Antivirus program issues, etc.
 
  Tweaks.com
 Home    Members    Calendar    Who's On    
Search
    Main Site
 


Home » Windows & System Security » HiJack This Logs » Antivirus program issues, etc.


Antivirus program issues, etc.Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
kaleeb
Posted 7/10/2008 5:32 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 7/10/2008 7:45 PM
Posts: 19, Visits: 34
I've followed everything, so here's my logfile. A new thing has occured. My desktop image has been replaced by one that says that I've got spyware and I need to delete it.

Again, like I said in my last post I've still got two main issues. The inability to install an anti-virus program, and the inability to have my computer just turn on and go directly to my desktop. Also, it keeps turning my Auto Updates off despite me turning them on.

Thanks again for all your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:58 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dobstohw\napepidm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mrofinu1749.exe
C:\WINDOWS\system32\lphcedlj0ecee.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\28468.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\28468.exe
C:\WINDOWS\17PHolmes1749.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0791FCFD-415B-4BA3-9A7C-4FF3C469AA4E} - (no file)
O2 - BHO: (no name) - {144e2b88-4865-488d-ba7e-932659ef5147} - (no file)
O2 - BHO: (no name) - {367A94A7-E07D-4164-BFFC-A23D493D3146} - (no file)
O2 - BHO: (no name) - {3FF2BA8E-4879-4853-8B68-9ADF3E1C15D4} - C:\Documents and Settings\Kaleeb\Local Settings\Temporary Internet Files\Content.IE5\PWDMTR42\3077ahntdksr[1].dll
O2 - BHO: (no name) - {4E3E60F5-F691-475F-AFBA-CF9FCAB47C15} - C:\WINDOWS\system32\ssqNFYRl.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6341e5ae-0d53-4ad7-b840-70cd5e5cf939} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8F5ED728-56AB-43F5-A255-B8582AB5EA33} - (no file)
O2 - BHO: (no name) - {8FB0BF8B-7A97-461A-9902-5FE51D08AEFE} - (no file)
O2 - BHO: {81b4bee7-a457-ee18-a854-f69f0756ad89} - {98da6570-f96f-458a-81ee-754a7eeb4b18} - C:\WINDOWS\system32\wevftf.dll
O2 - BHO: (no name) - {C81A06BE-1CC9-452D-8274-19C00B49DC42} - (no file)
O2 - BHO: (no name) - {CFACDD68-BEC1-4CBD-A61D-8815BE0A3FB6} - (no file)
O2 - BHO: (no name) - {d5f53c1f-b21a-46d6-b737-a5cf9efe7f59} - (no file)
O2 - BHO: (no name) - {EAD6D995-9810-4FBA-964A-08979F11B57C} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {F1EAF9FC-CFBF-441B-B7D0-9484BD42A67c} - C:\WINDOWS\system32\wwiftpcl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [gfxdrv] "C:\WINDOWS\smrn.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Microsoft Windows Sound] svshost.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [9ce6e879] rundll32.exe "C:\WINDOWS\system32\xaegscxw.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1749.exe 61A847B5BBF72813359F31466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [lphcedlj0ecee] C:\WINDOWS\system32\lphcedlj0ecee.exe
O4 - HKLM\..\Run: [SMrhcadlj0ecee] C:\Program Files\rhcadlj0ecee\rhcadlj0ecee.exe
O4 - HKLM\..\Run: [BM9fd5dbe5] Rundll32.exe "C:\WINDOWS\system32\weauxmmy.dll",s
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svshost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\28468.exe
O4 - HKLM\..\Policies\Explorer\Run: [qKWGbYtEfv] C:\Documents and Settings\All Users\Application Data\dobstohw\napepidm.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqNFYRl - C:\WINDOWS\SYSTEM32\ssqNFYRl.dll
O21 - SSODL: utilsrv - {6EE62B1F-F150-B038-425A-0B942309FBC7} - C:\Program Files\quuucbd\utilsrv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 11192 bytes
Post #242327
RichieUK
Posted 7/10/2008 5:36 PM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,010, Visits: 54,734
Welcome

Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall



Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

________________________________________


ASAP & UNITE member since 2006





Spreadfirefox Affiliate Button Get Thunderbird!
Post #242328
kaleeb
Posted 7/10/2008 6:28 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 7/10/2008 7:45 PM
Posts: 19, Visits: 34
ComboFix 08-07-10.1 - Kaleeb 2008-07-10 19:07:46.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1542 [GMT -4:00]
Running from: C:\Documents and Settings\Kaleeb\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\3363.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\3514.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\3519.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\4038.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\4299.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\4324.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\4331.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\4408.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\4669.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\4671.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\4852.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\49.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\5002.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\5114.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\5584.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\5619.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\5745.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\5918.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6023.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6136.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6211.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6266.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6391.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6603.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\672.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6755.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6895.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\6962.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\701.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7021.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7047.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7131.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7338.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7489.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7653.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7667.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7770.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\7786.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\8010.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\8242.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\8682.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\8991.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9011.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9194.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9237.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\926.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9508.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9609.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9728.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9879.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9980.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\9994.exe
C:\Documents and Settings\Kaleeb\Application Data\Microsoft\dtsc\s
C:\Documents and Settings\Kaleeb\Application Data\rhcadlj0ecee
C:\WINDOWS\BM9fd5dbe5.xml
C:\WINDOWS\system32\drivers\npf.sys
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msupdte.exe
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\svshost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 19:17 . 2008-07-10 19:17d--------C:\Program Files\rhcadlj0ecee
2008-07-10 19:16 . 2008-07-10 19:16109,056--a------C:\WINDOWS\system32\cxuzivwl.exe
2008-07-10 17:03 . 2008-07-10 17:0394,208--a------C:\WINDOWS\system32\pphcedlj0ecee.exe
2008-07-10 17:02 . 2008-07-10 17:02d--------C:\Program Files\quuucbd
2008-07-10 17:01 . 2008-07-10 17:01d--------C:\Program Files\uTorrent
2008-07-10 17:01 . 2008-07-10 17:01d--------C:\Documents and Settings\All Users\Application Data\dobstohw
2008-07-10 17:01 . 2008-07-10 18:47109,056--a------C:\WINDOWS\system32\lphcedlj0ecee.exe
2008-07-10 17:01 . 2008-07-10 19:1690,838--a------C:\WINDOWS\system32\phcedlj0ecee.bmp
2008-07-10 17:01 . 2008-07-10 19:1660,928--a------C:\WINDOWS\system32\blphcedlj0ecee.scr
2008-07-10 17:01 . 2008-07-10 18:0441,984--a------C:\WINDOWS\mrofinu1749.exe.tmp
2008-07-10 17:01 . 2008-07-10 18:1941,984--a------C:\WINDOWS\mrofinu1749.exe
2008-07-10 17:00 . 2008-07-10 17:008,784--ah-----C:\Documents and Settings\Kaleeb\runUpdater.exe
2008-07-10 17:00 . 2008-07-10 17:003,702--ah-----C:\Documents and Settings\Kaleeb\runScreen.exe
2008-07-10 11:47 . 2008-07-10 11:47d--------C:\Documents and Settings\All Users\Application Data\DigitalChocolate
2008-07-10 11:46 . 2008-07-10 11:46d--------C:\Program Files\Tower Bloxx Deluxe
2008-07-09 15:08 . 2008-07-09 15:0854,156--ah-----C:\WINDOWS\QTFont.qfn
2008-07-09 15:08 . 2008-07-09 15:081,409--a------C:\WINDOWS\QTFont.for
2008-07-09 13:51 . 2008-07-09 13:52d--------C:\Program Files\Elf Bowling - Hawaiian Vacation
2008-07-05 21:43 . 2008-07-05 21:43d--------C:\games
2008-07-05 14:34 . 2008-07-05 14:34d--------C:\WINDOWS\Great Secrets Da Vinci
2008-07-05 14:34 . 2008-07-05 14:52d--------C:\Program Files\Great Secrets Da Vinci
2008-06-28 23:04 . 2008-07-09 13:52d--------C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-28 15:33 . 2008-06-29 21:4828,150--a------C:\winupdate.exe
2008-06-26 21:37 . 2008-06-26 21:37d--------C:\WINDOWS\privacy_danger(2)
2008-06-26 20:44 . 2008-06-26 20:44d--------C:\Program Files\Hasbro Interactive
2008-06-25 23:23 . 2008-06-21 11:353,262--a------C:\WINDOWS\system32\sex2.ico
2008-06-25 23:19 . 2008-06-21 11:353,262--a------C:\WINDOWS\system32\sex1.ico
2008-06-22 21:08 . 2008-06-22 21:07691,545--a------C:\WINDOWS\unins000.exe
2008-06-21 21:24 . 2008-06-13 09:10272,128---------C:\WINDOWS\system32\drivers\bthport.sys
2008-06-21 21:24 . 2008-06-21 22:161,374--a------C:\WINDOWS\imsins.BAK
2008-06-21 21:21 . 2008-07-05 14:25d--------C:\WINDOWS\Hidden Expedition Amazon
2008-06-21 21:20 . 2008-06-21 21:2049,152--a------C:\WINDOWS\system32\Setup_ver1.1351.25.exe
2008-06-15 22:48 . 2008-06-15 22:48d--------C:\WINDOWS\The Secret of Margrave Manor
2008-06-15 22:48 . 2008-06-15 22:49d--------C:\Program Files\The Secret of Margrave Manor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 23:17---------d-----wC:\Program Files\PeerGuardian2
2008-07-10 22:42---------d--h--wC:\Program Files\InstallShield Installation Information
2008-07-10 22:38---------d-----wC:\Documents and Settings\Kaleeb\Application Data\My Games
2008-07-10 22:37---------d-----wC:\Program Files\Nancy Drew
2008-07-10 22:37---------d-----wC:\Program Files\Mystery Cookbook {h33t} {oi812heet}
2008-07-10 22:35---------d-----wC:\Documents and Settings\All Users\Application Data\AOL
2008-07-10 22:19---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 21:16---------d-----wC:\Program Files\Mozilla Thunderbird
2008-07-10 20:51---------d-----wC:\Documents and Settings\Kaleeb\Application Data\Azureus
2008-07-01 03:31---------d-----wC:\Documents and Settings\All Users\Application Data\avg8
2008-07-01 03:31---------d-----wC:\Documents and Settings\All Users\Application Data\avg7
2008-06-27 01:33---------d-----wC:\Program Files\FlashGet
2008-06-26 03:27---------d-----wC:\Program Files\MHX First Defense - Antivirus and Antispyware
2008-06-23 19:46---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-23 19:45---------d-----wC:\Program Files\Spybot - Search & Destroy
2008-06-22 12:23---------d-----wC:\Documents and Settings\Kaleeb\Application Data\dvdcss
2008-06-22 12:11---------d-----wC:\Documents and Settings\Kaleeb\Application Data\Roxio
2008-06-22 01:25---------d-----wC:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 01:41---------d-----wC:\Program Files\Azureus
2008-06-06 11:25---------d-----wC:\Program Files\SUPERAntiSpyware
2008-05-27 00:36---------d-----wC:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-05-26 22:13---------d-----wC:\Program Files\Jigsaw World
2008-05-23 01:47---------d-----wC:\Documents and Settings\Kaleeb\Application Data\Gaijin Ent
2008-05-23 00:04---------d-----wC:\Program Files\Super Jigsaws
2008-05-18 23:13---------d-----wC:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-05-18 21:40---------d-----wC:\Documents and Settings\Kaleeb\Application Data\LimeWire
2008-05-17 16:58---------d-----wC:\Documents and Settings\All Users\Application Data\Avira
2008-05-16 16:54---------d-----wC:\Program Files\AVG
2008-05-12 01:04---------d-----wC:\Program Files\Flock
2008-05-12 01:04---------d-----wC:\Documents and Settings\Kaleeb\Application Data\Flock
2008-05-10 21:45---------d-----wC:\Documents and Settings\Kaleeb\Application Data\Games
2008-05-07 04:551,288,192----a-wC:\WINDOWS\system32\quartz.dll
2008-04-23 04:16826,368----a-wC:\WINDOWS\system32\wininet.dll
2008-04-04 19:24984,576----a-wC:\Documents and Settings\Kaleeb\Application Data\kernel64.dll
2007-12-31 19:2292,676,228----a-wC:\Program Files\foreign oren.zip
2007-12-31 19:085,687,265----a-wC:\Program Files\count me in.mp3
2007-12-31 19:0354,167,729----a-wC:\Program Files\for the love of the game.zip
2007-12-31 19:0140,415,199----a-wC:\Program Files\Comatose Deluxe Edition Pt. 2.zip
2007-12-30 21:4613,413,048----a-wC:\Program Files\Google_Earth_BZXV.exe
2007-10-13 19:09150----a-wC:\Documents and Settings\Kaleeb\Application Data\wklnhst.dat
2007-09-20 02:3820---h--wC:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-07-16 20:5348----a-wC:\Documents and Settings\Kaleeb\readme.bat
.

((((((((((((((((((((((((((((( snapshot@2008-04-24_14.45.28.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21554,008----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11518,944----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11326,432----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:111,516,568----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11355,112----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13151,583----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:1260,192----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12248,608----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12219,936----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12355,104----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13432,928----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13322,336----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13559,904----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13264,992----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13838,432----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14621,344----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14355,104----a-wC:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:3614,048----a-wC:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41213,216----a-wC:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:3422,752----a-wC:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59716,000----a-wC:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51371,424----a-wC:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2008-04-24 18:33:212,048--s-a-wC:\WINDOWS\bootstat.dat
+ 2008-07-10 23:15:442,048--s-a-wC:\WINDOWS\bootstat.dat
+ 2008-06-13 13:10:50272,128------wC:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 12:00:0073,728----a-wC:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:0089,504----a-wC:\WINDOWS\fdsv.exe
+ 2008-07-05 18:34:06451,072----a-wC:\WINDOWS\Great Secrets Da Vinci\uninstall.exe
+ 2008-07-05 18:25:18451,072----a-wC:\WINDOWS\Hidden Expedition Amazon\uninstall.exe
+ 2008-03-01 13:06:20124,928-c----wC:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21347,136-c----wC:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21214,528-c----wC:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21133,120-c----wC:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:2163,488-c----wC:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:2370,656-c----wC:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21153,088-c----wC:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21230,400-c----wC:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25161,792-c----wC:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22383,488-c----wC:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22384,512-c----wC:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:246,066,176-c----wC:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:2444,544-c----wC:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25267,776-c----wC:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:5113,824-c----wC:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46625,664-c----wC:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:2527,648-c----wC:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26459,264-c----wC:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:2652,224-c----wC:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:303,591,680-c----wC:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28478,208-c----wC:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28193,024-c----wC:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29671,232-c----wC:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29102,912-c----wC:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:2944,544-c----wC:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39213,216-c----wC:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51371,424-c----wC:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29105,984-c----wC:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:301,159,680-c----wC:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30233,472-c----wC:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31826,368-c----wC:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2006-10-27 19:04:08497,504----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 00:09:36136,008----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-27 19:04:06624,456----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 19:23:04347,432----a-rC:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
- 2008-04-10 11:28:241,165,584----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-22 01:25:181,165,584----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-10 11:28:2520,240----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-22 01:25:1920,240----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-10 11:28:24159,504----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-06-22 01:25:19159,504----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-10 11:28:24184,080----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-06-22 01:25:19184,080----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-10 11:28:25217,864----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-22 01:25:19217,864----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-10 11:28:2518,704----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-22 01:25:1918,704----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-10 11:28:2535,088----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-22 01:25:1935,088----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-10 11:28:25845,584----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-22 01:25:19845,584----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-10 11:28:25922,384----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-22 01:25:19922,384----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-10 11:28:25272,648----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-22 01:25:19272,648----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-10 11:28:25888,080----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-22 01:25:19888,080----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-10 11:28:241,172,240----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-22 01:25:181,172,240----a-rC:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 1998-10-29 21:45:06306,688----a-wC:\WINDOWS\IsUninst.exe
+ 1998-10-29 20:45:06306,688----a-wC:\WINDOWS\IsUninst.exe
+ 2008-05-26 22:13:40472,576----a-wC:\WINDOWS\Jigsaw World\uninstall.exe
+ 2008-05-23 01:46:36472,576----a-wC:\WINDOWS\Mystery Cookbook {h33t} {oi812heet}\uninstall.exe
- 2000-08-31 12:00:0028,160----a-wC:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:0028,672----a-wC:\WINDOWS\Nircmd.exe
+ 2006-05-02 22:38:2472,444----a-wC:\WINDOWS\SetBrowser.exe
+ 2008-05-10 21:10:22472,576----a-wC:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet\uninstall.exe
+ 2008-05-23 00:04:23472,576----a-wC:\WINDOWS\Super Jigsaws\uninstall.exe
+ 2008-06-17 20:12:42114,688----a-wC:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-06-17 20:23:02202,168----a-wC:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-06-17 20:13:22487,424----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-06-17 19:36:001,798,144----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-06-17 20:13:269,216----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-06-17 19:25:58697,344----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-06-17 19:26:001,145,896----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-06-17 19:25:5852,288----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-06-17 19:32:18892,928----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-06-17 20:11:56253,952----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-06-17 20:15:00446,464----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-19 23:36:06439,736----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-06-17 20:22:46439,736----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100458.exe
+ 2008-06-17 20:15:44114,688----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-06-17 20:11:4494,208----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-06-17 19:25:5850,808----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 14:55:30149,504----a-wC:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-03-01 13:06:20124,928----a-wC:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28124,928----a-wC:\WINDOWS\system32\advpack.dll
+ 2007-05-16 20:45:161,124,720----a-wC:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-07-19 22:14:421,358,192----a-wC:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-10-12 19:14:001,374,232----a-wC:\WINDOWS\system32\D3DCompiler_36.dll
+ 2008-03-05 19:56:581,420,824----a-wC:\WINDOWS\system32\D3DCompiler_37.dll
+ 2007-05-16 20:45:16443,752----a-wC:\WINDOWS\system32\d3dx10_34.dll
+ 2007-07-19 22:14:42444,776----a-wC:\WINDOWS\system32\d3dx10_35.dll
+ 2007-10-02 13:56:34444,776----a-wC:\WINDOWS\system32\d3dx10_36.dll
+ 2008-02-06 03:07:36462,864----a-wC:\WINDOWS\system32\d3dx10_37.dll
+ 2007-05-16 20:45:163,497,832----a-wC:\WINDOWS\system32\d3dx9_34.dll
+ 2007-07-19 22:14:423,727,720----a-wC:\WINDOWS\system32\d3dx9_35.dll
+ 2007-10-12 19:14:003,734,536----a-wC:\WINDOWS\system32\d3dx9_36.dll
+ 2008-03-05 19:56:583,786,760----a-wC:\WINDOWS\system32\D3DX9_37.dll
- 2008-03-01 13:06:20124,928-c----wC:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28124,928-c----wC:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-04 04:10:38274,304-c--a-wC:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-13 13:10:50272,128-c--a-wC:\WINDOWS\system32\dllcache\bthport.sys
- 2004-08-10 12:00:00561,179-c--a-wC:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25554,008-c--a-wC:\WINDOWS\system32\dllcache\dao360.dll
- 2008-03-01 13:06:21347,136-c----wC:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28347,136-c----wC:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21214,528-c----wC:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28214,528-c----wC:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21133,120-c----wC:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28133,120-c----wC:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:2163,488-c----wC:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:2863,488-c----wC:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:2370,656-c----wC:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:5870,656-c----wC:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21153,088-c----wC:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28153,088-c----wC:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21230,400-c----wC:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28230,400-c----wC:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25161,792-c----wC:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51161,792-c----wC:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22383,488-c----wC:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28383,488-c----wC:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22384,512-c----wC:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28384,512-c----wC:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:246,066,176-c----wC:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:286,066,176-c----wC:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:2444,544-c----wC:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:2844,544-c----wC:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25267,776-c----wC:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28267,776-c----wC:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:5113,824-c----wC:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:5813,824-c----wC:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46625,664-c----wC:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18625,664-c----wC:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:06:2527,648-c----wC:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:2827,648-c----wC:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-31 12:07:20294,400-c--a-wC:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50294,912-c--a-wC:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-10 12:00:00512,029-c--a-wC:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28518,944-c--a-wC:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-10 12:00:00319,517-c--a-wC:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30326,432-c--a-wC:\WINDOWS\system32\dllcache\msexcl40.dll
- 2008-03-01 13:06:26459,264-c----wC:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28459,264-c----wC:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:2652,224-c----wC:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:2852,224-c----wC:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 22:36:303,591,680-c----wC:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 02:16:303,591,680-c----wC:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28478,208-c----wC:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28478,208-c----wC:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-10 12:00:001,507,356-c--a-wC:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:341,516,568-c--a-wC:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-10 12:00:00358,976-c--a-wC:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40355,112-c--a-wC:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-10 12:00:00151,583-c--a-wC:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54151,583-c--a-wC:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-10 12:00:0053,279-c--a-wC:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:4260,192-c--a-wC:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-10 12:00:00241,693-c--a-wC:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42248,608-c--a-wC:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-10 12:00:00213,023-c--a-wC:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44219,936-c--a-wC:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-10 12:00:00348,189-c--a-wC:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45355,104-c--a-wC:\WINDOWS\system32\dllcache\mspbde40.dll
- 2008-03-01 13:06:28193,024-c----wC:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28193,024-c----wC:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-10 12:00:00421,919-c--a-wC:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47432,928-c--a-wC:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-10 12:00:00315,423-c--a-wC:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49322,336-c--a-wC:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-10 12:00:00552,989-c--a-wC:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52559,904-c--a-wC:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-10 12:00:00258,077-c--a-wC:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55264,992-c--a-wC:\WINDOWS\system32\dllcache\mstext40.dll
- 2008-03-01 13:06:29671,232-c----wC:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28671,232-c----wC:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-10 12:00:00831,519-c--a-wC:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57838,432-c--a-wC:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-10 12:00:00614,429-c--a-wC:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58621,344-c--a-wC:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-10 12:00:00348,189-c--a-wC:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58355,104-c--a-wC:\WINDOWS\system32\dllcache\msxbde40.dll
- 2008-03-01 13:06:29102,912-c----wC:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28102,912-c----wC:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:2944,544-c----wC:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:2844,544-c----wC:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:35:131,287,680-c--a-wC:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 04:55:401,288,192-c--a-wC:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58202,240-c--a-wC:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49202,752-c--a-wC:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29105,984-c----wC:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28105,984-c----wC:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:301,159,680-c----wC:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:291,159,680-c----wC:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30233,472-c----wC:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29233,472-c----wC:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31826,368-c----wC:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29826,368-c----wC:\WINDOWS\system32\dllcache\wininet.dll
- 2006-07-13 08:48:58202,240----a-wC:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49202,752----a-wC:\WINDOWS\system32\drivers\rmcast.sys
- 2008-03-01 13:06:21347,136------wC:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28347,136------wC:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21214,528------wC:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28214,528------wC:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21133,120------wC:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28133,120------wC:\WINDOWS\system32\extmgr.dll
- 2008-04-10 14:23:371,643,584----a-wC:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-09 09:14:021,643,696----a-wC:\WINDOWS\system32\FNTCACHE.DAT
- 2008-03-01 13:06:2163,488----a-wC:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:2863,488----a-wC:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:2370,656------wC:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:5870,656------wC:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21153,088------wC:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28153,088------wC:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21230,400------wC:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28230,400------wC:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25161,792------wC:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51161,792------wC:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22383,488----a-wC:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28383,488----a-wC:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22384,512------wC:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28384,512------wC:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:246,066,176----a-wC:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:286,066,176----a-wC:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:2444,544------wC:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:2844,544------wC:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25267,776----a-wC:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28267,776----a-wC:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:5113,824----a-wC:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:5813,824----a-wC:\WINDOWS\system32\ieudinit.exe
- 2007-12-14 05:57:22135,168----a-wC:\WINDOWS\system32\java.exe
+ 2008-03-25 05:28:39135,168----a-wC:\WINDOWS\system32\java.exe
- 2007-12-14 05:57:24135,168----a-wC:\WINDOWS\system32\javaw.exe
+ 2008-03-25 05:28:43135,168----a-wC:\WINDOWS\system32\javaw.exe
- 2007-12-14 06:59:16139,264----a-wC:\WINDOWS\system32\javaws.exe
+ 2008-03-25 06:37:01139,264----a-wC:\WINDOWS\system32\javaws.exe
- 2008-03-01 13:06:2527,648------wC:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:2827,648------wC:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 16:27:16213,048----a-wC:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:2094,208----a-wC:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54950,272----a-wC:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-03-13 22:54:4070,264----a-wC:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-05-12 01:04:0970,264----a-wC:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-01-03 23:19:34581,632----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 03:29:22581,632----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 03:12:301,490,944----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
- 2008-01-03 23:20:1424,576----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 03:29:5824,576----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 03:10:06606,208----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
- 2008-01-03 23:18:56339,968----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 03:28:48339,968----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2008-01-03 23:19:06475,136----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-15 03:28:56475,136----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2008-01-03 23:11:48180,224----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-15 03:21:52180,224----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
- 2008-01-03 23:22:0677,824----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 03:31:2877,824----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 15:38:0886,016----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2008-01-03 23:22:0898,304----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-03-15 03:31:2898,304----a-wC:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 2008-04-06 02:56:2219,836,024----a-wC:\WINDOWS\system32\MRT.exe
+ 2008-05-29 20:35:1217,486,968----a-wC:\WINDOWS\system32\MRT.exe
- 2007-12-31 12:07:20294,400----a-wC:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:50294,912----a-wC:\WINDOWS\system32\msctf.dll
- 2004-08-10 12:00:00512,029----a-wC:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28518,944----a-wC:\WINDOWS\system32\msexch40.dll
- 2004-08-10 12:00:00319,517----a-wC:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30326,432----a-wC:\WINDOWS\system32\msexcl40.dll
- 2008-03-01 13:06:26459,264----a-wC:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28459,264----a-wC:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:2652,224----a-wC:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:2852,224----a-wC:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:303,591,680----a-wC:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:303,591,680----a-wC:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28478,208------wC:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28478,208------wC:\WINDOWS\system32\mshtmled.dll
- 2004-08-10 12:00:001,507,356----a-wC:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:341,516,568----a-wC:\WINDOWS\system32\msjet40.dll
- 2004-08-10 12:00:00358,976----a-wC:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40355,112----a-wC:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-10 12:00:00151,583----a-wC:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54151,583----a-wC:\WINDOWS\system32\msjint40.dll
- 2004-08-10 12:00:0053,279----a-wC:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:4260,192----a-wC:\WINDOWS\system32\msjter40.dll
- 2004-08-10 12:00:00241,693----a-wC:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42248,608----a-wC:\WINDOWS\system32\msjtes40.dll
- 2004-08-10 12:00:00213,023----a-wC:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44219,936----a-wC:\WINDOWS\system32\msltus40.dll
- 2004-08-10 12:00:00348,189----a-wC:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45355,104----a-wC:\WINDOWS\system32\mspbde40.dll
- 2008-03-01 13:06:28193,024------wC:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28193,024------wC:\WINDOWS\system32\msrating.dll
- 2004-08-10 12:00:00421,919----a-wC:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47432,928----a-wC:\WINDOWS\system32\msrd2x40.dll
- 2004-08-10 12:00:00315,423----a-wC:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49322,336----a-wC:\WINDOWS\system32\msrd3x40.dll
- 2004-08-10 12:00:00552,989----a-wC:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52559,904----a-wC:\WINDOWS\system32\msrepl40.dll
- 2004-08-10 12:00:00258,077----a-wC:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55264,992----a-wC:\WINDOWS\system32\mstext40.dll
- 2008-03-01 13:06:29671,232------wC:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28671,232------wC:\WINDOWS\system32\mstime.dll
- 2004-08-10 12:00:00831,519----a-wC:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57838,432----a-wC:\WINDOWS\system32\mswdat10.dll
- 2004-08-10 12:00:00614,429----a-wC:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58621,344----a-wC:\WINDOWS\system32\mswstr10.dll
- 2004-08-10 12:00:00348,189----a-wC:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58355,104----a-wC:\WINDOWS\system32\msxbde40.dll
- 2008-03-01 13:06:29102,912------wC:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28102,912------wC:\WINDOWS\system32\occache.dll
- 2008-04-24 11:21:5754,682----a-wC:\WINDOWS\system32\perfc009.dat
+ 2008-07-10 23:10:3954,682----a-wC:\WINDOWS\system32\perfc009.dat
- 2008-04-24 11:21:57385,164----a-wC:\WINDOWS\system32\perfh009.dat
+ 2008-07-10 23:10:39385,164----a-wC:\WINDOWS\system32\perfh009.dat
- 2008-03-01 13:06:2944,544------wC:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:2844,544------wC:\WINDOWS\system32\pngfilt.dll
+ 2004-08-10 12:00:0052,736----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\i8042prt.sys
+ 2004-08-10 12:00:0023,040----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\mouclass.sys
+ 2005-12-17 00:36:3481,920----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\InstNT.exe
+ 2005-12-17 00:18:5082,012----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynCOM.dll
+ 2005-12-17 00:19:12114,688----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynCtrl.dll
+ 2005-12-17 00:34:58557,056----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynISDLL.dll
+ 2005-12-17 00:13:06147,456----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynMood.exe
+ 2005-12-17 00:15:06191,936----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynTP.sys
+ 2005-12-17 00:19:5294,297----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynTPAPI.dll
+ 2005-12-17 00:36:2281,920----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynTPCo2.dll
+ 2005-12-17 00:20:2241,062----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynTPCOM.dll
+ 2005-12-17 00:23:566,135,897----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynTPCpl.dll
+ 2005-12-17 00:32:58761,945----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynTPEnh.exe
+ 2005-12-17 00:34:0669,721----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynTPFcs.dll
+ 2005-12-17 00:34:1682,009----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynTPLpr.exe
+ 2005-12-17 00:13:18163,840----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\SynZMetr.exe
+ 2005-12-17 00:21:00151,552----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\Toshiba.exe
+ 2005-12-17 00:34:38221,184----a-wC:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\Tutorial.exe
- 2008-03-24 00:43:57304,408----a-wC:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-27 01:39:10118,728----a-wC:\WINDOWS\system32\Restore\rstrlog.dat
- 2006-09-25 21:58:4814,640------wC:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:5117,272----a-wC:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29105,984----a-wC:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28105,984----a-wC:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:301,159,680----a-wC:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:291,159,680----a-wC:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30233,472----a-wC:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29233,472----a-wC:\WINDOWS\system32\webcheck.dll
- 2007-01-08 20:30:4215,128----a-wC:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-03-05 16:42:1815,128----a-wC:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-10-22 07:37:1617,928----a-wC:\WINDOWS\system32\X3DAudio1_2.dll
+ 2008-03-05 20:00:0625,608----a-wC:\WINDOWS\system32\X3DAudio1_3.dll
+ 2007-10-22 07:39:54267,272----a-wC:\WINDOWS\system32\xactengine2_10.dll
+ 2007-04-04 22:55:00261,480----a-wC:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-21 00:46:04266,088----a-wC:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-20 04:57:12267,112----a-wC:\WINDOWS\system32\xactengine2_9.dll
+ 2008-03-05 20:03:20238,088----a-wC:\WINDOWS\system32\xactengine3_0.dll
+ 2008-03-05 20:03:54479,752----a-wC:\WINDOWS\system32\XAudio2_0.dll
- 2006-09-28 21:04:0268,888----a-wC:\WINDOWS\system32\xinput1_3.dll
+ 2007-04-04 22:53:4281,768----a-wC:\WINDOWS\system32\xinput1_3.dll
+ 2008-06-16 02:48:32472,576----a-wC:\WINDOWS\The Secret of Margrave Manor\uninstall.exe
+ 2008-06-23 01:08:584,640----a-wC:\WINDOWS\unins000.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-06 07:25 1506544]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 20:32 761945]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23 200704]
"lphcedlj0ecee"="C:\WINDOWS\system32\lphcedlj0ecee.exe" [2008-07-10 18:47 109056]
"SMrhcadlj0ecee"="C:\Program Files\rhcadlj0ecee\rhcadlj0ecee.exe" [2008-07-10 12:44 1214976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"qKWGbYtEfv"="C:\Documents and Settings\All Users\Application Data\dobstohw\napepidm.exe" [2008-07-10 17:01 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-03-02 18:23:46 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-06 07:25 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"utilsrv"= {6EE62B1F-F150-B038-425A-0B942309FBC7} - C:\Program Files\quuucbd\utilsrv.dll [2008-07-10 17:02 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 00:42 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OSI Kernel DebugMon]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}]
--a------ 2008-01-31 16:02 385024 C:\Program Files\Mediafour\XPlay 3\XPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"RMSvc"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MpfService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McrdSvc"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"mcmispupdmgr"=3 (0x3)
"McAfee HackerWatch Service"=2 (0x2)
"M4iPodWPDService"=2 (0x2)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Emproxy"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"CryptSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2008-01-29 22:35]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2005-12-22 00:55]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2005-12-22 00:55]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 15:52]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2005-12-22 00:25]
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 01:42]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 20:21]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S1 4fdw;4fdw;C:\WINDOWS\system32\4fdw.dll []
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 15:52]
S3 AVUSBPVR;AVerMedia USB MPEG-2 Capture Device;C:\WINDOWS\system32\DRIVERS\avusbpvr.sys [2006-04-12 05:45]
S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 18:27]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 08:00]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 15:52]
S3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2006-01-17 20:30]
S4 M4iPodWPDService;M4iPodWPDService;C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2008-01-23 13:31]
S4 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
S4 SessionLauncher;SessionLauncher;C:\DOCUME~1\Kaleeb\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVEREG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8092742a-d296-11dc-acf4-001302739f94}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{900f9ed7-e8a1-11dc-ad23-001302739f94}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-07-05 22:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{0791FCFD-415B-4BA3-9A7C-4FF3C469AA4E} - (no file)
BHO-{144e2b88-4865-488d-ba7e-932659ef5147} - (no file)
BHO-{367A94A7-E07D-4164-BFFC-A23D493D3146} - (no file)
BHO-{3FF2BA8E-4879-4853-8B68-9ADF3E1C15D4} - C:\Documents and Settings\Kaleeb\Local Settings\Temporary Internet Files\Content.IE5\PWDMTR42\3077ahntdksr[1].dll
BHO-{6341e5ae-0d53-4ad7-b840-70cd5e5cf939} - (no file)
BHO-{8F5ED728-56AB-43F5-A255-B8582AB5EA33} - (no file)
BHO-{8FB0BF8B-7A97-461A-9902-5FE51D08AEFE} - (no file)
BHO-{98da6570-f96f-458a-81ee-754a7eeb4b18} - C:\WINDOWS\system32\wevftf.dll
BHO-{C81A06BE-1CC9-452D-8274-19C00B49DC42} - (no file)
BHO-{CFACDD68-BEC1-4CBD-A61D-8815BE0A3FB6} - (no file)
BHO-{d5f53c1f-b21a-46d6-b737-