfe4-4e48-b3f6-6dae93b09383} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {25A12E63-12C4-4526-8BB5-D9E72167CF92} - (no file)
O2 - BHO: (no name) - {4a7f4d29-bacb-4668-a610-46c5d87f1e94} - (no file)
O2 - BHO: (no name) - {5027D158-47A4-46B3-A07C-A9FB0D7D0799} - (no file)
O2 - BHO: (no name) - {51deea14-4a45-4ab8-bc22-de0889aeecfd} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {599cb252-b932-491c-b1be-207786fb76a4} - (no file)
O2 - BHO: (no name) - {6020c6ca-08d1-4876-9cf3-a0aa8e916910} - (no file)
O2 - BHO: (no name) - {624694C5-D9E3-4534-AA84-E80368A9A308} - (no file)
O2 - BHO: (no name) - {6B53F42F-BA41-419E-A427-B567DC09C967} - (no file)
O2 - BHO: (no name) - {6E0F8E72-16A9-4430-BA7B-B028570D516F} - (no file)
O2 - BHO: (no name) - {8D911365-4A3C-452E-B3F0-CC2D750FDFC7} - (no file)
O2 - BHO: (no name) - {9B22B9D1-7F1F-42F9-81E5-1606DE23708D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b47dbfba-e866-4b1e-a167-af88b635a5b3} - (no file)
O2 - BHO: (no name) - {c5834da1-2720-4ccc-93a7-5c30d25ceb29} - (no file)
O2 - BHO: (no name) - {c58a6214-9035-4965-bf16-d4fbb076a104} - (no file)
O2 - BHO: (no name) - {C932B390-4685-49D7-8458-F8E6166DA9C1} - (no file)
O2 - BHO: (no name) - {D951DD00-0AE7-4593-AD43-D91457AD1C69} - (no file)
O2 - BHO: (no name) - {E08400A7-CF77-40C1-8246-05A721367985} - (no file)
O2 - BHO: (no name) - {e5115a54-83a6-4246-9c06-37336abb1609} - (no file)
O2 - BHO: (no name) - {F5434312-49C4-41B7-A59D-16C1B94958BA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [70625938] rundll32.exe "C:\WINDOWS\system32\cilttncb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D78A853-2EA2-45A1-B621-C98FF625398F}: NameServer = 196.207.35.29 196.207.35.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxxx - C:\WINDOWS\
O20 - Winlogon Notify: mljii - C:\WINDOWS\
O20 - Winlogon Notify: nnnklmk - C:\WINDOWS\
O20 - Winlogon Notify: qfchkbwy - C:\WINDOWS\
O20 - Winlogon Notify: tuvspnl - C:\WINDOWS\
O20 - Winlogon Notify: uxoncaup - C:\WINDOWS\
O20 - Winlogon Notify: winkgg32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)

--
End of file - 9743 bytes

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·