Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] internet connectivity gone, everything's screwy

Started by 120500 , Oct 15 2009 08:44 PM

  • This topic is locked This topic is locked
26 replies to this topic

#1 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 15 October 2009 - 08:44 PM

Hi, Please help...I have spent 2 days trying to figure out what's wrong, because I'm too stubborn to ask for help, so my brain is fried. Please forgive me if I don't make much sense. There have been too many problems to remember, but it started out with various programs not working anymore and the computer was very slow. I would get one program fixed and immediately something else would go wrong. I had an active internet connection, but IE would say unable to connect. Wasn't able to go to any trusted websites. Finally repaired that with system restore, but still as soon as I get one thing repaired another fails. DDS (Ver_09-06-26.01) - NTFSx86 Run by SEXY SORCERESS at 15:18:36.00 on Sat 10/17/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1060 [GMT -5:00] AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\System32\svchost.exe -k eapsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k dot3svc C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Gateway\GSM\BIN\ssm.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Gateway\GSM\BIN\modemview.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Gateway\GSM\bin\usm.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\SEXY SORCERESS\Local Settings\Temporary Internet Files\Content.IE5\FQQF1S6R\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://news.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe mRun: [GSM] c:\program files\gateway\gsm\bin\usm.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\sexyso~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\documents and settings\sexy sorceress\start menu\programs\startup\OneNote Table Of Contents.onetoc2 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: motive.com\patttbc.att DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} - hxxps://www.mytelevox.com/labcalls/cabs/TeleVoxAudioPlayer2.CAB DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} - hxxp://www.rockyou.com/RockYouImageUploader.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-14 161672] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-15 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-14 333192] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-14 28424] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-14 356616] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-14 285392] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312] R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2005-4-28 122880] R2 CISMBIOS;CiSMBios Driver;c:\windows\system32\drivers\cismbios.sys [2005-5-31 13312] R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-15 309008] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1169232] R2 LSM_SSM;LANDesk® System Manager System Space Manager;c:\program files\gateway\gsm\bin\SSM.exe [2005-6-1 28672] R2 ModemView;LANDesk Message Handler Service;c:\program files\gateway\gsm\bin\modemview.exe [2005-6-1 45056] R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-10-13 91392] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-7 24652] R3 ICFWDM;ICFWDM;c:\windows\system32\drivers\icfwdm.sys [2002-6-20 12064] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960] S2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-4-17 32768] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000] S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2002-7-1 95232] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692] S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2009-9-28 43024] S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2009-9-28 77104] S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2009-9-28 60816] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-10-13 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-10-13 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-10-13 42752] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-10-13 23936] S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2009-2-18 505984] =============== Created Last 30 ================ 2009-10-17 11:12 <DIR> --d----- C:\My Music 2009-10-15 23:51 <DIR> --d----- c:\program files\Windows Mobile Device Handbook 2009-10-15 21:31 401,720 a------- c:\program files\HijackThis.exe 2009-10-15 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit 2009-10-15 18:46 <DIR> --d----- c:\program files\IObit 2009-10-15 18:46 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\IObit 2009-10-15 18:10 64,288 a------- c:\windows\system32\drivers\Lbd.sys 2009-10-15 17:54 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-15 17:53 <DIR> --d----- c:\program files\Lavasoft 2009-10-15 15:15 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-10-15 15:14 <DIR> --d----- c:\program files\common files\xing shared 2009-10-15 15:12 <DIR> --d----- C:\ComboFix 2009-10-15 15:10 <DIR> --d----- c:\program files\Symantec Client Security 2009-10-15 03:55 <DIR> --d----- c:\program files\Symantec 2009-10-15 02:55 <DIR> --d----- C:\RECYCLER(2) 2009-10-15 01:48 73,574 a------- c:\windows\system32\nvapps.nvb 2009-10-15 01:36 4,926 a------- c:\windows\iis6.BAK 2009-10-15 01:36 1,393 a------- c:\windows\imsins.BAK 2009-10-15 01:05 <DIR> --d----- c:\temp\MotoConnectTemp 2009-10-14 21:08 <DIR> --d-h--- C:\$AVG 2009-10-14 21:08 356,616 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-14 21:08 161,672 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-10-14 21:08 12,464 a------- c:\windows\system32\avgrsstx.dll 2009-10-14 21:08 333,192 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-14 21:08 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-10-14 21:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2009-10-14 21:07 <DIR> --d----- c:\program files\AVG 2009-10-14 21:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9 2009-10-14 18:44 <DIR> --d----- c:\program files\CCleaner 2009-10-14 18:44 <DIR> --d----- c:\program files\DriverTool 2009-10-14 18:44 <DIR> --d----- c:\program files\devshowall 2009-10-14 18:43 <DIR> --d----- c:\program files\RSD_CMDA_General_5_1_6_Installation 2009-10-14 16:42 <DIR> --d----- c:\program files\PhoneModels 2009-10-14 16:42 <DIR> --d----- c:\program files\Pages 2009-10-14 16:40 <DIR> --d----- c:\program files\Motorola Phone Tools 2009-10-14 12:56 <DIR> --d----- c:\program files\newp2k 2009-10-14 12:54 166 a------- c:\program files\devshowall.zip 2009-10-14 10:10 <DIR> a-dshr-- C:\cmdcons 2009-10-14 10:08 236,544 a------- c:\windows\PEV.exe 2009-10-14 10:08 161,792 a------- c:\windows\SWREG.exe 2009-10-14 10:08 98,816 a------- c:\windows\sed.exe 2009-10-14 09:43 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Malwarebytes 2009-10-14 09:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-14 09:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-14 07:56 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\SMSServant 2009-10-14 04:48 103,437 -------- c:\windows\hpqins13.dat.temp 2009-10-14 04:30 <DIR> --d----- c:\program files\MessagingToolkit 2009-10-14 02:16 <DIR> --d----- c:\program files\LANDesk 2009-10-14 02:16 10,144 -------- c:\windows\system32\drivers\asicio.sys 2009-10-14 02:16 <DIR> --d----- c:\windows\Drivers 2009-10-14 02:07 32 a------- c:\windows\email.INI 2009-10-14 01:54 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Mobile Master 2009-10-14 01:53 <DIR> --d----- C:\PIACCESS 2009-10-14 01:50 <DIR> --d----- c:\program files\Mobile Master 2009-10-14 01:50 <DIR> --d----- c:\program files\common files\Jumping Bytes 2009-10-14 01:49 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Jumping Bytes 2009-10-14 01:45 <DIR> --d----- c:\program files\MediaInfo 2009-10-13 20:08 23,936 a------- c:\windows\system32\drivers\motport.sys 2009-10-13 20:08 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll 2009-10-13 20:08 42,752 a------- c:\windows\system32\drivers\motodrv.sys 2009-10-13 20:08 23,936 a------- c:\windows\system32\drivers\motmodem.sys 2009-10-13 20:08 19,712 a------- c:\windows\system32\drivers\motccgp.sys 2009-10-13 20:08 8,320 a------- c:\windows\system32\drivers\motccgpfl.sys 2009-10-13 20:08 6,400 a------- c:\windows\system32\drivers\motswch.sys 2009-10-13 01:57 3,250 a------- c:\windows\system32\wbem\Outlook_01ca4bd25ff05322.mof 2009-10-11 15:24 <DIR> --d----- c:\program files\iPhone Explorer 2009-10-11 03:02 <DIR> --d----- c:\windows\SQL9_KB960089_ENU 2009-10-09 22:19 <DIR> --d----- c:\program files\iPod 2009-10-09 22:19 <DIR> --d----- c:\program files\iTunes 2009-10-09 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-09 22:13 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-10-09 22:13 40,448 a------- c:\windows\system32\drivers\usbaapl.sys 2009-10-09 22:04 422 a------- c:\windows\system32\mapisvc.inf 2009-10-09 22:02 <DIR> --d----- c:\program files\Microsoft Small Business 2009-10-09 21:48 <DIR> --d----- c:\program files\Microsoft SQL Server 2009-10-09 21:03 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\GetRightToGo 2009-10-08 16:36 301,568 a------- c:\windows\system32\SET158A.tmp 2009-10-08 16:36 147,456 a------- c:\windows\system32\SET1588.tmp 2009-10-08 16:36 136,192 a------- c:\windows\system32\SET1589.tmp 2009-10-08 16:36 56,832 a------- c:\windows\system32\SET1587.tmp 2009-10-08 16:36 54,272 a------- c:\windows\system32\SET1586.tmp 2009-10-08 16:36 301,568 -c------ c:\windows\system32\dllcache\kerberos.dll 2009-10-08 16:36 136,192 -c------ c:\windows\system32\dllcache\msv1_0.dll 2009-10-08 16:36 92,928 -c------ c:\windows\system32\dllcache\ksecdd.sys 2009-10-08 16:36 54,272 -c------ c:\windows\system32\dllcache\wdigest.dll 2009-10-07 17:01 <DIR> --d----- c:\program files\Motoconnect 2009-10-05 19:24 <DIR> --d----- c:\program files\LGUsbDriver 2009-10-03 16:15 <DIR> --d----- c:\program files\P2K Programs 2009-10-03 16:13 0 a------- c:\windows\MessageExe.INI 2009-10-03 16:13 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\MobileAction 2009-10-03 14:47 <DIR> --d----- c:\program files\CardRecovery 2009-10-03 14:16 <DIR> --d----- c:\program files\GetData 2009-10-03 10:52 <DIR> --d----- c:\program files\Data Doctor MS Access to MySQL Converter (Demo) 2009-10-03 10:44 <DIR> --d----- c:\program files\Microsoft ActiveSync 2009-10-03 10:36 <DIR> --d----- c:\program files\Data Doctor Forensic Software - Pocket PC (Evaluation) 2009-10-02 17:42 195,440 -------- c:\windows\system32\MpSigStub.exe 2009-10-02 08:02 567,529 a------- c:\documents and settings\sexy sorceress\bitpim.dat 2009-10-02 06:54 <DIR> --d----- c:\program files\Motorola Tools 2009-10-02 04:09 7,680 a--sh--- c:\windows\Thumbs.db 2009-10-02 04:03 10,000 a------- c:\program files\MSGDB_msg_data.bin 2009-10-02 04:03 265 a------- c:\program files\MMS_push_msg0.bin 2009-10-02 04:03 28 a------- c:\program files\MMS_push_info.bin 2009-10-02 04:03 4,713 a------- c:\program files\EMS_message_1.bin 2009-10-02 04:03 4,713 a------- c:\program files\EMS_message_0.bin 2009-10-02 04:03 60 a------- c:\program files\EMS_concat_info.bin 2009-10-02 04:02 <DIR> --d----- c:\program files\mobile 2009-10-02 03:58 <DIR> --d----- c:\program files\brew_preloads 2009-10-02 03:56 <DIR> --d----- c:\program files\3741844 2009-10-02 03:56 <DIR> --d----- c:\program files\3 2009-10-02 03:56 <DIR> --d----- c:\program files\3741843 2009-10-02 03:55 <DIR> --d----- c:\program files\3741842 2009-10-02 03:55 <DIR> --d----- c:\program files\3741841 2009-10-02 03:55 <DIR> --d----- c:\program files\3741840 2009-10-02 03:55 <DIR> --d----- c:\program files\3741846 2009-10-02 03:55 <DIR> --d----- c:\program files\3741839 2009-10-02 03:55 <DIR> --d----- c:\program files\3741838 2009-10-02 03:55 <DIR> --d----- c:\program files\3741837 2009-10-02 03:54 <DIR> --d----- c:\program files\3741836 2009-10-02 03:54 <DIR> --d----- c:\program files\3741835 2009-10-02 03:54 <DIR> --d----- c:\program files\3741834 2009-10-02 03:54 <DIR> --d----- c:\program files\3741833 2009-10-02 03:53 <DIR> --d----- c:\program files\3741832 2009-10-02 03:53 <DIR> --d----- c:\program files\3741831 2009-10-02 03:53 <DIR> --d----- c:\program files\3741853 2009-10-02 03:53 23,244 a------- c:\program files\3.dat 2009-10-02 03:52 <DIR> --d----- c:\program files\3741847 2009-10-02 03:52 <DIR> --d----- c:\program files\3741830 2009-10-02 03:52 <DIR> --d----- c:\program files\3741829 2009-10-02 03:52 <DIR> --d----- c:\program files\3741827 2009-10-02 03:52 <DIR> --d----- c:\program files\3741826 2009-10-02 03:52 <DIR> --d----- c:\program files\3741825 2009-10-02 03:49 <DIR> --d----- c:\program files\3741850 2009-10-02 03:49 <DIR> --d----- c:\program files\3741849 2009-10-02 03:49 <DIR> --d----- c:\program files\3741848 2009-10-02 03:37 <DIR> a-d----- c:\program files\Spanish 2009-10-02 03:37 <DIR> a-d----- c:\program files\Backup 2009-10-02 03:37 4,608 a------- c:\program files\restart.exe 2009-10-02 03:37 <DIR> a-d----- c:\program files\Templates 2009-10-02 03:37 <DIR> a-d----- c:\program files\Temp 2009-10-02 03:37 <DIR> a-d----- c:\program files\p2kc_batch_example 2009-10-02 03:37 <DIR> a-d----- c:\program files\Hungarian 2009-10-02 03:37 <DIR> a-d----- c:\program files\German 2009-10-02 03:37 <DIR> a-d----- c:\program files\FtpDrive 2009-10-02 03:37 <DIR> a-d----- c:\program files\English 2009-10-02 03:37 386,560 a------- c:\program files\P2kCommander.exe 2009-10-02 03:37 24,576 a------- c:\program files\P2kAutostart.exe 2009-10-02 00:27 <DIR> --d----- c:\program files\Paraben Corporation 2009-10-02 00:08 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\MOBILeditForensic 2009-10-02 00:07 <DIR> --d----- c:\program files\MOBILedit! Forensic 2009-10-01 21:38 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\BKForensics 2009-10-01 21:35 <DIR> --d----- c:\program files\Cell Phone Analyzer Demo 2009-10-01 21:28 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Windows Search 2009-10-01 21:12 <DIR> --d----- c:\program files\uni2ascii-4.14 2009-09-30 14:40 <DIR> --d----- c:\program files\Polyglot 3000 2009-09-30 13:12 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Helios 2009-09-30 13:12 <DIR> --d----- c:\program files\TextPad 5 2009-09-30 11:46 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01007.Wdf 2009-09-30 11:46 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2009-09-30 11:40 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-09-30 11:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf 2009-09-30 11:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf 2009-09-30 11:39 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-09-30 11:36 <DIR> --d----- c:\program files\Motorola 2009-09-30 11:27 <DIR> --d----- c:\program files\Data Doctor Chat Archive Recovery Yahoo Messenger (Evaluation) 2009-09-30 10:52 21,632 a------- c:\windows\system32\drivers\lgusbmodem.sys 2009-09-30 10:52 19,840 a------- c:\windows\system32\drivers\lgusbdiag.sys 2009-09-30 10:52 12,416 a------- c:\windows\system32\drivers\lgusbbus.sys 2009-09-30 10:52 <DIR> --d----- c:\program files\LG Electronics 2009-09-30 10:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Innovative Solutions 2009-09-30 09:29 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\Blitware 2009-09-30 09:29 <DIR> --d----- c:\program files\Driver Robot 2009-09-30 09:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters 2009-09-30 01:04 <DIR> --d----- c:\program files\QPST 2009-09-30 00:17 <DIR> --d----- c:\program files\PowerEditor 2009-09-29 19:31 <DIR> --d----- c:\program files\Data Doctor - Mobile Phone Inspector 2009-09-29 19:22 <DIR> --d----- c:\program files\ART 2009-09-29 18:12 <DIR> --d----- c:\program files\WinHex 2009-09-29 17:58 1,803,264 a------- c:\program files\WinHex.exe 2009-09-29 17:58 239,003 a------- c:\program files\language.dat 2009-09-29 17:58 124,928 a------- c:\program files\Dialogs.dat 2009-09-29 17:58 28,567 a------- c:\program files\whxsetup.exe 2009-09-29 17:58 4,800 a------- c:\program files\timezone.dat 2009-09-29 17:58 512 a------- c:\program files\ebcdic.dat 2009-09-29 14:43 <DIR> --d----- c:\windows\system32\GroupPolicy 2009-09-29 14:43 <DIR> --d----- c:\program files\Windows Desktop Search 2009-09-29 14:41 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll 2009-09-29 14:41 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll 2009-09-29 14:41 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll 2009-09-29 00:46 <DIR> --d----- c:\docume~1\sexyso~1\applic~1\LG Electronics 2009-09-29 00:45 <DIR> --d----- c:\program files\LG PC Suite 2009-09-28 20:49 77,104 a------- c:\windows\system32\drivers\lgatmdm.sys 2009-09-28 20:49 60,816 a------- c:\windows\system32\drivers\lgatserd.sys 2009-09-28 20:49 43,024 a------- c:\windows\system32\drivers\lgatbus.sys 2009-09-28 20:49 6,112 a------- c:\windows\system32\drivers\lgatcmnt.sys 2009-09-28 20:49 6,112 a------- c:\windows\system32\drivers\lgatcm.sys 2009-09-28 20:49 5,712 a------- c:\windows\system32\drivers\lgatwhnt.sys 2009-09-28 20:49 5,712 a------- c:\windows\system32\drivers\lgatwh.sys 2009-09-28 19:40 <DIR> --d----- c:\program files\Drivers 2009-09-28 12:11 <DIR> --d----- c:\program files\BitPim 2009-09-22 21:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\f-secure 2009-09-21 07:40 12,800 a------- c:\windows\system32\EKDeviceServices.dll 2009-09-21 07:38 <DIR> --d----- c:\windows\system32\kodak 2009-09-21 07:38 376,832 a------- c:\windows\system32\EKIJ5000MON.dll 2009-09-21 07:38 110,592 a------- c:\windows\system32\EKIJCOINST04.dll ==================== Find3M ==================== 2009-10-15 21:47 46,046 a------- c:\program files\startuplist.txt 2009-10-15 21:32 14,637 a------- c:\program files\hijackthis.log 2009-10-15 20:42 1,033,728 a------- c:\windows\explorer.exe 2009-10-15 14:22 7,680 a--sh--- c:\program files\Thumbs.db 2009-10-14 22:41 348,160 a------- c:\windows\system32\msvcr71.dll 2009-10-14 16:53 23,633 a------- c:\program files\Uninstall.ini 2009-10-14 16:38 24,192 ac------ c:\documents and settings\sexy sorceress\usbsermptxp.sys 2009-10-14 16:38 22,768 ac------ c:\documents and settings\sexy sorceress\usbsermpt.sys 2009-10-14 06:50 1,681 a------- c:\program files\.config 2009-10-13 20:16 4,320 a------- c:\program files\_setup.xml 2009-10-13 20:16 756 a------- c:\program files\PHONEC~1.000 2009-10-13 20:15 169,984 a------- c:\program files\00MSTALK.017 2009-10-13 19:45 11 a---h--- c:\program files\00systmp.008 2009-10-13 19:42 0 a---h--- c:\program files\0gpslast.002 2009-10-13 19:42 0 a---h--- c:\program files\00syssim.007 2009-10-13 19:42 0 a---h--- c:\program files\000sslog.006 2009-10-13 19:42 0 a---h--- c:\program files\000sclog.005 2009-10-13 19:42 0 a---h--- c:\program files\000rslog.004 2009-10-13 19:42 0 a---h--- c:\program files\000rclog.003 2009-10-03 16:21 79,328 ac------ c:\documents and settings\sexy sorceress\mqdmserd.sys 2009-10-03 16:21 5,936 ac------ c:\documents and settings\sexy sorceress\mqdmwhnt.sys 2009-10-03 16:21 92,064 ac------ c:\documents and settings\sexy sorceress\mqdmmdm.sys 2009-10-03 16:21 9,232 ac------ c:\documents and settings\sexy sorceress\mqdmmdfl.sys 2009-10-03 16:21 4,048 ac------ c:\documents and settings\sexy sorceress\mqdmcr.sys 2009-10-03 16:21 66,656 ac------ c:\documents and settings\sexy sorceress\mqdmbus.sys 2009-10-03 16:21 6,208 ac------ c:\documents and settings\sexy sorceress\mqdmcmnt.sys 2009-10-02 10:01 0 a------- c:\program files\Seem.lst 2009-10-02 07:34 487 a------- c:\program files\P2kAutostart_daemon.log 2009-10-02 07:27 1,931,052 a------- c:\program files\SOURCEFILES 2009-10-02 06:13 274 a------- c:\program files\TempWebPage.htm 2009-10-02 05:47 16 a------- c:\program files\007D_0F3C.seem 2009-10-02 04:03 10,320 a------- c:\program files\TmpTneDB.db 2009-10-02 04:02 0 a------- c:\program files\BREW_iTAP6_User_Dictionary 2009-10-02 04:02 30,680 a------- c:\program files\AmAfsmToneDb.db 2009-10-02 04:02 30,680 a------- c:\program files\AmAfsmTempToneDb.db 2009-10-02 04:02 10,400 a------- c:\program files\AmAfsmDefaultToneDb.db 2009-10-02 04:02 1,019 a------- c:\program files\AmAfsmToneListDb.db 2009-10-02 04:02 300 a------- c:\program files\ALARMCLOCK 2009-10-02 03:56 178,685 a------- c:\program files\3gp 2009-10-02 03:55 896 a------- c:\program files\3_roam_idle1.bmp 2009-10-02 03:55 896 a------- c:\program files\3_nonantenna_idle1.bmp 2009-10-02 03:55 896 a------- c:\program files\3_idle1.bmp 2009-10-02 03:54 154,257 a------- c:\program files\3_10sec.mp3 2009-10-02 03:54 7,227 a------- c:\program files\3.jpg 2009-10-02 03:53 10,121 a------- c:\program files\398.jpg 2009-10-02 03:53 9,772 a------- c:\program files\359.jpg 2009-10-02 03:53 8,527 a------- c:\program files\32.jpg 2009-10-02 03:53 7,631 a------- c:\program files\31.jpg 2009-10-02 03:53 2,276 a------- c:\program files\3_clip.jpg 2009-10-02 03:52 49,724 a------- c:\program files\3.wav 2009-10-02 03:52 2,408 a------- c:\program files\3_idle7.bmp 2009-10-02 03:52 1,008 a------- c:\program files\3_idle6.bmp 2009-10-02 03:50 67,742 a------- c:\program files\354a.jpg 2009-10-02 03:50 513,572 a------- c:\program files\3g2 2009-10-02 03:50 1,922,189 a------- c:\program files\35a.3g2 2009-10-02 03:50 200,216 a------- c:\program files\356a.jpg 2009-10-02 03:50 171,552 a------- c:\program files\355a.jpg 2009-10-02 03:50 59,638 a------- c:\program files\3a.jpg 2009-10-02 03:50 105,455 a------- c:\program files\35c.jpg 2009-10-02 03:50 208,341 a------- c:\program files\35b.jpg 2009-10-02 03:50 200,203 a------- c:\program files\35a.jpg 2009-10-02 03:50 188,898 a------- c:\program files\34d.jpg 2009-10-02 03:50 206,691 a------- c:\program files\34c.jpg 2009-09-30 15:04 254,850 a------- c:\program files\winhex-d.hlp 2009-09-18 06:41 490 ac------ c:\docume~1\sexyso~1\applic~1\wklnhst.dat 2009-09-14 02:34 162 ----h--- c:\program files\0gpsinfo.001 2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 02:36 832,512 -------- c:\windows\system32\wininet.dll 2009-08-29 02:36 78,336 a------- c:\windows\system32\ieencode.dll 2009-08-29 02:36 17,408 a------- c:\windows\system32\corpol.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-08 11:01 7,168 a------- c:\program files\0MAPIlib.016 2009-08-08 11:01 400 a------- c:\program files\000APP~1.015 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 10:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe 2009-08-04 09:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe 2009-01-06 20:36 2,875 a------- c:\program files\Whatsnew.txt 2009-01-06 20:36 8,348 a------- c:\program files\ChangeLog.txt 2008-11-08 21:40 1,567 a------- c:\program files\p2kapps.rtf 2008-09-13 19:55 54 a------- c:\program files\hidden_files.lst 2008-04-16 08:28 40,960 a------- c:\program files\OP60B1~1.013 2008-04-16 08:28 172,032 a------- c:\program files\OPFFD3~1.010 2008-04-16 08:28 12,288 a------- c:\program files\OPDCF2~1.012 2008-04-16 08:27 35,840 a------- c:\program files\OPC3C5~1.011 2008-04-16 08:27 219,136 a------- c:\program files\OPENNE~1.014 2008-04-16 08:27 29,696 a------- c:\program files\OPENNE~2.009 2008-02-16 20:53 6,766 a------- c:\program files\Messages.lng 2007-09-09 23:26 16,630 a------- c:\program files\Icon_5.ico 2007-07-02 15:54 4,333,568 a------- c:\program files\RSD Lite_3.8.msi 2007-05-12 17:50 1,406 a------- c:\program files\scripting.txt 2007-05-12 17:42 6,769 a------- c:\program files\SeemFunctionsP2k05.csv 2007-05-12 17:24 14,510 a------- c:\program files\SeemFunctionsP2k.csv 2007-03-27 12:36 69,174,605 ac------ c:\program files\mpt404b.exe 2007-03-27 12:36 7,219 ac------ c:\program files\MPT.txt 2007-03-11 21:33 15,542 a------- c:\program files\SeemCategories.lst 2007-02-15 11:17:44 A------- 4,112,446 c:\program files\SWDL.exe 2009-01-27 07:49 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012720090128\index.dat ============= FINISH: 15:18:54.92 =============== ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/17 15:15 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: 00000046 Image Path: \Driver\00000046 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal[1].sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys Address: 0xB36D7000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "Lbd.sys" at address 0xba99887e #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xba6d684c #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xba6d6bec #: 119 Function Name: NtOpenKey Status: Hooked by "sptd.sys" at address 0xba6d1090 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xba6d6cc4 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xba6d6b44 #: 247 Function Name: NtSetValueKey Status: Hooked by "Lbd.sys" at address 0xba998bfe ==EOF==

Edited by 120500, 17 October 2009 - 02:39 PM.

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 October 2009 - 07:49 PM

Posted Image


DO NOT use any TOOLS such as Combofix, SmitfraudFix, MBAM, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Posted Image
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.


Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 October 2009 - 03:37 PM

Hi, Thanks so much for your help! I followed your suggestions and no problems were found. I will paste the log below. The computer is not acting too bad right now. Everytime I start internet explorer or go to a new page multiple tracking cookie warnings pop up. There are always at least 2 yield manager, and occasionally assorted other ones. I'm not sure if this is something new or just because I started using AVG. And sometimes the computer seems to "reset" out of the blue. It's almost like it completely shuts down and restarts, but the screen never goes out. It stays frozen on the desktop background. (only the background showing, no programs or start button) Also a few times it has gone offline in the middle of something and said I was not connected to the internet, but not like it did before. Simply hitting the back button brings it back up (refresh will not). I've been trying to use it as little as possible until it is fixed. Thanks again! Tammy Malwarebytes' Anti-Malware 1.41 Database version: 2998 Windows 5.1.2600 Service Pack 3 10/20/2009 2:47:37 PM mbam-log-2009-10-20 (14-47-37).txt Scan type: Quick Scan Objects scanned: 135678 Time elapsed: 50 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 October 2009 - 06:32 PM

Lets see if combofix finds anything.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Note: Combofix will run without the Recovery Console installed.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 23 October 2009 - 10:26 PM

ComboFix 09-10-22.01 - SEXY SORCERESS 10/23/2009 23:10.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1229 [GMT -5:00]
Running from: c:\documents and settings\SEXY SORCERESS\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - explorer.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-22 03:05 . 2009-10-22 03:05 -------- d-----w- c:\program files\Ancestry Toolbar
2009-10-20 21:59 . 2009-10-20 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-20 21:59 . 2009-10-20 21:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-20 21:59 . 2009-10-20 21:59 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\SUPERAntiSpyware.com
2009-10-20 21:56 . 2009-10-20 21:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-20 17:20 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 17:20 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 14:42 . 2009-10-21 09:23 -------- d-----w- c:\program files\ABC Amber Image Converter
2009-10-19 14:23 . 2009-10-19 14:23 -------- d-----w- c:\program files\Free RAW Viewer
2009-10-19 11:51 . 2009-10-24 02:58 256 ----a-w- c:\documents and settings\SEXY SORCERESS\pool.bin
2009-10-19 08:54 . 2009-10-21 10:20 -------- d-----w- c:\program files\ABC Amber Text Converter
2009-10-19 08:46 . 2009-10-21 09:23 -------- d-----w- c:\program files\ABC Amber Paradox Converter
2009-10-19 08:13 . 2009-10-21 09:23 -------- d-----w- c:\program files\ABC Amber DAT Converter
2009-10-19 07:24 . 2009-10-21 09:23 -------- d-----w- c:\program files\ABC Amber BlackBerry Converter
2009-10-19 06:59 . 2009-10-19 06:59 0 ----a-w- c:\windows\nsreg.dat
2009-10-19 06:59 . 2009-10-19 06:59 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Local Settings\Application Data\Thunderbird
2009-10-19 06:59 . 2009-10-19 06:59 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Thunderbird
2009-10-19 06:10 . 2009-10-20 04:41 -------- d-----w- c:\program files\Eudora 8.0 Beta 7
2009-10-19 00:28 . 2009-10-19 00:28 -------- d-----w- c:\program files\Nucleus Kernel Internet Explorer Password Recovery
2009-10-18 23:14 . 2009-10-18 23:14 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Blackberry Desktop
2009-10-18 23:11 . 2009-10-18 23:11 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Research In Motion
2009-10-18 23:03 . 2009-10-18 23:03 256 ----a-w- C:\pool.bin
2009-10-18 22:12 . 2009-10-18 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-10-18 22:11 . 2009-01-09 21:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-10-18 22:09 . 2009-10-18 22:09 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-18 22:08 . 2009-10-18 22:09 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-18 22:08 . 2009-10-18 22:12 -------- d-----w- c:\program files\Research In Motion
2009-10-18 21:03 . 2009-10-17 04:54 693760 ----a-w- c:\program files\BBSAKv1.6_Installer.msi
2009-10-18 20:56 . 2009-10-18 20:56 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\vlc
2009-10-18 20:51 . 2009-10-18 21:03 -------- d-----w- c:\program files\BBSAK
2009-10-18 19:36 . 2009-10-21 09:23 -------- d-----w- c:\program files\Data Doctor Recovery - SIM Card (Evaluation)
2009-10-18 00:01 . 2009-10-18 00:01 -------- d-----w- c:\program files\tcpIQ
2009-10-17 20:03 . 2009-10-17 20:04 -------- d-----w- c:\program files\ERUNT
2009-10-17 18:49 . 2009-10-17 18:50 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-10-17 16:12 . 2009-10-17 16:12 -------- d-----w- C:\My Music
2009-10-16 04:51 . 2009-10-16 04:51 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2009-10-16 02:31 . 2009-10-16 02:27 401720 ----a-w- c:\program files\HijackThis.exe
2009-10-16 01:13 . 2009-10-16 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-10-15 23:46 . 2009-10-17 23:44 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\IObit
2009-10-15 23:46 . 2009-10-16 01:13 -------- d-----w- c:\program files\IObit
2009-10-15 23:10 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-15 22:54 . 2009-10-15 22:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-15 22:53 . 2009-10-15 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-15 22:53 . 2009-10-15 22:53 -------- d-----w- c:\program files\Lavasoft
2009-10-15 20:15 . 2009-10-15 20:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-15 20:14 . 2009-10-15 20:14 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-15 20:10 . 2009-10-15 20:10 -------- d-----w- c:\program files\Symantec Client Security
2009-10-15 08:55 . 2009-10-15 20:10 -------- d-----w- c:\program files\Symantec
2009-10-15 07:55 . 2009-10-15 20:12 -------- d-----w- C:\RECYCLER(2)
2009-10-15 02:08 . 2009-10-15 20:47 -------- d-----w- C:\$AVG
2009-10-15 02:08 . 2009-10-24 03:25 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-15 02:08 . 2009-10-24 03:24 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-15 02:08 . 2009-10-15 02:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-15 02:08 . 2009-10-15 02:08 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-15 02:08 . 2009-10-24 03:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-15 02:08 . 2009-10-24 03:25 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-15 02:07 . 2009-10-15 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-15 02:07 . 2009-10-15 02:07 -------- d-----w- c:\program files\AVG
2009-10-15 02:07 . 2009-10-15 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-14 23:44 . 2009-10-14 23:44 -------- d-----w- c:\program files\CCleaner
2009-10-14 23:44 . 2009-10-14 23:44 -------- d-----w- c:\program files\DriverTool
2009-10-14 23:44 . 2009-10-14 23:44 -------- d-----w- c:\program files\devshowall
2009-10-14 23:43 . 2009-10-14 23:43 -------- d-----w- c:\program files\RSD_CMDA_General_5_1_6_Installation
2009-10-14 21:42 . 2009-10-14 21:42 -------- d-----w- c:\program files\PhoneModels
2009-10-14 21:42 . 2009-10-14 21:42 -------- d-----w- c:\program files\Pages
2009-10-14 21:40 . 2009-10-21 09:23 -------- d-----w- c:\program files\Motorola Phone Tools
2009-10-14 17:56 . 2009-10-14 17:56 -------- d-----w- c:\program files\newp2k
2009-10-14 17:54 . 2006-07-21 01:25 166 ----a-w- c:\program files\devshowall.zip
2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Malwarebytes
2009-10-14 14:43 . 2009-10-20 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-14 12:56 . 2009-10-14 12:56 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\SMSServant
2009-10-14 11:48 . 2009-10-14 11:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2009-10-14 09:30 . 2009-10-14 09:30 -------- d-----w- c:\program files\MessagingToolkit
2009-10-14 07:16 . 2009-10-14 07:16 -------- d-----w- c:\program files\LANDesk
2009-10-14 07:16 . 2009-10-14 07:15 10144 ------w- c:\windows\system32\drivers\asicio.sys
2009-10-14 07:16 . 2009-10-14 07:16 -------- d-----w- c:\windows\Drivers
2009-10-14 06:54 . 2009-10-14 06:54 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Mobile Master
2009-10-14 06:53 . 2009-10-14 09:48 -------- d-----w- C:\PIACCESS
2009-10-14 06:50 . 2009-10-21 09:23 -------- d-----w- c:\program files\Mobile Master
2009-10-14 06:50 . 2009-10-14 06:50 -------- d-----w- c:\program files\Common Files\Jumping Bytes
2009-10-14 06:49 . 2009-10-14 06:49 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Jumping Bytes
2009-10-14 06:45 . 2009-10-14 06:45 -------- d-----w- c:\program files\MediaInfo
2009-10-14 01:08 . 2009-09-15 19:38 23936 ----a-w- c:\windows\system32\drivers\motport.sys
2009-10-14 01:08 . 2009-09-15 19:38 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys
2009-10-14 01:08 . 2009-06-19 21:59 19712 ----a-w- c:\windows\system32\drivers\motccgp.sys
2009-10-14 01:08 . 2009-05-08 16:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys
2009-10-14 01:08 . 2009-01-29 22:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2009-10-14 01:08 . 2008-03-27 22:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-14 01:08 . 2007-11-02 20:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2009-10-11 20:24 . 2009-10-11 20:28 -------- d-----w- c:\program files\iPhone Explorer
2009-10-11 08:02 . 2009-10-11 08:02 -------- d-----w- c:\windows\SQL9_KB960089_ENU
2009-10-10 19:24 . 2009-10-10 19:24 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search
2009-10-10 03:19 . 2009-10-10 03:19 -------- d-----w- c:\program files\iPod
2009-10-10 03:19 . 2009-10-10 03:21 -------- d-----w- c:\program files\iTunes
2009-10-10 03:19 . 2009-10-10 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-10 03:14 . 2009-10-10 03:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-10 03:13 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-10 03:13 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-10 03:12 . 2009-10-10 03:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-10 03:02 . 2009-10-10 03:02 -------- d-----w- c:\program files\Microsoft Small Business
2009-10-10 02:48 . 2009-10-14 03:10 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-10 02:30 . 2009-10-10 02:30 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Local Settings\Application Data\Microsoft Help
2009-10-10 02:03 . 2009-10-10 02:36 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\GetRightToGo
2009-10-08 21:36 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-08 21:36 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-08 21:36 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-08 21:36 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-10-07 22:01 . 2009-10-21 09:23 -------- d-----w- c:\program files\Motoconnect
2009-10-06 00:24 . 2009-10-06 00:24 -------- d-----w- c:\program files\LGUsbDriver
2009-10-04 16:05 . 2009-10-04 16:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2009-10-03 22:28 . 2007-07-02 20:54 4333568 ----a-w- c:\program files\RSD Lite_3.8.msi
2009-10-03 21:15 . 2009-10-03 21:15 -------- d-----w- c:\program files\P2K Programs
2009-10-03 21:13 . 2009-10-03 21:13 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\MobileAction
2009-10-03 19:47 . 2009-10-03 19:48 -------- d-----w- c:\program files\CardRecovery
2009-10-03 19:16 . 2009-10-03 19:37 -------- d-----w- c:\program files\GetData
2009-10-03 15:52 . 2009-10-21 09:23 -------- d-----w- c:\program files\Data Doctor MS Access to MySQL Converter (Demo)
2009-10-03 15:44 . 2009-10-16 11:44 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-03 15:36 . 2009-10-21 09:23 -------- d-----w- c:\program files\Data Doctor Forensic Software - Pocket PC (Evaluation)
2009-10-02 22:42 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 20:36 . 2009-10-02 20:36 -------- d-----w- c:\documents and settings\BOYS\Application Data\Windows Desktop Search
2009-10-02 13:02 . 2009-10-02 13:45 567529 ----a-w- c:\documents and settings\SEXY SORCERESS\bitpim.dat
2009-10-02 11:54 . 2009-10-02 11:54 -------- d-----w- c:\program files\Motorola Tools
2009-10-02 09:03 . 2009-10-02 09:03 28 ----a-w- c:\program files\MMS_push_info.bin
2009-10-02 09:03 . 2009-10-02 09:03 265 ----a-w- c:\program files\MMS_push_msg0.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 09:23 . 2007-03-16 07:39 -------- d-----w- c:\program files\Microsoft Works
2009-10-21 09:23 . 2009-02-18 17:26 -------- d-----w- c:\program files\CIF USB Camera
2009-10-21 09:23 . 2009-02-03 01:26 -------- d-----w- c:\program files\ATTToolbar
2009-10-21 09:23 . 2009-02-03 01:25 -------- d-----w- c:\program files\ATT-SST
2009-10-21 09:23 . 2007-03-27 17:38 -------- d-----w- c:\program files\Avanquest update
2009-10-20 08:37 . 2007-06-12 01:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 08:02 . 2007-03-25 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-17 18:11 . 2009-02-03 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-10-16 18:48 . 2008-11-28 21:31 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\gtk-2.0
2009-10-16 06:15 . 2007-03-25 20:41 -------- d-----w- c:\program files\Microsoft.NET
2009-10-16 02:47 . 2009-10-16 02:47 46046 ----a-w- c:\program files\startuplist.txt
2009-10-16 02:32 . 2009-10-16 02:32 14637 ----a-w- c:\program files\hijackthis.log
2009-10-16 01:42 . 2006-05-07 00:24 1033728 ----a-w- c:\windows\explorer.exe
2009-10-15 20:47 . 2007-04-06 17:10 92464 -c--a-w- c:\documents and settings\SEXY SORCERESS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 20:14 . 2008-01-19 00:45 -------- d-----w- c:\program files\Common Files\Real
2009-10-15 19:22 . 2009-10-02 09:09 7680 --sha-w- c:\program files\Thumbs.db
2009-10-15 18:08 . 2007-03-16 07:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-15 17:26 . 2007-03-16 07:39 -------- d-----w- c:\program files\Intel
2009-10-15 08:56 . 2008-10-06 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-15 08:43 . 2007-03-16 07:32 -------- d-----w- c:\program files\Google
2009-10-15 03:41 . 2007-03-16 07:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-15 00:58 . 2008-08-03 19:52 -------- d-----w- c:\program files\Norton 360
2009-10-14 23:44 . 2007-03-16 07:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 21:53 . 2009-10-14 21:42 23633 ----a-w- c:\program files\Uninstall.ini
2009-10-14 21:38 . 2007-03-27 17:37 24192 -c--a-w- c:\documents and settings\SEXY SORCERESS\usbsermptxp.sys
2009-10-14 21:38 . 2007-03-27 17:37 22768 -c--a-w- c:\documents and settings\SEXY SORCERESS\usbsermpt.sys
2009-10-14 15:17 . 2007-08-28 00:03 -------- d-----w- c:\program files\GamesBar
2009-10-14 11:50 . 2009-10-02 08:37 1681 ----a-w- c:\program files\.config
2009-10-14 11:44 . 2007-04-15 22:28 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-10-14 07:16 . 2007-03-16 07:48 -------- d-----w- c:\program files\Gateway
2009-10-14 04:26 . 2007-06-21 05:56 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-10-14 02:42 . 2007-07-13 14:47 -------- d-----w- c:\program files\Windows Defender
2009-10-14 01:16 . 2009-10-14 01:16 756 ----a-w- c:\program files\PHONEC~1.000
2009-10-14 01:16 . 2009-10-14 01:16 4320 ----a-w- c:\program files\_setup.xml
2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\0gpslast.002
2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\00syssim.007
2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\000sslog.006
2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\000sclog.005
2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\000rslog.004
2009-10-14 00:42 . 2009-10-14 00:42 0 ---ha-w- c:\program files\000rclog.003
2009-10-10 19:24 . 2009-03-23 02:10 92464 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-10 16:19 . 2007-04-14 03:35 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-10-10 05:45 . 2008-07-22 20:33 -------- d-----w- c:\documents and settings\SEXY SORCERESS\Application Data\Apple Computer
2009-10-10 04:54 . 2009-03-17 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-10 03:18 . 2007-12-25 04:04 -------- d-----w- c:\program files\QuickTime
2009-10-10 03:17 . 2008-11-26 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-03 21:21 . 2007-03-27 18:01 79328 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmserd.sys
2009-10-03 21:21 . 2007-03-27 18:01 5936 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmwhnt.sys
2009-10-03 21:21 . 2007-03-27 18:01 9232 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmmdfl.sys
2009-10-03 21:21 . 2007-03-27 18:01 92064 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmmdm.sys
2009-10-03 21:21 . 2007-03-27 18:01 4048 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmcr.sys
2009-10-03 21:21 . 2007-03-27 18:01 66656 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmbus.sys
2009-10-03 21:21 . 2007-03-27 18:01 6208 -c--a-w- c:\documents and settings\SEXY SORCERESS\mqdmcmnt.sys
2009-10-02 20:48 . 2007-07-17 00:40 60784 -c--a-w- c:\documents and settings\BOYS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-02 15:01 . 2009-10-02 08:37 0 ----a-w- c:\program files\Seem.lst
2009-10-02 14:03 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741829
2009-10-02 12:34 . 2009-10-02 12:20 487 ----a-w- c:\program files\P2kAutostart_daemon.log
2009-10-02 12:27 . 2009-10-02 12:26 1931052 ----a-w- c:\program files\SOURCEFILES
2009-10-02 11:13 . 2009-10-02 09:20 274 ----a-w- c:\program files\TempWebPage.htm
2009-10-02 10:47 . 2009-10-02 10:47 16 ----a-w- c:\program files\007D_0F3C.seem
2009-10-02 09:03 . 2009-10-02 09:03 10320 ----a-w- c:\program files\TmpTneDB.db
2009-10-02 09:02 . 2009-10-02 09:02 0 ----a-w- c:\program files\BREW_iTAP6_User_Dictionary
2009-10-02 09:02 . 2009-10-02 09:02 30680 ----a-w- c:\program files\AmAfsmToneDb.db
2009-10-02 09:02 . 2009-10-02 09:02 30680 ----a-w- c:\program files\AmAfsmTempToneDb.db
2009-10-02 09:02 . 2009-10-02 09:02 10400 ----a-w- c:\program files\AmAfsmDefaultToneDb.db
2009-10-02 09:02 . 2009-10-02 09:02 1019 ----a-w- c:\program files\AmAfsmToneListDb.db
2009-10-02 09:02 . 2009-10-02 09:02 300 ----a-w- c:\program files\ALARMCLOCK
2009-10-02 08:56 . 2009-10-02 08:56 178685 ----a-w- c:\program files\3gp
2009-10-02 08:55 . 2009-10-02 08:55 896 ----a-w- c:\program files\3_roam_idle1.bmp
2009-10-02 08:55 . 2009-10-02 08:55 896 ----a-w- c:\program files\3_nonantenna_idle1.bmp
2009-10-02 08:55 . 2009-10-02 08:55 896 ----a-w- c:\program files\3_idle1.bmp
2009-10-02 08:55 . 2009-10-02 08:49 -------- d-----w- c:\program files\3741848
2009-10-02 08:54 . 2009-10-02 08:54 154257 ----a-w- c:\program files\3_10sec.mp3
2009-10-02 08:54 . 2009-10-02 08:49 -------- d-----w- c:\program files\3741849
2009-10-02 08:54 . 2009-10-02 08:54 -------- d-----w- c:\program files\3741833
2009-10-02 08:54 . 2009-10-02 08:54 7227 ----a-w- c:\program files\3.jpg
2009-10-02 08:53 . 2009-10-02 08:53 9772 ----a-w- c:\program files\359.jpg
2009-10-02 08:53 . 2009-10-02 08:53 8527 ----a-w- c:\program files\32.jpg
2009-10-02 08:53 . 2009-10-02 08:53 10121 ----a-w- c:\program files\398.jpg
2009-10-02 08:53 . 2009-10-02 08:53 7631 ----a-w- c:\program files\31.jpg
2009-10-02 08:53 . 2009-10-02 08:53 -------- d-----w- c:\program files\3741832
2009-10-02 08:53 . 2009-10-02 08:53 -------- d-----w- c:\program files\3741831
2009-10-02 08:53 . 2009-10-02 08:53 -------- d-----w- c:\program files\3741853
2009-10-02 08:53 . 2009-10-02 08:53 23244 ----a-w- c:\program files\3.dat
2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741847
2009-10-02 08:52 . 2009-10-02 08:52 49724 ----a-w- c:\program files\3.wav
2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741830
2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741827
2009-10-02 08:52 . 2009-10-02 08:52 2408 ----a-w- c:\program files\3_idle7.bmp
2009-10-02 08:52 . 2009-10-02 08:52 1008 ----a-w- c:\program files\3_idle6.bmp
2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741826
2009-10-02 08:52 . 2009-10-02 08:52 -------- d-----w- c:\program files\3741825
2009-10-02 08:50 . 2009-10-02 08:50 67742 ----a-w- c:\program files\354a.jpg
2009-10-02 08:50 . 2009-10-02 08:50 513572 ----a-w- c:\program files\3g2
2009-10-02 08:50 . 2009-10-02 08:50 1922189 ----a-w- c:\program files\35a.3g2
2009-10-02 08:50 . 2009-10-02 08:50 200216 ----a-w- c:\program files\356a.jpg
2009-10-02 08:50 . 2009-10-02 08:50 171552 ----a-w- c:\program files\355a.jpg
2009-10-02 08:50 . 2009-10-02 08:50 59638 ----a-w- c:\program files\3a.jpg
2009-10-02 08:50 . 2009-10-02 08:50 105455 ----a-w- c:\program files\35c.jpg
2009-10-02 08:50 . 2009-10-02 08:50 208341 ----a-w- c:\program files\35b.jpg
.

((((((((((((((((((((((((((((( SnapShot@2009-10-14_15.22.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-02 06:08 . 2006-12-02 06:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 06:26 . 2006-12-02 06:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 06:25 . 2006-12-02 06:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
- 2006-12-02 04:56 . 2006-12-02 04:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 03:56 . 2006-12-02 03:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-10-24 02:57 . 2009-10-24 02:57 16384 c:\windows\temp\Perflib_Perfdata_cac.dat
+ 2009-10-24 02:57 . 2009-10-24 02:57 16384 c:\windows\temp\Perflib_Perfdata_98c.dat
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(9).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(8).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(7).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(6).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(5).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(4).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(3).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(2).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(16).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(15).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(14).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(13).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(12).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(11).drv
+ 2004-08-04 07:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud(10).drv
+ 2008-08-19 03:56 . 2008-04-14 00:12 39936 c:\windows\system32\wbem\snmpthrd.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 33280 c:\windows\system32\snmp.exe
+ 2009-10-18 22:11 . 2009-01-09 21:18 27136 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RimSerial.sys
+ 2006-05-07 00:24 . 2009-10-16 06:25 96820 c:\windows\system32\perfc009.dat
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(9).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(8).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(7).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(6).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(5).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(4).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(3).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(2).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(16).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(15).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(14).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(13).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(12).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(11).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 81920 c:\windows\system32\nvwddi(10).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(9).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(8).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(7).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(6).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(5).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(4).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(3).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(2).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(16).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(15).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(14).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(13).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(12).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(11).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 35840 c:\windows\system32\nvcod(10).dll
+ 2009-06-11 17:09 . 2009-10-16 04:53 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2009-06-11 17:09 . 2009-09-27 21:13 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-08-19 03:56 . 2008-04-14 00:11 18944 c:\windows\system32\lprmon.dll
+ 2008-08-19 03:56 . 2008-04-14 00:11 22528 c:\windows\system32\lpdsvc.dll
+ 2008-08-19 03:56 . 2008-04-14 00:11 33792 c:\windows\system32\lmmib2.dll
+ 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(6).dll
+ 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(5).dll
+ 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(4).dll
+ 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(3).dll
+ 2007-03-16 07:21 . 2005-02-23 22:02 42858 c:\windows\system32\hsfci014(2).dll
+ 2008-08-19 03:56 . 2008-04-14 00:11 39936 c:\windows\system32\hostmib.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 92160 c:\windows\system32\evntwin.exe
+ 2008-08-19 03:56 . 2008-04-14 00:12 24064 c:\windows\system32\evntcmd.exe
+ 2009-10-15 23:10 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
- 2008-04-16 19:51 . 2008-04-16 19:51 22784 c:\windows\system32\drivers\RimUsb.sys
+ 2008-05-20 23:33 . 2008-05-20 23:33 22784 c:\windows\system32\drivers\RimUsb.sys
+ 2008-08-19 03:56 . 2008-04-14 00:12 39936 c:\windows\system32\dllcache\snmpthrd.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\snmp.exe
+ 2008-08-19 03:56 . 2008-04-14 00:11 18944 c:\windows\system32\dllcache\lprmon.dll
+ 2008-08-19 03:56 . 2008-04-14 00:11 22528 c:\windows\system32\dllcache\lpdsvc.dll
+ 2008-08-19 03:56 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\lmmib2.dll
+ 2008-08-19 03:56 . 2008-04-14 00:11 39936 c:\windows\system32\dllcache\hostmib.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 92160 c:\windows\system32\dllcache\evntwin.exe
+ 2008-08-19 03:56 . 2008-04-14 00:12 24064 c:\windows\system32\dllcache\evntcmd.exe
+ 2005-12-23 13:53 . 2005-12-23 13:53 23040 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0C0A\mscorsecr.dll
+ 2005-12-09 15:47 . 2005-12-09 15:47 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.res.3082.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Services.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Mobile.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Transactions.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.ServiceProcess.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Security.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 11776 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Runtime.Remoting.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Messaging.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Management.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.EnterpriseServices.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Drawing.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.DirectoryServices.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.DirectoryServices.Protocols.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\system.data.sqlxml.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 49152 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Configuration.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Configuration.Install.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\sysglobl.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 86528 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\ShFusRes.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 11264 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Regasm.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\MSBuild.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.VisualBasic.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.JScript.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Utilities.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Engine.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\caspol.resources.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_regsql.resources.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 84992 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_rc.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 23040 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\alinkui.dll
+ 2009-10-18 22:10 . 2009-10-18 22:10 49152 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-10-18 22:09 . 2009-10-18 22:09 49152 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-10-18 22:09 . 2009-10-18 22:09 49152 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2009-10-18 22:10 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-18 22:10 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-18 22:10 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-18 22:10 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-18 22:09 . 2009-10-18 22:10 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-18 22:09 . 2009-10-18 22:09 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-18 22:09 . 2009-10-18 22:09 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2009-10-18 22:09 . 2009-10-18 22:09 69632 c:\windows\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
+ 2009-10-18 00:01 . 2009-10-18 00:01 29926 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_324405953A38774B92DF01.exe
+ 2009-10-20 21:59 . 2009-10-20 21:59 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-20 21:59 . 2009-10-20 21:59 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-18 20:23 . 2009-10-18 20:23 81920 c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
+ 2009-10-18 20:24 . 2009-10-18 20:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2009-10-18 20:24 . 2009-10-18 20:24 16896 c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_es_b77a5c561934e089\System.Transactions.resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 40960 c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 28672 c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Security.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 11776 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 32768 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 61440 c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Messaging.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 13312 c:\windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 32768 c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 24576 c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 40960 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_es-ES_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 28672 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_es-ES_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 36864 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_es_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2009-10-18 20:24 . 2009-10-18 20:24 49152 c:\windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Configuration.resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 28672 c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
+ 2009-10-18 20:24 . 2009-10-18 20:24 10752 c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_es_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2009-10-18 20:24 . 2009-10-18 20:24 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2009-10-16 06:16 . 2009-10-16 06:16 64568 c:\windows\assembly\GAC_MSIL\Microsoft.ServiceModel.Channels.Mail\3.5.0.0__31bf3856ad364e35\Microsoft.ServiceModel.Channels.Mail.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 45056 c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 10240 c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 53248 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 8704 c:\windows\system32\snmptrap.exe
+ 2008-08-19 03:56 . 2008-04-14 00:12 6144 c:\windows\system32\snmpmib.dll
+ 2009-10-15 03:42 . 2009-10-15 03:42 5632 c:\windows\system32\pndx5032.dll
- 2008-01-19 00:45 . 2008-01-19 00:45 5632 c:\windows\system32\pndx5032.dll
+ 2009-10-15 03:42 . 2009-10-15 03:42 6656 c:\windows\system32\pndx5016.dll
- 2008-01-19 00:45 . 2008-01-19 00:45 6656 c:\windows\system32\pndx5016.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 7168 c:\windows\system32\mui\0C0A\mscorees.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 8704 c:\windows\system32\dllcache\snmptrap.exe
+ 2008-08-19 03:56 . 2008-04-14 00:12 6144 c:\windows\system32\dllcache\snmpmib.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC\es\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC\es\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 6144 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Drawing.Design.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\JSC.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 4096 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\InstallUtil.resources.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_regbrowsers.resources.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 8704 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnet_compiler.resources.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\CvtResUI.dll
+ 2009-10-18 00:01 . 2009-10-18 00:01 3638 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_D4DE8FFC8D1018F046DED7.exe
+ 2009-10-18 00:01 . 2009-10-18 00:01 5430 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_B9320CB6D43382A470631C.exe
+ 2009-10-18 00:01 . 2009-10-18 00:01 3638 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6FEFF9B68218417F98F549.exe
+ 2009-10-18 00:01 . 2009-10-18 00:01 5430 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6FECB8B9CC6EAB57AC1A9A.exe
+ 2009-10-18 00:01 . 2009-10-18 00:01 3638 c:\windows\Installer\{D40491E3-35AB-4757-B1F0-94C9100C2F4E}\_6F04BF382DFC3303FADFA3.exe
+ 2009-10-20 21:59 . 2009-10-20 21:59 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-10-18 22:12 . 2009-10-18 22:12 6318 c:\windows\Installer\{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}\ICO_ARPProductIcon.exe
+ 2009-10-15 07:35 . 2009-10-15 07:35 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2009-10-15 07:35 . 2009-10-15 07:35 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2009-10-18 20:23 . 2009-10-18 20:23 6144 c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
+ 2009-10-18 20:24 . 2009-10-18 20:24 9216 c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2009-10-18 20:24 . 2009-10-18 20:24 9216 c:\windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_es_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2006-12-02 03:54 . 2006-12-02 03:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 04:54 . 2006-12-02 04:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 04:54 . 2006-12-02 04:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 03:54 . 2006-12-02 03:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 04:54 . 2006-12-02 04:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 03:54 . 2006-12-02 03:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 188416 c:\windows\system32\wbem\snmpsmir.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 358400 c:\windows\system32\wbem\snmpincl.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 259072 c:\windows\system32\wbem\snmpcl.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 236544 c:\windows\system32\wbem\snmp\smi2smir.exe
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(9).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(8).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(7).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(6).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(5).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(4).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(3).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(2).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(15).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(14).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(13).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(12).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(11).dll
+ 2008-04-11 02:07 . 2006-06-15 20:25 117248 c:\windows\system32\staco(10).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(9).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(8).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(7).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(6).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(5).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(4).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(3).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(2).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(16).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(15).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(14).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(13).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(12).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(11).dll
+ 2008-04-11 02:08 . 2008-04-11 02:08 372736 c:\windows\system32\stacapi(10).dll
+ 2009-10-15 03:42 . 2009-10-15 03:42 185920 c:\windows\system32\rmoc3260.dll
- 2008-01-19 00:45 . 2008-01-19 00:45 278528 c:\windows\system32\pncrt.dll
+ 2008-01-19 00:45 . 2009-10-15 03:41 278528 c:\windows\system32\pncrt.dll
+ 2006-05-07 00:24 . 2009-10-16 06:25 505346 c:\windows\system32\perfh009.dat
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(9).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(8).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(7).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(6).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(5).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(4).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(3).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(2).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(16).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(15).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(14).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(13).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(12).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(11).exe
+ 2007-03-16 07:58 . 2006-07-12 21:19 155715 c:\windows\system32\nvsvc32(10).exe
+ 2008-08-19 03:56 . 2008-04-14 00:11 101888 c:\windows\system32\evntagnt.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 188416 c:\windows\system32\dllcache\snmpsmir.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 358400 c:\windows\system32\dllcache\snmpincl.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 259072 c:\windows\system32\dllcache\snmpcl.dll
+ 2008-08-19 03:56 . 2008-04-14 00:12 236544 c:\windows\system32\dllcache\smi2smir.exe
+ 2008-08-19 03:56 . 2008-04-14 00:11 101888 c:\windows\system32\dllcache\evntagnt.dll
+ 2009-02-19 22:47 . 2009-02-19 22:47 507904 c:\windows\system32\btwapi.dll
+ 2005-12-09 17:26 . 2005-12-09 17:26 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\unicows.dll
+ 2005-12-09 15:47 . 2005-12-09 15:47 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\install.exe
+ 2005-12-23 13:53 . 2005-12-23 13:53 163840 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.xml.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Windows.Forms.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 606208 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Web.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\system.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 540672 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Design.Resources.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 380928 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Deployment.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 327680 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Data.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\System.Data.OracleClient.resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 400896 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\mscorrc.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\mscorlib.Resources.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 139264 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\Microsoft.Build.Tasks.resources.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 315392 c:\windows\Microsoft.NET\Framework\v2.0.50727\es\aspnetmmcext.resources.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 244224 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\Vsavb7rtUI.dll
+ 2005-12-23 13:53 . 2005-12-23 13:53 214016 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\vbc7ui.dll
+ 2005-12-23 13:52 . 2005-12-23 13:52 158208 c:\windows\Microsoft.NET\Framework\v2.0.50727\3082\cscompui.dll
+ 2009-10-16 06:16 . 2009-10-16 06:16 388608 c:\windows\Installer\ea2849.msi
+ 2009-10-15 02:07 . 2009-10-15 02:07 424448 c:\windows\Installer\ca6bf.msi
+ 2009-05-27 23:07 . 2009-05-27 23:07 585728 c:\windows\Installer\BBMediaSyncUninstall.exe
+ 2009-10-18 22:12 . 2009-10-18 22:12 974848 c:\windows\Installer\b4d28e5.msi
+ 2009-10-18 20:51 . 2009-10-18 20:51 380416 c:\windows\Installer\b067515.msi
+ 2009-10-18 20:24 . 2009-10-18 20:24 692736 c:\windows\Installer\aed539e.msi
+ 2009-10-18 17:23 . 2009-10-18 17:23 368128 c:\windows\Installer\a480deb.msi
+ 2009-10-15 22:53 . 2009-10-15 22:53 236032 c:\windows\Installer\760d07.msi
+ 2009-10-18 00:01 . 2009-10-18 00:01 500224 c:\windows\Installer\68e2dd7.msi
+ 2009-10-22 03:05 . 2009-10-22 03:05 201728 c:\windows\Installer\374b9a2.msi
+ 2009-10-16 11:44 . 2009-10-16 11:44 912384 c:\windows\Installer\2da7b.msi
+ 2009-10-10 03:22 . 2009-10-17 18:49 102400 c:\windows\Installer\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}\iTunesIco.exe
- 2009-10-10 03:22 . 2009-10-10 03:22 102400 c:\windows\Installer\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}\iTunesIco.exe
+ 2009-10-15 07:35 . 2009-10-15 07:35 278528 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
+ 2009-10-17 20:04 . 2009-10-17 20:04 323584 c:\windows\ERDNT\10-17-2009\Users\00000002\UsrClass.dat
+ 2009-10-17 20:04 . 2005-10-20 17:02 163328 c:\windows\ERDNT\10-17-2009\ERDNT.EXE
+ 2009-10-18 20:23 . 2009-10-18 20:23 163840 c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_es_b77a5c561934e089\System.xml.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 425984 c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 606208 c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Web.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 208896 c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_es_b77a5c561934e089\system.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 540672 c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 380928 c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 327680 c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_es_b77a5c561934e089\System.Data.Resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 110592 c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_es_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 303104 c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.Resources.dll
+ 2009-10-16 06:16 . 2009-10-16 06:16 140904 c:\windows\assembly\GAC_MSIL\Microsoft.ServiceModel.Channels.Mail.ExchangeWebService\3.5.0.0__31bf3856ad364e35\Microsoft.ServiceModel.Channels.Mail.ExchangeWebService.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 139264 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2009-10-18 20:23 . 2009-10-18 20:23 315392 c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_es_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 06:25 . 2006-12-02 06:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 06:25 . 2006-12-02 06:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2008-02-07 18:05 . 2009-10-15 20:15 6898156 c:\windows\system32\Restore\rstrlog.dat
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(9).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(8).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(7).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(6).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(5).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(4).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(3).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(2).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(16).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(15).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(14).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(13).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(12).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(11).dll
+ 2007-03-16 07:58 . 2006-07-12 21:19 4493568 c:\windows\system32\nv4_disp(10).dll
+ 2006-02-14 23:20 . 2009-02-06 17:35 1486208 c:\windows\system32\LegitCheckControl.DLL
+ 2006-05-06 17:30 . 2009-10-15 20:18 2195784 c:\windows\system32\FNTCACHE.DAT
- 2006-05-06 17:30 . 2009-10-10 03:29 2195784 c:\windows\system32\FNTCACHE.DAT
+ 2006-05-07 00:24 . 2009-10-16 01:42 1033728 c:\windows\system32\dllcache\explorer.exe
+ 2005-12-23 14:22 . 2005-12-23 14:22 1980416 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ESN\langpack.msi
+ 2009-10-06 19:23 . 2009-10-06 19:23 4308992 c:\windows\Installer\e77a7b.msi
+ 2009-10-15 22:54 . 2009-10-15 22:54 1861120 c:\windows\Installer\760d11.msi
+ 2009-10-20 21:59 . 2009-10-20 21:59 1583616 c:\windows\Installer\3bef81b.msi
+ 2009-08-05 12:49 . 2009-08-05 12:49 3457024 c:\windows\Installer\25f66.msp
+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\25f55.msp
+ 2009-09-17 19:03 . 2009-09-17 19:03 4873216 c:\windows\Installer\25f45.msp
+ 2009-08-18 18:08 . 2009-08-18 18:08 1373696 c:\windows\Installer\25f34.msp
+ 2009-08-05 12:49 . 2009-08-05 12:49 3457024 c:\windows\Installer\226f262.msp
+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\226f251.msp
+ 2009-09-17 19:03 . 2009-09-17 19:03 4873216 c:\windows\Installer\226f241.msp
+ 2009-08-18 18:08 . 2009-08-18 18:08 1373696 c:\windows\Installer\226f230.msp
+ 2009-10-15 07:35 . 2009-10-15 07:35 9482240 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\ntuser.dat
+ 2009-10-15 07:35 . 2009-10-15 07:35 1372160 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\NTUSER.DAT
+ 2009-10-15 07:35 . 2009-10-15 07:35 1368064 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
+ 2009-10-17 20:04 . 2009-10-17 20:04 9785344 c:\windows\ERDNT\10-17-2009\Users\00000001\ntuser.dat
+ 2009-10-16 11:10 . 2009-10-16 11:22 6985728 c:\windows\Downloaded Installations\{5840D406-AE94-4AEB-A7FA-C657865F0B8E}\Microsoft ActiveSync 4.0.msi
+ 2009-10-18 22:09 . 2009-10-18 22:09 16674304 c:\windows\Installer\b4d28dd.msi
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\25f6d.msp
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\226f269.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-07 04:46 . 2005-06-07 04:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

2007-05-11 08:06 . 2007-10-11 01:51 39792 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

2007-03-25 16:28 . 2002-09-11 03:26 368706 c:\program files\BroadJump\Client Foundation\bak\CFD.exe

2007-03-25 21:33 . 2006-03-28 21:48 622592 c:\program files\Brother\Brmfcmon\bak\BrMfcWnd.exe

2007-03-25 21:33 . 2005-01-27 00:02 49152 c:\program files\Brother\Brmfl06a\bak\BrStDvPt.exe

2007-03-25 21:33 . 2006-04-10 20:58 61440 c:\program files\Brother\ControlCenter3\bak\brctrcen.exe

2007-03-01 15:37 . 2007-03-01 15:37 2321600 c:\program files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe

2007-03-01 20:57 . 2007-03-01 20:57 153136 c:\program files\Common Files\Ahead\Lib\bak\NeroCheck.exe

2007-05-16 14:27 . 2007-05-16 14:27 153136 c:\program files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe

2008-01-19 00:45 . 2008-01-19 00:45 185896 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2009-10-15 03:41 . 2009-10-15 03:41 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe

2003-10-14 16:22 . 2003-10-14 16:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

2005-06-02 17:21 . 2005-06-02 17:21 48752 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2007-11-25 17:47 . 2007-12-21 15:28 579072 c:\program files\Grisoft\AVG7\bak\avgcc.exe

2007-03-16 07:41 . 2006-07-13 21:34 9134080 c:\program files\Intel Audio Studio\bak\IntelAudioStudio.exe

2007-03-25 20:09 . 2006-12-15 09:23 75520 c:\program files\Java\jre1.5.0_11\bin\bak\jusched.exe

2007-06-29 12:24 . 2007-06-29 12:24 286720 c:\program files\QuickTime\bak\qttask.exe
2009-09-05 06:54 . 2009-09-05 06:54 417792 c:\program files\QuickTime\QTTask.exe

2005-03-17 20:45 . 2005-03-17 20:45 40960 c:\program files\ScanSoft\PaperPort\bak\IndexSearch.exe

2005-03-17 20:25 . 2005-03-17 20:25 57393 c:\program files\ScanSoft\PaperPort\bak\pptd40nt.exe

2006-11-04 00:20 . 2006-11-04 00:20 866584 c:\program files\Windows Defender\bak\MSASCui.exe

2007-11-16 03:51 . 2007-11-16 03:51 166304 c:\program files\Zune\bak\ZuneLauncher.exe

2006-05-07 00:24 . 2004-08-04 19:00 15360 c:\windows\system32\bak\ctfmon.exe
2006-05-07 00:24 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 17:28 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-15 39408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2009-06-03 1406224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-02 1529856]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-08-19 1070336]
"GSM"="c:\program files\Gateway\GSM\bin\usm.exe" [2005-06-01 9216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-15 2007320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\SEXY SORCERESS\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OneNote Table Of Contents.onetoc2 [2008-1-4 3656]

c:\documents and settings\BOYS\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OneNote Table Of Contents.onetoc2 [2009-3-31 3656]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-15 02:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\BOYS\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Program Files\\Ares Vista\\AresVista.exe"=
"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Program Files\\Motorola\\Motoconnect\\SWDL.exe"=
"c:\\Program Files\\Motoconnect\\SWDL.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS4\\Bridge.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\BitPim\\bitpimw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MessagingToolkit\\MessagingToolkit.BulkGateway.exe"=
"c:\\Program Files\\Cell Phone Analyzer Demo\\dcpa.exe"=
"c:\\Program Files\\Data Doctor - Mobile Phone Inspector\\MobileDoctor.exe"=
"c:\\Program Files\\Data Doctor Forensic Software - Pocket PC (Evaluation)\\PDAForensic.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\QPST\\bin\\MemoryDebugApp.exe"=
"c:\\Program Files\\Mobile Master\\MobileMaster.exe"=
"c:\\Program Files\\MOBILedit! Forensic\\MOBILedit!.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QPST\\bin\\QPSTConfig.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Motorola Tools\\M-Explorer\\mexplorer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\QPST\\bin\\DMProxyWin.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
"c:\\Program Files\\Gateway\\GSM\\BIN\\ssm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:*:Disabled:EKDiscovery
"9324:TCP"= 9324:TCP:EKDiscovery
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"9322:TCP"= 9322:TCP:EKDiscovery
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/14/2009 9:08 PM 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/15/2009 6:10 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/14/2009 9:08 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/14/2009 9:08 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/14/2009 9:07 PM 285392]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [4/28/2005 2:05 PM 122880]
R2 CISMBIOS;CiSMBios Driver;c:\windows\system32\drivers\cismbios.sys [5/31/2005 11:53 PM 13312]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [10/15/2009 8:13 PM 309008]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1169232]
R2 LSM_SSM;LANDesk® System Manager System Space Manager;c:\program files\Gateway\GSM\BIN\SSM.exe [6/1/2005 12:04 AM 28672]
R2 ModemView;LANDesk Message Handler Service;c:\program files\Gateway\GSM\BIN\modemview.exe [6/1/2005 12:13 AM 45056]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [10/13/2009 11:26 PM 91392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/7/2008 2:28 PM 24652]
R3 ICFWDM;ICFWDM;c:\windows\system32\drivers\icfwdm.sys [6/20/2002 12:35 PM 12064]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08 PM 32768]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 6:42 AM 64000]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 7:30 PM 95232]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [9/28/2009 8:49 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [9/28/2009 8:49 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [9/28/2009 8:49 PM 60816]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/13/2009 8:08 PM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/13/2009 8:08 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [10/13/2009 8:08 PM 42752]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [10/13/2009 8:08 PM 23936]
S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2/18/2009 12:26 PM 505984]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-10-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]

2009-10-19 c:\windows\Tasks\AiO Home Center Registration Remind Task.job
- c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe [2009-03-17 19:12]

2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-18 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.4\DriverRobot.exe [2009-09-30 15:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1}
DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Visible - (no file)
Toolbar-Welcome - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-24 23:21
ComboFix-quarantined-files.txt 2009-10-24 04:21
ComboFix2.txt 2009-10-15 07:44
ComboFix3.txt 2009-10-15 00:10

Pre-Run: 68,500,176,896 bytes free
Post-Run: 68,751,753,216 bytes free

- - End Of File - - 16E2B537F32E58E16A91921C3798F1F1

#6 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 23 October 2009 - 10:44 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:22 PM, on 10/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Gateway\GSM\BIN\ssm.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Gateway\GSM\BIN\modemview.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Gateway\GSM\bin\usm.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SEXY SORCERESS\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ancestry Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\Ancestry Toolbar\AncestryToolBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ancestry Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\Ancestry Toolbar\AncestryToolBar.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [GSM] C:\Program Files\Gateway\GSM\bin\usm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote Table Of Contents.onetoc2 (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: OneNote Table Of Contents.onetoc2 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) -
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} - http://eshare.hpphot...sLocalPrint.CAB
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide....ageUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} (TeleVoxAudioPlayer2.TVoxAudioPlayer) - https://www.mytelevo...udioPlayer2.CAB
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.c...ageUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LANDesk® System Manager System Space Manager (LSM_SSM) - LANDesk® Software Ltd. - C:\Program Files\Gateway\GSM\BIN\ssm.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: LANDesk Message Handler Service (ModemView) - LANDesk® Software Ltd. - C:\Program Files\Gateway\GSM\BIN\modemview.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15436 bytes


I didn't mean to post the logs separately, but the combofix log is on the last post. The computer is pretty much the same. Everytime I open or change an internet page the tracking cookies warning pops up. Also even though pop up blocker is enabled, there are occasional pop up ads. Every once in a while it still tells me there is no internet connection, even though I am connected to the internet. I've had a crazy week, but will try to check in more often now that things have slowed down. Thanks again for your help!
Tammy

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 October 2009 - 06:47 AM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

File::
c:\program files\0gpslast.002
c:\program files\00syssim.007
c:\program files\000sslog.006
c:\program files\000sclog.005
c:\program files\000rslog.004
c:\program files\000rclog.003
c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe
c:\windows\Tasks\AiO Home Center Registration Remind Task.job
c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe

AWF::
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\QuickTime\bak\qttask.exe
c:\windows\system32\bak\ctfmon.exe

Folder::
C:\Program Files\Viewpoint
c:\program files\Norton 360

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 October 2009 - 11:09 AM

ComboFix 09-10-22.01 - SEXY SORCERESS 10/24/2009 11:27:28.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1105 [GMT -5:00]
Running from: C:\Documents and Settings\SEXY SORCERESS\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\SEXY SORCERESS\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe"
"c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe"
"c:\program files\000rclog.003"
"c:\program files\000rslog.004"
"c:\program files\000sclog.005"
"c:\program files\000sslog.006"
"c:\program files\00syssim.007"
"c:\program files\0gpslast.002"
"c:\windows\Tasks\AiO Home Center Registration Remind Task.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Kodak\Installer\Registration.exe
c:\program files\000rclog.003
c:\program files\000rslog.004
c:\program files\000sclog.005
c:\program files\000sslog.006
c:\program files\00syssim.007
c:\program files\0gpslast.002
c:\program files\Norton 360
c:\program files\Norton 360\N360Logs.xml
c:\program files\Norton 360\url.txt
c:\program files\Norton 360\urlhistory.txt
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\windows\Tasks\AiO Home Center Registration Remind Task.job

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-22 03:05:10 . 2009-10-22 03:05:10 0 d-----w- C:\Program Files\Ancestry Toolbar
2009-10-20 21:59:51 . 2009-10-20 21:59:51 0 d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-20 21:59:13 . 2009-10-20 21:59:25 0 d-----w- C:\Program Files\SUPERAntiSpyware
2009-10-20 21:59:12 . 2009-10-20 21:59:12 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\SUPERAntiSpyware.com
2009-10-20 21:56:51 . 2009-10-20 21:56:51 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-20 17:20:16 . 2009-09-10 19:54:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-10-20 17:20:15 . 2009-09-10 19:53:50 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-10-19 14:42:23 . 2009-10-21 09:23:41 0 d-----w- C:\Program Files\ABC Amber Image Converter
2009-10-19 14:23:56 . 2009-10-19 14:23:56 0 d-----w- C:\Program Files\Free RAW Viewer
2009-10-19 11:51:25 . 2009-10-24 02:58:22 256 ----a-w- C:\Documents and Settings\SEXY SORCERESS\pool.bin
2009-10-19 08:54:44 . 2009-10-21 10:20:13 0 d-----w- C:\Program Files\ABC Amber Text Converter
2009-10-19 08:46:31 . 2009-10-21 09:23:41 0 d-----w- C:\Program Files\ABC Amber Paradox Converter
2009-10-19 08:13:56 . 2009-10-21 09:23:40 0 d-----w- C:\Program Files\ABC Amber DAT Converter
2009-10-19 07:24:11 . 2009-10-21 09:23:40 0 d-----w- C:\Program Files\ABC Amber BlackBerry Converter
2009-10-19 06:59:40 . 2009-10-19 06:59:40 0 ----a-w- C:\WINDOWS\nsreg.dat
2009-10-19 06:59:36 . 2009-10-19 06:59:39 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Local Settings\Application Data\Thunderbird
2009-10-19 06:59:35 . 2009-10-19 06:59:39 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Thunderbird
2009-10-19 06:10:23 . 2009-10-20 04:41:33 0 d-----w- C:\Program Files\Eudora 8.0 Beta 7
2009-10-19 00:28:19 . 2009-10-19 00:28:19 0 d-----w- C:\Program Files\Nucleus Kernel Internet Explorer Password Recovery
2009-10-18 23:14:42 . 2009-10-18 23:14:44 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Blackberry Desktop
2009-10-18 23:11:13 . 2009-10-18 23:11:13 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Research In Motion
2009-10-18 23:03:41 . 2009-10-18 23:03:41 256 ----a-w- C:\pool.bin
2009-10-18 22:12:11 . 2009-10-18 22:12:11 0 d-----w- C:\Documents and Settings\All Users\Application Data\Research In Motion
2009-10-18 22:11:40 . 2009-01-09 21:18:02 27136 ----a-r- C:\WINDOWS\system32\drivers\RimSerial.sys
2009-10-18 22:09:17 . 2009-10-18 22:09:17 0 d-----w- C:\Program Files\Common Files\Roxio Shared
2009-10-18 22:08:45 . 2009-10-18 22:09:23 0 d-----w- C:\Program Files\Common Files\Research In Motion
2009-10-18 22:08:42 . 2009-10-18 22:12:11 0 d-----w- C:\Program Files\Research In Motion
2009-10-18 21:03:16 . 2009-10-17 04:54:42 693760 ----a-w- C:\Program Files\BBSAKv1.6_Installer.msi
2009-10-18 20:56:55 . 2009-10-18 20:56:55 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\vlc
2009-10-18 20:51:09 . 2009-10-18 21:03:45 0 d-----w- C:\Program Files\BBSAK
2009-10-18 19:36:20 . 2009-10-21 09:23:43 0 d-----w- C:\Program Files\Data Doctor Recovery - SIM Card (Evaluation)
2009-10-18 00:01:19 . 2009-10-18 00:01:19 0 d-----w- C:\Program Files\tcpIQ
2009-10-17 20:03:48 . 2009-10-17 20:04:01 0 d-----w- C:\Program Files\ERUNT
2009-10-17 18:49:02 . 2009-10-17 18:50:27 0 d-----w- C:\Documents and Settings\Guest\Application Data\Apple Computer
2009-10-17 16:12:02 . 2009-10-17 16:12:02 0 d-----w- C:\My Music
2009-10-16 04:51:49 . 2009-10-16 04:51:49 0 d-----w- C:\Program Files\Windows Mobile Device Handbook
2009-10-16 02:31:18 . 2009-10-16 02:27:39 401720 ----a-w- C:\Program Files\HijackThis.exe
2009-10-16 01:13:40 . 2009-10-16 01:13:40 0 d-----w- C:\Documents and Settings\All Users\Application Data\IObit
2009-10-15 23:46:30 . 2009-10-17 23:44:07 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\IObit
2009-10-15 23:46:30 . 2009-10-16 01:13:38 0 d-----w- C:\Program Files\IObit
2009-10-15 23:10:51 . 2009-09-23 12:55:23 64288 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys
2009-10-15 22:54:11 . 2009-10-15 22:54:14 0 dc-h--w- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-15 22:53:38 . 2009-10-15 23:18:32 0 d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-15 22:53:38 . 2009-10-15 22:53:38 0 d-----w- C:\Program Files\Lavasoft
2009-10-15 20:15:08 . 2009-10-15 20:15:08 0 d-----w- C:\WINDOWS\system32\wbem\Repository
2009-10-15 20:14:11 . 2009-10-15 20:14:11 0 d-----w- C:\Program Files\Common Files\xing shared
2009-10-15 20:10:23 . 2009-10-15 20:10:25 0 d-----w- C:\Program Files\Symantec Client Security
2009-10-15 08:55:39 . 2009-10-15 20:10:24 0 d-----w- C:\Program Files\Symantec
2009-10-15 07:55:39 . 2009-10-15 20:12:23 0 d-----w- C:\RECYCLER(2)
2009-10-15 02:08:33 . 2009-10-15 20:47:20 0 d-----w- C:\$AVG
2009-10-15 02:08:15 . 2009-10-24 03:25:05 360584 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2009-10-15 02:08:15 . 2009-10-24 03:24:47 161800 ----a-w- C:\WINDOWS\system32\drivers\avgrkx86.sys
2009-10-15 02:08:15 . 2009-10-15 02:08:15 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2009-10-15 02:08:11 . 2009-10-15 02:08:11 333192 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2009-10-15 02:08:09 . 2009-10-24 03:25:04 28424 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2009-10-15 02:08:00 . 2009-10-24 03:25:22 0 d-----w- C:\WINDOWS\system32\drivers\Avg
2009-10-15 02:07:57 . 2009-10-15 20:13:56 0 d-----w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-10-15 02:07:42 . 2009-10-15 02:07:42 0 d-----w- C:\Program Files\AVG
2009-10-15 02:07:41 . 2009-10-15 02:07:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\avg9
2009-10-14 23:44:39 . 2009-10-14 23:44:39 0 d-----w- C:\Program Files\CCleaner
2009-10-14 23:44:04 . 2009-10-14 23:44:04 0 d-----w- C:\Program Files\DriverTool
2009-10-14 23:44:04 . 2009-10-14 23:44:04 0 d-----w- C:\Program Files\devshowall
2009-10-14 23:43:57 . 2009-10-14 23:43:57 0 d-----w- C:\Program Files\RSD_CMDA_General_5_1_6_Installation
2009-10-14 21:42:44 . 2009-10-14 21:42:44 0 d-----w- C:\Program Files\PhoneModels
2009-10-14 21:42:34 . 2009-10-14 21:42:44 0 d-----w- C:\Program Files\Pages
2009-10-14 21:40:12 . 2009-10-21 09:23:47 0 d-----w- C:\Program Files\Motorola Phone Tools
2009-10-14 17:56:10 . 2009-10-14 17:56:10 0 d-----w- C:\Program Files\newp2k
2009-10-14 17:54:47 . 2006-07-21 01:25:08 166 ----a-w- C:\Program Files\devshowall.zip
2009-10-14 14:43:27 . 2009-10-14 14:43:27 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Malwarebytes
2009-10-14 14:43:21 . 2009-10-20 17:20:47 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-14 14:43:21 . 2009-10-14 14:43:21 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-14 12:56:23 . 2009-10-14 12:56:23 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\SMSServant
2009-10-14 11:48:34 . 2009-10-14 11:48:34 0 d-----w- C:\Documents and Settings\Owner\Application Data\Windows Search
2009-10-14 09:30:10 . 2009-10-14 09:30:11 0 d-----w- C:\Program Files\MessagingToolkit
2009-10-14 07:16:38 . 2009-10-14 07:16:38 0 d-----w- C:\Program Files\LANDesk
2009-10-14 07:16:17 . 2009-10-14 07:15:06 10144 ------w- C:\WINDOWS\system32\drivers\asicio.sys
2009-10-14 07:16:08 . 2009-10-14 07:16:08 0 d-----w- C:\WINDOWS\Drivers
2009-10-14 06:54:41 . 2009-10-14 06:54:41 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Mobile Master
2009-10-14 06:53:44 . 2009-10-14 09:48:00 0 d-----w- C:\PIACCESS
2009-10-14 06:50:11 . 2009-10-21 09:23:45 0 d-----w- C:\Program Files\Mobile Master
2009-10-14 06:50:11 . 2009-10-14 06:50:20 0 d-----w- C:\Program Files\Common Files\Jumping Bytes
2009-10-14 06:49:52 . 2009-10-14 06:49:52 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Jumping Bytes
2009-10-14 06:45:39 . 2009-10-14 06:45:39 0 d-----w- C:\Program Files\MediaInfo
2009-10-14 01:08:08 . 2009-09-15 19:38:20 23936 ----a-w- C:\WINDOWS\system32\drivers\motport.sys
2009-10-14 01:08:07 . 2009-09-15 19:38:20 23936 ----a-w- C:\WINDOWS\system32\drivers\motmodem.sys
2009-10-14 01:08:07 . 2009-06-19 21:59:34 19712 ----a-w- C:\WINDOWS\system32\drivers\motccgp.sys
2009-10-14 01:08:07 . 2009-05-08 16:56:12 42752 ----a-w- C:\WINDOWS\system32\drivers\motodrv.sys
2009-10-14 01:08:07 . 2009-01-29 22:18:00 8320 ----a-w- C:\WINDOWS\system32\drivers\motccgpfl.sys
2009-10-14 01:08:07 . 2008-03-27 22:49:38 1112288 ----a-w- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-10-14 01:08:07 . 2007-11-02 20:51:30 6400 ----a-w- C:\WINDOWS\system32\drivers\motswch.sys
2009-10-11 20:24:15 . 2009-10-11 20:28:41 0 d-----w- C:\Program Files\iPhone Explorer
2009-10-11 08:02:33 . 2009-10-11 08:02:34 0 d-----w- C:\WINDOWS\SQL9_KB960089_ENU
2009-10-10 19:24:17 . 2009-10-10 19:24:17 0 d-----w- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
2009-10-10 03:19:57 . 2009-10-10 03:19:57 0 d-----w- C:\Program Files\iPod
2009-10-10 03:19:45 . 2009-10-10 03:21:19 0 d-----w- C:\Program Files\iTunes
2009-10-10 03:19:45 . 2009-10-10 03:21:19 0 d-----w- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-10 03:14:05 . 2009-10-10 03:14:08 0 d-----w- C:\Program Files\Apple Software Update
2009-10-10 03:13:38 . 2009-08-29 00:42:52 40448 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys
2009-10-10 03:13:38 . 2009-08-29 00:42:52 2065696 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll
2009-10-10 03:12:35 . 2009-10-10 03:19:54 0 d-----w- C:\Program Files\Common Files\Apple
2009-10-10 03:02:35 . 2009-10-10 03:02:35 0 d-----w- C:\Program Files\Microsoft Small Business
2009-10-10 02:48:45 . 2009-10-14 03:10:15 0 d-----w- C:\Program Files\Microsoft SQL Server
2009-10-10 02:30:54 . 2009-10-10 02:30:54 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Local Settings\Application Data\Microsoft Help
2009-10-10 02:03:39 . 2009-10-10 02:36:11 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\GetRightToGo
2009-10-08 21:36:48 . 2009-09-11 14:18:39 136192 -c----w- C:\WINDOWS\system32\dllcache\msv1_0.dll
2009-10-08 21:36:48 . 2009-06-25 08:25:26 54272 -c----w- C:\WINDOWS\system32\dllcache\wdigest.dll
2009-10-08 21:36:48 . 2009-06-25 08:25:26 301568 -c----w- C:\WINDOWS\system32\dllcache\kerberos.dll
2009-10-08 21:36:48 . 2009-06-24 11:18:41 92928 -c----w- C:\WINDOWS\system32\dllcache\ksecdd.sys
2009-10-07 22:01:48 . 2009-10-21 09:23:46 0 d-----w- C:\Program Files\Motoconnect
2009-10-06 00:24:22 . 2009-10-06 00:24:22 0 d-----w- C:\Program Files\LGUsbDriver
2009-10-04 16:05:55 . 2009-10-04 16:05:55 0 d-----w- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2009-10-03 22:28:56 . 2007-07-02 20:54:54 4333568 ----a-w- C:\Program Files\RSD Lite_3.8.msi
2009-10-03 21:15:22 . 2009-10-03 21:15:22 0 d-----w- C:\Program Files\P2K Programs
2009-10-03 21:13:01 . 2009-10-03 21:13:01 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\MobileAction
2009-10-03 19:47:59 . 2009-10-03 19:48:00 0 d-----w- C:\Program Files\CardRecovery
2009-10-03 19:16:09 . 2009-10-03 19:37:40 0 d-----w- C:\Program Files\GetData
2009-10-03 15:52:58 . 2009-10-21 09:23:43 0 d-----w- C:\Program Files\Data Doctor MS Access to MySQL Converter (Demo)
2009-10-03 15:44:12 . 2009-10-16 11:44:15 0 d-----w- C:\Program Files\Microsoft ActiveSync
2009-10-03 15:36:12 . 2009-10-21 09:23:43 0 d-----w- C:\Program Files\Data Doctor Forensic Software - Pocket PC (Evaluation)
2009-10-02 22:42:08 . 2009-10-01 15:29:14 195440 ------w- C:\WINDOWS\system32\MpSigStub.exe
2009-10-02 20:36:11 . 2009-10-02 20:36:11 0 d-----w- C:\Documents and Settings\BOYS\Application Data\Windows Desktop Search
2009-10-02 13:02:35 . 2009-10-02 13:45:23 567529 ----a-w- C:\Documents and Settings\SEXY SORCERESS\bitpim.dat
2009-10-02 11:54:26 . 2009-10-02 11:54:26 0 d-----w- C:\Program Files\Motorola Tools
2009-10-02 09:03:11 . 2009-10-02 09:03:11 28 ----a-w- C:\Program Files\MMS_push_info.bin
2009-10-02 09:03:11 . 2009-10-02 09:03:11 265 ----a-w- C:\Program Files\MMS_push_msg0.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 09:23:45 . 2007-03-16 07:39:01 0 d-----w- C:\Program Files\Microsoft Works
2009-10-21 09:23:42 . 2009-02-18 17:26:54 0 d-----w- C:\Program Files\CIF USB Camera
2009-10-21 09:23:42 . 2009-02-03 01:26:48 0 d-----w- C:\Program Files\ATTToolbar
2009-10-21 09:23:42 . 2009-02-03 01:25:20 0 d-----w- C:\Program Files\ATT-SST
2009-10-21 09:23:42 . 2007-03-27 17:38:19 0 d-----w- C:\Program Files\Avanquest update
2009-10-20 08:37:41 . 2007-06-12 01:25:46 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-19 08:02:18 . 2007-03-25 20:40:19 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-17 18:11:45 . 2009-02-03 01:26:50 0 d-----w- C:\Documents and Settings\All Users\Application Data\ATTToolbar
2009-10-16 18:48:14 . 2008-11-28 21:31:10 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\gtk-2.0
2009-10-16 06:15:41 . 2007-03-25 20:41:31 0 d-----w- C:\Program Files\Microsoft.NET
2009-10-16 02:47:05 . 2009-10-16 02:47:05 46046 ----a-w- C:\Program Files\startuplist.txt
2009-10-16 02:32:24 . 2009-10-16 02:32:24 14637 ----a-w- C:\Program Files\hijackthis.log
2009-10-16 01:42:00 . 2006-05-07 00:24:10 1033728 ------w- C:\WINDOWS\explorer.exe
2009-10-15 20:47:18 . 2007-04-06 17:10:15 92464 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 20:14:19 . 2008-01-19 00:45:31 0 d-----w- C:\Program Files\Common Files\Real
2009-10-15 19:22:16 . 2009-10-02 09:09:13 7680 --sha-w- C:\Program Files\Thumbs.db
2009-10-15 18:08:21 . 2007-03-16 07:44:11 0 d-----w- C:\Program Files\Common Files\Symantec Shared
2009-10-15 17:26:15 . 2007-03-16 07:39:26 0 d-----w- C:\Program Files\Intel
2009-10-15 08:56:53 . 2008-10-06 02:07:34 0 d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2009-10-15 08:43:43 . 2007-03-16 07:32:28 0 d-----w- C:\Program Files\Google
2009-10-15 03:41:41 . 2007-03-16 07:38:51 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll
2009-10-14 23:44:10 . 2007-03-16 07:38:35 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-10-14 21:53:11 . 2009-10-14 21:42:49 23633 ----a-w- C:\Program Files\Uninstall.ini
2009-10-14 21:38:27 . 2007-03-27 17:37:48 24192 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\usbsermptxp.sys
2009-10-14 21:38:26 . 2007-03-27 17:37:48 22768 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\usbsermpt.sys
2009-10-14 15:17:22 . 2007-08-28 00:03:07 0 d-----w- C:\Program Files\GamesBar
2009-10-14 11:50:32 . 2009-10-02 08:37:09 1681 ----a-w- C:\Program Files\.config
2009-10-14 11:44:00 . 2007-04-15 22:28:05 0 d-----w- C:\Documents and Settings\Owner\Application Data\vlc
2009-10-14 07:16:31 . 2007-03-16 07:48:08 0 d-----w- C:\Program Files\Gateway
2009-10-14 04:26:20 . 2007-06-21 05:56:53 0 d-----w- C:\Program Files\Common Files\Motorola Shared
2009-10-14 02:42:49 . 2007-07-13 14:47:50 0 d-----w- C:\Program Files\Windows Defender
2009-10-14 01:16:00 . 2009-10-14 01:16:00 756 ----a-w- C:\Program Files\PHONEC~1.000
2009-10-14 01:16:00 . 2009-10-14 01:16:00 4320 ----a-w- C:\Program Files\_setup.xml
2009-10-10 19:24:03 . 2009-03-23 02:10:32 92464 -c--a-w- C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-10 16:19:44 . 2007-04-14 03:35:37 0 d-----w- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-10-10 05:45:04 . 2008-07-22 20:33:23 0 d-----w- C:\Documents and Settings\SEXY SORCERESS\Application Data\Apple Computer
2009-10-10 04:54:51 . 2009-03-17 19:25:19 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2009-10-10 03:18:38 . 2007-12-25 04:04:32 0 d-----w- C:\Program Files\QuickTime
2009-10-10 03:17:23 . 2008-11-26 00:56:35 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-03 21:21:15 . 2007-03-27 18:01:11 79328 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmserd.sys
2009-10-03 21:21:15 . 2007-03-27 18:01:11 5936 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmwhnt.sys
2009-10-03 21:21:14 . 2007-03-27 18:01:11 9232 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmmdfl.sys
2009-10-03 21:21:14 . 2007-03-27 18:01:11 92064 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmmdm.sys
2009-10-03 21:21:14 . 2007-03-27 18:01:11 4048 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmcr.sys
2009-10-03 21:21:13 . 2007-03-27 18:01:11 66656 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmbus.sys
2009-10-03 21:21:13 . 2007-03-27 18:01:11 6208 -c--a-w- C:\Documents and Settings\SEXY SORCERESS\mqdmcmnt.sys
2009-10-02 20:48:20 . 2007-07-17 00:40:58 60784 -c--a-w- C:\Documents and Settings\BOYS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-02 15:01:50 . 2009-10-02 08:37:09 0 ----a-w- C:\Program Files\Seem.lst
2009-10-02 14:03:15 . 2009-10-02 08:52:52 0 d-----w- C:\Program Files\3741829
2009-10-02 12:34:26 . 2009-10-02 12:20:02 487 ----a-w- C:\Program Files\P2kAutostart_daemon.log
2009-10-02 12:27:03 . 2009-10-02 12:26:56 1931052 ----a-w- C:\Program Files\SOURCEFILES
2009-10-02 11:13:17 . 2009-10-02 09:20:03 274 ----a-w- C:\Program Files\TempWebPage.htm
2009-10-02 10:47:59 . 2009-10-02 10:47:59 16 ----a-w- C:\Program Files\007D_0F3C.seem
2009-10-02 09:03:13 . 2009-10-02 09:03:13 10320 ----a-w- C:\Program Files\TmpTneDB.db
2009-10-02 09:02:52 . 2009-10-02 09:02:52 0 ----a-w- C:\Program Files\BREW_iTAP6_User_Dictionary
2009-10-02 09:02:51 . 2009-10-02 09:02:51 30680 ----a-w- C:\Program Files\AmAfsmToneDb.db
2009-10-02 09:02:51 . 2009-10-02 09:02:51 30680 ----a-w- C:\Program Files\AmAfsmTempToneDb.db
2009-10-02 09:02:51 . 2009-10-02 09:02:51 10400 ----a-w- C:\Program Files\AmAfsmDefaultToneDb.db
2009-10-02 09:02:51 . 2009-10-02 09:02:51 1019 ----a-w- C:\Program Files\AmAfsmToneListDb.db
2009-10-02 09:02:50 . 2009-10-02 09:02:50 300 ----a-w- C:\Program Files\ALARMCLOCK
2009-10-02 08:56:04 . 2009-10-02 08:56:04 178685 ----a-w- C:\Program Files\3gp
2009-10-02 08:55:30 . 2009-10-02 08:55:30 896 ----a-w- C:\Program Files\3_roam_idle1.bmp
2009-10-02 08:55:30 . 2009-10-02 08:55:30 896 ----a-w- C:\Program Files\3_nonantenna_idle1.bmp
2009-10-02 08:55:30 . 2009-10-02 08:55:30 896 ----a-w- C:\Program Files\3_idle1.bmp
2009-10-02 08:55:08 . 2009-10-02 08:49:16 0 d-----w- C:\Program Files\3741848
2009-10-02 08:54:38 . 2009-10-02 08:54:38 154257 ----a-w- C:\Program Files\3_10sec.mp3
2009-10-02 08:54:34 . 2009-10-02 08:49:16 0 d-----w- C:\Program Files\3741849
2009-10-02 08:54:15 . 2009-10-02 08:54:15 0 d-----w- C:\Program Files\3741833
2009-10-02 08:54:13 . 2009-10-02 08:54:13 7227 ----a-w- C:\Program Files\3.jpg
2009-10-02 08:53:59 . 2009-10-02 08:53:59 9772 ----a-w- C:\Program Files\359.jpg
2009-10-02 08:53:59 . 2009-10-02 08:53:59 8527 ----a-w- C:\Program Files\32.jpg
2009-10-02 08:53:59 . 2009-10-02 08:53:59 10121 ----a-w- C:\Program Files\398.jpg
2009-10-02 08:53:58 . 2009-10-02 08:53:58 7631 ----a-w- C:\Program Files\31.jpg
2009-10-02 08:53:40 . 2009-10-02 08:53:39 0 d-----w- C:\Program Files\3741832
2009-10-02 08:53:39 . 2009-10-02 08:53:39 0 d-----w- C:\Program Files\3741831
2009-10-02 08:53:29 . 2009-10-02 08:53:28 0 d-----w- C:\Program Files\3741853
2009-10-02 08:53:00 . 2009-10-02 08:53:00 23244 ----a-w- C:\Program Files\3.dat
2009-10-02 08:52:57 . 2009-10-02 08:52:56 0 d-----w- C:\Program Files\3741847
2009-10-02 08:52:55 . 2009-10-02 08:52:55 49724 ----a-w- C:\Program Files\3.wav
2009-10-02 08:52:52 . 2009-10-02 08:52:52 0 d-----w- C:\Program Files\3741830
2009-10-02 08:52:41 . 2009-10-02 08:52:40 0 d-----w- C:\Program Files\3741827
2009-10-02 08:52:28 . 2009-10-02 08:52:28 2408 ----a-w- C:\Program Files\3_idle7.bmp
2009-10-02 08:52:28 . 2009-10-02 08:52:28 1008 ----a-w- C:\Program Files\3_idle6.bmp
2009-10-02 08:52:28 . 2009-10-02 08:52:28 0 d-----w- C:\Program Files\3741826
2009-10-02 08:52:09 . 2009-10-02 08:52:09 0 d-----w- C:\Program Files\3741825
2009-10-02 08:50:59 . 2009-10-02 08:50:59 67742 ----a-w- C:\Program Files\354a.jpg
2009-10-02 08:50:57 . 2009-10-02 08:50:57 513572 ----a-w- C:\Program Files\3g2
2009-10-02 08:50:48 . 2009-10-02 08:50:48 1922189 ----a-w- C:\Program Files\35a.3g2
2009-10-02 08:50:22 . 2009-10-02 08:50:22 200216 ----a-w- C:\Program Files\356a.jpg
2009-10-02 08:50:21 . 2009-10-02 08:50:21 171552 ----a-w- C:\Program Files\355a.jpg
2009-10-02 08:50:13 . 2009-10-02 08:50:13 59638 ----a-w- C:\Program Files\3a.jpg
2009-10-02 08:50:07 . 2009-10-02 08:50:07 105455 ----a-w- C:\Program Files\35c.jpg
2009-10-02 08:50:06 . 2009-10-02 08:50:06 208341 ----a-w- C:\Program Files\35b.jpg
2009-10-02 08:50:04 . 2009-10-02 08:50:04 200203 ----a-w- C:\Program Files\35a.jpg
2009-10-02 08:50:02 . 2009-10-02 08:50:02 188898 ----a-w- C:\Program Files\34d.jpg
2009-10-02 08:50:01 . 2009-10-02 08:50:01 206691 ----a-w- C:\Program Files\34c.jpg
2009-09-30 20:04:00 . 2009-09-29 22:58:26 912 ----a-w- C:\Program Files\FAT Directory Entry.tpl
2009-09-30 16:46:09 . 2009-09-30 16:46:09 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01007.Wdf
2009-09-30 16:46:00 . 2009-09-30 16:46:00 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-09-30 16:40:01 . 2009-09-30 16:40:01 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
.

((((((((((((((((((((((((((((( SnapShot_2009-10-24_04.19.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-24 16:34:56 . 2009-10-24 16:34:56 16384 C:\WINDOWS\temp\Perflib_Perfdata_c70.dat
+ 2009-10-24 16:34:50 . 2009-10-24 16:34:50 16384 C:\WINDOWS\temp\Perflib_Perfdata_964.dat
+ 2009-10-24 16:34:46 . 2009-10-24 16:34:46 16384 C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-07 04:46:24 . 2005-06-07 04:46:24 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

2007-05-11 08:06:32 . 2007-10-11 01:51:55 39792 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

2007-03-25 16:28:30 . 2002-09-11 03:26:26 368706 C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe

2007-03-25 21:33:50 . 2006-03-28 21:48:54 622592 C:\Program Files\Brother\Brmfcmon\bak\BrMfcWnd.exe

2007-03-25 21:33:35 . 2005-01-27 00:02:22 49152 C:\Program Files\Brother\Brmfl06a\bak\BrStDvPt.exe

2007-03-25 21:33:48 . 2006-04-10 20:58:06 61440 C:\Program Files\Brother\ControlCenter3\bak\brctrcen.exe

2007-03-01 15:37:52 . 2007-03-01 15:37:52 2321600 C:\Program Files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe

2007-03-01 20:57:24 . 2007-03-01 20:57:24 153136 C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe

2007-05-16 14:27:16 . 2007-05-16 14:27:16 153136 C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe

2008-01-19 00:45:32 . 2008-01-19 00:45:32 185896 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
2009-10-15 03:41:37 . 2009-10-15 03:41:37 198160 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

2003-10-14 16:22:30 . 2003-10-14 16:22:30 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

2005-06-02 17:21:38 . 2005-06-02 17:21:38 48752 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

2007-11-25 17:47:29 . 2007-12-21 15:28:57 579072 C:\Program Files\Grisoft\AVG7\bak\avgcc.exe

2007-03-16 07:41:18 . 2006-07-13 21:34:04 9134080 C:\Program Files\Intel Audio Studio\bak\IntelAudioStudio.exe

2007-03-25 20:09:40 . 2006-12-15 09:23:27 75520 C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe

2007-06-29 12:24:52 . 2007-06-29 12:24:52 286720 C:\Program Files\QuickTime\bak\qttask.exe
2009-09-05 06:54:42 . 2009-09-05 06:54:42 417792 C:\Program Files\QuickTime\QTTask.exe

2005-03-17 20:45:52 . 2005-03-17 20:45:52 40960 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe

2005-03-17 20:25:54 . 2005-03-17 20:25:54 57393 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe

2006-11-04 00:20:12 . 2006-11-04 00:20:12 866584 C:\Program Files\Windows Defender\bak\MSASCui.exe

2007-11-16 03:51:56 . 2007-11-16 03:51:56 166304 C:\Program Files\Zune\bak\ZuneLauncher.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 17:28:04 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 17:28:04 1115392 ----a-w- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 17:28:04 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-15 03:40:16 39408]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:39:52 1289000]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 14:55:40 2329224]
"RIMDeviceManager"="C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2009-06-03 12:48:36 1406224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 06:42:26 212992]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-11 02:07:20 413696]
"ATT-SST_McciTrayApp"="C:\Program Files\ATT-SST\McciTrayApp.exe" [2008-09-02 04:19:43 1529856]
"Conime"="C:\WINDOWS\system32\conime.exe" [2008-04-14 00:12:15 27648]
"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 22:27:30 1511424]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-09-05 06:54:42 417792]
"mumservice"="C:\Program Files\Motorola\Software Update\mumservice.exe" [2009-08-19 23:10:32 1070336]
"GSM"="C:\Program Files\Gateway\GSM\bin\usm.exe" [2005-06-01 05:05:34 9216]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 21:19:00 7626752]
"AVG9_TRAY"="C:\PROGRA~1\AVG\AVG9\avgtray.exe" [2009-10-24 03:25:09 2010904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-10-15 03:41:37 198160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-09-21 21:36:12 305440]
"BlackBerryAutoUpdate"="C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 04:12:46 623960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 08:18:18 437160]

C:\Documents and Settings\SEXY SORCERESS\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OneNote Table Of Contents.onetoc2 [2008-1-4 3656]

C:\Documents and Settings\BOYS\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OneNote Table Of Contents.onetoc2 [2009-3-31 3656]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-15 02:08:15 12464 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\BOYS\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"C:\\Program Files\\Ares Vista\\AresVista.exe"=
"C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"C:\\Program Files\\Motorola\\Motoconnect\\SWDL.exe"=
"C:\\Program Files\\Motoconnect\\SWDL.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Adobe\\Adobe Bridge CS4\\Bridge.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Program Files\\BitPim\\bitpimw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MessagingToolkit\\MessagingToolkit.BulkGateway.exe"=
"C:\\Program Files\\Cell Phone Analyzer Demo\\dcpa.exe"=
"C:\\Program Files\\Data Doctor - Mobile Phone Inspector\\MobileDoctor.exe"=
"C:\\Program Files\\Data Doctor Forensic Software - Pocket PC (Evaluation)\\PDAForensic.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\QPST\\bin\\MemoryDebugApp.exe"=
"C:\\Program Files\\Mobile Master\\MobileMaster.exe"=
"C:\\Program Files\\MOBILedit! Forensic\\MOBILedit!.exe"=
"C:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QPST\\bin\\QPSTConfig.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"C:\\Program Files\\Motorola Tools\\M-Explorer\\mexplorer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\QPST\\bin\\DMProxyWin.exe"=
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
"C:\\Program Files\\Gateway\\GSM\\BIN\\ssm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:*:Disabled:EKDiscovery
"9324:TCP"= 9324:TCP:EKDiscovery
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"9322:TCP"= 9322:TCP:EKDiscovery
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\drivers\avgrkx86.sys [10/14/2009 9:08:15 PM 161800]
R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [10/15/2009 6:10:51 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [10/14/2009 9:08:11 PM 333192]
R1 AvgTdiX;AVG Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [10/14/2009 9:08:15 PM 360584]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24:54 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24:52 PM 74480]
R2 avg9wd;AVG WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [10/14/2009 9:07:42 PM 285392]
R2 CBA8;LANDesk® Management Agent;C:\Program Files\LANDesk\Shared Files\residentAgent.exe [4/28/2005 2:05:10 PM 122880]
R2 CISMBIOS;CiSMBios Driver;C:\WINDOWS\system32\drivers\cismbios.sys [5/31/2005 11:53:20 PM 13312]
R2 IS360service;IS360service;C:\Program Files\IObit\IObit Security 360\is360srv.exe [10/15/2009 8:13:40 PM 309008]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17:32 AM 1169232]
R2 LSM_SSM;LANDesk® System Manager System Space Manager;C:\Program Files\Gateway\GSM\BIN\SSM.exe [6/1/2005 12:04:48 AM 28672]
R2 ModemView;LANDesk Message Handler Service;C:\Program Files\Gateway\GSM\BIN\modemview.exe [6/1/2005 12:13:16 AM 45056]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [10/13/2009 11:26:40 PM 91392]
R3 ICFWDM;ICFWDM;C:\WINDOWS\system32\drivers\icfwdm.sys [6/20/2002 12:35:30 PM 12064]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15:26 PM 279960]
S2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08:26 PM 32768]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" --> C:\Program Files\Viewpoint\Common\ViewpointService.exe [?]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 6:42:56 AM 64000]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\drivers\ubVeo532.sys [7/1/2002 7:30:16 PM 95232]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\drivers\el575ND5.sys [6/30/2006 11:44:58 PM 69692]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\drivers\lgatbus.sys [9/28/2009 8:49:23 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\drivers\lgatmdm.sys [9/28/2009 8:49:23 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\drivers\lgatserd.sys [9/28/2009 8:49:23 PM 60816]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\drivers\motccgp.sys [10/13/2009 8:08:07 PM 19712]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\drivers\motccgpfl.sys [10/13/2009 8:08:07 PM 8320]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\drivers\motodrv.sys [10/13/2009 8:08:07 PM 42752]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\drivers\motport.sys [10/13/2009 8:08:08 PM 23936]
S3 PAC207;CIF USB Camera;C:\WINDOWS\system32\drivers\PFC027.SYS [2/18/2009 12:26:55 PM 505984]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24:56 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-10-24 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2009-10-01 13:06:13]

2009-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12]

2009-10-18 C:\WINDOWS\Tasks\Driver Robot.job
- C:\Program Files\Driver Robot\1.1.0.4\DriverRobot.exe [2009-09-30 14:29:29 . 2009-09-25 15:22:16]


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:30 AM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Gateway\GSM\BIN\ssm.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Gateway\GSM\BIN\modemview.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Gateway\GSM\bin\usm.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\SEXY SORCERESS\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ancestry Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\Ancestry Toolbar\AncestryToolBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ancestry Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\Ancestry Toolbar\AncestryToolBar.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [GSM] C:\Program Files\Gateway\GSM\bin\usm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote Table Of Contents.onetoc2 (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: OneNote Table Of Contents.onetoc2 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) -
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} - http://eshare.hpphot...sLocalPrint.CAB
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide....ageUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} (TeleVoxAudioPlayer2.TVoxAudioPlayer) - https://www.mytelevo...udioPlayer2.CAB
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.c...ageUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LANDesk® System Manager System Space Manager (LSM_SSM) - LANDesk® Software Ltd. - C:\Program Files\Gateway\GSM\BIN\ssm.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: LANDesk Message Handler Service (ModemView) - LANDesk® Software Ltd. - C:\Program Files\Gateway\GSM\BIN\modemview.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\owner\locals~1\temp\cdm\{5062c20c-1668-4aaf-be33-dafc6f30b28a}\STacSV.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 15457 bytes




.

#9 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 October 2009 - 11:13 AM

I swear I think I'm in some scifi novel and this computer knows exactly what I'm doing...It acts worse if I'm trying to do something you told me to. Now the internet keeps going down & it will give different error messages i.e. "hosts not found" or "DSL is down" but the DSL light will be solid green. After about 5 times or resetting the modem and restarting internet explorer it will finally connect.

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 October 2009 - 05:43 PM

Using Internet Explorer, click on Kaspersky Online Scanner * You will be prompted to install an ActiveX component from Kaspersky, Click 'Yes'.
* The program will launch and then start to download the latest definition files.
* Once the scanner is installed and the definitions downloaded, click 'Next'.
* Now click on 'Scan Settings'
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
* Click 'OK'
* Now under 'Select a target to scan' select 'My Computer'
* The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
* Now click on the 'Save as Text' button:
* Save the file to your desktop.
Please post the Kaspersky report and a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

#11 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 October 2009 - 06:02 PM

I will try to do that, but my alien hasn't let me get online today since I posted my last reply. Have you ever read that book where the people's fingers started growing into the keyboard? Agh!!! I'm on my phone now, was hoping the next steps didn't involve going online...

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 October 2009 - 06:10 PM

Try unplugging the power and cables from you Modem / Router and wait for about 5 minutes.
Plug the power / cables back in and turn it on. Let me know if that worked.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#13 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 October 2009 - 07:00 PM

Try unplugging the power and cables from you Modem / Router and wait for about 5 minutes.
Plug the power / cables back in and turn it on. Let me know if that worked.


#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 October 2009 - 07:01 PM

Did you do that? Did it help?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#15 120500

120500

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 October 2009 - 07:04 PM

I tried that earlier, but I tried it again. No luck...

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·