[Closed] internet connectivity gone, everything's screwy

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

1 2 >

Closed Topic

Start new topic

[Closed] internet connectivity gone, everything's screwy

120500 View Member Profile	Oct 15 2009, 08:44 PM Post #1
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	Hi, Please help...I have spent 2 days trying to figure out what's wrong, because I'm too stubborn to ask for help, so my brain is fried. Please forgive me if I don't make much sense. There have been too many problems to remember, but it started out with various programs not working anymore and the computer was very slow. I would get one program fixed and immediately something else would go wrong. I had an active internet connection, but IE would say unable to connect. Wasn't able to go to any trusted websites. Finally repaired that with system restore, but still as soon as I get one thing repaired another fails. DDS (Ver_09-06-26.01) - NTFSx86 Run by SEXY SORCERESS at 15:18:36.00 on Sat 10/17/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1060 [GMT -5:00] AV: AVG Anti-Virus On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\System32\svchost.exe -k eapsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k dot3svc C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Gateway\GSM\BIN\ssm.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Gateway\GSM\BIN\modemview.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Gateway\GSM\bin\usm.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\SEXY SORCERESS\Local Settings\Temporary Internet Files\Content.IE5\FQQF1S6R\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://news.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe mRun: [GSM] c:\program files\gateway\gsm\bin\usm.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\sexyso~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\documents and settings\sexy sorceress\start menu\programs\startup\OneNote Table Of Contents.onetoc2 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: motive.com\patttbc.att DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} - hxxps://www.mytelevox.com/labcalls/cabs/TeleVoxAudioPlayer2.CAB DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} - hxxp://www.rockyou.com/RockYouImageUploader.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-14 161672] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-15 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-14 333192] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-14 28424] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-14 356616] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-14 285392] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312] R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2005-4-28 122880] R2 CISMBIOS;CiSMBios Driver;c:\windows\system32\drivers\cismbios.sys [2005-5-31 13312] R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-15 309008] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1169232] R2 LSM_SSM;LANDesk® System Manager System Space Manager;c:\program files\gateway\gsm\bin\SSM.exe [2005-6-1 28672] R2 ModemView;LANDesk Message Handler Service;c:\program files\gateway\gsm\bin\modemview.exe [2005-6-1 45056] R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-10-13 91392] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-7 24652] R3 ICFWDM;ICFWDM;c:\windows\system32\drivers\icfwdm.sys [2002-6-20 12064] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960] S2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-4-17 32768] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000] S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2002-7-1 95232] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692] S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2009-9-28 43024] S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2009-9-28 77104] S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2009-9-28 60816] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-10-13 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-10-13 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-10-13 42752] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-10-13 23936] S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2009-2-18 505984] =============== Created Last 30 ================ 2009-10-17 11:12 <DIR> --d----- C:\My Music 2009-10-15 23:51 <DIR> --d----- c:\program files\Windows Mobile Device Handbook 2009-10-15 21:31 401,720 a------- c:\program files\HijackThis.exe 2009-10-15 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit 2009-10-15 18:46 <DIR> --d----- c:\program files\IObit 2009-10-15 18:46 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\IObit 2009-10-15 18:10 64,288 a------- c:\windows\system32\drivers\Lbd.sys 2009-10-15 17:54 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-15 17:53 <DIR> --d----- c:\program files\Lavasoft 2009-10-15 15:15 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-10-15 15:14 <DIR> --d----- c:\program files\common files\xing shared 2009-10-15 15:12 <DIR> --d----- C:\ComboFix 2009-10-15 15:10 <DIR> --d----- c:\program files\Symantec Client Security 2009-10-15 03:55 <DIR> --d----- c:\program files\Symantec 2009-10-15 02:55 <DIR> --d----- C:\RECYCLER(2) 2009-10-15 01:48 73,574 a------- c:\windows\system32\nvapps.nvb 2009-10-15 01:36 4,926 a------- c:\windows\iis6.BAK 2009-10-15 01:36 1,393 a------- c:\windows\imsins.BAK 2009-10-15 01:05 <DIR> --d----- c:\temp\MotoConnectTemp 2009-10-14 21:08 <DIR> --d-h--- C:\$AVG 2009-10-14 21:08 356,616 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-14 21:08 161,672 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-10-14 21:08 12,464 a------- c:\windows\system32\avgrsstx.dll 2009-10-14 21:08 333,192 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-14 21:08 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-10-14 21:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2009-10-14 21:07 <DIR> --d----- c:\program files\AVG 2009-10-14 21:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9 2009-10-14 18:44 <DIR> --d----- c:\program files\CCleaner 2009-10-14 18:44 <DIR> --d----- c:\program files\DriverTool 2009-10-14 18:44 <DIR> --d----- c:\program files\devshowall 2009-10-14 18:43 <DIR> --d----- c:\program files\RSD_CMDA_General_5_1_6_Installation 2009-10-14 16:42 <DIR> --d----- c:\program files\PhoneModels 2009-10-14 16:42 <DIR> --d----- c:\program files\Pages 2009-10-14 16:40 <DIR> --d----- c:\program files\Motorola Phone Tools 2009-10-14 12:56 <DIR> --d----- c:\program files\newp2k 2009-10-14 12:54 166 a------- c:\program files\devshowall.zip 2009-10-14 10:10 <DIR> a-dshr-- C:\cmdcons 2009-10-14 10:08 236,544 a------- c:\windows\PEV.exe 2009-10-14 10:08 161,792 a------- c:\windows\SWREG.exe 2009-10-14 10:08 98,816 a------- c:\windows\sed.exe 2009-10-14 09:43 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Malwarebytes 2009-10-14 09:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-14 09:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-14 07:56 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\SMSServant 2009-10-14 04:48 103,437 -------- c:\windows\hpqins13.dat.temp 2009-10-14 04:30 <DIR> --d----- c:\program files\MessagingToolkit 2009-10-14 02:16 <DIR> --d----- c:\program files\LANDesk 2009-10-14 02:16 10,144 -------- c:\windows\system32\drivers\asicio.sys 2009-10-14 02:16 <DIR> --d----- c:\windows\Drivers 2009-10-14 02:07 32 a------- c:\windows\email.INI 2009-10-14 01:54 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Mobile Master 2009-10-14 01:53 <DIR> --d----- C:\PIACCESS 2009-10-14 01:50 <DIR> --d----- c:\program files\Mobile Master 2009-10-14 01:50 <DIR> --d----- c:\program files\common files\Jumping Bytes 2009-10-14 01:49 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Jumping Bytes 2009-10-14 01:45 <DIR> --d----- c:\program files\MediaInfo 2009-10-13 20:08 23,936 a------- c:\windows\system32\drivers\motport.sys 2009-10-13 20:08 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll 2009-10-13 20:08 42,752 a------- c:\windows\system32\drivers\motodrv.sys 2009-10-13 20:08 23,936 a------- c:\windows\system32\drivers\motmodem.sys 2009-10-13 20:08 19,712 a------- c:\windows\system32\drivers\motccgp.sys 2009-10-13 20:08 8,320 a------- c:\windows\system32\drivers\motccgpfl.sys 2009-10-13 20:08 6,400 a------- c:\windows\system32\drivers\motswch.sys 2009-10-13 01:57 3,250 a------- c:\windows\system32\wbem\Outlook_01ca4bd25ff05322.mof 2009-10-11 15:24 <DIR> --d----- c:\program files\iPhone Explorer 2009-10-11 03:02 <DIR> --d----- c:\windows\SQL9_KB960089_ENU 2009-10-09 22:19 <DIR> --d----- c:\program files\iPod 2009-10-09 22:19 <DIR> --d----- c:\program files\iTunes 2009-10-09 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-09 22:13 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-10-09 22:13 40,448 a------- c:\windows\system32\drivers\usbaapl.sys 2009-10-09 22:04 422 a------- c:\windows\system32\mapisvc.inf 2009-10-09 22:02 <DIR> --d----- c:\program files\Microsoft Small Business 2009-10-09 21:48 <DIR> --d----- c:\program files\Microsoft SQL Server 2009-10-09 21:03 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\GetRightToGo 2009-10-08 16:36 301,568 a------- c:\windows\system32\SET158A.tmp 2009-10-08 16:36 147,456 a------- c:\windows\system32\SET1588.tmp 2009-10-08 16:36 136,192 a------- c:\windows\system32\SET1589.tmp 2009-10-08 16:36 56,832 a------- c:\windows\system32\SET1587.tmp 2009-10-08 16:36 54,272 a------- c:\windows\system32\SET1586.tmp 2009-10-08 16:36 301,568 -c------ c:\windows\system32\dllcache\kerberos.dll 2009-10-08 16:36 136,192 -c------ c:\windows\system32\dllcache\msv1_0.dll 2009-10-08 16:36 92,928 -c------ c:\windows\system32\dllcache\ksecdd.sys 2009-10-08 16:36 54,272 -c------ c:\windows\system32\dllcache\wdigest.dll 2009-10-07 17:01 <DIR> --d----- c:\program files\Motoconnect 2009-10-05 19:24 <DIR> --d----- c:\program files\LGUsbDriver 2009-10-03 16:15 <DIR> --d----- c:\program files\P2K Programs 2009-10-03 16:13 0 a------- c:\windows\MessageExe.INI 2009-10-03 16:13 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\MobileAction 2009-10-03 14:47 <DIR> --d----- c:\program files\CardRecovery 2009-10-03 14:16 <DIR> --d----- c:\program files\GetData 2009-10-03 10:52 <DIR> --d----- c:\program files\Data Doctor MS Access to MySQL Converter (Demo) 2009-10-03 10:44 <DIR> --d----- c:\program files\Microsoft ActiveSync 2009-10-03 10:36 <DIR> --d----- c:\program files\Data Doctor Forensic Software - Pocket PC (Evaluation) 2009-10-02 17:42 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-10-02 08:02 567,529 a------- c:\documents and settings\sexy sorceress\bitpim.dat 2009-10-02 06:54 <DIR> --d----- c:\program files\Motorola Tools 2009-10-02 04:09 7,680 a--sh--- c:\windows\Thumbs.db 2009-10-02 04:03 10,000 a------- c:\program files\MSGDB_msg_data.bin 2009-10-02 04:03 265 a------- c:\program files\MMS_push_msg0.bin 2009-10-02 04:03 28 a------- c:\program files\MMS_push_info.bin 2009-10-02 04:03 4,713 a------- c:\program files\EMS_message_1.bin 2009-10-02 04:03 4,713 a------- c:\program files\EMS_message_0.bin 2009-10-02 04:03 60 a------- c:\program files\EMS_concat_info.bin 2009-10-02 04:02 <DIR> --d----- c:\program files\mobile 2009-10-02 03:58 <DIR> --d----- c:\program files\brew_preloads 2009-10-02 03:56 <DIR> --d----- c:\program files\3741844 2009-10-02 03:56 <DIR> --d----- c:\program files\3 2009-10-02 03:56 <DIR> --d----- c:\program files\3741843 2009-10-02 03:55 <DIR> --d----- c:\program files\3741842 2009-10-02 03:55 <DIR> --d----- c:\program files\3741841 2009-10-02 03:55 <DIR> --d----- c:\program files\3741840 2009-10-02 03:55 <DIR> --d----- c:\program files\3741846 2009-10-02 03:55 <DIR> --d----- c:\program files\3741839 2009-10-02 03:55 <DIR> --d----- c:\program files\3741838 2009-10-02 03:55 <DIR> --d----- c:\program files\3741837 2009-10-02 03:54 <DIR> --d----- c:\program files\3741836 2009-10-02 03:54 <DIR> --d----- c:\program files\3741835 2009-10-02 03:54 <DIR> --d----- c:\program files\3741834 2009-10-02 03:54 <DIR> --d----- c:\program files\3741833 2009-10-02 03:53 <DIR> --d----- c:\program files\3741832 2009-10-02 03:53 <DIR> --d----- c:\program files\3741831 2009-10-02 03:53 <DIR> --d----- c:\program files\3741853 2009-10-02 03:53 23,244 a------- c:\program files\3.dat 2009-10-02 03:52 <DIR> --d----- c:\program files\3741847 2009-10-02 03:52 <DIR> --d----- c:\program files\3741830 2009-10-02 03:52 <DIR> --d----- c:\program files\3741829 2009-10-02 03:52 <DIR> --d----- c:\program files\3741827 2009-10-02 03:52 <DIR> --d----- c:\program files\3741826 2009-10-02 03:52 <DIR> --d----- c:\program files\3741825 2009-10-02 03:49 <DIR> --d----- c:\program files\3741850 2009-10-02 03:49 <DIR> --d----- c:\program files\3741849 2009-10-02 03:49 <DIR> --d----- c:\program files\3741848 2009-10-02 03:37 <DIR> a-d----- c:\program files\Spanish 2009-10-02 03:37 <DIR> a-d----- c:\program files\Backup 2009-10-02 03:37 4,608 a------- c:\program files\restart.exe 2009-10-02 03:37 <DIR> a-d----- c:\program files\Templates 2009-10-02 03:37 <DIR> a-d----- c:\program files\Temp 2009-10-02 03:37 <DIR> a-d----- c:\program files\p2kc_batch_example 2009-10-02 03:37 <DIR> a-d----- c:\program files\Hungarian 2009-10-02 03:37 <DIR> a-d----- c:\program files\German 2009-10-02 03:37 <DIR> a-d----- c:\program files\FtpDrive 2009-10-02 03:37 <DIR> a-d----- c:\program files\English 2009-10-02 03:37 386,560 a------- c:\program files\P2kCommander.exe 2009-10-02 03:37 24,576 a------- c:\program files\P2kAutostart.exe 2009-10-02 00:27 <DIR> --d----- c:\program files\Paraben Corporation 2009-10-02 00:08 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\MOBILeditForensic 2009-10-02 00:07 <DIR> --d----- c:\program files\MOBILedit! Forensic 2009-10-01 21:38 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\BKForensics 2009-10-01 21:35 <DIR> --d----- c:\program files\Cell Phone Analyzer Demo 2009-10-01 21:28 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Windows Search 2009-10-01 21:12 <DIR> --d----- c:\program files\uni2ascii-4.14 2009-09-30 14:40 <DIR> --d----- c:\program files\Polyglot 3000 2009-09-30 13:12 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Helios 2009-09-30 13:12 <DIR> --d----- c:\program files\TextPad 5 2009-09-30 11:46 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01007.Wdf 2009-09-30 11:46 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2009-09-30 11:40 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-09-30 11:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf 2009-09-30 11:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf 2009-09-30 11:39 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-09-30 11:36 <DIR> --d----- c:\program files\Motorola 2009-09-30 11:27 <DIR> --d----- c:\program files\Data Doctor Chat Archive Recovery Yahoo Messenger (Evaluation) 2009-09-30 10:52 21,632 a------- c:\windows\system32\drivers\lgusbmodem.sys 2009-09-30 10:52 19,840 a------- c:\windows\system32\drivers\lgusbdiag.sys 2009-09-30 10:52 12,416 a------- c:\windows\system32\drivers\lgusbbus.sys 2009-09-30 10:52 <DIR> --d----- c:\program files\LG Electronics 2009-09-30 10:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Innovative Solutions 2009-09-30 09:29 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Blitware 2009-09-30 09:29 <DIR> --d----- c:\program files\Driver Robot 2009-09-30 09:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters 2009-09-30 01:04 <DIR> --d----- c:\program files\QPST 2009-09-30 00:17 <DIR> --d----- c:\program files\PowerEditor 2009-09-29 19:31 <DIR> --d----- c:\program files\Data Doctor - Mobile Phone Inspector 2009-09-29 19:22 <DIR> --d----- c:\program files\ART 2009-09-29 18:12 <DIR> --d----- c:\program files\WinHex 2009-09-29 17:58 1,803,264 a------- c:\program files\WinHex.exe 2009-09-29 17:58 239,003 a------- c:\program files\language.dat 2009-09-29 17:58 124,928 a------- c:\program files\Dialogs.dat 2009-09-29 17:58 28,567 a------- c:\program files\whxsetup.exe 2009-09-29 17:58 4,800 a------- c:\program files\timezone.dat 2009-09-29 17:58 512 a------- c:\program files\ebcdic.dat 2009-09-29 14:43 <DIR> --d----- c:\windows\system32\GroupPolicy 2009-09-29 14:43 <DIR> --d----- c:\program files\Windows Desktop Search 2009-09-29 14:41 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll 2009-09-29 14:41 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll 2009-09-29 14:41 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll 2009-09-29 00:46 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\LG Electronics 2009-09-29 00:45 <DIR> --d----- c:\program files\LG PC Suite 2009-09-28 20:49 77,104 a------- c:\windows\system32\drivers\lgatmdm.sys 2009-09-28 20:49 60,816 a------- c:\windows\system32\drivers\lgatserd.sys 2009-09-28 20:49 43,024 a------- c:\windows\system32\drivers\lgatbus.sys 2009-09-28 20:49 6,112 a------- c:\windows\system32\drivers\lgatcmnt.sys 2009-09-28 20:49 6,112 a------- c:\windows\system32\drivers\lgatcm.sys 2009-09-28 20:49 5,712 a------- c:\windows\system32\drivers\lgatwhnt.sys 2009-09-28 20:49 5,712 a------- c:\windows\system32\drivers\lgatwh.sys 2009-09-28 19:40 <DIR> --d----- c:\program files\Drivers 2009-09-28 12:11 <DIR> --d----- c:\program files\BitPim 2009-09-22 21:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\f-secure 2009-09-21 07:40 12,800 a------- c:\windows\system32\EKDeviceServices.dll 2009-09-21 07:38 <DIR> --d----- c:\windows\system32\kodak 2009-09-21 07:38 376,832 a------- c:\windows\system32\EKIJ5000MON.dll 2009-09-21 07:38 110,592 a------- c:\windows\system32\EKIJCOINST04.dll ==================== Find3M ==================== 2009-10-15 21:47 46,046 a------- c:\program files\startuplist.txt 2009-10-15 21:32 14,637 a------- c:\program files\hijackthis.log 2009-10-15 20:42 1,033,728 a------- c:\windows\explorer.exe 2009-10-15 14:22 7,680 a--sh--- c:\program files\Thumbs.db 2009-10-14 22:41 348,160 a------- c:\windows\system32\msvcr71.dll 2009-10-14 16:53 23,633 a------- c:\program files\Uninstall.ini 2009-10-14 16:38 24,192 ac------ c:\documents and settings\sexy sorceress\usbsermptxp.sys 2009-10-14 16:38 22,768 ac------ c:\documents and settings\sexy sorceress\usbsermpt.sys 2009-10-14 06:50 1,681 a------- c:\program files\.config 2009-10-13 20:16 4,320 a------- c:\program files\_setup.xml 2009-10-13 20:16 756 a------- c:\program files\PHONEC~1.000 2009-10-13 20:15 169,984 a------- c:\program files\00MSTALK.017 2009-10-13 19:45 11 a---h--- c:\program files\00systmp.008 2009-10-13 19:42 0 a---h--- c:\program files\0gpslast.002 2009-10-13 19:42 0 a---h--- c:\program files\00syssim.007 2009-10-13 19:42 0 a---h--- c:\program files\000sslog.006 2009-10-13 19:42 0 a---h--- c:\program files\000sclog.005 2009-10-13 19:42 0 a---h--- c:\program files\000rslog.004 2009-10-13 19:42 0 a---h--- c:\program files\000rclog.003 2009-10-03 16:21 79,328 ac------ c:\documents and settings\sexy sorceress\mqdmserd.sys 2009-10-03 16:21 5,936 ac------ c:\documents and settings\sexy sorceress\mqdmwhnt.sys 2009-10-03 16:21 92,064 ac------ c:\documents and settings\sexy sorceress\mqdmmdm.sys 2009-10-03 16:21 9,232 ac------ c:\documents and settings\sexy sorceress\mqdmmdfl.sys 2009-10-03 16:21 4,048 ac------ c:\documents and settings\sexy sorceress\mqdmcr.sys 2009-10-03 16:21 66,656 ac------ c:\documents and settings\sexy sorceress\mqdmbus.sys 2009-10-03 16:21 6,208 ac------ c:\documents and settings\sexy sorceress\mqdmcmnt.sys 2009-10-02 10:01 0 a------- c:\program files\Seem.lst 2009-10-02 07:34 487 a------- c:\program files\P2kAutostart_daemon.log 2009-10-02 07:27 1,931,052 a------- c:\program files\SOURCEFILES 2009-10-02 06:13 274 a------- c:\program files\TempWebPage.htm 2009-10-02 05:47 16 a------- c:\program files\007D_0F3C.seem 2009-10-02 04:03 10,320 a------- c:\program files\TmpTneDB.db 2009-10-02 04:02 0 a------- c:\program files\BREW_iTAP6_User_Dictionary 2009-10-02 04:02 30,680 a------- c:\program files\AmAfsmToneDb.db 2009-10-02 04:02 30,680 a------- c:\program files\AmAfsmTempToneDb.db 2009-10-02 04:02 10,400 a------- c:\program files\AmAfsmDefaultToneDb.db 2009-10-02 04:02 1,019 a------- c:\program files\AmAfsmToneListDb.db 2009-10-02 04:02 300 a------- c:\program files\ALARMCLOCK 2009-10-02 03:56 178,685 a------- c:\program files\3gp 2009-10-02 03:55 896 a------- c:\program files\3_roam_idle1.bmp 2009-10-02 03:55 896 a------- c:\program files\3_nonantenna_idle1.bmp 2009-10-02 03:55 896 a------- c:\program files\3_idle1.bmp 2009-10-02 03:54 154,257 a------- c:\program files\3_10sec.mp3 2009-10-02 03:54 7,227 a------- c:\program files\3.jpg 2009-10-02 03:53 10,121 a------- c:\program files\398.jpg 2009-10-02 03:53 9,772 a------- c:\program files\359.jpg 2009-10-02 03:53 8,527 a------- c:\program files\32.jpg 2009-10-02 03:53 7,631 a------- c:\program files\31.jpg 2009-10-02 03:53 2,276 a------- c:\program files\3_clip.jpg 2009-10-02 03:52 49,724 a------- c:\program files\3.wav 2009-10-02 03:52 2,408 a------- c:\program files\3_idle7.bmp 2009-10-02 03:52 1,008 a------- c:\program files\3_idle6.bmp 2009-10-02 03:50 67,742 a------- c:\program files\354a.jpg 2009-10-02 03:50 513,572 a------- c:\program files\3g2 2009-10-02 03:50 1,922,189 a------- c:\program files\35a.3g2 2009-10-02 03:50 200,216 a------- c:\program files\356a.jpg 2009-10-02 03:50 171,552 a------- c:\program files\355a.jpg 2009-10-02 03:50 59,638 a------- c:\program files\3a.jpg 2009-10-02 03:50 105,455 a------- c:\program files\35c.jpg 2009-10-02 03:50 208,341 a------- c:\program files\35b.jpg 2009-10-02 03:50 200,203 a------- c:\program files\35a.jpg 2009-10-02 03:50 188,898 a------- c:\program files\34d.jpg 2009-10-02 03:50 206,691 a------- c:\program files\34c.jpg 2009-09-30 15:04 254,850 a------- c:\program files\winhex-d.hlp 2009-09-18 06:41 490 ac------ c:\docume~1\sexyso~1\applic~1\wklnhst.dat 2009-09-14 02:34 162 ----h--- c:\program files\0gpsinfo.001 2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 02:36 832,512 -------- c:\windows\system32\wininet.dll 2009-08-29 02:36 78,336 a------- c:\windows\system32\ieencode.dll 2009-08-29 02:36 17,408 a------- c:\windows\system32\corpol.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-08 11:01 7,168 a------- c:\program files\0MAPIlib.016 2009-08-08 11:01 400 a------- c:\program files\000APP~1.015 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 10:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe 2009-08-04 09:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe 2009-01-06 20:36 2,875 a------- c:\program files\Whatsnew.txt 2009-01-06 20:36 8,348 a------- c:\program files\ChangeLog.txt 2008-11-08 21:40 1,567 a------- c:\program files\p2kapps.rtf 2008-09-13 19:55 54 a------- c:\program files\hidden_files.lst 2008-04-16 08:28 40,960 a------- c:\program files\OP60B1~1.013 2008-04-16 08:28 172,032 a------- c:\program files\OPFFD3~1.010 2008-04-16 08:28 12,288 a------- c:\program files\OPDCF2~1.012 2008-04-16 08:27 35,840 a------- c:\program files\OPC3C5~1.011 2008-04-16 08:27 219,136 a------- c:\program files\OPENNE~1.014 2008-04-16 08:27 29,696 a------- c:\program files\OPENNE~2.009 2008-02-16 20:53 6,766 a------- c:\program files\Messages.lng 2007-09-09 23:26 16,630 a------- c:\program files\Icon_5.ico 2007-07-02 15:54 4,333,568 a------- c:\program files\RSD Lite_3.8.msi 2007-05-12 17:50 1,406 a------- c:\program files\scripting.txt 2007-05-12 17:42 6,769 a------- c:\program files\SeemFunctionsP2k05.csv 2007-05-12 17:24 14,510 a------- c:\program files\SeemFunctionsP2k.csv 2007-03-27 12:36 69,174,605 ac------ c:\program files\mpt404b.exe 2007-03-27 12:36 7,219 ac------ c:\program files\MPT.txt 2007-03-11 21:33 15,542 a------- c:\program files\SeemCategories.lst 2007-02-15 11:17:44 A------- 4,112,446 c:\program files\SWDL.exe 2009-01-27 07:49 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012720090128\index.dat ============= FINISH: 15:18:54.92 =============== ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/17 15:15 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: 00000046 Image Path: \Driver\00000046 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal[1].sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys Address: 0xB36D7000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "Lbd.sys" at address 0xba99887e #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xba6d684c #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xba6d6bec #: 119 Function Name: NtOpenKey Status: Hooked by "sptd.sys" at address 0xba6d1090 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xba6d6cc4 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xba6d6b44 #: 247 Function Name: NtSetValueKey Status: Hooked by "Lbd.sys" at address 0xba998bfe ==EOF== This post has been edited by 120500*: Oct 17 2009, 02:39 PM

LDTate View Member Profile	Oct 19 2009, 07:49 PM Post #2
Forum God Group: Root Admin Posts: 48,389 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	DO NOT use any TOOLS such as Combofix, SmitfraudFix, MBAM, Vundofix, or HijackThis fixes without supervision. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. Vista users: 1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator") Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Uncheck "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Uncheck "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Next: Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Then click Remove Selected . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Also please describe how your computer behaves at the moment. Please don't attach the scans / logs, use "copy/paste". .

120500 View Member Profile	Oct 20 2009, 03:37 PM Post #3
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	Hi, Thanks so much for your help! I followed your suggestions and no problems were found. I will paste the log below. The computer is not acting too bad right now. Everytime I start internet explorer or go to a new page multiple tracking cookie warnings pop up. There are always at least 2 yield manager, and occasionally assorted other ones. I'm not sure if this is something new or just because I started using AVG. And sometimes the computer seems to "reset" out of the blue. It's almost like it completely shuts down and restarts, but the screen never goes out. It stays frozen on the desktop background. (only the background showing, no programs or start button) Also a few times it has gone offline in the middle of something and said I was not connected to the internet, but not like it did before. Simply hitting the back button brings it back up (refresh will not). I've been trying to use it as little as possible until it is fixed. Thanks again! Tammy Malwarebytes' Anti-Malware 1.41 Database version: 2998 Windows 5.1.2600 Service Pack 3 10/20/2009 2:47:37 PM mbam-log-2009-10-20 (14-47-37).txt Scan type: Quick Scan Objects scanned: 135678 Time elapsed: 50 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

LDTate View Member Profile	Oct 20 2009, 06:32 PM Post #4
Forum God Group: Root Admin Posts: 48,389 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Lets see if combofix finds anything. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs Double click on ComboFix.exe & follow the prompts. Note: Combofix will run without the Recovery Console installed. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. "copy/paste" a new HijackThis log file into this thread as well. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL** CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Give it atleast 20-30 minutes to finish if needed. Also please describe how your computer behaves at the moment.

120500 View Member Profile	Oct 23 2009, 10:26 PM Post #5
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	ComboFix 09-10-22.01 - SEXY SORCERESS 10/23/2009 23:10.3.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1229 [GMT -5:00] Running from: c:\documents and settings\SEXY SORCERESS\Desktop\ComboFix.exe AV: AVG Anti-Virus On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ADS - explorer.exe: deleted 88 bytes in 2 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\etc\lmhosts . ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 ))))))))))))))))))))))))))))))) . 2009-10-22 03:05 . 2009-10-22 03:05 -------- d-----w- c:\program files\Ancestry Toolbar 2009-10-20 21:59 . 2009-10-20 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-10-20 21:59 . 2009-10-20 21:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-20 21:59 . 2009-10-20 21:59 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\SUPERAntiSpyware.com 2009-10-20 21:56 . 2009-10-20 21:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-20 17:20 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-20 17:20 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-19 14:42 . 2009-10-21 09:23 -------- d-----w- c:\program files\ABC Amber Image Converter 2009-10-19 14:23 . 2009-10-19 14:23 -------- d-----w- c:\program files\Free RAW Viewer 2009-10-19 11:51 . 2009-10-24 02:58 256 ----a-w- c:\documents and settings\SEXY SORCERESS\pool.bin 2009-10-19 08:54 . 2009-10-21 10:20 -------- d-----w- c:\program files\ABC Amber Text Converter 2009-10-19 08:46 . 2009-10-21 09:23 -------- d-----w- c:\program files\ABC Amber Paradox Converter 2009-10-19 08:13 . 2009-10-21 09:23 -------- d-----w- c:\program files\ABC Amber DAT Converter 2009-10-19 07:24 . 2009-10-21 09:23 -------- d-----w- c:\program files\ABC Amber BlackBerry Converter 2009-10-19 06:59 . 2009-10-19 06:59 0 ----a-w- c:\windows\nsreg.dat 2009-10-19 06:59 . 2009-10-19 06:59 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Local Settings\Application Data\Thunderbird 2009-10-19 06:59 . 2009-10-19 06:59 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Thunderbird 2009-10-19 06:10 . 2009-10-20 04:41 -------- d-----w- c:\program files\Eudora 8.0 Beta 7 2009-10-19 00:28 . 2009-10-19 00:28 -------- d-----w- c:\program files\Nucleus Kernel Internet Explorer Password Recovery 2009-10-18 23:14 . 2009-10-18 23:14 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Blackberry Desktop 2009-10-18 23:11 . 2009-10-18 23:11 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Research In Motion 2009-10-18 23:03 . 2009-10-18 23:03 256 ----a-w- C:\pool.bin 2009-10-18 22:12 . 2009-10-18 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2009-10-18 22:11 . 2009-01-09 21:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-10-18 22:09 . 2009-10-18 22:09 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-10-18 22:08 . 2009-10-18 22:09 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-10-18 22:08 . 2009-10-18 22:12 -------- d-----w- c:\program files\Research In Motion 2009-10-18 21:03 . 2009-10-17 04:54 693760 ----a-w- c:\program files\BBSAKv1.6_Installer.msi 2009-10-18 20:56 . 2009-10-18 20:56 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\vlc 2009-10-18 20:51 . 2009-10-18 21:03 -------- d-----w- c:\program files\BBSAK 2009-10-18 19:36 . 2009-10-21 09:23 -------- d-----w- c:\program files\Data Doctor Recovery - SIM Card (Evaluation) 2009-10-18 00:01 . 2009-10-18 00:01 -------- d-----w- c:\program files\tcpIQ 2009-10-17 20:03 . 2009-10-17 20:04 -------- d-----w- c:\program files\ERUNT 2009-10-17 18:49 . 2009-10-17 18:50 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer 2009-10-17 16:12 . 2009-10-17 16:12 -------- d-----w- C:\My Music 2009-10-16 04:51 . 2009-10-16 04:51 -------- d-----w- c:\program files\Windows Mobile Device Handbook 2009-10-16 02:31 . 2009-10-16 02:27 401720 ----a-w- c:\program files\HijackThis.exe 2009-10-16 01:13 . 2009-10-16 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-10-15 23:46 . 2009-10-17 23:44 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\IObit 2009-10-15 23:46 . 2009-10-16 01:13 -------- d-----w- c:\program files\IObit 2009-10-15 23:10 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-15 22:54 . 2009-10-15 22:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-15 22:53 . 2009-10-15 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-15 22:53 . 2009-10-15 22:53 -------- d-----w- c:\program files\Lavasoft 2009-10-15 20:15 . 2009-10-15 20:15 -------- d-----w- c:\windows\system32\wbem\Repository 2009-10-15 20:14 . 2009-10-15 20:14 -------- d-----w- c:\program files\Common Files\xing shared 2009-10-15 20:10 . 2009-10-15 20:10 -------- d-----w- c:\program files\Symantec Client Security 2009-10-15 08:55 . 2009-10-15 20:10 -------- d-----w- c:\program files\Symantec 2009-10-15 07:55 . 2009-10-15 20:12 -------- d-----w- C:\RECYCLER(2) 2009-10-15 02:08 . 2009-10-15 20:47 -------- d-----w- C:\$AVG 2009-10-15 02:08 . 2009-10-24 03:25 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-10-15 02:08 . 2009-10-24 03:24 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-10-15 02:08 . 2009-10-15 02:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-15 02:08 . 2009-10-15 02:08 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-15 02:08 . 2009-10-24 03:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-15 02:08 . 2009-10-24 03:25 -------- d-----w- c:\windows\system32\drivers\Avg 2009-10-15 02:07 . 2009-10-15 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-15 02:07 . 2009-10-15 02:07 -------- d-----w- c:\program files\AVG 2009-10-15 02:07 . 2009-10-15 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-10-14 23:44 . 2009-10-14 23:44 -------- d-----w- c:\program files\CCleaner 2009-10-14 23:44 . 2009-10-14 23:44 -------- d-----w- c:\program files\DriverTool 2009-10-14 23:44 . 2009-10-14 23:44 -------- d-----w- c:\program files\devshowall 2009-10-14 23:43 . 2009-10-14 23:43 -------- d-----w- c:\program files\RSD_CMDA_General_5_1_6_Installation 2009-10-14 21:42 . 2009-10-14 21:42 -------- d-----w- c:\program files\PhoneModels 2009-10-14 21:42 . 2009-10-14 21:42 -------- d-----w- c:\program files\Pages 2009-10-14 21:40 . 2009-10-21 09:23 -------- d-----w- c:\program files\Motorola Phone Tools 2009-10-14 17:56 . 2009-10-14 17:56 -------- d-----w- c:\program files\newp2k 2009-10-14 17:54 . 2006-07-21 01:25 166 ----a-w- c:\program files\devshowall.zip 2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Malwarebytes 2009-10-14 14:43 . 2009-10-20 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-14 12:56 . 2009-10-14 12:56 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\SMSServant 2009-10-14 11:48 . 2009-10-14 11:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search 2009-10-14 09:30 . 2009-10-14 09:30 -------- d-----w- c:\program files\MessagingToolkit 2009-10-14 07:16 . 2009-10-14 07:16 -------- d-----w- c:\program files\LANDesk 2009-10-14 07:16 . 2009-10-14 07:15 10144 ------w- c:\windows\system32\drivers\asicio.sys 2009-10-14 07:16 . 2009-10-14 07:16 -------- d-----w- c:\windows\Drivers 2009-10-14 06:54 . 2009-10-14 06:54 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Mobile Master 2009-10-14 06:53 . 2009-10-14 09:48 -------- d-----w- C:\PIACCESS 2009-10-14 06:50 . 2009-10-21 09:23 -------- d-----w- c:\program files\Mobile Master 2009-10-14 06:50 . 2009-10-14 06:50 -------- d-----w- c:\program files\Common Files\Jumping Bytes 2009-10-14 06:49 . 2009-10-14 06:49 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Jumping Bytes 2009-10-14 06:45 . 2009-10-14 06:45 -------- d-----w- c:\program files\MediaInfo 2009-10-14 01:08 . 2009-09-15 19:38 23936 ----a-w- c:\windows\system32\drivers\motport.sys 2009-10-14 01:08 . 2009-09-15 19:38 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys 2009-10-14 01:08 . 2009-06-19 21:59 19712 ----a-w- c:\windows\system32\drivers\motccgp.sys 2009-10-14 01:08 . 2009-05-08 16:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys 2009-10-14 01:08 . 2009-01-29 22:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys 2009-10-14 01:08 . 2008-03-27 22:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2009-10-14 01:08 . 2007-11-02 20:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys 2009-10-11 20:24 . 2009-10-11 20:28 -------- d-----w- c:\program files\iPhone Explorer 2009-10-11 08:02 . 2009-10-11 08:02 -------- d-----w- c:\windows\SQL9_KB960089_ENU 2009-10-10 19:24 . 2009-10-10 19:24 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search 2009-10-10 03:19 . 2009-10-10 03:19 -------- d-----w- c:\program files\iPod 2009-10-10 03:19 . 2009-10-10 03:21 -------- d-----w- c:\program files\iTunes 2009-10-10 03:19 . 2009-10-10 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-10 03:14 . 2009-10-10 03:14 -------- d-----w- c:\program files\Apple Software Update 2009-10-10 03:13 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-10-10 03:13 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-10-10 03:12 . 2009-10-10 03:19 -------- d-----w- c:\program files\Common Files\Apple 2009-10-10 03:02 . 2009-10-10 03:02 -------- d-----w- c:\program files\Microsoft Small Business 2009-10-10 02:48 . 2009-10-14 03:10 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-10 02:30 . 2009-10-10 02:30 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Local Settings\Application Data\Microsoft Help 2009-10-10 02:03 . 2009-10-10 02:36 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\GetRightToGo 2009-10-08 21:36 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-10-08 21:36 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-10-08 21:36 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-10-08 21:36 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-10-07 22:01 . 2009-10-21 09:23 -------- d-----w- c:\program files\Motoconnect 2009-10-06 00:24 . 2009-10-06 00:24 -------- d-----w- c:\program files\LGUsbDriver 2009-10-04 16:05 . 2009-10-04 16:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search 2009-10-03 22:28 . 2007-07-02 20:54 4333568 ----a-w- c:\program files\RSD Lite_3.8.msi 2009-10-03 21:15 . 2009-10-03 21:15 -------- d-----w- c:\program files\P2K Programs 2009-10-03 21:13 . 2009-10-03 21:13 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\MobileAction 2009-10-03 19:47 . 2009-10-03 19:48 -------- d-----w- c:\program files\CardRecovery 2009-10-03 19:16 . 2009-10-03 19:37 -------- d-----w- c:\program files\GetData 2009-10-03 15:52 . 2009-10-21 09:23 -------- d-----w- c:\program files\Data Doctor MS Access to MySQL Converter (Demo) 2009-10-03 15:44 . 2009-10-16 11:44 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-10-03 15:36 . 2009-10-21 09:23 -------- d-----w- c:\program files\Data Doctor Forensic Software - Pocket PC (Evaluation) 2009-10-02 22:42 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-02 20:36 . 2009-10-02 20:36 -------- d-----w- c:\documents and settings\BOYS\Application Data\Windows Desktop Search 2009-10-02 13:02 . 2009-10-02 13:45 567529 ----a-w- c:\documents and settings\SEXY SORCERESS\bitpim.dat 2009-10-02 11:54 . 2009-10-02 11:54 -------- d-----w- c:\program files\Motorola Tools 2009-10-02 09:03 . 2009-10-02 09:03 28 ----a-w- c:\program files\MMS_push_info.bin 2009-10-02 09:03 . 2009-10-02 09:03 265 ----a-w- c:\program files\MMS_push_msg0.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-21 09:23 . 2007-03-16 07:39 -------- d-----w- c:\program files\Microsoft Works 2009-10-21 09:23 . 2009-02-18 17:26 -------- d-----w- c:\program files\CIF USB Camera 2009-10-21 09:23 . 2009-02-03 01:26 -------- d-----w- c:\program files\ATTToolbar 2009-10-21 09:23 . 2009-02-03 01:25 -------- d-----w- c:\program files\ATT-SST 2009-10-21 09:23 . 2007-03-27 17:38 -------- d-----w- c:\program files\Avanquest update 2009-10-20 08:37 . 2007-06-12 01:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-19 08:02 . 2007-03-25 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-17 18:11 . 2009-02-03 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar 2009-10-16 18:48 . 2008-11-28 21:31 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\gtk-2.0 2009-10-16 06:15 . 2007-03-25 20:41 -------- d-----w- c:\program files\Microsoft.NET 2009-10-16 02:47 . 2009-10-16 02:47 46046 ----a-w- c:\program files\startuplist.txt 2009-10-16 02:32 . 2009-10-16 02:32 14637 ----a-w- c:\program files\hijackthis.log 2009-10-16 01:42 . 2006-05-07 00:24 1033728 ----a-w- c:\windows\explorer.exe 2009-10-15 20:47 . 2007-04-06 17:10 92464 -c--a-w- c:\documents and settings\SEXY SORCERESS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-15 20:14 . 2008-01-19 00:45 -------- d-----w- c:\program files\Common Files\Real 2009-10-15 19:22 . 2009-10-02 09:09 7680 --sha-w- c:\program files\Thumbs.db 2009-10-15 18:08 . 2007-03-16 07:44 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-15 17:26 . 2007-03-16 07:39 -------- d-----w- c:\program files\Intel 2009-10-15 08:56 . 2008-10-06 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-15 08:43 . 2007-03-16 07:32 -------- d-----w- c:\program files\Google 2009-10-15 03:41 . 2007-03-16 07:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-15 00:58 . 2008-08-03 19:52 -------- d-----w- c:\program files\Norton 360 2009-10-14 23:44 . 2007-03-16 07:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-14 21:53 . 2009-10-14 21:42 23633 ----a-w- c:\program files\Uninstall.ini 2009-10-14 21:38 . 2007-03-27 17:37 24192 -c--a-w- c:\documents and settings\SEXY SORCERESS\usbsermptxp.sys 2009-10-14 21:38 . 2007-03-27 17:37 22768 -c--a-w- c:\documents and settings\SEXY SORCERESS\usbsermpt.sys 2009-10-14 15:17 . 2007-08-28 00:03 -------- d-----w- c:\program files\GamesBar 2009-10-14 11:50 . 2009-10-02 08:37 1681 ----a-w- c:\program files\.config 2009-10-14 11:44 . 2007-04-15 22:28 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc 2009-10-14 07:16 . 2007-03-16 07:48 -------- d-----w- c:\program files\Gateway 2009-10-14 04:26 . 2007-06-21 05:56 -------- d-----w- c:\program files\Common Files\Motorola Shared 2009-10-14 02:42 . 2007-07-13 14:47 -------- d-----w- c:\program files\Windows Defender 2009-10-14 01:16 . 2009-10-14 01:16 756 ----a-w- c:\program files\PHONEC~1.000 2009-10-14 01:16 . 2009-10-14 01:16 4320 ----a-w- c:\program files\_setup.xml 2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\0gpslast.002 2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\00syssim.007 2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\000sslog.006 2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\000sclog.005 2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\000rslog.004 2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\000rclog.003 2009-10-10 19:24 . 2009-03-23 02:10 92464 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-10 16:19 . 2007-04-14 03:35 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent 2009-10-10 05:45 . 2008-07-22 20:33 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Apple Computer 2009-10-10 04:54 . 2009-03-17 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-10-10 03:18 . 2007-12-25 04:04 -------- d-----w- c:\program files\QuickTime 2009-10-10 03:17 . 2008-11-26 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-10-03 21:21 . 2007-03-27 18:01 79328 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmserd.sys 2009-10-03 21:21 . 2007-03-27 18:01 5936 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmwhnt.sys 2009-10-03 21:21 . 2007-03-27 18:01 9232 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmmdfl.sys 2009-10-03 21:21 . 2007-03-27 18:01 92064 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmmdm.sys 2009-10-03 21:21 . 2007-03-27 18:01 4048 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmcr.sys 2009-10-03 21:21 . 2007-03-27 18:01 66656 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmbus.sys 2009-10-03 21:21 . 2007-03-27 18:01 6208 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmcmnt.sys 2009-10-02 20:48 . 2007-07-17 00:40 60784 -c--a-w- c:\documents and settings\BOYS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-02 15:01 . 2009-10-02 08:37 0 ----a-w- c:\program files\Seem.lst 2009-10-02 14:03 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741829 2009-10-02 12:34 . 2009-10-02 12:20 487 ----a-w- c:\program files\P2kAutostart_daemon.log 2009-10-02 12:27 . 2009-10-02 12:26 1931052 ----a-w- c:\program files\SOURCEFILES 2009-10-02 11:13 . 2009-10-02 09:20 274 ----a-w- c:\program files\TempWebPage.htm 2009-10-02 10:47 . 2009-10-02 10:47 16 ----a-w- c:\program files\007D_0F3C.seem 2009-10-02 09:03 . 2009-10-02 09:03 10320 ----a-w- c:\program files\TmpTneDB.db 2009-10-02 09:02 . 2009-10-02 09:02 0 ----a-w- c:\program files\BREW_iTAP6_User_Dictionary 2009-10-02 09:02 . 2009-10-02 09:02 30680 ----a-w- c:\program files\AmAfsmToneDb.db 2009-10-02 09:02 . 2009-10-02 09:02 30680 ----a-w- c:\program files\AmAfsmTempToneDb.db 2009-10-02 09:02 . 2009-10-02 09:02 10400 ----a-w- c:\program files\AmAfsmDefaultToneDb.db 2009-10-02 09:02 . 2009-10-02 09:02 1019 ----a-w- c:\program files\AmAfsmToneListDb.db 2009-10-02 09:02 . 2009-10-02 09:02 300 ----a-w- c:\program files\ALARMCLOCK 2009-10-02 08:56 . 2009-10-02 08:56 178685 ----a-w- c:\program files\3gp 2009-10-02 08:55 . 2009-10-02 08:55 896 ----a-w- c:\program files\3_roam_idle1.bmp 2009-10-02 08:55 . 2009-10-02 08:55 896 ----a-w- c:\program files\3_nonantenna_idle1.bmp 2009-10-02 08:55 . 2009-10-02 08:55 896 ----a-w- c:\program files\3_idle1.bmp 2009-10-02 08:55 . 2009-10-02 08:49 -------- d-----w- c:\program files\3741848 2009-10-02 08:54 . 2009-10-02 08:54 154257 ----a-w- c:\program files\3_10sec.mp3 2009-10-02 08:54 . 2009-10-02 08:49 -------- d-----w- c:\program files\3741849 2009-10-02 08:54 . 2009-10-02 08:54 -------- d-----w- c:\program files\3741833 2009-10-02 08:54 . 2009-10-02 08:54 7227 ----a-w- c:\program files\3.jpg 2009-10-02 08:53 . 2009-10-02 08:53 9772 ----a-w- c:\program files\359.jpg 2009-10-02 08:53 . 2009-10-02 08:53 8527 ----a-w- c:\program files\32.jpg 2009-10-02 08:53 . 2009-10-02 08:53 10121 ----a-w- c:\program files\398.jpg 2009-10-02 08:53 . 2009-10-02 08:53 7631 ----a-w- c:\program files\31.jpg 2009-10-02 08:53 . 2009-10-02 08:53 -------- d-----w- c:\program files\3741832 2009-10-02 08:53 . 2009-10-02 08:53 -------- d-----w- c:\program files\3741831 2009-10-02 08:53 . 2009-10-02 08:53 -------- d-----w- c:\program files\3741853 2009-10-02 08:53 . 2009-10-02 08:53 23244 ----a-w- c:\program files\3.dat 2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741847 2009-10-02 08:52 . 2009-10-02 08:52 49724 ----a-w- c:\program files\3.wav 2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741830 2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741827 2009-10-02 08:52 . 2009-10-02 08:52 2408 ----a-w- c:\program files\3_idle7.bmp 2009-10-02 08:52 . 2009-10-02 08:52 1008 ----a-w- c:\program files\3_idle6.bmp 2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741826 2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741825 2009-10-02 08:50 . 2009-10-02 08:50 67742 ----a-w- c:\program files\354a.jpg 2009-10-02 08:50 . 2009-10-02 08:50 513572 ----a-w- c:\program files\3g2 2009-10-02 08:50 . 2009-10-02 08:50 1922189 ----a-w- c:\program files\35a.3g2 2009-10-02 08:50 . 2009-10-02 08:50 200216 ----a-w- c:\program files\356a.jpg 2009-10-02 08:50 . 2009-10-02 08:50 171552 ----a-w- c:\program files\355a.jpg 2009-10-02 08:50 . 2009-10-02 08:50 59638 ----a-w- c:\program files\3a.jpg 2009-10-02 08:50 . 2009-10-02 08:50 105455 ----a-w- c:\program files\35c.jpg 2009-10-02 08:50 . 2009-10-02 08:50 208341 ----a-w- c:\program files\35b.jpg . ((((((((((((((((((((((((((((( SnapShot@2009-10-14_15.22.57 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll + 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll + 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll + 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll - 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll - 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll - 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll - 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll - 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll - 2006-12-02 06:08 . 2006-12-02 06:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll - 2006-12-02 06:08 . 2006-12-02 06:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll - 2006-12-02 06:08 . 2006-12-02 06:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll - 2006-12-02 06:08 . 2006-12-02 06:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll + 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll + 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll + 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll + 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll + 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll + 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll + 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll + 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll + 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll - 2006-12-02 06:26 . 2006-12-02 06:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll - 2006-12-02 06:25 . 2006-12-02 06:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll + 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll - 2006-12-02 04:56 . 2006-12-02 04:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-02 03:56 . 2006-12-02 03:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2009-10-24 02:57 . 2009-10-24 02:57 16384 c:\windows\temp\Perflib_Perfdata_cac.dat + 2009-10-24 02:57 . 2009-10-24 02:57 16384 c:\windows\temp\Perflib_Perfdata_98c.dat + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(9).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(8).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(7).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(6).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(5).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(4).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(3).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(2).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(16).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(15).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(14).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(13).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(12).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(11).drv + 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(10).drv + 2008-08-19 03:56 . 2008-04-14 00:12 39936 c:\windows\system32\wbem\snmpthrd.dll + 2008-08-19 03:56 . 2008-04-14 00:12 33280 c:\windows\system32\snmp.exe + 2009-10-18 22:11 . 2009-01-09 21:18 27136 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RimSerial.sys + 2006-05-07 00:24 . 2009-10-16 06:25 96820 c:\windows\system32\perfc009.dat + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(9).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(8).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(7).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(6).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(5).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(4).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(3).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(2).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(16).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(15).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(14).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(13).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(12).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(11).dll + 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(10).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(9).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(8).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(7).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(6).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(5).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(4).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(3).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(2).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(16).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(15).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(14).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(13).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(12).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(11).dll + 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(10).dll + 2009-06-11 17:09 . 2009-10-16 04:53 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2009-06-11 17:09 . 2009-09-27 21:13 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2008-08-19 03:56 . 2008-04-14 00:11 18944 c:\windows\system32\lprmon.dll + 2008-08-19 03:56 . 2008-04-14 00:11 22528 c:\windows\system32\lpdsvc.dll + 2008-08-19 03:56 . 2008-04-14 00:11 33792 c:\windows\system32\lmmib2.dll + 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(6).dll + 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(5).dll + 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(4).dll + 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(3).dll + 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(2).dll + 2008-08-19 03:56 . 2008-04-14 00:11 39936 c:\windows\system32\hostmib.dll + 2008-08-19 03:56 . 2008-04-14 00:12 92160 c:\windows\system32\evntwin.exe + 2008-08-19 03:56 . 2008-04-14 00:12 24064 c:\windows\system32\evntcmd.exe + 2009-10-15 23:10 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys - 2008-04-16 19:51 . 2008-04-16 19:51 22784 c:\windows\system32\drivers\RimUsb.sys + 2008-05-20 23:33 . 2008-05-20 23:33 22784 c:\windows\system32\drivers\RimUsb.sys + 2008-08-19 03:56 . 2008-04-14 00:12 39936 c:\windows\system32\dllcache\snmpthrd.dll + 2008-08-19 03:56 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\snmp.exe + 2008-08-19 03:56 . 2008-04-14 00:11 18944 c:\windows\system32\dllcache\lprmon.dll + 2008-08-19 03:56 . 2008-04-14 00:11 22528 c:\windows\system32\dllcache\lpdsvc.dll + 2008-08-19 03:56 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\lmmib2.dll + 2008-08-19 03:56 . 2008-04-14 00:11 39936 c:\windows\system32\dllcache\hostmib.dll + 2008-08-19 03:56 . 2008-04-14 00:12 92160 c:\windows\system32\dllcache\evntwin.exe + 2008-08-19 03:56 . 2008-04-14 00:12 24064 c:\windows\system32\dllcache\evntcmd.exe + 2005-12-23 13:53 . 2005-12-23 13:53 23040 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0C0A\mscorsecr.dll + 2005-12-09 15:47 . 2005-12-09 15:47 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.res.3082.dll + 2005-12-23 13:53 . 2005-12-23 13:53 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Services.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Mobile.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Transactions.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.ServiceProcess.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Security.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 11776 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Runtime.Serialization.Formatters.Soap.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Runtime.Remoting.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Messaging.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Management.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.EnterpriseServices.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Drawing.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.DirectoryServices.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.DirectoryServices.Protocols.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\system.data.sqlxml.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 49152 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Configuration.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Configuration.Install.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\sysglobl.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 86528 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\ShFusRes.dll + 2005-12-23 13:53 . 2005-12-23 13:53 11264 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Regasm.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\MSBuild.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.VisualBasic.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.JScript.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Utilities.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Engine.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\caspol.resources.dll + 2005-12-23 13:52 . 2005-12-23 13:52 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_regsql.resources.dll + 2005-12-23 13:52 . 2005-12-23 13:52 84992 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_rc.dll + 2005-12-23 13:52 . 2005-12-23 13:52 23040 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\alinkui.dll + 2009-10-18 22:10 . 2009-10-18 22:10 49152 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe + 2009-10-18 22:09 . 2009-10-18 22:09 49152 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe + 2009-10-18 22:09 . 2009-10-18 22:09 49152 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe + 2009-10-18 22:10 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe + 2009-10-18 22:10 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe + 2009-10-18 22:10 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe + 2009-10-18 22:10 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe + 2009-10-18 22:09 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe + 2009-10-18 22:09 . 2009-10-18 22:09 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe + 2009-10-18 22:09 . 2009-10-18 22:09 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe + 2009-10-18 22:09 . 2009-10-18 22:09 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe + 2009-10-18 00:01 . 2009-10-18 00:01 29926 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_324405953A38774B92DF01.exe + 2009-10-20 21:59 . 2009-10-20 21:59 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2009-10-20 21:59 . 2009-10-20 21:59 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2009-10-18 20:23 . 2009-10-18 20:23 81920 c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Services.Resources.dll + 2009-10-18 20:24 . 2009-10-18 20:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll + 2009-10-18 20:24 . 2009-10-18 20:24 16896 c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_es_b77a5c561934e089\System.Transactions.resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 40960 c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 28672 c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Security.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 11776 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 32768 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 61440 c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Messaging.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 13312 c:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Management.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 32768 c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 24576 c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Drawing.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 40960 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_es-ES_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 28672 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_es-ES_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 36864 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_es_b77a5c561934e089\system.data.sqlxml.resources.dll + 2009-10-18 20:24 . 2009-10-18 20:24 49152 c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Configuration.resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 28672 c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll + 2009-10-18 20:24 . 2009-10-18 20:24 10752 c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_es_b03f5f7f11d50a3a\sysglobl.resources.dll + 2009-10-18 20:24 . 2009-10-18 20:24 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll + 2009-10-16 06:16 . 2009-10-16 06:16 64568 c:\windows\assembly\GAC_MSIL\Microsoft.ServiceModel.Channels.Mail\3.5.0.0__31bf3856ad364e35\Microsoft.ServiceModel.Channels.Mail.dll + 2009-10-18 20:23 . 2009-10-18 20:23 45056 c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 10240 c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 53248 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll + 2008-08-19 03:56 . 2008-04-14 00:12 8704 c:\windows\system32\snmptrap.exe + 2008-08-19 03:56 . 2008-04-14 00:12 6144 c:\windows\system32\snmpmib.dll + 2009-10-15 03:42 . 2009-10-15 03:42 5632 c:\windows\system32\pndx5032.dll - 2008-01-19 00:45 . 2008-01-19 00:45 5632 c:\windows\system32\pndx5032.dll + 2009-10-15 03:42 . 2009-10-15 03:42 6656 c:\windows\system32\pndx5016.dll - 2008-01-19 00:45 . 2008-01-19 00:45 6656 c:\windows\system32\pndx5016.dll + 2005-12-23 13:53 . 2005-12-23 13:53 7168 c:\windows\system32\mui\0C0A\mscorees.dll + 2008-08-19 03:56 . 2008-04-14 00:12 8704 c:\windows\system32\dllcache\snmptrap.exe + 2008-08-19 03:56 . 2008-04-14 00:12 6144 c:\windows\system32\dllcache\snmpmib.dll + 2005-12-23 13:53 . 2005-12-23 13:53 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC\es\Microsoft.VisualBasic.Compatibility.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC\es\Microsoft.VisualBasic.Compatibility.Data.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 6144 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Drawing.Design.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\JSC.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 4096 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\InstallUtil.resources.dll + 2005-12-23 13:52 . 2005-12-23 13:52 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_regbrowsers.resources.dll + 2005-12-23 13:52 . 2005-12-23 13:52 8704 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_compiler.resources.dll + 2005-12-23 13:52 . 2005-12-23 13:52 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\CvtResUI.dll + 2009-10-18 00:01 . 2009-10-18 00:01 3638 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_D4DE8FFC8D1018F046DED7.exe + 2009-10-18 00:01 . 2009-10-18 00:01 5430 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_B9320CB6D43382A470631C.exe + 2009-10-18 00:01 . 2009-10-18 00:01 3638 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6FEFF9B68218417F98F549.exe + 2009-10-18 00:01 . 2009-10-18 00:01 5430 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6FECB8B9CC6EAB57AC1A9A.exe + 2009-10-18 00:01 . 2009-10-18 00:01 3638 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6F04BF382DFC3303FADFA3.exe + 2009-10-20 21:59 . 2009-10-20 21:59 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe + 2009-10-18 22:12 . 2009-10-18 22:12 6318 c:\windows\Installer\{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}\ICO_ARPProductIcon.exe + 2009-10-15 07:35 . 2009-10-15 07:35 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat + 2009-10-15 07:35 . 2009-10-15 07:35 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat + 2009-10-18 20:23 . 2009-10-18 20:23 6144 c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll + 2009-10-18 20:24 . 2009-10-18 20:24 9216 c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll + 2009-10-18 20:24 . 2009-10-18 20:24 9216 c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll + 2008-07-29 13:05 . 2008-07-29 13:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll + 2008-07-29 08:54 . 2008-07-29 08:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2006-12-02 03:54 . 2006-12-02 03:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll - 2006-12-02 04:54 . 2006-12-02 04:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll - 2006-12-02 04:54 . 2006-12-02 04:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-02 03:54 . 2006-12-02 03:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll - 2006-12-02 04:54 . 2006-12-02 04:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-02 03:54 . 2006-12-02 03:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll + 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll + 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll + 2008-08-19 03:56 . 2008-04-14 00:12 188416 c:\windows\system32\wbem\snmpsmir.dll + 2008-08-19 03:56 . 2008-04-14 00:12 358400 c:\windows\system32\wbem\snmpincl.dll + 2008-08-19 03:56 . 2008-04-14 00:12 259072 c:\windows\system32\wbem\snmpcl.dll + 2008-08-19 03:56 . 2008-04-14 00:12 236544 c:\windows\system32\wbem\snmp\smi2smir.exe + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(9).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(8).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(7).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(6).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(5).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(4).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(3).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(2).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(15).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(14).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(13).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(12).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(11).dll + 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(10).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(9).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(8).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(7).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(6).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(5).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(4).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(3).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(2).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(16).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(15).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(14).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(13).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(12).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(11).dll + 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(10).dll + 2009-10-15 03:42 . 2009-10-15 03:42 185920 c:\windows\system32\rmoc3260.dll - 2008-01-19 00:45 . 2008-01-19 00:45 278528 c:\windows\system32\pncrt.dll + 2008-01-19 00:45 . 2009-10-15 03:41 278528 c:\windows\system32\pncrt.dll + 2006-05-07 00:24 . 2009-10-16 06:25 505346 c:\windows\system32\perfh009.dat + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(9).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(8).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(7).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(6).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(5).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(4).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(3).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(2).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(16).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(15).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(14).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(13).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(12).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(11).exe + 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(10).exe + 2008-08-19 03:56 . 2008-04-14 00:11 101888 c:\windows\system32\evntagnt.dll + 2008-08-19 03:56 . 2008-04-14 00:12 188416 c:\windows\system32\dllcache\snmpsmir.dll + 2008-08-19 03:56 . 2008-04-14 00:12 358400 c:\windows\system32\dllcache\snmpincl.dll + 2008-08-19 03:56 . 2008-04-14 00:12 259072 c:\windows\system32\dllcache\snmpcl.dll + 2008-08-19 03:56 . 2008-04-14 00:12 236544 c:\windows\system32\dllcache\smi2smir.exe + 2008-08-19 03:56 . 2008-04-14 00:11 101888 c:\windows\system32\dllcache\evntagnt.dll + 2009-02-19 22:47 . 2009-02-19 22:47 507904 c:\windows\system32\btwapi.dll + 2005-12-09 17:26 . 2005-12-09 17:26 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\unicows.dll + 2005-12-09 15:47 . 2005-12-09 15:47 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.exe + 2005-12-23 13:53 . 2005-12-23 13:53 163840 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.xml.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Windows.Forms.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 606208 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\system.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 540672 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Design.Resources.dll + 2005-12-23 13:52 . 2005-12-23 13:52 380928 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Deployment.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 327680 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Data.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Data.OracleClient.resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 400896 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\mscorrc.dll + 2005-12-23 13:53 . 2005-12-23 13:53 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\mscorlib.Resources.dll + 2005-12-23 13:53 . 2005-12-23 13:53 139264 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Tasks.resources.dll + 2005-12-23 13:52 . 2005-12-23 13:52 315392 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnetmmcext.resources.dll + 2005-12-23 13:52 . 2005-12-23 13:52 244224 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\Vsavb7rtUI.dll + 2005-12-23 13:53 . 2005-12-23 13:53 214016 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\vbc7ui.dll + 2005-12-23 13:52 . 2005-12-23 13:52 158208 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\cscompui.dll + 2009-10-16 06:16 . 2009-10-16 06:16 388608 c:\windows\Installer\ea2849.msi + 2009-10-15 02:07 . 2009-10-15 02:07 424448 c:\windows\Installer\ca6bf.msi + 2009-05-27 23:07 . 2009-05-27 23:07 585728 c:\windows\Installer\BBMediaSyncUninstall.exe + 2009-10-18 22:12 . 2009-10-18 22:12 974848 c:\windows\Installer\b4d28e5.msi + 2009-10-18 20:51 . 2009-10-18 20:51 380416 c:\windows\Installer\b067515.msi + 2009-10-18 20:24 . 2009-10-18 20:24 692736 c:\windows\Installer\aed539e.msi + 2009-10-18 17:23 . 2009-10-18 17:23 368128 c:\windows\Installer\a480deb.msi + 2009-10-15 22:53 . 2009-10-15 22:53 236032 c:\windows\Installer\760d07.msi + 2009-10-18 00:01 . 2009-10-18 00:01 500224 c:\windows\Installer\68e2dd7.msi + 2009-10-22 03:05 . 2009-10-22 03:05 201728 c:\windows\Installer\374b9a2.msi + 2009-10-16 11:44 . 2009-10-16 11:44 912384 c:\windows\Installer\2da7b.msi + 2009-10-10 03:22 . 2009-10-17 18:49 102400 c:\windows\Installer\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}\iTunesIco.exe - 2009-10-10 03:22 . 2009-10-10 03:22 102400 c:\windows\Installer\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}\iTunesIco.exe + 2009-10-15 07:35 . 2009-10-15 07:35 278528 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat + 2009-10-17 20:04 . 2009-10-17 20:04 323584 c:\windows\ERDNT\10-17-2009\Users\00000002\UsrClass.dat + 2009-10-17 20:04 . 2005-10-20 17:02 163328 c:\windows\ERDNT\10-17-2009\ERDNT.EXE + 2009-10-18 20:23 . 2009-10-18 20:23 163840 c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_es_b77a5c561934e089\System.xml.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 425984 c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 606208 c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 208896 c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_es_b77a5c561934e089\system.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 540672 c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Design.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 380928 c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Deployment.resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 327680 c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_es_b77a5c561934e089\System.Data.Resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 110592 c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_es_b77a5c561934e089\System.Data.OracleClient.resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 303104 c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.Resources.dll + 2009-10-16 06:16 . 2009-10-16 06:16 140904 c:\windows\assembly\GAC_MSIL\Microsoft.ServiceModel.Channels.Mail.ExchangeWebService\3.5.0.0__31bf3856ad364e35\Microsoft.ServiceModel.Channels.Mail.ExchangeWebService.dll + 2009-10-18 20:23 . 2009-10-18 20:23 139264 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll + 2009-10-18 20:23 . 2009-10-18 20:23 315392 c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_es_b03f5f7f11d50a3a\aspnetmmcext.resources.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll + 2008-07-29 13:05 . 2008-07-29 13:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll + 2008-07-29 13:05 . 2008-07-29 13:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll + 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll - 2006-12-02 06:25 . 2006-12-02 06:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll - 2006-12-02 06:25 . 2006-12-02 06:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll + 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll + 2008-02-07 18:05 . 2009-10-15 20:15 6898156 c:\windows\system32\Restore\rstrlog.dat + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(9).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(8).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(7).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(6).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(5).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(4).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(3).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(2).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(16).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(15).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(14).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(13).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(12).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(11).dll + 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(10).dll + 2006-02-14 23:20 . 2009-02-06 17:35 1486208 c:\windows\system32\LegitCheckControl.DLL + 2006-05-06 17:30 . 2009-10-15 20:18 2195784 c:\windows\system32\FNTCACHE.DAT - 2006-05-06 17:30 . 2009-10-10 03:29 2195784 c:\windows\system32\FNTCACHE.DAT + 2006-05-07 00:24 . 2009-10-16 01:42 1033728 c:\windows\system32\dllcache\explorer.exe + 2005-12-23 14:22 . 2005-12-23 14:22 1980416 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\langpack.msi + 2009-10-06 19:23 . 2009-10-06 19:23 4308992 c:\windows\Installer\e77a7b.msi + 2009-10-15 22:54 . 2009-10-15 22:54 1861120 c:\windows\Installer\760d11.msi + 2009-10-20 21:59 . 2009-10-20 21:59 1583616 c:\windows\Installer\3bef81b.msi + 2009-08-05 12:49 . 2009-08-05 12:49 3457024 c:\windows\Installer\25f66.msp + 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\25f55.msp + 2009-09-17 19:03 . 2009-09-17 19:03 4873216 c:\windows\Installer\25f45.msp + 2009-08-18 18:08 . 2009-08-18 18:08 1373696 c:\windows\Installer\25f34.msp + 2009-08-05 12:49 . 2009-08-05 12:49 3457024 c:\windows\Installer\226f262.msp + 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\226f251.msp + 2009-09-17 19:03 . 2009-09-17 19:03 4873216 c:\windows\Installer\226f241.msp + 2009-08-18 18:08 . 2009-08-18 18:08 1373696 c:\windows\Installer\226f230.msp + 2009-10-15 07:35 . 2009-10-15 07:35 9482240 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\ntuser.dat + 2009-10-15 07:35 . 2009-10-15 07:35 1372160 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\NTUSER.DAT + 2009-10-15 07:35 . 2009-10-15 07:35 1368064 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT + 2009-10-17 20:04 . 2009-10-17 20:04 9785344 c:\windows\ERDNT\10-17-2009\Users\00000001\ntuser.dat + 2009-10-16 11:10 . 2009-10-16 11:22 6985728 c:\windows\Downloaded Installations\{5840D406-AE94-4AEB-A7FA-C657865F0B8E}\Microsoft ActiveSync 4.0.msi + 2009-10-18 22:09 . 2009-10-18 22:09 16674304 c:\windows\Installer\b4d28dd.msi + 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\25f6d.msp + 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\226f269.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-06-07 04:46 . 2005-06-07 04:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe 2007-05-11 08:06 . 2007-10-11 01:51 39792 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe 2007-03-25 16:28 . 2002-09-11 03:26 368706 c:\program files\BroadJump\Client Foundation\bak\CFD.exe 2007-03-25 21:33 . 2006-03-28 21:48 622592 c:\program files\Brother\Brmfcmon\bak\BrMfcWnd.exe 2007-03-25 21:33 . 2005-01-27 00:02 49152 c:\program files\Brother\Brmfl06a\bak\BrStDvPt.exe 2007-03-25 21:33 . 2006-04-10 20:58 61440 c:\program files\Brother\ControlCenter3\bak\brctrcen.exe 2007-03-01 15:37 . 2007-03-01 15:37 2321600 c:\program files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe 2007-03-01 20:57 . 2007-03-01 20:57 153136 c:\program files\Common Files\Ahead\Lib\bak\NeroCheck.exe 2007-05-16 14:27 . 2007-05-16 14:27 153136 c:\program files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe 2008-01-19 00:45 . 2008-01-19 00:45 185896 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe 2009-10-15 03:41 . 2009-10-15 03:41 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe 2003-10-14 16:22 . 2003-10-14 16:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe 2005-06-02 17:21 . 2005-06-02 17:21 48752 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe 2007-11-25 17:47 . 2007-12-21 15:28 579072 c:\program files\Grisoft\AVG7\bak\avgcc.exe 2007-03-16 07:41 . 2006-07-13 21:34 9134080 c:\program files\Intel Audio Studio\bak\IntelAudioStudio.exe 2007-03-25 20:09 . 2006-12-15 09:23 75520 c:\program files\Java\jre1.5.0_11\bin\bak\jusched.exe 2007-06-29 12:24 . 2007-06-29 12:24 286720 c:\program files\QuickTime\bak\qttask.exe 2009-09-05 06:54 . 2009-09-05 06:54 417792 c:\program files\QuickTime\QTTask.exe 2005-03-17 20:45 . 2005-03-17 20:45 40960 c:\program files\ScanSoft\PaperPort\bak\IndexSearch.exe 2005-03-17 20:25 . 2005-03-17 20:25 57393 c:\program files\ScanSoft\PaperPort\bak\pptd40nt.exe 2006-11-04 00:20 . 2006-11-04 00:20 866584 c:\program files\Windows Defender\bak\MSASCui.exe 2007-11-16 03:51 . 2007-11-16 03:51 166304 c:\program files\Zune\bak\ZuneLauncher.exe 2006-05-07 00:24 . 2004-08-04 19:00 15360 c:\windows\system32\bak\ctfmon.exe 2006-05-07 00:24 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-18 17:28 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-15 39408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224] "RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2009-06-03 1406224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696] "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-02 1529856] "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-08-19 1070336] "GSM"="c:\program files\Gateway\GSM\bin\usm.exe" [2005-06-01 9216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-15 2007320] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 198160] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\SEXY SORCERESS\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OneNote Table Of Contents.onetoc2 [2008-1-4 3656] c:\documents and settings\BOYS\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\Guest\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OneNote Table Of Contents.onetoc2 [2009-3-31 3656] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-15 02:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon] [BU] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Monitor"=c:\windows\PixArt\PAC207\Monitor.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "nwiz"=nwiz.exe /installquiet /keeploaded /nodetect "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\BOYS\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"= "c:\\Program Files\\Ares Vista\\AresVista.exe"= "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "c:\\Program Files\\Motorola\\Motoconnect\\SWDL.exe"= "c:\\Program Files\\Motoconnect\\SWDL.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Adobe\\Adobe Bridge CS4\\Bridge.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\BitPim\\bitpimw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MessagingToolkit\\MessagingToolkit.BulkGateway.exe"= "c:\\Program Files\\Cell Phone Analyzer Demo\\dcpa.exe"= "c:\\Program Files\\Data Doctor - Mobile Phone Inspector\\MobileDoctor.exe"= "c:\\Program Files\\Data Doctor Forensic Software - Pocket PC (Evaluation)\\PDAForensic.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\QPST\\bin\\MemoryDebugApp.exe"= "c:\\Program Files\\Mobile Master\\MobileMaster.exe"= "c:\\Program Files\\MOBILedit! Forensic\\MOBILedit!.exe"= "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"= "c:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\QPST\\bin\\QPSTConfig.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Motorola Tools\\M-Explorer\\mexplorer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\QPST\\bin\\DMProxyWin.exe"= "c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"= "c:\\Program Files\\Gateway\\GSM\\BIN\\ssm.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9323:TCP"= 9323:TCP::Disabled:EKDiscovery "9324:TCP"= 9324:TCP:EKDiscovery "5353:TCP"= 5353:TCP::Disabled:Adobe CSI CS4 "9322:TCP"= 9322:TCP:EKDiscovery "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/14/2009 9:08 PM 161800] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/15/2009 6:10 PM 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/14/2009 9:08 PM 333192] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/14/2009 9:08 PM 360584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/14/2009 9:07 PM 285392] R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [4/28/2005 2:05 PM 122880] R2 CISMBIOS;CiSMBios Driver;c:\windows\system32\drivers\cismbios.sys [5/31/2005 11:53 PM 13312] R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [10/15/2009 8:13 PM 309008] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1169232] R2 LSM_SSM;LANDesk® System Manager System Space Manager;c:\program files\Gateway\GSM\BIN\SSM.exe [6/1/2005 12:04 AM 28672] R2 ModemView;LANDesk Message Handler Service;c:\program files\Gateway\GSM\BIN\modemview.exe [6/1/2005 12:13 AM 45056] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [10/13/2009 11:26 PM 91392] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/7/2008 2:28 PM 24652] R3 ICFWDM;ICFWDM;c:\windows\system32\drivers\icfwdm.sys [6/20/2002 12:35 PM 12064] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960] S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08 PM 32768] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 6:42 AM 64000] S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 7:30 PM 95232] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692] S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [9/28/2009 8:49 PM 43024] S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [9/28/2009 8:49 PM 77104] S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [9/28/2009 8:49 PM 60816] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/13/2009 8:08 PM 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/13/2009 8:08 PM 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [10/13/2009 8:08 PM 42752] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [10/13/2009 8:08 PM 23936] S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2/18/2009 12:26 PM 505984] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408] . Contents of the 'Scheduled Tasks' folder 2009-10-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06] 2009-10-19 c:\windows\Tasks\AiO Home Center Registration Remind Task.job - c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe [2009-03-17 19:12] 2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-10-18 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\1.1.0.4\DriverRobot.exe [2009-09-30 15:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://news.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: motive.com\patttbc.att DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB . - - - - ORPHANS REMOVED - - - - Toolbar-Visible - (no file) Toolbar-Welcome - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-23 23:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2009-10-24 23:21 ComboFix-quarantined-files.txt 2009-10-24 04:21 ComboFix2.txt 2009-10-15 07:44 ComboFix3.txt 2009-10-15 00:10 Pre-Run: 68,500,176,896 bytes free Post-Run: 68,751,753,216 bytes free - - End Of File - - 16E2B537F32E58E16A91921C3798F1F1

120500 View Member Profile	Oct 23 2009, 10:44 PM Post #6
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:27:22 PM, on 10/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Gateway\GSM\BIN\ssm.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Gateway\GSM\BIN\modemview.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Gateway\GSM\bin\usm.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\SEXY SORCERESS\My Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ancestry Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\Ancestry Toolbar\AncestryToolBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Ancestry Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\Ancestry Toolbar\AncestryToolBar.dll O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [GSM] C:\Program Files\Gateway\GSM\bin\usm.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - S-1-5-18 Startup: OneNote Table Of Contents.onetoc2 (User 'SYSTEM') O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - .DEFAULT Startup: OneNote Table Of Contents.onetoc2 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OneNote Table Of Contents.onetoc2 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - O16 - DPF: {54D53429-945C-4188-B460-C81356541882} - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} (TeleVoxAudioPlayer2.TVoxAudioPlayer) - https://www.mytelevox.com/labcalls/cabs/Tel...udioPlayer2.CAB O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: LANDesk® System Manager System Space Manager (LSM_SSM) - LANDesk® Software Ltd. - C:\Program Files\Gateway\GSM\BIN\ssm.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: LANDesk Message Handler Service (ModemView) - LANDesk® Software Ltd. - C:\Program Files\Gateway\GSM\BIN\modemview.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 15436 bytes I didn't mean to post the logs separately, but the combofix log is on the last post. The computer is pretty much the same. Everytime I open or change an internet page the tracking cookies warning pops up. Also even though pop up blocker is enabled, there are occasional pop up ads. Every once in a while it still tells me there is no internet connection, even though I am connected to the internet. I've had a crazy week, but will try to check in more often now that things have slowed down. Thanks again for your help! Tammy

LDTate View Member Profile	Oct 24 2009, 06:47 AM Post #7
Forum God Group: Root Admin Posts: 48,389 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Copy/paste the text in the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. CODE File:: c:\program files\0gpslast.002 c:\program files\00syssim.007 c:\program files\000sslog.006 c:\program files\000sclog.005 c:\program files\000rslog.004 c:\program files\000rclog.003 c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe c:\windows\Tasks\AiO Home Center Registration Remind Task.job c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe AWF:: c:\program files\Common Files\Real\Update_OB\bak\realsched.exe c:\program files\QuickTime\bak\qttask.exe c:\windows\system32\bak\ctfmon.exe Folder:: C:\Program Files\Viewpoint c:\program files\Norton 360 Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Drag CFScript.txt into ComboFix.exe Then post the results log and a new HijackThis log. Also please describe how your computer behaves at the moment.

120500 View Member Profile	Oct 24 2009, 11:09 AM Post #8
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	ComboFix 09-10-22.01 - SEXY SORCERESS 10/24/2009 11:27:28.4.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1105 [GMT -5:00] Running from: C:\Documents and Settings\SEXY SORCERESS\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\SEXY SORCERESS\Desktop\CFScript.txt AV: AVG Anti-Virus On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe" "c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe" "c:\program files\000rclog.003" "c:\program files\000rslog.004" "c:\program files\000sclog.005" "c:\program files\000sslog.006" "c:\program files\00syssim.007" "c:\program files\0gpslast.002" "c:\windows\Tasks\AiO Home Center Registration Remind Task.job" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe c:\program files\000rclog.003 c:\program files\000rslog.004 c:\program files\000sclog.005 c:\program files\000sslog.006 c:\program files\00syssim.007 c:\program files\0gpslast.002 c:\program files\Norton 360 c:\program files\Norton 360\N360Logs.xml c:\program files\Norton 360\url.txt c:\program files\Norton 360\urlhistory.txt C:\Program Files\Viewpoint C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Common\VistaBoot.sdll C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt c:\windows\Tasks\AiO Home Center Registration Remind Task.job . ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 ))))))))))))))))))))))))))))))) . 2009-10-22 03:05:10 . 2009-10-22 03:05:10 0 d-----w- C:\Program Files\Ancestry Toolbar 2009-10-20 21:59:51 . 2009-10-20 21:59:51 0 d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2009-10-20 21:59:13 . 2009-10-20 21:59:25 0 d-----w- C:\Program Files\SUPERAntiSpyware 2009-10-20 21:59:12 . 2009-10-20 21:59:12 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\SUPERAntiSpyware.com 2009-10-20 21:56:51 . 2009-10-20 21:56:51 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard 2009-10-20 17:20:16 . 2009-09-10 19:54:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2009-10-20 17:20:15 . 2009-09-10 19:53:50 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2009-10-19 14:42:23 . 2009-10-21 09:23:41 0 d-----w- C:\Program Files\ABC Amber Image Converter 2009-10-19 14:23:56 . 2009-10-19 14:23:56 0 d-----w- C:\Program Files\Free RAW Viewer 2009-10-19 11:51:25 . 2009-10-24 02:58:22 256 ----a-w- C:\Documents and Settings\SEXY SORCERESS\pool.bin 2009-10-19 08:54:44 . 2009-10-21 10:20:13 0 d-----w- C:\Program Files\ABC Amber Text Converter 2009-10-19 08:46:31 . 2009-10-21 09:23:41 0 d-----w- C:\Program Files\ABC Amber Paradox Converter 2009-10-19 08:13:56 . 2009-10-21 09:23:40 0 d-----w- C:\Program Files\ABC Amber DAT Converter 2009-10-19 07:24:11 . 2009-10-21 09:23:40 0 d-----w- C:\Program Files\ABC Amber BlackBerry Converter 2009-10-19 06:59:40 . 2009-10-19 06:59:40 0 ----a-w- C:\WINDOWS\nsreg.dat 2009-10-19 06:59:36 . 2009-10-19 06:59:39 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Local Settings\Application Data\Thunderbird 2009-10-19 06:59:35 . 2009-10-19 06:59:39 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Thunderbird 2009-10-19 06:10:23 . 2009-10-20 04:41:33 0 d-----w- C:\Program Files\Eudora 8.0 Beta 7 2009-10-19 00:28:19 . 2009-10-19 00:28:19 0 d-----w- C:\Program Files\Nucleus Kernel Internet Explorer Password Recovery 2009-10-18 23:14:42 . 2009-10-18 23:14:44 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Blackberry Desktop 2009-10-18 23:11:13 . 2009-10-18 23:11:13 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Research In Motion 2009-10-18 23:03:41 . 2009-10-18 23:03:41 256 ----a-w- C:\pool.bin 2009-10-18 22:12:11 . 2009-10-18 22:12:11 0 d-----w- C:\Documents and Settings\All Users\Application Data\Research In Motion 2009-10-18 22:11:40 . 2009-01-09 21:18:02 27136 ----a-r- C:\WINDOWS\system32\drivers\RimSerial.sys 2009-10-18 22:09:17 . 2009-10-18 22:09:17 0 d-----w- C:\Program Files\Common Files\Roxio Shared 2009-10-18 22:08:45 . 2009-10-18 22:09:23 0 d-----w- C:\Program Files\Common Files\Research In Motion 2009-10-18 22:08:42 . 2009-10-18 22:12:11 0 d-----w- C:\Program Files\Research In Motion 2009-10-18 21:03:16 . 2009-10-17 04:54:42 693760 ----a-w- C:\Program Files\BBSAKv1.6_Installer.msi 2009-10-18 20:56:55 . 2009-10-18 20:56:55 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\vlc 2009-10-18 20:51:09 . 2009-10-18 21:03:45 0 d-----w- C:\Program Files\BBSAK 2009-10-18 19:36:20 . 2009-10-21 09:23:43 0 d-----w- C:\Program Files\Data Doctor Recovery - SIM Card (Evaluation) 2009-10-18 00:01:19 . 2009-10-18 00:01:19 0 d-----w- C:\Program Files\tcpIQ 2009-10-17 20:03:48 . 2009-10-17 20:04:01 0 d-----w- C:\Program Files\ERUNT 2009-10-17 18:49:02 . 2009-10-17 18:50:27 0 d-----w- C:\Documents and Settings\Guest\Application Data\Apple Computer 2009-10-17 16:12:02 . 2009-10-17 16:12:02 0 d-----w- C:\My Music 2009-10-16 04:51:49 . 2009-10-16 04:51:49 0 d-----w- C:\Program Files\Windows Mobile Device Handbook 2009-10-16 02:31:18 . 2009-10-16 02:27:39 401720 ----a-w- C:\Program Files\HijackThis.exe 2009-10-16 01:13:40 . 2009-10-16 01:13:40 0 d-----w- C:\Documents and Settings\All Users\Application Data\IObit 2009-10-15 23:46:30 . 2009-10-17 23:44:07 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\IObit 2009-10-15 23:46:30 . 2009-10-16 01:13:38 0 d-----w- C:\Program Files\IObit 2009-10-15 23:10:51 . 2009-09-23 12:55:23 64288 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys 2009-10-15 22:54:11 . 2009-10-15 22:54:14 0 dc-h--w- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-15 22:53:38 . 2009-10-15 23:18:32 0 d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-10-15 22:53:38 . 2009-10-15 22:53:38 0 d-----w- C:\Program Files\Lavasoft 2009-10-15 20:15:08 . 2009-10-15 20:15:08 0 d-----w- C:\WINDOWS\system32\wbem\Repository 2009-10-15 20:14:11 . 2009-10-15 20:14:11 0 d-----w- C:\Program Files\Common Files\xing shared 2009-10-15 20:10:23 . 2009-10-15 20:10:25 0 d-----w- C:\Program Files\Symantec Client Security 2009-10-15 08:55:39 . 2009-10-15 20:10:24 0 d-----w- C:\Program Files\Symantec 2009-10-15 07:55:39 . 2009-10-15 20:12:23 0 d-----w- C:\RECYCLER(2) 2009-10-15 02:08:33 . 2009-10-15 20:47:20 0 d-----w- C:\$AVG 2009-10-15 02:08:15 . 2009-10-24 03:25:05 360584 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys 2009-10-15 02:08:15 . 2009-10-24 03:24:47 161800 ----a-w- C:\WINDOWS\system32\drivers\avgrkx86.sys 2009-10-15 02:08:15 . 2009-10-15 02:08:15 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll 2009-10-15 02:08:11 . 2009-10-15 02:08:11 333192 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys 2009-10-15 02:08:09 . 2009-10-24 03:25:04 28424 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys 2009-10-15 02:08:00 . 2009-10-24 03:25:22 0 d-----w- C:\WINDOWS\system32\drivers\Avg 2009-10-15 02:07:57 . 2009-10-15 20:13:56 0 d-----w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar 2009-10-15 02:07:42 . 2009-10-15 02:07:42 0 d-----w- C:\Program Files\AVG 2009-10-15 02:07:41 . 2009-10-15 02:07:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\avg9 2009-10-14 23:44:39 . 2009-10-14 23:44:39 0 d-----w- C:\Program Files\CCleaner 2009-10-14 23:44:04 . 2009-10-14 23:44:04 0 d-----w- C:\Program Files\DriverTool 2009-10-14 23:44:04 . 2009-10-14 23:44:04 0 d-----w- C:\Program Files\devshowall 2009-10-14 23:43:57 . 2009-10-14 23:43:57 0 d-----w- C:\Program Files\RSD_CMDA_General_5_1_6_Installation 2009-10-14 21:42:44 . 2009-10-14 21:42:44 0 d-----w- C:\Program Files\PhoneModels 2009-10-14 21:42:34 . 2009-10-14 21:42:44 0 d-----w- C:\Program Files\Pages 2009-10-14 21:40:12 . 2009-10-21 09:23:47 0 d-----w- C:\Program Files\Motorola Phone Tools 2009-10-14 17:56:10 . 2009-10-14 17:56:10 0 d-----w- C:\Program Files\newp2k 2009-10-14 17:54:47 . 2006-07-21 01:25:08 166 ----a-w- C:\Program Files\devshowall.zip 2009-10-14 14:43:27 . 2009-10-14 14:43:27 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Malwarebytes 2009-10-14 14:43:21 . 2009-10-20 17:20:47 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2009-10-14 14:43:21 . 2009-10-14 14:43:21 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-10-14 12:56:23 . 2009-10-14 12:56:23 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\SMSServant 2009-10-14 11:48:34 . 2009-10-14 11:48:34 0 d-----w- C:\Documents and Settings\Owner\Application Data\Windows Search 2009-10-14 09:30:10 . 2009-10-14 09:30:11 0 d-----w- C:\Program Files\MessagingToolkit 2009-10-14 07:16:38 . 2009-10-14 07:16:38 0 d-----w- C:\Program Files\LANDesk 2009-10-14 07:16:17 . 2009-10-14 07:15:06 10144 ------w- C:\WINDOWS\system32\drivers\asicio.sys 2009-10-14 07:16:08 . 2009-10-14 07:16:08 0 d-----w- C:\WINDOWS\Drivers 2009-10-14 06:54:41 . 2009-10-14 06:54:41 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Mobile Master 2009-10-14 06:53:44 . 2009-10-14 09:48:00 0 d-----w- C:\PIACCESS 2009-10-14 06:50:11 . 2009-10-21 09:23:45 0 d-----w- C:\Program Files\Mobile Master 2009-10-14 06:50:11 . 2009-10-14 06:50:20 0 d-----w- C:\Program Files\Common Files\Jumping Bytes 2009-10-14 06:49:52 . 2009-10-14 06:49:52 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Jumping Bytes 2009-10-14 06:45:39 . 2009-10-14 06:45:39 0 d-----w- C:\Program Files\MediaInfo 2009-10-14 01:08:08 . 2009-09-15 19:38:20 23936 ----a-w- C:\WINDOWS\system32\drivers\motport.sys 2009-10-14 01:08:07 . 2009-09-15 19:38:20 23936 ----a-w- C:\WINDOWS\system32\drivers\motmodem.sys 2009-10-14 01:08:07 . 2009-06-19 21:59:34 19712 ----a-w- C:\WINDOWS\system32\drivers\motccgp.sys 2009-10-14 01:08:07 . 2009-05-08 16:56:12 42752 ----a-w- C:\WINDOWS\system32\drivers\motodrv.sys 2009-10-14 01:08:07 . 2009-01-29 22:18:00 8320 ----a-w- C:\WINDOWS\system32\drivers\motccgpfl.sys 2009-10-14 01:08:07 . 2008-03-27 22:49:38 1112288 ----a-w- C:\WINDOWS\system32\wdfcoinstaller01007.dll 2009-10-14 01:08:07 . 2007-11-02 20:51:30 6400 ----a-w- C:\WINDOWS\system32\drivers\motswch.sys 2009-10-11 20:24:15 . 2009-10-11 20:28:41 0 d-----w- C:\Program Files\iPhone Explorer 2009-10-11 08:02:33 . 2009-10-11 08:02:34 0 d-----w- C:\WINDOWS\SQL9_KB960089_ENU 2009-10-10 19:24:17 . 2009-10-10 19:24:17 0 d-----w- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search 2009-10-10 03:19:57 . 2009-10-10 03:19:57 0 d-----w- C:\Program Files\iPod 2009-10-10 03:19:45 . 2009-10-10 03:21:19 0 d-----w- C:\Program Files\iTunes 2009-10-10 03:19:45 . 2009-10-10 03:21:19 0 d-----w- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-10 03:14:05 . 2009-10-10 03:14:08 0 d-----w- C:\Program Files\Apple Software Update 2009-10-10 03:13:38 . 2009-08-29 00:42:52 40448 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys 2009-10-10 03:13:38 . 2009-08-29 00:42:52 2065696 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll 2009-10-10 03:12:35 . 2009-10-10 03:19:54 0 d-----w- C:\Program Files\Common Files\Apple 2009-10-10 03:02:35 . 2009-10-10 03:02:35 0 d-----w- C:\Program Files\Microsoft Small Business 2009-10-10 02:48:45 . 2009-10-14 03:10:15 0 d-----w- C:\Program Files\Microsoft SQL Server 2009-10-10 02:30:54 . 2009-10-10 02:30:54 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Local Settings\Application Data\Microsoft Help 2009-10-10 02:03:39 . 2009-10-10 02:36:11 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\GetRightToGo 2009-10-08 21:36:48 . 2009-09-11 14:18:39 136192 -c----w- C:\WINDOWS\system32\dllcache\msv1_0.dll 2009-10-08 21:36:48 . 2009-06-25 08:25:26 54272 -c----w- C:\WINDOWS\system32\dllcache\wdigest.dll 2009-10-08 21:36:48 . 2009-06-25 08:25:26 301568 -c----w- C:\WINDOWS\system32\dllcache\kerberos.dll 2009-10-08 21:36:48 . 2009-06-24 11:18:41 92928 -c----w- C:\WINDOWS\system32\dllcache\ksecdd.sys 2009-10-07 22:01:48 . 2009-10-21 09:23:46 0 d-----w- C:\Program Files\Motoconnect 2009-10-06 00:24:22 . 2009-10-06 00:24:22 0 d-----w- C:\Program Files\LGUsbDriver 2009-10-04 16:05:55 . 2009-10-04 16:05:55 0 d-----w- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search 2009-10-03 22:28:56 . 2007-07-02 20:54:54 4333568 ----a-w- C:\Program Files\RSD Lite_3.8.msi 2009-10-03 21:15:22 . 2009-10-03 21:15:22 0 d-----w- C:\Program Files\P2K Programs 2009-10-03 21:13:01 . 2009-10-03 21:13:01 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\MobileAction 2009-10-03 19:47:59 . 2009-10-03 19:48:00 0 d-----w- C:\Program Files\CardRecovery 2009-10-03 19:16:09 . 2009-10-03 19:37:40 0 d-----w- C:\Program Files\GetData 2009-10-03 15:52:58 . 2009-10-21 09:23:43 0 d-----w- C:\Program Files\Data Doctor MS Access to MySQL Converter (Demo) 2009-10-03 15:44:12 . 2009-10-16 11:44:15 0 d-----w- C:\Program Files\Microsoft ActiveSync 2009-10-03 15:36:12 . 2009-10-21 09:23:43 0 d-----w- C:\Program Files\Data Doctor Forensic Software - Pocket PC (Evaluation) 2009-10-02 22:42:08 . 2009-10-01 15:29:14 195440 ------w- C:\WINDOWS\system32\MpSigStub.exe 2009-10-02 20:36:11 . 2009-10-02 20:36:11 0 d-----w- C:\Documents and Settings\BOYS\Application Data\Windows Desktop Search 2009-10-02 13:02:35 . 2009-10-02 13:45:23 567529 ----a-w- C:\Documents and Settings\SEXY SORCERESS\bitpim.dat 2009-10-02 11:54:26 . 2009-10-02 11:54:26 0 d-----w- C:\Program Files\Motorola Tools 2009-10-02 09:03:11 . 2009-10-02 09:03:11 28 ----a-w- C:\Program Files\MMS_push_info.bin 2009-10-02 09:03:11 . 2009-10-02 09:03:11 265 ----a-w- C:\Program Files\MMS_push_msg0.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-21 09:23:45 . 2007-03-16 07:39:01 0 d-----w- C:\Program Files\Microsoft Works 2009-10-21 09:23:42 . 2009-02-18 17:26:54 0 d-----w- C:\Program Files\CIF USB Camera 2009-10-21 09:23:42 . 2009-02-03 01:26:48 0 d-----w- C:\Program Files\ATTToolbar 2009-10-21 09:23:42 . 2009-02-03 01:25:20 0 d-----w- C:\Program Files\ATT-SST 2009-10-21 09:23:42 . 2007-03-27 17:38:19 0 d-----w- C:\Program Files\Avanquest update 2009-10-20 08:37:41 . 2007-06-12 01:25:46 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP 2009-10-19 08:02:18 . 2007-03-25 20:40:19 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-10-17 18:11:45 . 2009-02-03 01:26:50 0 d-----w- C:\Documents and Settings\All Users\Application Data\ATTToolbar 2009-10-16 18:48:14 . 2008-11-28 21:31:10 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\gtk-2.0 2009-10-16 06:15:41 . 2007-03-25 20:41:31 0 d-----w- C:\Program Files\Microsoft.NET 2009-10-16 02:47:05 . 2009-10-16 02:47:05 46046 ----a-w- C:\Program Files\startuplist.txt 2009-10-16 02:32:24 . 2009-10-16 02:32:24 14637 ----a-w- C:\Program Files\hijackthis.log 2009-10-16 01:42:00 . 2006-05-07 00:24:10 1033728 ------w- C:\WINDOWS\explorer.exe 2009-10-15 20:47:18 . 2007-04-06 17:10:15 92464 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-15 20:14:19 . 2008-01-19 00:45:31 0 d-----w- C:\Program Files\Common Files\Real 2009-10-15 19:22:16 . 2009-10-02 09:09:13 7680 --sha-w- C:\Program Files\Thumbs.db 2009-10-15 18:08:21 . 2007-03-16 07:44:11 0 d-----w- C:\Program Files\Common Files\Symantec Shared 2009-10-15 17:26:15 . 2007-03-16 07:39:26 0 d-----w- C:\Program Files\Intel 2009-10-15 08:56:53 . 2008-10-06 02:07:34 0 d-----w- C:\Documents and Settings\All Users\Application Data\Symantec 2009-10-15 08:43:43 . 2007-03-16 07:32:28 0 d-----w- C:\Program Files\Google 2009-10-15 03:41:41 . 2007-03-16 07:38:51 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll 2009-10-14 23:44:10 . 2007-03-16 07:38:35 0 d--h--w- C:\Program Files\InstallShield Installation Information 2009-10-14 21:53:11 . 2009-10-14 21:42:49 23633 ----a-w- C:\Program Files\Uninstall.ini 2009-10-14 21:38:27 . 2007-03-27 17:37:48 24192 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\usbsermptxp.sys 2009-10-14 21:38:26 . 2007-03-27 17:37:48 22768 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\usbsermpt.sys 2009-10-14 15:17:22 . 2007-08-28 00:03:07 0 d-----w- C:\Program Files\GamesBar 2009-10-14 11:50:32 . 2009-10-02 08:37:09 1681 ----a-w- C:\Program Files\.config 2009-10-14 11:44:00 . 2007-04-15 22:28:05 0 d-----w- C:\Documents and Settings\Owner\Application Data\vlc 2009-10-14 07:16:31 . 2007-03-16 07:48:08 0 d-----w- C:\Program Files\Gateway 2009-10-14 04:26:20 . 2007-06-21 05:56:53 0 d-----w- C:\Program Files\Common Files\Motorola Shared 2009-10-14 02:42:49 . 2007-07-13 14:47:50 0 d-----w- C:\Program Files\Windows Defender 2009-10-14 01:16:00 . 2009-10-14 01:16:00 756 ----a-w- C:\Program Files\PHONEC~1.000 2009-10-14 01:16:00 . 2009-10-14 01:16:00 4320 ----a-w- C:\Program Files\_setup.xml 2009-10-10 19:24:03 . 2009-03-23 02:10:32 92464 -c--a-w- C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-10 16:19:44 . 2007-04-14 03:35:37 0 d-----w- C:\Documents and Settings\Owner\Application Data\uTorrent 2009-10-10 05:45:04 . 2008-07-22 20:33:23 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Apple Computer 2009-10-10 04:54:51 . 2009-03-17 19:25:19 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple 2009-10-10 03:18:38 . 2007-12-25 04:04:32 0 d-----w- C:\Program Files\QuickTime 2009-10-10 03:17:23 . 2008-11-26 00:56:35 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-10-03 21:21:15 . 2007-03-27 18:01:11 79328 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmserd.sys 2009-10-03 21:21:15 . 2007-03-27 18:01:11 5936 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmwhnt.sys 2009-10-03 21:21:14 . 2007-03-27 18:01:11 9232 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmmdfl.sys 2009-10-03 21:21:14 . 2007-03-27 18:01:11 92064 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmmdm.sys 2009-10-03 21:21:14 . 2007-03-27 18:01:11 4048 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmcr.sys 2009-10-03 21:21:13 . 2007-03-27 18:01:11 66656 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmbus.sys 2009-10-03 21:21:13 . 2007-03-27 18:01:11 6208 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmcmnt.sys 2009-10-02 20:48:20 . 2007-07-17 00:40:58 60784 -c--a-w- C:\Documents and Settings\BOYS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-02 15:01:50 . 2009-10-02 08:37:09 0 ----a-w- C:\Program Files\Seem.lst 2009-10-02 14:03:15 . 2009-10-02 08:52:52 0 d-----w- C:\Program Files\3741829 2009-10-02 12:34:26 . 2009-10-02 12:20:02 487 ----a-w- C:\Program Files\P2kAutostart_daemon.log 2009-10-02 12:27:03 . 2009-10-02 12:26:56 1931052 ----a-w- C:\Program Files\SOURCEFILES 2009-10-02 11:13:17 . 2009-10-02 09:20:03 274 ----a-w- C:\Program Files\TempWebPage.htm 2009-10-02 10:47:59 . 2009-10-02 10:47:59 16 ----a-w- C:\Program Files\007D_0F3C.seem 2009-10-02 09:03:13 . 2009-10-02 09:03:13 10320 ----a-w- C:\Program Files\TmpTneDB.db 2009-10-02 09:02:52 . 2009-10-02 09:02:52 0 ----a-w- C:\Program Files\BREW_iTAP6_User_Dictionary 2009-10-02 09:02:51 . 2009-10-02 09:02:51 30680 ----a-w- C:\Program Files\AmAfsmToneDb.db 2009-10-02 09:02:51 . 2009-10-02 09:02:51 30680 ----a-w- C:\Program Files\AmAfsmTempToneDb.db 2009-10-02 09:02:51 . 2009-10-02 09:02:51 10400 ----a-w- C:\Program Files\AmAfsmDefaultToneDb.db 2009-10-02 09:02:51 . 2009-10-02 09:02:51 1019 ----a-w- C:\Program Files\AmAfsmToneListDb.db 2009-10-02 09:02:50 . 2009-10-02 09:02:50 300 ----a-w- C:\Program Files\ALARMCLOCK 2009-10-02 08:56:04 . 2009-10-02 08:56:04 178685 ----a-w- C:\Program Files\3gp 2009-10-02 08:55:30 . 2009-10-02 08:55:30 896 ----a-w- C:\Program Files\3_roam_idle1.bmp 2009-10-02 08:55:30 . 2009-10-02 08:55:30 896 ----a-w- C:\Program Files\3_nonantenna_idle1.bmp 2009-10-02 08:55:30 . 2009-10-02 08:55:30 896 ----a-w- C:\Program Files\3_idle1.bmp 2009-10-02 08:55:08 . 2009-10-02 08:49:16 0 d-----w- C:\Program Files\3741848 2009-10-02 08:54:38 . 2009-10-02 08:54:38 154257 ----a-w- C:\Program Files\3_10sec.mp3 2009-10-02 08:54:34 . 2009-10-02 08:49:16 0 d-----w- C:\Program Files\3741849 2009-10-02 08:54:15 . 2009-10-02 08:54:15 0 d-----w- C:\Program Files\3741833 2009-10-02 08:54:13 . 2009-10-02 08:54:13 7227 ----a-w- C:\Program Files\3.jpg 2009-10-02 08:53:59 . 2009-10-02 08:53:59 9772 ----a-w- C:\Program Files\359.jpg 2009-10-02 08:53:59 . 2009-10-02 08:53:59 8527 ----a-w- C:\Program Files\32.jpg 2009-10-02 08:53:59 . 2009-10-02 08:53:59 10121 ----a-w- C:\Program Files\398.jpg 2009-10-02 08:53:58 . 2009-10-02 08:53:58 7631 ----a-w- C:\Program Files\31.jpg 2009-10-02 08:53:40 . 2009-10-02 08:53:39 0 d-----w- C:\Program Files\3741832 2009-10-02 08:53:39 . 2009-10-02 08:53:39 0 d-----w- C:\Program Files\3741831 2009-10-02 08:53:29 . 2009-10-02 08:53:28 0 d-----w- C:\Program Files\3741853 2009-10-02 08:53:00 . 2009-10-02 08:53:00 23244 ----a-w- C:\Program Files\3.dat 2009-10-02 08:52:57 . 2009-10-02 08:52:56 0 d-----w- C:\Program Files\3741847 2009-10-02 08:52:55 . 2009-10-02 08:52:55 49724 ----a-w- C:\Program Files\3.wav 2009-10-02 08:52:52 . 2009-10-02 08:52:52 0 d-----w- C:\Program Files\3741830 2009-10-02 08:52:41 . 2009-10-02 08:52:40 0 d-----w- C:\Program Files\3741827 2009-10-02 08:52:28 . 2009-10-02 08:52:28 2408 ----a-w- C:\Program Files\3_idle7.bmp 2009-10-02 08:52:28 . 2009-10-02 08:52:28 1008 ----a-w- C:\Program Files\3_idle6.bmp 2009-10-02 08:52:28 . 2009-10-02 08:52:28 0 d-----w- C:\Program Files\3741826 2009-10-02 08:52:09 . 2009-10-02 08:52:09 0 d-----w- C:\Program Files\3741825 2009-10-02 08:50:59 . 2009-10-02 08:50:59 67742 ----a-w- C:\Program Files\354a.jpg 2009-10-02 08:50:57 . 2009-10-02 08:50:57 513572 ----a-w- C:\Program Files\3g2 2009-10-02 08:50:48 . 2009-10-02 08:50:48 1922189 ----a-w- C:\Program Files\35a.3g2 2009-10-02 08:50:22 . 2009-10-02 08:50:22 200216 ----a-w- C:\Program Files\356a.jpg 2009-10-02 08:50:21 . 2009-10-02 08:50:21 171552 ----a-w- C:\Program Files\355a.jpg 2009-10-02 08:50:13 . 2009-10-02 08:50:13 59638 ----a-w- C:\Program Files\3a.jpg 2009-10-02 08:50:07 . 2009-10-02 08:50:07 105455 ----a-w- C:\Program Files\35c.jpg 2009-10-02 08:50:06 . 2009-10-02 08:50:06 208341 ----a-w- C:\Program Files\35b.jpg 2009-10-02 08:50:04 . 2009-10-02 08:50:04 200203 ----a-w- C:\Program Files\35a.jpg 2009-10-02 08:50:02 . 2009-10-02 08:50:02 188898 ----a-w- C:\Program Files\34d.jpg 2009-10-02 08:50:01 . 2009-10-02 08:50:01 206691 ----a-w- C:\Program Files\34c.jpg 2009-09-30 20:04:00 . 2009-09-29 22:58:26 912 ----a-w- C:\Program Files\FAT Directory Entry.tpl 2009-09-30 16:46:09 . 2009-09-30 16:46:09 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01007.Wdf 2009-09-30 16:46:00 . 2009-09-30 16:46:00 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2009-09-30 16:40:01 . 2009-09-30 16:40:01 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf . ((((((((((((((((((((((((((((( SnapShot_2009-10-24_04.19.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-24 16:34:56 . 2009-10-24 16:34:56 16384 C:\WINDOWS\temp\Perflib_Perfdata_c70.dat + 2009-10-24 16:34:50 . 2009-10-24 16:34:50 16384 C:\WINDOWS\temp\Perflib_Perfdata_964.dat + 2009-10-24 16:34:46 . 2009-10-24 16:34:46 16384 C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-06-07 04:46:24 . 2005-06-07 04:46:24 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe 2007-05-11 08:06:32 . 2007-10-11 01:51:55 39792 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe 2007-03-25 16:28:30 . 2002-09-11 03:26:26 368706 C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe 2007-03-25 21:33:50 . 2006-03-28 21:48:54 622592 C:\Program Files\Brother\Brmfcmon\bak\BrMfcWnd.exe 2007-03-25 21:33:35 . 2005-01-27 00:02:22 49152 C:\Program Files\Brother\Brmfl06a\bak\BrStDvPt.exe 2007-03-25 21:33:48 . 2006-04-10 20:58:06 61440 C:\Program Files\Brother\ControlCenter3\bak\brctrcen.exe 2007-03-01 15:37:52 . 2007-03-01 15:37:52 2321600 C:\Program Files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe 2007-03-01 20:57:24 . 2007-03-01 20:57:24 153136 C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe 2007-05-16 14:27:16 . 2007-05-16 14:27:16 153136 C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe 2008-01-19 00:45:32 . 2008-01-19 00:45:32 185896 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe 2009-10-15 03:41:37 . 2009-10-15 03:41:37 198160 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 2003-10-14 16:22:30 . 2003-10-14 16:22:30 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe 2005-06-02 17:21:38 . 2005-06-02 17:21:38 48752 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe 2007-11-25 17:47:29 . 2007-12-21 15:28:57 579072 C:\Program Files\Grisoft\AVG7\bak\avgcc.exe 2007-03-16 07:41:18 . 2006-07-13 21:34:04 9134080 C:\Program Files\Intel Audio Studio\bak\IntelAudioStudio.exe 2007-03-25 20:09:40 . 2006-12-15 09:23:27 75520 C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe 2007-06-29 12:24:52 . 2007-06-29 12:24:52 286720 C:\Program Files\QuickTime\bak\qttask.exe 2009-09-05 06:54:42 . 2009-09-05 06:54:42 417792 C:\Program Files\QuickTime\QTTask.exe 2005-03-17 20:45:52 . 2005-03-17 20:45:52 40960 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe 2005-03-17 20:25:54 . 2005-03-17 20:25:54 57393 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe 2006-11-04 00:20:12 . 2006-11-04 00:20:12 866584 C:\Program Files\Windows Defender\bak\MSASCui.exe 2007-11-16 03:51:56 . 2007-11-16 03:51:56 166304 C:\Program Files\Zune\bak\ZuneLauncher.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 17:28:04 1115392] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-18 17:28:04 1115392 ----a-w- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 17:28:04 1115392] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-15 03:40:16 39408] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:39:52 1289000] "Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 14:55:40 2329224] "RIMDeviceManager"="C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2009-06-03 12:48:36 1406224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 06:42:26 212992] "SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-11 02:07:20 413696] "ATT-SST_McciTrayApp"="C:\Program Files\ATT-SST\McciTrayApp.exe" [2008-09-02 04:19:43 1529856] "Conime"="C:\WINDOWS\system32\conime.exe" [2008-04-14 00:12:15 27648] "EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 22:27:30 1511424] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-09-05 06:54:42 417792] "mumservice"="C:\Program Files\Motorola\Software Update\mumservice.exe" [2009-08-19 23:10:32 1070336] "GSM"="C:\Program Files\Gateway\GSM\bin\usm.exe" [2005-06-01 05:05:34 9216] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 21:19:00 7626752] "AVG9_TRAY"="C:\PROGRA~1\AVG\AVG9\avgtray.exe" [2009-10-24 03:25:09 2010904] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 03:41:37 198160] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-09-21 21:36:12 305440] "BlackBerryAutoUpdate"="C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 04:12:46 623960] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 08:18:18 437160] C:\Documents and Settings\SEXY SORCERESS\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OneNote Table Of Contents.onetoc2 [2008-1-4 3656] C:\Documents and Settings\BOYS\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OneNote Table Of Contents.onetoc2 [2009-3-31 3656] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-15 02:08:15 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon] [BU] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "nwiz"=nwiz.exe /installquiet /keeploaded /nodetect "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Documents and Settings\\BOYS\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"= "C:\\Program Files\\Ares Vista\\AresVista.exe"= "C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"= "C:\\Program Files\\Motorola\\Motoconnect\\SWDL.exe"= "C:\\Program Files\\Motoconnect\\SWDL.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Adobe\\Adobe Bridge CS4\\Bridge.exe"= "C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "C:\\Program Files\\BitPim\\bitpimw.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\MessagingToolkit\\MessagingToolkit.BulkGateway.exe"= "C:\\Program Files\\Cell Phone Analyzer Demo\\dcpa.exe"= "C:\\Program Files\\Data Doctor - Mobile Phone Inspector\\MobileDoctor.exe"= "C:\\Program Files\\Data Doctor Forensic Software - Pocket PC (Evaluation)\\PDAForensic.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\QPST\\bin\\MemoryDebugApp.exe"= "C:\\Program Files\\Mobile Master\\MobileMaster.exe"= "C:\\Program Files\\MOBILedit! Forensic\\MOBILedit!.exe"= "C:\\Program Files\\ATT-HSI\\McciBrowser.exe"= "C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"= "C:\\Program Files\\Motorola\\Software Update\\msu.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\QPST\\bin\\QPSTConfig.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\AVG\\AVG9\\avgam.exe"= "C:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "C:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "C:\\Program Files\\Motorola Tools\\M-Explorer\\mexplorer.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\QPST\\bin\\DMProxyWin.exe"= "C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"= "C:\\Program Files\\Gateway\\GSM\\BIN\\ssm.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9323:TCP"= 9323:TCP::Disabled:EKDiscovery "9324:TCP"= 9324:TCP:EKDiscovery "5353:TCP"= 5353:TCP::Disabled:Adobe CSI CS4 "9322:TCP"= 9322:TCP:EKDiscovery "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\drivers\avgrkx86.sys [10/14/2009 9:08:15 PM 161800] R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [10/15/2009 6:10:51 PM 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [10/14/2009 9:08:11 PM 333192] R1 AvgTdiX;AVG Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [10/14/2009 9:08:15 PM 360584] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24:54 PM 9968] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24:52 PM 74480] R2 avg9wd;AVG WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [10/14/2009 9:07:42 PM 285392] R2 CBA8;LANDesk® Management Agent;C:\Program Files\LANDesk\Shared Files\residentAgent.exe [4/28/2005 2:05:10 PM 122880] R2 CISMBIOS;CiSMBios Driver;C:\WINDOWS\system32\drivers\cismbios.sys [5/31/2005 11:53:20 PM 13312] R2 IS360service;IS360service;C:\Program Files\IObit\IObit Security 360\is360srv.exe [10/15/2009 8:13:40 PM 309008] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17:32 AM 1169232] R2 LSM_SSM;LANDesk® System Manager System Space Manager;C:\Program Files\Gateway\GSM\BIN\SSM.exe [6/1/2005 12:04:48 AM 28672] R2 ModemView;LANDesk Message Handler Service;C:\Program Files\Gateway\GSM\BIN\modemview.exe [6/1/2005 12:13:16 AM 45056] R2 MotoConnect Service;MotoConnect Service;C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [10/13/2009 11:26:40 PM 91392] R3 ICFWDM;ICFWDM;C:\WINDOWS\system32\drivers\icfwdm.sys [6/20/2002 12:35:30 PM 12064] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15:26 PM 279960] S2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08:26 PM 32768] S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" --> C:\Program Files\Viewpoint\Common\ViewpointService.exe [?] S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 6:42:56 AM 64000] S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\drivers\ubVeo532.sys [7/1/2002 7:30:16 PM 95232] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\drivers\el575ND5.sys [6/30/2006 11:44:58 PM 69692] S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\drivers\lgatbus.sys [9/28/2009 8:49:23 PM 43024] S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\drivers\lgatmdm.sys [9/28/2009 8:49:23 PM 77104] S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\drivers\lgatserd.sys [9/28/2009 8:49:23 PM 60816] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\drivers\motccgp.sys [10/13/2009 8:08:07 PM 19712] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\drivers\motccgpfl.sys [10/13/2009 8:08:07 PM 8320] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\drivers\motodrv.sys [10/13/2009 8:08:07 PM 42752] S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\drivers\motport.sys [10/13/2009 8:08:08 PM 23936] S3 PAC207;CIF USB Camera;C:\WINDOWS\system32\drivers\PFC027.SYS [2/18/2009 12:26:55 PM 505984] S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24:56 PM 7408] . Contents of the 'Scheduled Tasks' folder 2009-10-24 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2009-10-01 13:06:13] 2009-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12] 2009-10-18 C:\WINDOWS\Tasks\Driver Robot.job - C:\Program Files\Driver Robot\1.1.0.4\DriverRobot.exe [2009-09-30 14:29:29 . 2009-09-25 15:22:16] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:52:30 AM, on 10/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Gateway\GSM\BIN\ssm.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Gateway\GSM\BIN\modemview.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Gateway\GSM\bin\usm.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\SEXY SORCERESS\My Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ancestry Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\Ancestry Toolbar\AncestryToolBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Ancestry Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\Ancestry Toolbar\AncestryToolBar.dll O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [GSM] C:\Program Files\Gateway\GSM\bin\usm.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - S-1-5-18 Startup: OneNote Table Of Contents.onetoc2 (User 'SYSTEM') O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - .DEFAULT Startup: OneNote Table Of Contents.onetoc2 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OneNote Table Of Contents.onetoc2 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - O16 - DPF: {54D53429-945C-4188-B460-C81356541882} - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} (TeleVoxAudioPlayer2.TVoxAudioPlayer) - https://www.mytelevox.com/labcalls/cabs/Tel...udioPlayer2.CAB O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: LANDesk® System Manager System Space Manager (LSM_SSM) - LANDesk® Software Ltd. - C:\Program Files\Gateway\GSM\BIN\ssm.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: LANDesk Message Handler Service (ModemView) - LANDesk® Software Ltd. - C:\Program Files\Gateway\GSM\BIN\modemview.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe (file missing) O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 15457 bytes .

120500 View Member Profile	Oct 24 2009, 11:13 AM Post #9
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	I swear I think I'm in some scifi novel and this computer knows exactly what I'm doing...It acts worse if I'm trying to do something you told me to. Now the internet keeps going down & it will give different error messages i.e. "hosts not found" or "DSL is down" but the DSL light will be solid green. After about 5 times or resetting the modem and restarting internet explorer it will finally connect.

LDTate View Member Profile	Oct 24 2009, 05:43 PM Post #10
Forum God Group: Root Admin Posts: 48,389 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Using Internet Explorer, click on Kaspersky Online Scanner * You will be prompted to install an ActiveX component from Kaspersky, Click 'Yes'. * The program will launch and then start to download the latest definition files. * Once the scanner is installed and the definitions downloaded, click 'Next'. * Now click on 'Scan Settings' * In the scan settings make sure that the following are selected: o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard') o Scan Options: 'Scan Archives' and 'Scan Mail Bases' * Click 'OK' * Now under 'Select a target to scan' select 'My Computer' * The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected. * Now click on the 'Save as Text' button: * Save the file to your desktop. Please post the Kaspersky report and a new HijackThis log.

120500 View Member Profile	Oct 24 2009, 06:02 PM Post #11
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	I will try to do that, but my alien hasn't let me get online today since I posted my last reply. Have you ever read that book where the people's fingers started growing into the keyboard? Agh!!! I'm on my phone now, was hoping the next steps didn't involve going online...

LDTate View Member Profile	Oct 24 2009, 06:10 PM Post #12
Forum God Group: Root Admin Posts: 48,389 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Try unplugging the power and cables from you Modem / Router and wait for about 5 minutes. Plug the power / cables back in and turn it on. Let me know if that worked.

120500 View Member Profile	Oct 24 2009, 07:00 PM Post #13
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	QUOTE (LDTate @ Oct 24 2009, 07:10 PM) Try unplugging the power and cables from you Modem / Router and wait for about 5 minutes. Plug the power / cables back in and turn it on. Let me know if that worked.

LDTate View Member Profile	Oct 24 2009, 07:01 PM Post #14
Forum God Group: Root Admin Posts: 48,389 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Did you do that? Did it help?

120500 View Member Profile	Oct 24 2009, 07:04 PM Post #15
New Member Group: Authentic Member Posts: 15 Joined: 15-October 09 Member No.: 88,397 Operating System: windows XP	I tried that earlier, but I tried it again. No luck...

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Browsers, Internet and email Internet sound issue	4	Darla79	109	47 minutes ago Last post by: Darla79
		Infections Removal [Closed] Infection in browser? Need Help... 12	17	massierick	495	Today, 02:14 PM Last post by: extremeboy
		Infections Removal [Closed] WIN32 Infection - I think	2	KristyK	69	Today, 06:32 AM Last post by: CatByte
		Infections Removal [Closed] Computer keep running	2	gjw43	55	Today, 06:31 AM Last post by: CatByte

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 21st March 2010 - 04:58 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.