Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PLEASE PLEASE HELP, can't open any of my Antivirus, registry

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 10th, 2008, 8:08 pm

Okay, so I believe I now have a SERIOUS problem. The ESET SmartSecurity I had was not exactly "purchased", which already made me nervous, but it gave me reason to find it "suspicious" and so i uninstalled it and put on Comodo instead. A few hours later, I started noticing that certain programs would no longer open ... saying things like the program was "not working" or "no longer working". I tried to reinstall to no avail, and then today it seems like ALL of my antivirus (except AVG) , spyware, and registry cleaners aren't working. I just read something about a virus that can cause that, but couldn't get any further details other than having to reinstall my whole system. PLEASE PLEASE someone help me. I just bought this computer less than a month ago. It is a HP Pavilion dv6700, using Vista home premium. Below is my HJT log. Thankyou anyone who can help or give me some advice. P.S. I've tried uninstalling and reinstalling several times for the different programs so I hope that didn't hurt anything...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:05 PM, on 3/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.EXE" /service /registry /auto:TivoTransfer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9145 bytes
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm
Advertisement
Register to Remove

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 17th, 2008, 2:44 pm

Hi! :hello2: and welcome to the Malware Removal forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

These rules are good for you to know:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

These rules are to make my voluntary work more comfortable:
  • Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • Please reply to this thread. Do not start a new topic.
  • Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.

Finally, please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic. Also post a fresh HijackThis log as the other log is more than five days old.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 17th, 2008, 6:17 pm

Hello John, thankyou so much for replying. I had about given up. I was actually burning all my files and music, etc preparing to do a complete system recovery ... I didn't know what else to do. Before we get started, I just wanted to clarify. The program in question (ESET) was not of my doing. My boyfriend had my computer for a few days and installed the ESET firewall on it, he said he borrowed it from a friend. I didn't exactly like the idea, especially with it being in control of so much of my computer management, so I uninstalled it, and that's when the problem started. I know you have a policy about things like that and so I wanted to be up front with you before we get started. I hope you can still help me. I've been trying my best to get rid of this program, which I think I now have, but it had to of changed something ... even new "trial" programs I download (only antivirus, spyware and registry) now don't work. They'll install, but when I go to open them they still say "... not working". Actually, correction, the new Adobe Illustrator trial I tried yesterday didn't work either, I think I uninstalled it and gave up. So, not to keep going on and on ... here is the info you asked for, and thankyou again.

Uninstall List

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
avast! Antivirus
AVG 7.5
CCleaner (remove only)
COMODO Firewall Pro
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Core FTP LE 2.1
DVD Suite
ESU for Microsoft Vista
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Windows Media Encoder (KB929182)
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP User Guides 0087
HPNetworkAssistant
IPNetInfo
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Kaspersky Online Scanner
LabelPrint
LightScribeTemplateLabeler
LimeWire 4.16.6
LiveUpdate (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
Magic ISO Maker v5.4 (build 0256)
MediaMonkey 3.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.12)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Music Rescue 3.1.6
Nero 8
neroxml
NetWaiting
NVIDIA Drivers
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio RecordNow Premier
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Slingbox Flash Tour
SlingPlayer
Synaptics Pointing Device Driver
The Sims™ Life Stories
TiVo Desktop 2.5.1
Uniblue SpeedUpMyPC 3
Update for Outlook 2007 Junk Email Filter (kb947945)
VCRedistSetup
Viewpoint Media Player
Vongo
VSO ConvertXtoDVD 2.2.3.258h Licensed by AxMan
WeatherBug Gadget
Winamp
WinAVI Video Converter
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinPatrol 2007
WinRAR archiver
WinZip
Xvid 1.1.3 final uninstall
Yahoo! Toolbar
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 17th, 2008, 6:19 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:57 PM, on 3/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\Wes & Amanda\Desktop\utorrent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TivoTransfer] "C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.EXE" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [Windows Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8000 bytes
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 18th, 2008, 11:27 am

Hi kitneyes,

kitneyes wrote:They'll install, but when I go to open them they still say "... not working".

Do you mean your security software isn't working at all? If so, please stay offline as much as possible because the risk of getting infected is much higher without Anti-Virus and Firewall.

The HijackThis log looks clean. This means we'll do some basic cleanup and run some additional scans.

One thing which I saw in the log which is strange is that one of the entries related to AVG is incomplete. We'll focus on that later on. I also see you're running WeatherBug. We, Malware Fighters, don't really like that program. Please take a look at the following speech and decide whether you follow it's recommendations:
WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is ‘spyware’, and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it ‘unsolicited’, and since it is installed to raise money for its creators through the built-in ads it is certainly ‘commercial’. So it does meet the definition for ‘parasite’: unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get Mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight WeatherBug, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.


Now lets get to work...

P2P Warning!
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :
Clean/Infected P2P Programs
Please decide if you want to keep using P2P so I can put it in my next speech if you don't want to keep it.

Step 1: Stop WinPatrol
Please disable WinPatrol as it may interfere with the fix.
Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot.

Step 2: Remove HijackThis entry
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside the item listed below (if present):

    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 3: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 5.
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
  • Note: If you don't want the Google toolbar, make sure you uncheck the option included in the installer!

Step 4: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

Step 5: Download and Run ComboFix
Before you download the newest version of ComboFix please make sure there's no older version of ComboFix on your desktop! If there is one, please delete it.

Download Combofix from any of the links below, and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

For information regarding this download, please visit this webpage:
http://www.bleepingcomputer.com/combofi ... e-combofix

Note: It is important that it is saved directly to your desktop!

Now close any open browsers. Also close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts. Do not mouseclick combofix's window while it's running. That may cause it to stall.

When finished, it will produce a report for you. This report will also be saved in C:\ComboFix.txt

Step 6: Run Kaspersky Online Scan
Please do an online scan with Kaspersky Online Scanner. Please use Internet Explorer as it uses ActiveX.

Click on Kaspersky Online Scanner and click Accept

You will be promted to install an ActiveX component from Kaspersky, so click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer.
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop.

Step 7: Post logs
Please post the following logs in a reply to this topic (use multiple posts if needed):
  • Tell me if you want to go on using P2P programs
  • Fresh HijackThis log
  • ComboFix log
  • Kaspersky log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 18th, 2008, 3:00 pm

Hello John, glad to hear you're willing to help me :cheers:
I'm going to get on the logs later today, I have a paper I have to write now. As for the Weatherbug, yes, I turned my attentions yesterday to the sidebar items, being that I downloaded some and it says that they are not "guaranteed" and are by individual people. I was really more concerned with the recycle bin one ... either way, I uninstalled all of the ones I downloaded and took sidebar off my startup list (I figured it was hogging a lot of CPU during startup). And what is missing from the AVG? Maybe that's why it's the only antivirus/spyware program that can still run. I also did some research yesterday on people with similar issues, especially with Vista, and apparently the "APPCRASH" error I keep recieving is common on Vista - although I didn't really find any answers or fixes for the problem - some said they were due to some sort of malware. Most people had this error with explorer.exe, but mine is with almost everything (esp the anti programs). Here are a couple entries in case it is any help to our cause. Is it possible a virus (rootkit, worm, trojan, spyware, etc) initially corrupted my OS and that's why this is happening?

Product
Adobe Illustrator CS3

Problem
Stopped working

Date
3/17/2008 1:14 AM

Status
Not Reported

Problem signature
Problem Event Name: APPCRASH
Application Name: Illustrator.exe
Application Version: 13.0.128.0
Application Timestamp: 45fa64db
Fault Module Name: kernel32.dll
Fault Module Version: 6.0.6000.16386
Fault Module Timestamp: 4549bd80
Exception Code: e06d7363
Exception Offset: 0001b09e
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 2f2a
Additional Information 2: 52b8051b3892f9e311edde6f73f7058d
Additional Information 3: e878
Additional Information 4: dc7b2260c9a6d1ad3416b78998de1529


Product
AVG Anti-Spyware

Problem
Stopped working

Date
3/10/2008 12:17 AM

Status
Report Sent

Problem signature
Problem Event Name: APPCRASH
Application Name: avgas.exe
Application Version: 7.5.1.43
Application Timestamp: 466d0e6a
Fault Module Name: engine.dll
Fault Module Version: 6.0.6000.16386
Fault Module Timestamp: 4549bdc9
Exception Code: c0000135
Exception Offset: 00008fc7
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 9d13
Additional Information 2: 1abee00edb3fc1158f9ad6f44f0f6be8
Additional Information 3: 9d13
Additional Information 4: 1abee00edb3fc1158f9ad6f44f0f6be8

Extra information about the problem
Bucket ID: 448169851



Product
Host Process for Windows Services

Problem
Stopped working

Date
3/10/2008 5:20 PM

Status
Not Reported

Problem signature
Problem Event Name: BEX
Application Name: svchost.exe
Application Version: 6.0.6000.16386
Application Timestamp: 4549adc4
Fault Module Name: smumhook.dll_unloaded
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 2a425e19
Exception Offset: 636f2291
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 452e
Additional Information 2: a8948a9b04fd6e9e41b1da2d58fdce23
Additional Information 3: f09c
Additional Information 4: 53a8bb48ab789905d724f970c560c135



Product
PC Tools GUI Application

Problem
Stopped working

Date
3/17/2008 7:56 PM

Status
Not Reported

Problem signature
Problem Event Name: APPCRASH
Application Name: pctsGui.exe
Application Version: 5.5.0.204
Application Timestamp: 2a425e19
Fault Module Name: StackHash_e51a
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 00000000
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: e51a
Additional Information 2: 4c0d4d78887f76d971d5d00f1f20a433
Additional Information 3: e51a
Additional Information 4: 4c0d4d78887f76d971d5d00f1f20a433
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 18th, 2008, 3:24 pm

Hi,

Those are related to legit files and is probably just background noise. We'll concentrate on the malware first and if there are any remaining problems we can take a look at them :)

Also, you are allowed to do research but please don't run programs or tools I didn't ask you to run. If you do things which I didn't advice it can become unclear for me what is exactly happening. Other than that note I like it when people do some research instead of asking everything without Googling :D

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 18th, 2008, 7:21 pm

Okay, so here is my Combofix log first, followed by a new HJT log. I would have included the Kasperski Online Scanner log but after taking near about 3 hours to complete, I hit done thinking it would take me to a log but it took me back to their main page. It said there were no infections, etc anyway ...

And I would like to keep using my P2P programs if possible. I always thought my firewall would keep the infections out from those (comodo - which works for some reason), and I usually try to scan each file individually with an antivirus, which is now only the AVG, before I open or use it.

I know you said not to do anything other than what you say to try, but I have still been doing research (although I wont act on any of them until i consult you ...). It seems that my issue may have something to do with either DEP or possibly a memory or kernel32 problem. Then again it could still be the virus issue. Either way, I'm beginning to think I really don't like Vista, I never had these problems with XP.

ComboFix 08-03-17.1 - Wes & Amanda 2008-03-18 16:08:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1287 [GMT -4:00]
Running from: C:\Users\Wes & Amanda\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Wes & Amanda\AppData\Roaming\inst.exe
C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-18 15:54 . 2008-03-18 15:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-17 20:22 . 2008-03-17 20:22 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\BitDefender
2008-03-17 20:20 . 2008-03-17 20:22 <DIR> d-------- C:\Users\All Users\BitDefender
2008-03-17 20:20 . 2008-03-17 20:22 <DIR> d-------- C:\ProgramData\BitDefender
2008-03-16 18:34 . 2008-03-16 18:34 <DIR> d-------- C:\Users\Wes & Amanda\.DownloadManager
2008-03-15 22:34 . 2008-03-15 22:34 0 ---hs---- C:\Windows\SA6B63E8B.tmp
2008-03-15 00:11 . 2008-03-15 00:11 <DIR> d-------- C:\Program Files\Greatis
2008-03-14 01:07 . 2008-03-17 20:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-14 00:05 . 2008-03-14 00:05 122 --a------ C:\Windows\System32\privacy.xml
2008-03-13 23:49 . 2008-03-14 01:57 121 --a------ C:\Windows\bdagent.INI
2008-03-13 22:27 . 2008-03-13 22:27 262,144 --a------ C:\ProgramData\ntuser.dat
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-03-13 01:10 . 2008-03-13 01:10 <DIR> d-------- C:\Users\Wes & Amanda\.housecall6.6
2008-03-12 00:24 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 00:24 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 15:24 . 2008-03-11 15:24 <DIR> d-------- C:\Program Files\CCleaner
2008-03-11 02:21 . 2008-03-11 02:21 <DIR> d-------- C:\Deckard
2008-03-10 23:55 . 2008-03-16 18:57 <DIR> d-------- C:\Program Files\MySetups
2008-03-10 18:34 . 2008-03-10 18:34 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\PC Tools
2008-03-10 18:34 . 2008-03-17 21:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-10 00:36 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Comodo
2008-03-09 17:34 . 2008-03-10 21:56 <DIR> d-------- C:\Users\All Users\comodo
2008-03-09 17:34 . 2008-03-10 21:56 <DIR> d-------- C:\ProgramData\comodo
2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Program Files\COMODO
2008-03-09 17:34 . 2008-03-09 17:34 139,008 --a------ C:\Windows\System32\guard32.dll
2008-03-09 17:34 . 2008-03-09 17:34 83,448 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-03-09 17:34 . 2008-03-09 17:34 25,080 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-03-09 17:24 . 2007-09-20 13:12 12,800 --a------ C:\Windows\System32\drivers\elrawdsk.sys
2008-03-09 01:55 . 2008-03-09 01:55 0 --ah----- C:\ProgramData.LOG2
2008-03-09 01:55 . 2008-03-09 01:55 0 --------- C:\ProgramData.LOG1
2008-03-08 16:43 . 2008-03-10 21:56 <DIR> d-------- C:\Program Files\IPNetInfo
2008-03-08 16:43 . 2008-03-08 16:43 39,424 --a------ C:\Windows\zipinst.exe
2008-03-04 17:08 . 2008-03-04 17:08 <DIR> d-------- C:\Users\All Users\PC Tools
2008-03-04 17:08 . 2008-03-04 17:08 <DIR> d-------- C:\ProgramData\PC Tools
2008-03-04 17:08 . 2008-03-04 17:07 218,504 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-03-04 17:07 . 2008-03-10 20:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-03-03 01:41 . 2008-03-10 21:56 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-02 21:08 . 2008-03-02 21:08 <DIR> d-------- C:\Users\All Users\AOL
2008-03-02 21:08 . 2008-03-02 21:08 <DIR> d-------- C:\ProgramData\AOL
2008-03-02 05:05 . 2008-03-02 05:06 <DIR> d-------- C:\Program Files\GSpot Codec Test
2008-03-02 05:03 . 2007-06-28 19:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-03-02 05:03 . 2007-06-28 19:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-02 03:53 . 2008-03-03 01:42 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-03-02 02:50 . 2008-03-02 16:28 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-01 23:27 . 2008-03-02 05:03 <DIR> d-------- C:\Program Files\Xvid
2008-03-01 23:27 . 2007-06-28 19:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-02-28 22:28 . 2007-12-04 08:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-28 22:28 . 2007-12-04 10:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-28 22:28 . 2007-12-04 10:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-28 22:27 . 2008-02-28 22:27 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-28 22:27 . 2007-12-04 09:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-02-28 22:27 . 2004-01-09 05:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-28 22:27 . 2007-12-04 10:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-28 20:41 . 2008-03-17 21:32 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-28 20:41 . 2008-03-17 21:32 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-28 18:13 . 2007-02-18 17:11 296,960 --a------ C:\Windows\winhlp32.exe
2008-02-28 18:13 . 2007-02-18 17:11 194,560 --a------ C:\Windows\System32\ftsrch.dll
2008-02-28 18:13 . 2007-02-18 17:11 9,728 --a------ C:\Windows\System32\ftlx041e.dll
2008-02-28 18:13 . 2007-02-18 17:11 9,216 --a------ C:\Windows\System32\ftlx0411.dll
2008-02-28 16:41 . 2008-02-28 16:59 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Uniblue
2008-02-28 16:41 . 2008-03-13 01:00 <DIR> d-------- C:\Program Files\Uniblue
2008-02-28 16:05 . 2008-03-13 01:02 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-02-28 16:05 . 2008-03-13 01:02 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Yahoo!
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-27 19:53 . 2008-02-27 19:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-27 03:36 . 2008-03-10 21:56 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Winamp
2008-02-27 03:36 . 2008-02-27 03:36 <DIR> d-------- C:\Program Files\Winamp
2008-02-27 00:34 . 2008-02-27 00:34 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Videos
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> d-------- C:\Users\Mcx1\Saved Games
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Pictures
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Music
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Links
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Downloads
2008-02-26 15:03 . 2008-02-26 15:03 <DIR> dr------- C:\Users\Mcx1\Documents
2008-02-26 15:03 . 2008-02-26 15:04 <DIR> d--h----- C:\Users\Mcx1\AppData
2008-02-25 00:09 . 2008-02-25 00:09 <DIR> d-------- C:\Windows\WinAVI Video Converter 9.0
2008-02-24 05:03 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-02-24 03:31 . 2008-02-24 03:31 25,773 --a------ C:\Windows\System32\drivers\regguard.sys
2008-02-24 03:28 . 2008-02-24 03:29 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Regrun
2008-02-24 03:23 . 2008-02-24 03:48 <DIR> d-------- C:\Program Files\RegRunSuite
2008-02-24 03:08 . 2008-02-24 03:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-24 03:02 . 2008-02-24 03:05 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-24 03:02 . 2008-02-24 03:05 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-24 02:24 . 2008-02-24 02:24 <DIR> d-------- C:\Users\All Users\vsosdk
2008-02-24 02:24 . 2008-02-24 02:24 <DIR> d-------- C:\ProgramData\vsosdk
2008-02-24 01:58 . 2008-02-24 01:58 74,703 --a------ C:\Windows\System32\mfc45.dll
2008-02-24 01:56 . 2008-02-24 01:56 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\iolo
2008-02-24 01:14 . 2008-02-24 01:14 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\ESET
2008-02-24 00:35 . 2008-03-16 22:59 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Vso
2008-02-24 00:35 . 2006-09-29 12:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-02-24 00:35 . 2006-09-29 12:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-02-24 00:35 . 2006-09-29 12:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-02-24 00:35 . 2008-02-24 00:35 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-02-24 00:35 . 2008-02-24 00:35 47,360 --a------ C:\Users\Wes & Amanda\AppData\Roaming\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 19:56 --------- d-----w C:\Program Files\Java
2008-03-18 01:34 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\AVG7
2008-03-18 01:34 --------- d-----w C:\ProgramData\avg7
2008-03-17 00:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-16 19:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-16 19:22 --------- d-----w C:\Program Files\HP
2008-03-16 03:30 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\LimeWire
2008-03-14 04:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 02:38 --------- d-----w C:\ProgramData\WildTangent
2008-03-14 02:19 --------- d-----w C:\Program Files\CyberLink
2008-03-14 02:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-12 19:53 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 10:19 --------- d-----w C:\Program Files\Windows Mail
2008-03-11 01:56 --------- d-----w C:\ProgramData\Grisoft
2008-03-11 00:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 19:47 --------- d-----w C:\ProgramData\NVIDIA
2008-02-27 00:47 28,000 ----a-w C:\Users\Wes & Amanda\AppData\Roaming\nvModes.dat
2008-02-24 23:42 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\GTek
2008-02-24 20:47 --------- d-----w C:\ProgramData\Gtek
2008-02-24 03:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-24 03:51 --------- d-----w C:\ProgramData\Symantec
2008-02-24 03:51 --------- d-----w C:\Program Files\Symantec
2008-02-22 01:47 --------- d-----w C:\Program Files\MSBuild
2008-02-20 22:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-20 04:39 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\CyberLink
2008-02-17 07:42 --------- d-----w C:\Program Files\LightScribeTemplateLabeler
2008-02-17 07:28 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-02-17 07:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-17 05:49 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\CoreFTP
2008-02-16 08:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-16 08:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-16 08:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-16 08:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-16 08:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-16 08:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-16 08:10 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-16 08:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-16 08:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 08:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 08:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-16 08:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-16 08:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 08:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-16 08:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-16 08:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-16 08:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-16 08:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-16 08:07 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-16 08:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-16 08:06 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-02-16 08:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-16 08:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-16 08:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-16 08:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-16 08:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-16 08:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-16 08:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 08:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 06:02 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\Apple Computer
2008-02-16 06:02 --------- d-----w C:\ProgramData\Apple Computer
2008-02-16 06:01 --------- d-----w C:\Program Files\QuickTime
2008-02-16 06:00 --------- d-----w C:\Program Files\Apple Software Update
2008-02-16 05:59 --------- d-----w C:\ProgramData\Apple
2008-02-16 05:59 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-16 05:33 --------- d-----w C:\Program Files\CoreFTP
2008-02-16 02:20 --------- d-----w C:\Program Files\LimeWire
2008-02-15 08:14 --------- d-----w C:\ProgramData\TiVo
2008-02-15 08:14 --------- d-----w C:\Program Files\TiVo
2008-02-15 08:14 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-02-15 08:09 --------- d-----w C:\ProgramData\LightScribe
2008-02-15 05:29 --------- d-----w C:\ProgramData\CyberLink
2008-02-15 03:48 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-15 03:48 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-15 03:48 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-15 03:48 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-15 03:48 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-15 03:48 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-15 03:48 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-15 03:47 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-15 03:47 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-15 01:52 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\HP
2008-02-15 01:52 --------- d-----w C:\ProgramData\HP
2008-02-15 01:30 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\Hewlett-Packard
2008-02-15 01:30 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-15 01:24 --------- d-----w C:\Program Files\Yahoo!
2008-02-15 01:15 --------- d-----w C:\Program Files\HPQ
2008-02-15 01:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-15 01:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8019NKD_E459053-001_4A_I30CF_SQuanta_V85.24_F.25_T071129_WV3-0_L409_M1983_J250_7AMD_8F82_92.00_#071205_N10DE054C;168C001C_(KC304UA#ABA)_XMOBILE_CN10_Z.MRK
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-06 04:09 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"TivoTransfer"="C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.exe" [2007-09-25 11:33 1195008]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 01:38 316728]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 04:29 102400]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 17:54 554320]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-03-09 17:34 1502976]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-17 03:31 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 03:28 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EFB2612-BEB1-4647-9DC3-9ED1B6D0D9BB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6FB32505-7F0B-44E7-8703-EB9A59BB25A3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F9A471-8027-46D7-B87D-3B00E00613F1}"= Profile=Public|C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B53655B4-6403-4A16-BB77-041FD462C49C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{74E5DB12-D017-492B-B993-FFF9701F2105}"= Profile=Public|C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E73B2710-B2FF-465E-BC5C-AA3D29276B63}"= Profile=Public|C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CF287071-5D4C-4D49-A130-57AD93A3761F}"= UDP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{4D7B5BD7-0604-4795-8792-367589A61034}"= TCP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{EE19D5F3-EE6B-4CB8-A2FE-EE0B8D34F160}"= UDP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{E0F1EA5C-2DCA-4BF4-BEE9-FE3758227A28}"= TCP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{F04C0A4A-F7B1-4628-B977-7FEAF18FA43C}"= UDP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{F2370B4A-8191-43B1-A765-254F041EC238}"= TCP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{F2E71D0C-CB27-4332-9457-4A51E86C7BA6}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{9A56F7FD-9A08-45FB-A9D6-655DB5447432}"= UDP:7288:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7288
"{835565FE-F42A-417A-AF6A-2298DF5CD111}"= UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{04987883-6C20-4305-AC39-9A4B0600B244}"= UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{91CE0B88-4729-47F3-BE3A-6E896D154AFE}"= UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{E19A5EF1-FD70-4E5B-9306-412AE33A06ED}"= UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{2BC5BA6A-9A41-4134-8D3A-CBB89DB283A3}"= UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{F7390C8A-0709-4E2A-A74E-8EB185000257}"= UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{73BB25BA-7376-4F88-8290-3F145F362F47}"= UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{FCA589E7-4E6E-48C9-B850-D78D3DE8979D}"= UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{4D61C3A7-A038-4DC3-94F8-1265706305F5}"= UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"{7D7AFD64-D66B-40B0-A2CB-E3AF41D39CE8}"= UDP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{F33F4519-7D6B-4BF5-8145-D269910E31BB}"= TCP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{A81A14BF-4D89-4F4E-8357-ECEB6922AAFD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{26ADAEBA-2503-44B8-AC07-380A7C7A30D1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{674E7496-6041-4C69-96C1-A3614664F6DE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2AA41A32-304C-4807-AB7E-5F4AC5FD6D2C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F05158BA-8DBA-4899-869F-F17791B93A3A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"UDP Query User{14DE48DA-3A55-4CB4-BA38-B0BD46B4608E}C:\\program files\\tivo\\desktop\\tivoserver.exe"= TCP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process
"TCP Query User{D78780D4-647B-4E58-828B-38830112B091}C:\\program files\\tivo\\desktop\\tivoserver.exe"= UDP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process
"{9D4D8A53-5158-4B3C-A3C6-EF7A78A76F5E}"= UDP:C:\Users\Wes & Amanda\Desktop\utorrent.exe:µTorrent
"{B15178EA-3159-4613-B123-0986FF535594}"= TCP:C:\Users\Wes & Amanda\Desktop\utorrent.exe:µTorrent
"{DD54F49C-7BA9-4BD0-ACBE-3D93A9537035}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B8FA16EC-B08D-489D-BBC8-C829465A4858}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A1423DB3-2847-48AC-8096-2867AC9C62AF}"= Disabled:C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{476FA16A-6239-42D7-83C5-7D695000A813}"= Disabled:UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{36988A04-BE2C-49E7-9849-712A61068D2E}"= Disabled:TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C29E7929-B310-477F-AA98-4026A4A08A40}"= Disabled:C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E66FEEFD-9EE0-4328-8EF1-99520E285CA9}"= Disabled:C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8149E853-1634-43FA-9C6C-C059CBE45777}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{4D5C0395-A475-4778-A37F-A6C14C759F7F}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"TCP Query User{D3EB0C50-DB8D-4C9D-A8B0-8F820834BAF3}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{65908253-8424-4F0F-92F7-BD616DE7D07B}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-03-09 17:34]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-03-09 17:34]
R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 13:12]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 12:18]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-03-04 17:07]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 10:52]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 23:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 23:34]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 10:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 19:40]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-12 15:53]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 14:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 17:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-02-24 03:31]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 04:02:27 C:\Windows\Tasks\User_Feed_Synchronization-{C6ED93B1-991F-4EF5-8EC1-09C5B3AE5EC0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 16:11:52
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 16:13:02
ComboFix-quarantined-files.txt 2008-03-18 20:13:00
.
2008-03-14 18:24:26 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:28 PM, on 3/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\wercon.exe
C:\Windows\System32\SystemPropertiesAdvanced.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.EXE" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7360 bytes
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 19th, 2008, 1:58 pm

Hi,

And I would like to keep using my P2P programs if possible. I always thought my firewall would keep the infections out from those (comodo - which works for some reason), and I usually try to scan each file individually with an antivirus, which is now only the AVG, before I open or use it.

Fine to me, just wanted to let you know it can be dangerous.

I know you said not to do anything other than what you say to try, but I have still been doing research (although I wont act on any of them until i consult you ...). It seems that my issue may have something to do with either DEP or possibly a memory or kernel32 problem. Then again it could still be the virus issue. Either way, I'm beginning to think I really don't like Vista, I never had these problems with XP.

Well Service Pack 1 of Vista has just been released, so that may make the situation better. Still, I DON'T WANT YOU TO UPDATE to SP1 as it I'm not sure yet whether it can damage an infected system. You can update when we're sure it's not malware.

Okay, so here is my Combofix log first, followed by a new HJT log. I would have included the Kasperski Online Scanner log but after taking near about 3 hours to complete, I hit done thinking it would take me to a log but it took me back to their main page. It said there were no infections, etc anyway ...

Maybe the scan took that long because of a lot of files on your system. We'll run another scan. The ComboFix log only shows two questionable folders.

Step 1: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

Step 2: Run CFScript
Before you download the newest version of ComboFix please make sure there's no older version of ComboFix on your desktop! If there is one, please delete it.

Download Combofix from any of the links below, and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open browsers and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open Notepad and copy/paste the text in the box into the window:

Code: Select all
DirLook::
C:\Users\All Users\SecTaskMan
C:\ProgramData\SecTaskMan


Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Step 3: Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 4: Post logs
Please post the following logs in a reply to this topc (use multiple replies if needed):
  • Tell me if the version of AVG you're using has a built-in firewall. I'm asking this, because I thought I saw a sign of this and you shouldn't run multiple Anti-Virus or Firewall programs at one time. They can conflict and cause problems like you're having now!
  • Fresh HijackThis log
  • ComboFix log
  • Malwarebytes log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 20th, 2008, 1:13 am

hello again, sorry it took me all day to get this back to you, I had a lot of projects to do today. I don't think I have AVG firewall, atleast if I do I can't find it. It's not listed anywhere in the Control Center's (AVG) options or services. How would I find out if I have it for sure? Ok, well here are the requested logs. I might have to put them in separate posts.

of course this one showed no malware, I figured that might happen. Again, I have no idea what's wrong or what's causing my problems ...

Malwarebytes' Anti-Malware 1.09
Database version: 508

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 181389
Time elapsed: 40 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Here is the combofix log using the CFScript ... one thing I noticed was a tmp file in the Windows folder, is that supposed to happen?

ComboFix 08-03-17.1 - Wes & Amanda 2008-03-20 0:03:36.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1272 [GMT -4:00]
Running from: C:\Users\Wes & Amanda\Desktop\ComboFix.exe
Command switches used :: C:\Users\Wes & Amanda\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:16 . 2008-03-19 17:16 0 --a------ C:\Windows\System32\SBRC.dat
2008-03-19 17:16 . 2008-03-19 17:16 0 --a------ C:\Windows\System32\SBFC.dat
2008-03-19 17:10 . 2008-03-19 17:10 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Sunbelt Software
2008-03-19 17:09 . 2008-03-19 17:09 <DIR> d-------- C:\Users\All Users\Sunbelt Software
2008-03-19 17:09 . 2008-03-19 17:09 <DIR> d-------- C:\ProgramData\Sunbelt Software
2008-03-19 17:08 . 2008-03-19 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-03-18 15:54 . 2008-03-18 15:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-17 20:22 . 2008-03-17 20:22 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\BitDefender
2008-03-17 20:20 . 2008-03-17 20:22 <DIR> d-------- C:\Users\All Users\BitDefender
2008-03-17 20:20 . 2008-03-17 20:22 <DIR> d-------- C:\ProgramData\BitDefender
2008-03-16 18:34 . 2008-03-16 18:34 <DIR> d-------- C:\Users\Wes & Amanda\.DownloadManager
2008-03-15 22:34 . 2008-03-15 22:34 0 ---hs---- C:\Windows\SA6B63E8B.tmp
2008-03-15 00:11 . 2008-03-15 00:11 <DIR> d-------- C:\Program Files\Greatis
2008-03-14 01:07 . 2008-03-17 20:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-14 00:05 . 2008-03-14 00:05 122 --a------ C:\Windows\System32\privacy.xml
2008-03-13 23:49 . 2008-03-14 01:57 121 --a------ C:\Windows\bdagent.INI
2008-03-13 22:27 . 2008-03-13 22:27 262,144 --a------ C:\ProgramData\ntuser.dat
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-03-13 01:10 . 2008-03-13 01:10 <DIR> d-------- C:\Users\Wes & Amanda\.housecall6.6
2008-03-12 00:24 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 00:24 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 15:24 . 2008-03-11 15:24 <DIR> d-------- C:\Program Files\CCleaner
2008-03-11 02:21 . 2008-03-11 02:21 <DIR> d-------- C:\Deckard
2008-03-10 23:55 . 2008-03-19 20:47 <DIR> d-------- C:\Program Files\MySetups
2008-03-10 18:34 . 2008-03-10 18:34 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\PC Tools
2008-03-10 18:34 . 2008-03-19 01:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-10 00:36 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Comodo
2008-03-09 17:34 . 2008-03-10 21:56 <DIR> d-------- C:\Users\All Users\comodo
2008-03-09 17:34 . 2008-03-10 21:56 <DIR> d-------- C:\ProgramData\comodo
2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Program Files\COMODO
2008-03-09 17:34 . 2008-03-09 17:34 139,008 --a------ C:\Windows\System32\guard32.dll
2008-03-09 17:34 . 2008-03-09 17:34 83,448 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-03-09 17:34 . 2008-03-09 17:34 25,080 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-03-09 17:24 . 2007-09-20 13:12 12,800 --a------ C:\Windows\System32\drivers\elrawdsk.sys
2008-03-09 01:55 . 2008-03-09 01:55 0 --ah----- C:\ProgramData.LOG2
2008-03-09 01:55 . 2008-03-09 01:55 0 --------- C:\ProgramData.LOG1
2008-03-08 16:43 . 2008-03-10 21:56 <DIR> d-------- C:\Program Files\IPNetInfo
2008-03-08 16:43 . 2008-03-08 16:43 39,424 --a------ C:\Windows\zipinst.exe
2008-03-04 17:08 . 2008-03-04 17:08 <DIR> d-------- C:\Users\All Users\PC Tools
2008-03-04 17:08 . 2008-03-04 17:08 <DIR> d-------- C:\ProgramData\PC Tools
2008-03-04 17:08 . 2008-03-04 17:07 218,504 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-03-04 17:07 . 2008-03-10 20:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-03-03 01:41 . 2008-03-10 21:56 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-02 21:08 . 2008-03-02 21:08 <DIR> d-------- C:\Users\All Users\AOL
2008-03-02 21:08 . 2008-03-02 21:08 <DIR> d-------- C:\ProgramData\AOL
2008-03-02 05:05 . 2008-03-02 05:06 <DIR> d-------- C:\Program Files\GSpot Codec Test
2008-03-02 05:03 . 2007-06-28 19:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-03-02 05:03 . 2007-06-28 19:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-02 03:53 . 2008-03-03 01:42 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-03-02 02:50 . 2008-03-02 16:28 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-01 23:27 . 2008-03-02 05:03 <DIR> d-------- C:\Program Files\Xvid
2008-03-01 23:27 . 2007-06-28 19:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-02-28 22:28 . 2007-12-04 08:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-28 22:28 . 2007-12-04 10:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-28 22:28 . 2007-12-04 10:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-28 22:27 . 2008-02-28 22:27 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-28 22:27 . 2007-12-04 09:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-02-28 22:27 . 2004-01-09 05:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-28 22:27 . 2007-12-04 10:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-28 20:41 . 2008-03-18 21:42 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-28 20:41 . 2008-03-18 21:42 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-28 18:13 . 2007-02-18 17:11 296,960 --a------ C:\Windows\winhlp32.exe
2008-02-28 18:13 . 2007-02-18 17:11 194,560 --a------ C:\Windows\System32\ftsrch.dll
2008-02-28 18:13 . 2007-02-18 17:11 9,728 --a------ C:\Windows\System32\ftlx041e.dll
2008-02-28 18:13 . 2007-02-18 17:11 9,216 --a------ C:\Windows\System32\ftlx0411.dll
2008-02-28 16:41 . 2008-02-28 16:59 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Uniblue
2008-02-28 16:41 . 2008-03-19 01:17 <DIR> d-------- C:\Program Files\Uniblue
2008-02-28 16:05 . 2008-03-13 01:02 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-02-28 16:05 . 2008-03-13 01:02 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Yahoo!
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-27 19:53 . 2008-02-27 19:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-27 03:36 . 2008-03-10 21:56 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Winamp
2008-02-27 03:36 . 2008-02-27 03:36 <DIR> d-------- C:\Program Files\Winamp
2008-02-27 00:34 . 2008-02-27 00:34 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Videos
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> d-------- C:\Users\Mcx1\Saved Games
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Pictures
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Music
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Links
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Downloads
2008-02-26 15:03 . 2008-02-26 15:03 <DIR> dr------- C:\Users\Mcx1\Documents
2008-02-26 15:03 . 2008-02-26 15:04 <DIR> d--h----- C:\Users\Mcx1\AppData
2008-02-25 00:09 . 2008-02-25 00:09 <DIR> d-------- C:\Windows\WinAVI Video Converter 9.0
2008-02-24 05:03 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-02-24 03:31 . 2008-02-24 03:31 25,773 --a------ C:\Windows\System32\drivers\regguard.sys
2008-02-24 03:28 . 2008-02-24 03:29 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Regrun
2008-02-24 03:23 . 2008-02-24 03:48 <DIR> d-------- C:\Program Files\RegRunSuite
2008-02-24 03:08 . 2008-02-24 03:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-24 03:02 . 2008-02-24 03:05 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-24 03:02 . 2008-02-24 03:05 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-24 02:24 . 2008-02-24 02:24 <DIR> d-------- C:\Users\All Users\vsosdk
2008-02-24 02:24 . 2008-02-24 02:24 <DIR> d-------- C:\ProgramData\vsosdk
2008-02-24 01:58 . 2008-02-24 01:58 74,703 --a------ C:\Windows\System32\mfc45.dll
2008-02-24 01:56 . 2008-02-24 01:56 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\iolo
2008-02-24 01:14 . 2008-02-24 01:14 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 00:22 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\AVG7
2008-03-18 19:56 --------- d-----w C:\Program Files\Java
2008-03-18 01:34 --------- d-----w C:\ProgramData\avg7
2008-03-17 00:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-16 19:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-16 19:22 --------- d-----w C:\Program Files\HP
2008-03-16 03:30 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\LimeWire
2008-03-14 04:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 02:38 --------- d-----w C:\ProgramData\WildTangent
2008-03-14 02:19 --------- d-----w C:\Program Files\CyberLink
2008-03-14 02:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-12 19:53 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 10:19 --------- d-----w C:\Program Files\Windows Mail
2008-03-11 01:56 --------- d-----w C:\ProgramData\Grisoft
2008-03-11 00:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 19:47 --------- d-----w C:\ProgramData\NVIDIA
2008-02-27 00:47 28,000 ----a-w C:\Users\Wes & Amanda\AppData\Roaming\nvModes.dat
2008-02-24 23:42 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\GTek
2008-02-24 20:47 --------- d-----w C:\ProgramData\Gtek
2008-02-24 03:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-24 03:51 --------- d-----w C:\ProgramData\Symantec
2008-02-24 03:51 --------- d-----w C:\Program Files\Symantec
2008-02-22 01:47 --------- d-----w C:\Program Files\MSBuild
2008-02-20 22:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-20 04:39 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\CyberLink
2008-02-17 07:42 --------- d-----w C:\Program Files\LightScribeTemplateLabeler
2008-02-17 07:28 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-02-17 07:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-17 05:49 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\CoreFTP
2008-02-16 08:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-16 08:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-16 08:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-16 08:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-16 08:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-16 08:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-16 08:10 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-16 08:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-16 08:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 08:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 08:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-16 08:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-16 08:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 08:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-16 08:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-16 08:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-16 08:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-16 08:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-16 08:07 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-16 08:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-16 08:06 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-02-16 08:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-16 08:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-16 08:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-16 08:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-16 08:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-16 08:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-16 08:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 08:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 06:02 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\Apple Computer
2008-02-16 06:02 --------- d-----w C:\ProgramData\Apple Computer
2008-02-16 06:01 --------- d-----w C:\Program Files\QuickTime
2008-02-16 06:00 --------- d-----w C:\Program Files\Apple Software Update
2008-02-16 05:59 --------- d-----w C:\ProgramData\Apple
2008-02-16 05:59 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-16 05:33 --------- d-----w C:\Program Files\CoreFTP
2008-02-16 02:20 --------- d-----w C:\Program Files\LimeWire
2008-02-15 08:14 --------- d-----w C:\ProgramData\TiVo
2008-02-15 08:14 --------- d-----w C:\Program Files\TiVo
2008-02-15 08:14 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-02-15 08:09 --------- d-----w C:\ProgramData\LightScribe
2008-02-15 05:29 --------- d-----w C:\ProgramData\CyberLink
2008-02-15 03:48 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-15 03:48 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-15 03:48 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-15 03:48 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-15 03:48 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-15 03:48 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-15 03:48 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-15 03:47 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-15 03:47 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-15 01:52 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\HP
2008-02-15 01:52 --------- d-----w C:\ProgramData\HP
2008-02-15 01:30 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\Hewlett-Packard
2008-02-15 01:30 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-15 01:24 --------- d-----w C:\Program Files\Yahoo!
2008-02-15 01:15 --------- d-----w C:\Program Files\HPQ
2008-02-15 01:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-15 01:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8019NKD_E459053-001_4A_I30CF_SQuanta_V85.24_F.25_T071129_WV3-0_L409_M1983_J250_7AMD_8F82_92.00_#071205_N10DE054C;168C001C_(KC304UA#ABA)_XMOBILE_CN10_Z.MRK
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-06 04:09 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ProgramData\SecTaskMan ----

2008-03-08 02:37 688 --a------ C:\ProgramData\SecTaskMan\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0
2008-03-08 02:37 522 --a------ C:\ProgramData\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A
2008-03-08 02:37 27 --a------ C:\ProgramData\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A.dll
2008-03-08 02:37 259 --a------ C:\ProgramData\SecTaskMan\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0.dll
2008-02-28 16:06 962 --a------ C:\ProgramData\SecTaskMan\icn_A9EE636FCE9F6064CBAF77DDE0127088.dll
2008-02-28 16:06 934 --a------ C:\ProgramData\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
2008-02-28 16:06 92 --a------ C:\ProgramData\SecTaskMan\icn_00002109610090400000000000F01FEC.dll
2008-02-28 16:06 907 --a------ C:\ProgramData\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2008-02-28 16:06 891 --a------ C:\ProgramData\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
2008-02-28 16:06 88 --a------ C:\ProgramData\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll
2008-02-28 16:06 87 --a------ C:\ProgramData\SecTaskMan\icn_B9B47E60F1368734FBA3048D8654C050.dll
2008-02-28 16:06 81 --a------ C:\ProgramData\SecTaskMan\icn_BCD0B40006C4B564F810440B4A111178.dll
2008-02-28 16:06 796 --a------ C:\ProgramData\SecTaskMan\icn_929fd20b7a922df4a907186a446b537f
2008-02-28 16:06 7884 --a------ C:\ProgramData\SecTaskMan\icn_135DCCF583B149A429C421F727F20133.dll
2008-02-28 16:06 771 --a------ C:\ProgramData\SecTaskMan\icn_F633BB1185E077948B662FF43A4316B6
2008-02-28 16:06 771 --a------ C:\ProgramData\SecTaskMan\icn_0DC8CB51B56A0D742ADD098A4295F08A
2008-02-28 16:06 7584 --a------ C:\ProgramData\SecTaskMan\icn_990BFB432B7059E46A3737266D80662A.dll
2008-02-28 16:06 744 --a------ C:\ProgramData\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030.dll
2008-02-28 16:06 74 --a------ C:\ProgramData\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
2008-02-28 16:06 74 --a------ C:\ProgramData\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
2008-02-28 16:06 74 --a------ C:\ProgramData\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll
2008-02-28 16:06 736 --a------ C:\ProgramData\SecTaskMan\icn_05F4EABC9CF97554BA638962FDC301C3
2008-02-28 16:06 728 --a------ C:\ProgramData\SecTaskMan\icn_090938E486B3A6343BFC2A0AC883DD62
2008-02-28 16:06 716 --a------ C:\ProgramData\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030
2008-02-28 16:06 707 --a------ C:\ProgramData\SecTaskMan\icn_FF26F08EC3D591A4489079122F292860
2008-02-28 16:06 699 --a------ C:\ProgramData\SecTaskMan\icn_46B0531A8FA1B794CA7003D76FF78B4D
2008-02-28 16:06 699 --a------ C:\ProgramData\SecTaskMan\icn_1D2EA3C8D45805647AD37CCCE73EB608
2008-02-28 16:06 669 --a------ C:\ProgramData\SecTaskMan\icn_166A73803CEF3B8478C6197E3D02849A
2008-02-28 16:06 656 --a------ C:\ProgramData\SecTaskMan\icn_00002109440090400000000000F01FEC
2008-02-28 16:06 653 --a------ C:\ProgramData\SecTaskMan\icn_FB37A4CCE83991C45A3558C330C5B91A
2008-02-28 16:06 653 --a------ C:\ProgramData\SecTaskMan\icn_98B69DFB967B6DC41BE17EF9DF640F76
2008-02-28 16:06 647 --a------ C:\ProgramData\SecTaskMan\icn_098990BCF5D15D11E99A0005AB3E711E
2008-02-28 16:06 641 --a------ C:\ProgramData\SecTaskMan\icn_090938E486B3A6343BFC2A0AC883DD62.dll
2008-02-28 16:06 634 --a------ C:\ProgramData\SecTaskMan\icn_DF3BFD2025FC3814B8ACA221D784884F
2008-02-28 16:06 625 --a------ C:\ProgramData\SecTaskMan\icn_409D4822831C85B439CEC563A25B31A0
2008-02-28 16:06 624 --a------ C:\ProgramData\SecTaskMan\icn_2B250E985AC5A7B4FAC082AC82630B03.dll
2008-02-28 16:06 621 --a------ C:\ProgramData\SecTaskMan\icn_8994BF104C33134458DE70E9E3FE7ED5
2008-02-28 16:06 616 --a------ C:\ProgramData\SecTaskMan\icn_64B6C8222E46E40498A8FE800306E34F
2008-02-28 16:06 609 --a------ C:\ProgramData\SecTaskMan\icn_990BFB432B7059E46A3737266D80662A
2008-02-28 16:06 60 --a------ C:\ProgramData\SecTaskMan\icn_00002109910090400000000000F01FEC.dll
2008-02-28 16:06 5988 --a------ C:\ProgramData\SecTaskMan\icn_098990BCF5D15D11E99A0005AB3E711E.dll
2008-02-28 16:06 596 --a------ C:\ProgramData\SecTaskMan\icn_AA73C45227B60034486F898A429181E7
2008-02-28 16:06 594 --a------ C:\ProgramData\SecTaskMan\icn_C0F8BA8DBEEC92A4E85F12B96084314F.dll
2008-02-28 16:06 585 --a------ C:\ProgramData\SecTaskMan\icn_00002109020090400000000000F01FEC
2008-02-28 16:06 581 --a------ C:\ProgramData\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C
2008-02-28 16:06 575 --a------ C:\ProgramData\SecTaskMan\icn_D27204BABA2903F43BB622DE1EF6F85E
2008-02-28 16:06 571 --a------ C:\ProgramData\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
2008-02-28 16:06 571 --a------ C:\ProgramData\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
2008-02-28 16:06 57 --a------ C:\ProgramData\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4.dll
2008-02-28 16:06 569 --a------ C:\ProgramData\SecTaskMan\icn_2FB174867F1F98C4BBAB04B049995669
2008-02-28 16:06 564 --a------ C:\ProgramData\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1
2008-02-28 16:06 562 --a------ C:\ProgramData\SecTaskMan\icn_014A4CD768999234E9D586B7C224AC93
2008-02-28 16:06 561 --a------ C:\ProgramData\SecTaskMan\icn_C9ECDE8240331334A83B3FBE9EC4534B
2008-02-28 16:06 559 --a------ C:\ProgramData\SecTaskMan\icn_BCD0B40006C4B564F810440B4A111178
2008-02-28 16:06 558 --a------ C:\ProgramData\SecTaskMan\icn_1017755FCC3311742853A359CB4DD90B
2008-02-28 16:06 558 --a------ C:\ProgramData\SecTaskMan\icn_0A88C3DDC35C0D142AB1D62091182DE3.dll
2008-02-28 16:06 555 --a------ C:\ProgramData\SecTaskMan\icn_00002159FA0090400000000000F01FEC
2008-02-28 16:06 554 --a------ C:\ProgramData\SecTaskMan\icn_06AF0DABFC901144EAA62C48C48821AF
2008-02-28 16:06 552 --a------ C:\ProgramData\SecTaskMan\icn_53A4D966B6414134981FA13C7D8B3876
2008-02-28 16:06 551 --a------ C:\ProgramData\SecTaskMan\icn_00002109E60090400000000000F01FEC
2008-02-28 16:06 548 --a------ C:\ProgramData\SecTaskMan\icn_496CAE8309D0F544C871B805DAEF1326
2008-02-28 16:06 546 --a------ C:\ProgramData\SecTaskMan\icn_80B4D503708557441B8C5D6458358446
2008-02-28 16:06 545 --a------ C:\ProgramData\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A
2008-02-28 16:06 545 --a------ C:\ProgramData\SecTaskMan\icn_ABA8F2805D487384D9CF3F569DA1704D
2008-02-28 16:06 544 --a------ C:\ProgramData\SecTaskMan\icn_01DF9DF7F7F9FDD49B0F192190FFC0AE
2008-02-28 16:06 539 --a------ C:\ProgramData\SecTaskMan\icn_652D325CD31366843BA63FED252864FE
2008-02-28 16:06 539 --a------ C:\ProgramData\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
2008-02-28 16:06 538 --a------ C:\ProgramData\SecTaskMan\icn_252B3F7F277EAA8439BE9746CB230676
2008-02-28 16:06 537 --a------ C:\ProgramData\SecTaskMan\icn_72CCAE0F927AC604B96F8C1FC0CE638F
2008-02-28 16:06 537 --a------ C:\ProgramData\SecTaskMan\icn_000021091A0090400000000000F01FEC
2008-02-28 16:06 535 --a------ C:\ProgramData\SecTaskMan\icn_E5BEA2712BBCDDC44AFC836800288593.dll
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_F12159CA67518B54287F93112D87286E
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_E77CD80EA90D63e408766DBDCB5C8FCD
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_E5BEA2712BBCDDC44AFC836800288593
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_CF04870A36EC8BC40803FEB4895029A5
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_B9B847BE278F59E4898EC57A5E24D5FA
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_B9B47E60F1368734FBA3048D8654C050
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_b25099274a207264182f8181add555d0
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_A9EE636FCE9F6064CBAF77DDE0127088
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_A94906C89F647DD4ABF9870CD0D9C4D8
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_9DCFCAC4B17FA314D85FA146915DDC6C
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_9CE2AD5624609E74AA2E5B62A71AD457
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_59E19E4BAB5A05E44A56BDE7EF1B678E
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_4D5A904E1E729744CA7AD4FA5269214C
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_4C20F4D6FA6F95649A33F70C26538A5D
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_3569BFDAC44FC064FB8581C95C25FDEF
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_2B250E985AC5A7B4FAC082AC82630B03
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_0A88C3DDC35C0D142AB1D62091182DE3
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_06367A21E88372B4BABE5DCF3587DDA2
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109F100C0400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109F100A0C00000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109F10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109C20090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109B10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109AB0090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109A10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109910090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109810090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109711090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109610090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109511090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109510090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109411090400000000000F01FEC
2008-02-28 16:06 51 --a------ C:\ProgramData\SecTaskMan\icn_4D5A904E1E729744CA7AD4FA5269214C.dll
2008-02-28 16:06 51 --a------ C:\ProgramData\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll
2008-02-28 16:06 5084 --a------ C:\ProgramData\SecTaskMan\icn_00002119F20000000000000000F01FEC.dll
2008-02-28 16:06 48 --a------ C:\ProgramData\SecTaskMan\icn_72CCAE0F927AC604B96F8C1FC0CE638F.dll
2008-02-28 16:06 4705 --a------ C:\ProgramData\SecTaskMan\icn_C8149E1AE8B3B8E4E8D4DEA7529B4ED1.dll
2008-02-28 16:06 468 --a------ C:\ProgramData\SecTaskMan\icn_F12159CA67518B54287F93112D87286E.dll
2008-02-28 16:06 423 --a------ C:\ProgramData\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
2008-02-28 16:06 41 --a------ C:\ProgramData\SecTaskMan\icn_2FB174867F1F98C4BBAB04B049995669.dll
2008-02-28 16:06 39 --a------ C:\ProgramData\SecTaskMan\icn_53A4D966B6414134981FA13C7D8B3876.dll
2008-02-28 16:06 384 --a------ C:\ProgramData\SecTaskMan\icn_FB37A4CCE83991C45A3558C330C5B91A.dll
2008-02-28 16:06 3743 --a------ C:\ProgramData\SecTaskMan\icn_98B69DFB967B6DC41BE17EF9DF640F76.dll
2008-02-28 16:06 37 --a------ C:\ProgramData\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll
2008-02-28 16:06 3583 --a------ C:\ProgramData\SecTaskMan\icn_F633BB1185E077948B662FF43A4316B6.dll
2008-02-28 16:06 35 --a------ C:\ProgramData\SecTaskMan\icn_C9ECDE8240331334A83B3FBE9EC4534B.dll
2008-02-28 16:06 304 --a------ C:\ProgramData\SecTaskMan\icn_1D2EA3C8D45805647AD37CCCE73EB608.dll
2008-02-28 16:06 300 --a------ C:\ProgramData\SecTaskMan\icn_01DF9DF7F7F9FDD49B0F192190FFC0AE.dll
2008-02-28 16:06 30 --a------ C:\ProgramData\SecTaskMan\icn_B9B847BE278F59E4898EC57A5E24D5FA.dll
2008-02-28 16:06 29 --a------ C:\ProgramData\SecTaskMan\icn_4C20F4D6FA6F95649A33F70C26538A5D.dll
2008-02-28 16:06 279 --a------ C:\ProgramData\SecTaskMan\icn_FF26F08EC3D591A4489079122F292860.dll
2008-02-28 16:06 27 --a------ C:\ProgramData\SecTaskMan\icn_E77CD80EA90D63e408766DBDCB5C8FCD.dll
2008-02-28 16:06 27 --a------ C:\ProgramData\SecTaskMan\icn_409D4822831C85B439CEC563A25B31A0.dll
2008-02-28 16:06 27 --a------ C:\ProgramData\SecTaskMan\icn_05F4EABC9CF97554BA638962FDC301C3.dll
2008-02-28 16:06 27 --a------ C:\ProgramData\SecTaskMan\icn_014A4CD768999234E9D586B7C224AC93.dll
2008-02-28 16:06 266 --a------ C:\ProgramData\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2008-02-28 16:06 26 --a------ C:\ProgramData\SecTaskMan\icn_A94906C89F647DD4ABF9870CD0D9C4D8.dll
2008-02-28 16:06 26 --a------ C:\ProgramData\SecTaskMan\icn_252B3F7F277EAA8439BE9746CB230676.dll
2008-02-28 16:06 2400 --a------ C:\ProgramData\SecTaskMan\icn_3569BFDAC44FC064FB8581C95C25FDEF.dll
2008-02-28 16:06 2308 --a------ C:\ProgramData\SecTaskMan\icn_DF3BFD2025FC3814B8ACA221D784884F.dll
2008-02-28 16:06 2028 --a------ C:\ProgramData\SecTaskMan\icn_0DC8CB51B56A0D742ADD098A4295F08A.dll
2008-02-28 16:06 1971 --a------ C:\ProgramData\SecTaskMan\icn_06AF0DABFC901144EAA62C48C48821AF.dll
2008-02-28 16:06 191 --a------ C:\ProgramData\SecTaskMan\icn_D27204BABA2903F43BB622DE1EF6F85E.dll
2008-02-28 16:06 1861 --a------ C:\ProgramData\SecTaskMan\icn_00002109030000000000000000F01FEC
2008-02-28 16:06 183 --a------ C:\ProgramData\SecTaskMan\icn_80B4D503708557441B8C5D6458358446.dll
2008-02-28 16:06 180 --a------ C:\ProgramData\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll
2008-02-28 16:06 1788 --a------ C:\ProgramData\SecTaskMan\icn_135DCCF583B149A429C421F727F20133
2008-02-28 16:06 176 --a------ C:\ProgramData\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll
2008-02-28 16:06 166 --a------ C:\ProgramData\SecTaskMan\icn_64B6C8222E46E40498A8FE800306E34F.dll
2008-02-28 16:06 160 --a------ C:\ProgramData\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll
2008-02-28 16:06 152 --a------ C:\ProgramData\SecTaskMan\icn_652D325CD31366843BA63FED252864FE.dll
2008-02-28 16:06 152 --a------ C:\ProgramData\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2008-02-28 16:06 1509 --a------ C:\ProgramData\SecTaskMan\icn_00002109440090400000000000F01FEC.dll
2008-02-28 16:06 1470 --a------ C:\ProgramData\SecTaskMan\icn_9DCFCAC4B17FA314D85FA146915DDC6C.dll
2008-02-28 16:06 1422 --a------ C:\ProgramData\SecTaskMan\icn_166A73803CEF3B8478C6197E3D02849A.dll
2008-02-28 16:06 142 --a------ C:\ProgramData\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll
2008-02-28 16:06 13708 --a------ C:\ProgramData\SecTaskMan\icn_00002109030000000000000000F01FEC.dll
2008-02-28 16:06 1360 --a------ C:\ProgramData\SecTaskMan\icn_ABA8F2805D487384D9CF3F569DA1704D.dll
2008-02-28 16:06 130 --a------ C:\ProgramData\SecTaskMan\icn_06367A21E88372B4BABE5DCF3587DDA2.dll
2008-02-28 16:06 1234 --a------ C:\ProgramData\SecTaskMan\icn_929fd20b7a922df4a907186a446b537f.dll
2008-02-28 16:06 122 --a------ C:\ProgramData\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1.dll
2008-02-28 16:06 1214 --a------ C:\ProgramData\SecTaskMan\icn_8994BF104C33134458DE70E9E3FE7ED5.dll
2008-02-28 16:06 1180 --a------ C:\ProgramData\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
2008-02-28 16:06 1123 --a------ C:\ProgramData\SecTaskMan\icn_00002119F20000000000000000F01FEC
2008-02-28 16:06 1121 --a------ C:\ProgramData\SecTaskMan\icn_C8149E1AE8B3B8E4E8D4DEA7529B4ED1
2008-02-28 16:06 1115 --a------ C:\ProgramData\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll
2008-02-28 16:06 1082 --a------ C:\ProgramData\SecTaskMan\icn_CF04870A36EC8BC40803FEB4895029A5.dll
2008-02-28 16:06 1082 --a------ C:\ProgramData\SecTaskMan\icn_59E19E4BAB5A05E44A56BDE7EF1B678E.dll
2008-02-28 16:06 108 --a------ C:\ProgramData\SecTaskMan\icn_00002109810090400000000000F01FEC.dll
2008-02-28 16:06 1077 --a------ C:\ProgramData\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
2008-02-28 16:06 107 --a------ C:\ProgramData\SecTaskMan\icn_00002109510090400000000000F01FEC.dll
2008-02-28 16:06 1024 --a------ C:\ProgramData\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C.dll
2008-02-28 16:06 1023 --a------ C:\ProgramData\SecTaskMan\icn_46B0531A8FA1B794CA7003D76FF78B4D.dll
2008-02-28 16:06 1004 --a------ C:\ProgramData\SecTaskMan\icn_C0F8BA8DBEEC92A4E85F12B96084314F
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_AA73C45227B60034486F898A429181E7.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_9CE2AD5624609E74AA2E5B62A71AD457.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_496CAE8309D0F544C871B805DAEF1326.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_1017755FCC3311742853A359CB4DD90B.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_00002109711090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_00002109511090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_00002109411090400000000000F01FEC.dll
2006-11-02 05:47 1162656 --a------ C:\ProgramData\SecTaskMan\_enviewlist.dll
2006-11-02 05:46 770048 --a------ C:\ProgramData\SecTaskMan\_entreelist.dll

---- Directory of C:\Users\All Users\SecTaskMan ----

2008-03-08 02:37 688 --a------ C:\Users\All Users\SecTaskMan\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0
2008-03-08 02:37 522 --a------ C:\Users\All Users\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A
2008-03-08 02:37 27 --a------ C:\Users\All Users\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A.dll
2008-03-08 02:37 259 --a------ C:\Users\All Users\SecTaskMan\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0.dll
2008-02-28 16:06 962 --a------ C:\Users\All Users\SecTaskMan\icn_A9EE636FCE9F6064CBAF77DDE0127088.dll
2008-02-28 16:06 934 --a------ C:\Users\All Users\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
2008-02-28 16:06 92 --a------ C:\Users\All Users\SecTaskMan\icn_00002109610090400000000000F01FEC.dll
2008-02-28 16:06 907 --a------ C:\Users\All Users\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2008-02-28 16:06 891 --a------ C:\Users\All Users\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
2008-02-28 16:06 88 --a------ C:\Users\All Users\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll
2008-02-28 16:06 87 --a------ C:\Users\All Users\SecTaskMan\icn_B9B47E60F1368734FBA3048D8654C050.dll
2008-02-28 16:06 81 --a------ C:\Users\All Users\SecTaskMan\icn_BCD0B40006C4B564F810440B4A111178.dll
2008-02-28 16:06 796 --a------ C:\Users\All Users\SecTaskMan\icn_929fd20b7a922df4a907186a446b537f
2008-02-28 16:06 7884 --a------ C:\Users\All Users\SecTaskMan\icn_135DCCF583B149A429C421F727F20133.dll
2008-02-28 16:06 771 --a------ C:\Users\All Users\SecTaskMan\icn_F633BB1185E077948B662FF43A4316B6
2008-02-28 16:06 771 --a------ C:\Users\All Users\SecTaskMan\icn_0DC8CB51B56A0D742ADD098A4295F08A
2008-02-28 16:06 7584 --a------ C:\Users\All Users\SecTaskMan\icn_990BFB432B7059E46A3737266D80662A.dll
2008-02-28 16:06 744 --a------ C:\Users\All Users\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030.dll
2008-02-28 16:06 74 --a------ C:\Users\All Users\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
2008-02-28 16:06 74 --a------ C:\Users\All Users\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
2008-02-28 16:06 74 --a------ C:\Users\All Users\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll
2008-02-28 16:06 736 --a------ C:\Users\All Users\SecTaskMan\icn_05F4EABC9CF97554BA638962FDC301C3
2008-02-28 16:06 728 --a------ C:\Users\All Users\SecTaskMan\icn_090938E486B3A6343BFC2A0AC883DD62
2008-02-28 16:06 716 --a------ C:\Users\All Users\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030
2008-02-28 16:06 707 --a------ C:\Users\All Users\SecTaskMan\icn_FF26F08EC3D591A4489079122F292860
2008-02-28 16:06 699 --a------ C:\Users\All Users\SecTaskMan\icn_46B0531A8FA1B794CA7003D76FF78B4D
2008-02-28 16:06 699 --a------ C:\Users\All Users\SecTaskMan\icn_1D2EA3C8D45805647AD37CCCE73EB608
2008-02-28 16:06 669 --a------ C:\Users\All Users\SecTaskMan\icn_166A73803CEF3B8478C6197E3D02849A
2008-02-28 16:06 656 --a------ C:\Users\All Users\SecTaskMan\icn_00002109440090400000000000F01FEC
2008-02-28 16:06 653 --a------ C:\Users\All Users\SecTaskMan\icn_FB37A4CCE83991C45A3558C330C5B91A
2008-02-28 16:06 653 --a------ C:\Users\All Users\SecTaskMan\icn_98B69DFB967B6DC41BE17EF9DF640F76
2008-02-28 16:06 647 --a------ C:\Users\All Users\SecTaskMan\icn_098990BCF5D15D11E99A0005AB3E711E
2008-02-28 16:06 641 --a------ C:\Users\All Users\SecTaskMan\icn_090938E486B3A6343BFC2A0AC883DD62.dll
2008-02-28 16:06 634 --a------ C:\Users\All Users\SecTaskMan\icn_DF3BFD2025FC3814B8ACA221D784884F
2008-02-28 16:06 625 --a------ C:\Users\All Users\SecTaskMan\icn_409D4822831C85B439CEC563A25B31A0
2008-02-28 16:06 624 --a------ C:\Users\All Users\SecTaskMan\icn_2B250E985AC5A7B4FAC082AC82630B03.dll
2008-02-28 16:06 621 --a------ C:\Users\All Users\SecTaskMan\icn_8994BF104C33134458DE70E9E3FE7ED5
2008-02-28 16:06 616 --a------ C:\Users\All Users\SecTaskMan\icn_64B6C8222E46E40498A8FE800306E34F
2008-02-28 16:06 609 --a------ C:\Users\All Users\SecTaskMan\icn_990BFB432B7059E46A3737266D80662A
2008-02-28 16:06 60 --a------ C:\Users\All Users\SecTaskMan\icn_00002109910090400000000000F01FEC.dll
2008-02-28 16:06 5988 --a------ C:\Users\All Users\SecTaskMan\icn_098990BCF5D15D11E99A0005AB3E711E.dll
2008-02-28 16:06 596 --a------ C:\Users\All Users\SecTaskMan\icn_AA73C45227B60034486F898A429181E7
2008-02-28 16:06 594 --a------ C:\Users\All Users\SecTaskMan\icn_C0F8BA8DBEEC92A4E85F12B96084314F.dll
2008-02-28 16:06 585 --a------ C:\Users\All Users\SecTaskMan\icn_00002109020090400000000000F01FEC
2008-02-28 16:06 581 --a------ C:\Users\All Users\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C
2008-02-28 16:06 575 --a------ C:\Users\All Users\SecTaskMan\icn_D27204BABA2903F43BB622DE1EF6F85E
2008-02-28 16:06 571 --a------ C:\Users\All Users\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
2008-02-28 16:06 571 --a------ C:\Users\All Users\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
2008-02-28 16:06 57 --a------ C:\Users\All Users\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4.dll
2008-02-28 16:06 569 --a------ C:\Users\All Users\SecTaskMan\icn_2FB174867F1F98C4BBAB04B049995669
2008-02-28 16:06 564 --a------ C:\Users\All Users\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1
2008-02-28 16:06 562 --a------ C:\Users\All Users\SecTaskMan\icn_014A4CD768999234E9D586B7C224AC93
2008-02-28 16:06 561 --a------ C:\Users\All Users\SecTaskMan\icn_C9ECDE8240331334A83B3FBE9EC4534B
2008-02-28 16:06 559 --a------ C:\Users\All Users\SecTaskMan\icn_BCD0B40006C4B564F810440B4A111178
2008-02-28 16:06 558 --a------ C:\Users\All Users\SecTaskMan\icn_1017755FCC3311742853A359CB4DD90B
2008-02-28 16:06 558 --a------ C:\Users\All Users\SecTaskMan\icn_0A88C3DDC35C0D142AB1D62091182DE3.dll
2008-02-28 16:06 555 --a------ C:\Users\All Users\SecTaskMan\icn_00002159FA0090400000000000F01FEC
2008-02-28 16:06 554 --a------ C:\Users\All Users\SecTaskMan\icn_06AF0DABFC901144EAA62C48C48821AF
2008-02-28 16:06 552 --a------ C:\Users\All Users\SecTaskMan\icn_53A4D966B6414134981FA13C7D8B3876
2008-02-28 16:06 551 --a------ C:\Users\All Users\SecTaskMan\icn_00002109E60090400000000000F01FEC
2008-02-28 16:06 548 --a------ C:\Users\All Users\SecTaskMan\icn_496CAE8309D0F544C871B805DAEF1326
2008-02-28 16:06 546 --a------ C:\Users\All Users\SecTaskMan\icn_80B4D503708557441B8C5D6458358446
2008-02-28 16:06 545 --a------ C:\Users\All Users\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A
2008-02-28 16:06 545 --a------ C:\Users\All Users\SecTaskMan\icn_ABA8F2805D487384D9CF3F569DA1704D
2008-02-28 16:06 544 --a------ C:\Users\All Users\SecTaskMan\icn_01DF9DF7F7F9FDD49B0F192190FFC0AE
2008-02-28 16:06 539 --a------ C:\Users\All Users\SecTaskMan\icn_652D325CD31366843BA63FED252864FE
2008-02-28 16:06 539 --a------ C:\Users\All Users\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
2008-02-28 16:06 538 --a------ C:\Users\All Users\SecTaskMan\icn_252B3F7F277EAA8439BE9746CB230676
2008-02-28 16:06 537 --a------ C:\Users\All Users\SecTaskMan\icn_72CCAE0F927AC604B96F8C1FC0CE638F
2008-02-28 16:06 537 --a------ C:\Users\All Users\SecTaskMan\icn_000021091A0090400000000000F01FEC
2008-02-28 16:06 535 --a------ C:\Users\All Users\SecTaskMan\icn_E5BEA2712BBCDDC44AFC836800288593.dll
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_F12159CA67518B54287F93112D87286E
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_E77CD80EA90D63e408766DBDCB5C8FCD
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_E5BEA2712BBCDDC44AFC836800288593
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_CF04870A36EC8BC40803FEB4895029A5
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_B9B847BE278F59E4898EC57A5E24D5FA
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_B9B47E60F1368734FBA3048D8654C050
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_b25099274a207264182f8181add555d0
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_A9EE636FCE9F6064CBAF77DDE0127088
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_A94906C89F647DD4ABF9870CD0D9C4D8
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_9DCFCAC4B17FA314D85FA146915DDC6C
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_9CE2AD5624609E74AA2E5B62A71AD457
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_59E19E4BAB5A05E44A56BDE7EF1B678E
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_4D5A904E1E729744CA7AD4FA5269214C
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_4C20F4D6FA6F95649A33F70C26538A5D
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_3569BFDAC44FC064FB8581C95C25FDEF
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_2B250E985AC5A7B4FAC082AC82630B03
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_0A88C3DDC35C0D142AB1D62091182DE3
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_06367A21E88372B4BABE5DCF3587DDA2
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F100C0400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F100A0C00000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109C20090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109B10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109AB0090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109A10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109910090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109810090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109711090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109610090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109511090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109510090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109411090400000000000F01FEC
2008-02-28 16:06 51 --a------ C:\Users\All Users\SecTaskMan\icn_4D5A904E1E729744CA7AD4FA5269214C.dll
2008-02-28 16:06 51 --a------ C:\Users\All Users\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll
2008-02-28 16:06 5084 --a------ C:\Users\All Users\SecTaskMan\icn_00002119F20000000000000000F01FEC.dll
2008-02-28 16:06 48 --a------ C:\Users\All Users\SecTaskMan\icn_72CCAE0F927AC604B96F8C1FC0CE638F.dll
2008-02-28 16:06 4705 --a------ C:\Users\All Users\SecTaskMan\icn_C8149E1AE8B3B8E4E8D4DEA7529B4ED1.dll
2008-02-28 16:06 468 --a------ C:\Users\All Users\SecTaskMan\icn_F12159CA67518B54287F93112D87286E.dll
2008-02-28 16:06 423 --a------ C:\Users\All Users\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
2008-02-28 16:06 41 --a------ C:\Users\All Users\SecTaskMan\icn_2FB174867F1F98C4BBAB04B049995669.dll
2008-02-28 16:06 39 --a------ C:\Users\All Users\SecTaskMan\icn_53A4D966B6414134981FA13C7D8B3876.dll
2008-02-28 16:06 384 --a------ C:\Users\All Users\SecTaskMan\icn_FB37A4CCE83991C45A3558C330C5B91A.dll
2008-02-28 16:06 3743 --a------ C:\Users\All Users\SecTaskMan\icn_98B69DFB967B6DC41BE17EF9DF640F76.dll
2008-02-28 16:06 37 --a------ C:\Users\All Users\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll
2008-02-28 16:06 3583 --a------ C:\Users\All Users\SecTaskMan\icn_F633BB1185E077948B662FF43A4316B6.dll
2008-02-28 16:06 35 --a------ C:\Users\All Users\SecTaskMan\icn_C9ECDE8240331334A83B3FBE9EC4534B.dll
2008-02-28 16:06 304 --a------ C:\Users\All Users\SecTaskMan\icn_1D2EA3C8D45805647AD37CCCE73EB608.dll
2008-02-28 16:06 300 --a------ C:\Users\All Users\SecTaskMan\icn_01DF9DF7F7F9FDD49B0F192190FFC0AE.dll
2008-02-28 16:06 30 --a------ C:\Users\All Users\SecTaskMan\icn_B9B847BE278F59E4898EC57A5E24D5FA.dll
2008-02-28 16:06 29 --a------ C:\Users\All Users\SecTaskMan\icn_4C20F4D6FA6F95649A33F70C26538A5D.dll
2008-02-28 16:06 279 --a------ C:\Users\All Users\SecTaskMan\icn_FF26F08EC3D591A4489079122F292860.dll
2008-02-28 16:06 27 --a------ C:\Users\All Users\SecTaskMan\icn_E77CD80EA90D63e408766DBDCB5C8FCD.dll
2008-02-28 16:06 27 --a------ C:\Users\All Users\SecTaskMan\icn_409D4822831C85B439CEC563A25B31A0.dll
2008-02-28 16:06 27 --a------ C:\Users\All Users\SecTaskMan\icn_05F4EABC9CF97554BA638962FDC301C3.dll
2008-02-28 16:06 27 --a------ C:\Users\All Users\SecTaskMan\icn_014A4CD768999234E9D586B7C224AC93.dll
2008-02-28 16:06 266 --a------ C:\Users\All Users\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2008-02-28 16:06 26 --a------ C:\Users\All Users\SecTaskMan\icn_A94906C89F647DD4ABF9870CD0D9C4D8.dll
2008-02-28 16:06 26 --a------ C:\Users\All Users\SecTaskMan\icn_252B3F7F277EAA8439BE9746CB230676.dll
2008-02-28 16:06 2400 --a------ C:\Users\All Users\SecTaskMan\icn_3569BFDAC44FC064FB8581C95C25FDEF.dll
2008-02-28 16:06 2308 --a------ C:\Users\All Users\SecTaskMan\icn_DF3BFD2025FC3814B8ACA221D784884F.dll
2008-02-28 16:06 2028 --a------ C:\Users\All Users\SecTaskMan\icn_0DC8CB51B56A0D742ADD098A4295F08A.dll
2008-02-28 16:06 1971 --a------ C:\Users\All Users\SecTaskMan\icn_06AF0DABFC901144EAA62C48C48821AF.dll
2008-02-28 16:06 191 --a------ C:\Users\All Users\SecTaskMan\icn_D27204BABA2903F43BB622DE1EF6F85E.dll
2008-02-28 16:06 1861 --a------ C:\Users\All Users\SecTaskMan\icn_00002109030000000000000000F01FEC
2008-02-28 16:06 183 --a------ C:\Users\All Users\SecTaskMan\icn_80B4D503708557441B8C5D6458358446.dll
2008-02-28 16:06 180 --a------ C:\Users\All Users\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll
2008-02-28 16:06 1788 --a------ C:\Users\All Users\SecTaskMan\icn_135DCCF583B149A429C421F727F20133
2008-02-28 16:06 176 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll
2008-02-28 16:06 166 --a------ C:\Users\All Users\SecTaskMan\icn_64B6C8222E46E40498A8FE800306E34F.dll
2008-02-28 16:06 160 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll
2008-02-28 16:06 152 --a------ C:\Users\All Users\SecTaskMan\icn_652D325CD31366843BA63FED252864FE.dll
2008-02-28 16:06 152 --a------ C:\Users\All Users\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2008-02-28 16:06 1509 --a------ C:\Users\All Users\SecTaskMan\icn_00002109440090400000000000F01FEC.dll
2008-02-28 16:06 1470 --a------ C:\Users\All Users\SecTaskMan\icn_9DCFCAC4B17FA314D85FA146915DDC6C.dll
2008-02-28 16:06 1422 --a------ C:\Users\All Users\SecTaskMan\icn_166A73803CEF3B8478C6197E3D02849A.dll
2008-02-28 16:06 142 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll
2008-02-28 16:06 13708 --a------ C:\Users\All Users\SecTaskMan\icn_00002109030000000000000000F01FEC.dll
2008-02-28 16:06 1360 --a------ C:\Users\All Users\SecTaskMan\icn_ABA8F2805D487384D9CF3F569DA1704D.dll
2008-02-28 16:06 130 --a------ C:\Users\All Users\SecTaskMan\icn_06367A21E88372B4BABE5DCF3587DDA2.dll
2008-02-28 16:06 1234 --a------ C:\Users\All Users\SecTaskMan\icn_929fd20b7a922df4a907186a446b537f.dll
2008-02-28 16:06 122 --a------ C:\Users\All Users\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1.dll
2008-02-28 16:06 1214 --a------ C:\Users\All Users\SecTaskMan\icn_8994BF104C33134458DE70E9E3FE7ED5.dll
2008-02-28 16:06 1180 --a------ C:\Users\All Users\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
2008-02-28 16:06 1123 --a------ C:\Users\All Users\SecTaskMan\icn_00002119F20000000000000000F01FEC
2008-02-28 16:06 1121 --a------ C:\Users\All Users\SecTaskMan\icn_C8149E1AE8B3B8E4E8D4DEA7529B4ED1
2008-02-28 16:06 1115 --a------ C:\Users\All Users\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll
2008-02-28 16:06 1082 --a------ C:\Users\All Users\SecTaskMan\icn_CF04870A36EC8BC40803FEB4895029A5.dll
2008-02-28 16:06 1082 --a------ C:\Users\All Users\SecTaskMan\icn_59E19E4BAB5A05E44A56BDE7EF1B678E.dll
2008-02-28 16:06 108 --a------ C:\Users\All Users\SecTaskMan\icn_00002109810090400000000000F01FEC.dll
2008-02-28 16:06 1077 --a------ C:\Users\All Users\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
2008-02-28 16:06 107 --a------ C:\Users\All Users\SecTaskMan\icn_00002109510090400000000000F01FEC.dll
2008-02-28 16:06 1024 --a------ C:\Users\All Users\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C.dll
2008-02-28 16:06 1023 --a------ C:\Users\All Users\SecTaskMan\icn_46B0531A8FA1B794CA7003D76FF78B4D.dll
2008-02-28 16:06 1004 --a------ C:\Users\All Users\SecTaskMan\icn_C0F8BA8DBEEC92A4E85F12B96084314F
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_AA73C45227B60034486F898A429181E7.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_9CE2AD5624609E74AA2E5B62A71AD457.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_496CAE8309D0F544C871B805DAEF1326.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_1017755FCC3311742853A359CB4DD90B.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_00002109711090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_00002109511090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_00002109411090400000000000F01FEC.dll
2006-11-02 05:47 1162656 --a------ C:\Users\All Users\SecTaskMan\_enviewlist.dll
2006-11-02 05:46 770048 --a------ C:\Users\All Users\SecTaskMan\_entreelist.dll


((((((((((((((((((((((((((((( snapshot@2008-03-18_16.12.25.88 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-18 19:52:29 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-20 00:56:57 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-08-31 08:31:28 120,464 ----a-w C:\Windows\Downloaded Installations\Macromedia Flash 8\FL_Client_Installer.exe
+ 2005-04-04 18:49:16 2,003,176 ----a-w C:\Windows\Downloaded Installations\Macromedia Flash 8\WindowsInstaller-KB884016-v2-x86.exe
+ 2008-03-20 00:37:29 65,536 ----a-r C:\Windows\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe
+ 2008-03-19 21:09:04 19,230 ----a-r C:\Windows\Installer\{70553946-F6FD-41F4-A3BB-EB3F6CACCB07}\ARPPRODUCTICON.exe
+ 2008-03-20 00:33:41 53,248 ----a-r C:\Windows\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
- 2008-03-18 19:53:55 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-20 01:00:41 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-03-18 20:11:49 217,088 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-20 04:08:48 217,088 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-03-18 01:30:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-19 01:35:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-18 01:30:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-19 01:35:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-18 01:30:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-19 05:19:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-10-30 15:30:30 10,032 ----a-w C:\Windows\System32\drivers\SBTEDrv.sys
- 2007-11-21 00:52:38 2,884,992 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll
+ 2005-08-27 18:08:06 1,398,408 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll
+ 2005-11-02 15:39:14 131,072 ----a-w C:\Windows\System32\MD5.dll
+ 2005-11-02 15:39:16 24,924 ----a-w C:\Windows\System32\openports.dll
- 2008-03-18 19:58:25 104,868 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-20 01:02:53 104,868 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-18 19:58:25 621,552 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-20 01:02:53 621,552 ----a-w C:\Windows\System32\perfh009.dat
+ 2003-02-21 11:16:08 49,152 ----a-w C:\Windows\System32\REGTLIB.EXE
+ 2007-06-15 18:37:00 27,376 ----a-w C:\Windows\System32\SBBD.exe
+ 2005-11-02 15:39:16 40,960 ----a-w C:\Windows\System32\SDelete.dll
- 2008-03-18 19:55:11 7,888 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3382365644-1707238206-1353470732-1000_UserData.bin
+ 2008-03-20 00:59:30 7,888 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3382365644-1707238206-1353470732-1000_UserData.bin
- 2008-03-18 19:55:11 78,606 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-20 00:59:29 78,606 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-18 19:55:11 49,830 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-20 00:59:27 50,542 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-03-15 23:14:09 303,706 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-03-19 20:28:46 303,818 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-06-22 19:40:28 493,400 ----a-w C:\Windows\System32\XceedZip.dll
- 2008-03-14 06:01:10 13,773 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-19 18:43:54 2,021,087 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"TivoTransfer"="C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.exe" [2007-09-25 11:33 1195008]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 01:38 316728]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 04:29 102400]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 17:54 554320]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-03-09 17:34 1502976]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-17 03:31 579072]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 03:28 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3382365644-1707238206-1353470732-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EFB2612-BEB1-4647-9DC3-9ED1B6D0D9BB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6FB32505-7F0B-44E7-8703-EB9A59BB25A3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F9A471-8027-46D7-B87D-3B00E00613F1}"= Profile=Public|C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B53655B4-6403-4A16-BB77-041FD462C49C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{74E5DB12-D017-492B-B993-FFF9701F2105}"= Profile=Public|C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E73B2710-B2FF-465E-BC5C-AA3D29276B63}"= Profile=Public|C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CF287071-5D4C-4D49-A130-57AD93A3761F}"= UDP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{4D7B5BD7-0604-4795-8792-367589A61034}"= TCP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{EE19D5F3-EE6B-4CB8-A2FE-EE0B8D34F160}"= UDP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{E0F1EA5C-2DCA-4BF4-BEE9-FE3758227A28}"= TCP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{F04C0A4A-F7B1-4628-B977-7FEAF18FA43C}"= UDP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{F2370B4A-8191-43B1-A765-254F041EC238}"= TCP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{F2E71D0C-CB27-4332-9457-4A51E86C7BA6}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{9A56F7FD-9A08-45FB-A9D6-655DB5447432}"= UDP:7288:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7288
"{835565FE-F42A-417A-AF6A-2298DF5CD111}"= UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{04987883-6C20-4305-AC39-9A4B0600B244}"= UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{91CE0B88-4729-47F3-BE3A-6E896D154AFE}"= UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{E19A5EF1-FD70-4E5B-9306-412AE33A06ED}"= UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{2BC5BA6A-9A41-4134-8D3A-CBB89DB283A3}"= UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{F7390C8A-0709-4E2A-A74E-8EB185000257}"= UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{73BB25BA-7376-4F88-8290-3F145F362F47}"= UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{FCA589E7-4E6E-48C9-B850-D78D3DE8979D}"= UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{4D61C3A7-A038-4DC3-94F8-1265706305F5}"= UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"{7D7AFD64-D66B-40B0-A2CB-E3AF41D39CE8}"= UDP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{F33F4519-7D6B-4BF5-8145-D269910E31BB}"= TCP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{A81A14BF-4D89-4F4E-8357-ECEB6922AAFD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{26ADAEBA-2503-44B8-AC07-380A7C7A30D1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{674E7496-6041-4C69-96C1-A3614664F6DE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2AA41A32-304C-4807-AB7E-5F4AC5FD6D2C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F05158BA-8DBA-4899-869F-F17791B93A3A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"UDP Query User{14DE48DA-3A55-4CB4-BA38-B0BD46B4608E}C:\\program files\\tivo\\desktop\\tivoserver.exe"= TCP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process
"TCP Query User{D78780D4-647B-4E58-828B-38830112B091}C:\\program files\\tivo\\desktop\\tivoserver.exe"= UDP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process
"{9D4D8A53-5158-4B3C-A3C6-EF7A78A76F5E}"= UDP:C:\Users\Wes & Amanda\Desktop\utorrent.exe:µTorrent
"{B15178EA-3159-4613-B123-0986FF535594}"= TCP:C:\Users\Wes & Amanda\Desktop\utorrent.exe:µTorrent
"{DD54F49C-7BA9-4BD0-ACBE-3D93A9537035}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B8FA16EC-B08D-489D-BBC8-C829465A4858}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A1423DB3-2847-48AC-8096-2867AC9C62AF}"= Disabled:C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{476FA16A-6239-42D7-83C5-7D695000A813}"= Disabled:UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{36988A04-BE2C-49E7-9849-712A61068D2E}"= Disabled:TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C29E7929-B310-477F-AA98-4026A4A08A40}"= Disabled:C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E66FEEFD-9EE0-4328-8EF1-99520E285CA9}"= Disabled:C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8149E853-1634-43FA-9C6C-C059CBE45777}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{4D5C0395-A475-4778-A37F-A6C14C759F7F}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"TCP Query User{D3EB0C50-DB8D-4C9D-A8B0-8F820834BAF3}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{65908253-8424-4F0F-92F7-BD616DE7D07B}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-03-09 17:34]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-03-09 17:34]
R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 13:12]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 12:18]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-03-04 17:07]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 10:52]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 23:34]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 10:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 19:40]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-12 15:53]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 14:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 17:50]
S2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 23:34]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-02-24 03:31]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]

*Newly Created Service* - SBAPIFS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 05:32:18 C:\Windows\Tasks\User_Feed_Synchronization-{C6ED93B1-991F-4EF5-8EC1-09C5B3AE5EC0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 00:08:49
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-20 0:10:07
ComboFix-quarantined-files.txt 2008-03-20 04:10:03
ComboFix2.txt 2008-03-18 20:13:03
.
2008-03-19 16:36:54 --- E O F ---
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 20th, 2008, 1:17 am

And here is the new HJT log. I also just wanted to tell you that I'm trying out the CounterSpy program now, I think I have a 15 day trial period. I decided that either way, if I fix this problem or not, that I don't want to use PC Spyware Doctor anymore. Either it may have caused the problem or also because it just seems to take up too much resources. Let me know what you think ...


ComboFix 08-03-17.1 - Wes & Amanda 2008-03-20 0:03:36.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1272 [GMT -4:00]
Running from: C:\Users\Wes & Amanda\Desktop\ComboFix.exe
Command switches used :: C:\Users\Wes & Amanda\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:16 . 2008-03-19 17:16 0 --a------ C:\Windows\System32\SBRC.dat
2008-03-19 17:16 . 2008-03-19 17:16 0 --a------ C:\Windows\System32\SBFC.dat
2008-03-19 17:10 . 2008-03-19 17:10 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Sunbelt Software
2008-03-19 17:09 . 2008-03-19 17:09 <DIR> d-------- C:\Users\All Users\Sunbelt Software
2008-03-19 17:09 . 2008-03-19 17:09 <DIR> d-------- C:\ProgramData\Sunbelt Software
2008-03-19 17:08 . 2008-03-19 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-03-18 15:54 . 2008-03-18 15:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-17 20:22 . 2008-03-17 20:22 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\BitDefender
2008-03-17 20:20 . 2008-03-17 20:22 <DIR> d-------- C:\Users\All Users\BitDefender
2008-03-17 20:20 . 2008-03-17 20:22 <DIR> d-------- C:\ProgramData\BitDefender
2008-03-16 18:34 . 2008-03-16 18:34 <DIR> d-------- C:\Users\Wes & Amanda\.DownloadManager
2008-03-15 22:34 . 2008-03-15 22:34 0 ---hs---- C:\Windows\SA6B63E8B.tmp
2008-03-15 00:11 . 2008-03-15 00:11 <DIR> d-------- C:\Program Files\Greatis
2008-03-14 01:07 . 2008-03-17 20:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-14 00:05 . 2008-03-14 00:05 122 --a------ C:\Windows\System32\privacy.xml
2008-03-13 23:49 . 2008-03-14 01:57 121 --a------ C:\Windows\bdagent.INI
2008-03-13 22:27 . 2008-03-13 22:27 262,144 --a------ C:\ProgramData\ntuser.dat
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-03-13 01:17 . 2008-03-13 01:17 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-03-13 01:10 . 2008-03-13 01:10 <DIR> d-------- C:\Users\Wes & Amanda\.housecall6.6
2008-03-12 00:24 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 00:24 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 15:24 . 2008-03-11 15:24 <DIR> d-------- C:\Program Files\CCleaner
2008-03-11 02:21 . 2008-03-11 02:21 <DIR> d-------- C:\Deckard
2008-03-10 23:55 . 2008-03-19 20:47 <DIR> d-------- C:\Program Files\MySetups
2008-03-10 18:34 . 2008-03-10 18:34 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\PC Tools
2008-03-10 18:34 . 2008-03-19 01:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-10 00:36 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Comodo
2008-03-09 17:34 . 2008-03-10 21:56 <DIR> d-------- C:\Users\All Users\comodo
2008-03-09 17:34 . 2008-03-10 21:56 <DIR> d-------- C:\ProgramData\comodo
2008-03-09 17:34 . 2008-03-09 17:34 <DIR> d-------- C:\Program Files\COMODO
2008-03-09 17:34 . 2008-03-09 17:34 139,008 --a------ C:\Windows\System32\guard32.dll
2008-03-09 17:34 . 2008-03-09 17:34 83,448 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-03-09 17:34 . 2008-03-09 17:34 25,080 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-03-09 17:24 . 2007-09-20 13:12 12,800 --a------ C:\Windows\System32\drivers\elrawdsk.sys
2008-03-09 01:55 . 2008-03-09 01:55 0 --ah----- C:\ProgramData.LOG2
2008-03-09 01:55 . 2008-03-09 01:55 0 --------- C:\ProgramData.LOG1
2008-03-08 16:43 . 2008-03-10 21:56 <DIR> d-------- C:\Program Files\IPNetInfo
2008-03-08 16:43 . 2008-03-08 16:43 39,424 --a------ C:\Windows\zipinst.exe
2008-03-04 17:08 . 2008-03-04 17:08 <DIR> d-------- C:\Users\All Users\PC Tools
2008-03-04 17:08 . 2008-03-04 17:08 <DIR> d-------- C:\ProgramData\PC Tools
2008-03-04 17:08 . 2008-03-04 17:07 218,504 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-03-04 17:07 . 2008-03-10 20:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-03-03 01:41 . 2008-03-10 21:56 <DIR> d-------- C:\Program Files\Windows Media Components
2008-03-02 21:08 . 2008-03-02 21:08 <DIR> d-------- C:\Users\All Users\AOL
2008-03-02 21:08 . 2008-03-02 21:08 <DIR> d-------- C:\ProgramData\AOL
2008-03-02 05:05 . 2008-03-02 05:06 <DIR> d-------- C:\Program Files\GSpot Codec Test
2008-03-02 05:03 . 2007-06-28 19:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-03-02 05:03 . 2007-06-28 19:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-02 03:53 . 2008-03-03 01:42 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-03-02 02:50 . 2008-03-02 16:28 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-01 23:27 . 2008-03-02 05:03 <DIR> d-------- C:\Program Files\Xvid
2008-03-01 23:27 . 2007-06-28 19:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-02-28 22:28 . 2007-12-04 08:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-28 22:28 . 2007-12-04 10:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-28 22:28 . 2007-12-04 10:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-28 22:27 . 2008-02-28 22:27 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-28 22:27 . 2007-12-04 09:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-02-28 22:27 . 2004-01-09 05:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-28 22:27 . 2007-12-04 10:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-28 20:41 . 2008-03-18 21:42 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-28 20:41 . 2008-03-18 21:42 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-28 18:13 . 2007-02-18 17:11 296,960 --a------ C:\Windows\winhlp32.exe
2008-02-28 18:13 . 2007-02-18 17:11 194,560 --a------ C:\Windows\System32\ftsrch.dll
2008-02-28 18:13 . 2007-02-18 17:11 9,728 --a------ C:\Windows\System32\ftlx041e.dll
2008-02-28 18:13 . 2007-02-18 17:11 9,216 --a------ C:\Windows\System32\ftlx0411.dll
2008-02-28 16:41 . 2008-02-28 16:59 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Uniblue
2008-02-28 16:41 . 2008-03-19 01:17 <DIR> d-------- C:\Program Files\Uniblue
2008-02-28 16:05 . 2008-03-13 01:02 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-02-28 16:05 . 2008-03-13 01:02 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Yahoo!
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-27 20:03 . 2008-02-27 20:03 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-27 19:53 . 2008-02-27 19:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-27 03:36 . 2008-03-10 21:56 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Winamp
2008-02-27 03:36 . 2008-02-27 03:36 <DIR> d-------- C:\Program Files\Winamp
2008-02-27 00:34 . 2008-02-27 00:34 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Videos
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> d-------- C:\Users\Mcx1\Saved Games
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Pictures
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Music
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Links
2008-02-26 15:03 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Mcx1\Downloads
2008-02-26 15:03 . 2008-02-26 15:03 <DIR> dr------- C:\Users\Mcx1\Documents
2008-02-26 15:03 . 2008-02-26 15:04 <DIR> d--h----- C:\Users\Mcx1\AppData
2008-02-25 00:09 . 2008-02-25 00:09 <DIR> d-------- C:\Windows\WinAVI Video Converter 9.0
2008-02-24 05:03 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-02-24 03:31 . 2008-02-24 03:31 25,773 --a------ C:\Windows\System32\drivers\regguard.sys
2008-02-24 03:28 . 2008-02-24 03:29 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\Regrun
2008-02-24 03:23 . 2008-02-24 03:48 <DIR> d-------- C:\Program Files\RegRunSuite
2008-02-24 03:08 . 2008-02-24 03:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-24 03:02 . 2008-02-24 03:05 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-24 03:02 . 2008-02-24 03:05 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-24 02:24 . 2008-02-24 02:24 <DIR> d-------- C:\Users\All Users\vsosdk
2008-02-24 02:24 . 2008-02-24 02:24 <DIR> d-------- C:\ProgramData\vsosdk
2008-02-24 01:58 . 2008-02-24 01:58 74,703 --a------ C:\Windows\System32\mfc45.dll
2008-02-24 01:56 . 2008-02-24 01:56 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\iolo
2008-02-24 01:14 . 2008-02-24 01:14 <DIR> d-------- C:\Users\Wes & Amanda\AppData\Roaming\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 00:22 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\AVG7
2008-03-18 19:56 --------- d-----w C:\Program Files\Java
2008-03-18 01:34 --------- d-----w C:\ProgramData\avg7
2008-03-17 00:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-16 19:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-16 19:22 --------- d-----w C:\Program Files\HP
2008-03-16 03:30 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\LimeWire
2008-03-14 04:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 02:38 --------- d-----w C:\ProgramData\WildTangent
2008-03-14 02:19 --------- d-----w C:\Program Files\CyberLink
2008-03-14 02:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-12 19:53 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 10:19 --------- d-----w C:\Program Files\Windows Mail
2008-03-11 01:56 --------- d-----w C:\ProgramData\Grisoft
2008-03-11 00:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 19:47 --------- d-----w C:\ProgramData\NVIDIA
2008-02-27 00:47 28,000 ----a-w C:\Users\Wes & Amanda\AppData\Roaming\nvModes.dat
2008-02-24 23:42 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\GTek
2008-02-24 20:47 --------- d-----w C:\ProgramData\Gtek
2008-02-24 03:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-24 03:51 --------- d-----w C:\ProgramData\Symantec
2008-02-24 03:51 --------- d-----w C:\Program Files\Symantec
2008-02-22 01:47 --------- d-----w C:\Program Files\MSBuild
2008-02-20 22:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-20 04:39 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\CyberLink
2008-02-17 07:42 --------- d-----w C:\Program Files\LightScribeTemplateLabeler
2008-02-17 07:28 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-02-17 07:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-17 05:49 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\CoreFTP
2008-02-16 08:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-16 08:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-16 08:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-16 08:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-16 08:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-16 08:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-16 08:10 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-16 08:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-16 08:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 08:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 08:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-16 08:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-16 08:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 08:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-16 08:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-16 08:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-16 08:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-16 08:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-16 08:07 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-16 08:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-16 08:06 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-02-16 08:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-16 08:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-16 08:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-16 08:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-16 08:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-16 08:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-16 08:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 08:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 06:02 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\Apple Computer
2008-02-16 06:02 --------- d-----w C:\ProgramData\Apple Computer
2008-02-16 06:01 --------- d-----w C:\Program Files\QuickTime
2008-02-16 06:00 --------- d-----w C:\Program Files\Apple Software Update
2008-02-16 05:59 --------- d-----w C:\ProgramData\Apple
2008-02-16 05:59 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-16 05:33 --------- d-----w C:\Program Files\CoreFTP
2008-02-16 02:20 --------- d-----w C:\Program Files\LimeWire
2008-02-15 08:14 --------- d-----w C:\ProgramData\TiVo
2008-02-15 08:14 --------- d-----w C:\Program Files\TiVo
2008-02-15 08:14 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-02-15 08:09 --------- d-----w C:\ProgramData\LightScribe
2008-02-15 05:29 --------- d-----w C:\ProgramData\CyberLink
2008-02-15 03:48 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-15 03:48 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-15 03:48 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-15 03:48 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-15 03:48 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-15 03:48 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-15 03:48 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-15 03:47 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-15 03:47 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-15 01:52 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\HP
2008-02-15 01:52 --------- d-----w C:\ProgramData\HP
2008-02-15 01:30 --------- d-----w C:\Users\Wes & Amanda\AppData\Roaming\Hewlett-Packard
2008-02-15 01:30 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-15 01:24 --------- d-----w C:\Program Files\Yahoo!
2008-02-15 01:15 --------- d-----w C:\Program Files\HPQ
2008-02-15 01:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-15 01:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8019NKD_E459053-001_4A_I30CF_SQuanta_V85.24_F.25_T071129_WV3-0_L409_M1983_J250_7AMD_8F82_92.00_#071205_N10DE054C;168C001C_(KC304UA#ABA)_XMOBILE_CN10_Z.MRK
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-06 04:09 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ProgramData\SecTaskMan ----

2008-03-08 02:37 688 --a------ C:\ProgramData\SecTaskMan\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0
2008-03-08 02:37 522 --a------ C:\ProgramData\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A
2008-03-08 02:37 27 --a------ C:\ProgramData\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A.dll
2008-03-08 02:37 259 --a------ C:\ProgramData\SecTaskMan\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0.dll
2008-02-28 16:06 962 --a------ C:\ProgramData\SecTaskMan\icn_A9EE636FCE9F6064CBAF77DDE0127088.dll
2008-02-28 16:06 934 --a------ C:\ProgramData\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
2008-02-28 16:06 92 --a------ C:\ProgramData\SecTaskMan\icn_00002109610090400000000000F01FEC.dll
2008-02-28 16:06 907 --a------ C:\ProgramData\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2008-02-28 16:06 891 --a------ C:\ProgramData\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
2008-02-28 16:06 88 --a------ C:\ProgramData\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll
2008-02-28 16:06 87 --a------ C:\ProgramData\SecTaskMan\icn_B9B47E60F1368734FBA3048D8654C050.dll
2008-02-28 16:06 81 --a------ C:\ProgramData\SecTaskMan\icn_BCD0B40006C4B564F810440B4A111178.dll
2008-02-28 16:06 796 --a------ C:\ProgramData\SecTaskMan\icn_929fd20b7a922df4a907186a446b537f
2008-02-28 16:06 7884 --a------ C:\ProgramData\SecTaskMan\icn_135DCCF583B149A429C421F727F20133.dll
2008-02-28 16:06 771 --a------ C:\ProgramData\SecTaskMan\icn_F633BB1185E077948B662FF43A4316B6
2008-02-28 16:06 771 --a------ C:\ProgramData\SecTaskMan\icn_0DC8CB51B56A0D742ADD098A4295F08A
2008-02-28 16:06 7584 --a------ C:\ProgramData\SecTaskMan\icn_990BFB432B7059E46A3737266D80662A.dll
2008-02-28 16:06 744 --a------ C:\ProgramData\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030.dll
2008-02-28 16:06 74 --a------ C:\ProgramData\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
2008-02-28 16:06 74 --a------ C:\ProgramData\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
2008-02-28 16:06 74 --a------ C:\ProgramData\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll
2008-02-28 16:06 736 --a------ C:\ProgramData\SecTaskMan\icn_05F4EABC9CF97554BA638962FDC301C3
2008-02-28 16:06 728 --a------ C:\ProgramData\SecTaskMan\icn_090938E486B3A6343BFC2A0AC883DD62
2008-02-28 16:06 716 --a------ C:\ProgramData\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030
2008-02-28 16:06 707 --a------ C:\ProgramData\SecTaskMan\icn_FF26F08EC3D591A4489079122F292860
2008-02-28 16:06 699 --a------ C:\ProgramData\SecTaskMan\icn_46B0531A8FA1B794CA7003D76FF78B4D
2008-02-28 16:06 699 --a------ C:\ProgramData\SecTaskMan\icn_1D2EA3C8D45805647AD37CCCE73EB608
2008-02-28 16:06 669 --a------ C:\ProgramData\SecTaskMan\icn_166A73803CEF3B8478C6197E3D02849A
2008-02-28 16:06 656 --a------ C:\ProgramData\SecTaskMan\icn_00002109440090400000000000F01FEC
2008-02-28 16:06 653 --a------ C:\ProgramData\SecTaskMan\icn_FB37A4CCE83991C45A3558C330C5B91A
2008-02-28 16:06 653 --a------ C:\ProgramData\SecTaskMan\icn_98B69DFB967B6DC41BE17EF9DF640F76
2008-02-28 16:06 647 --a------ C:\ProgramData\SecTaskMan\icn_098990BCF5D15D11E99A0005AB3E711E
2008-02-28 16:06 641 --a------ C:\ProgramData\SecTaskMan\icn_090938E486B3A6343BFC2A0AC883DD62.dll
2008-02-28 16:06 634 --a------ C:\ProgramData\SecTaskMan\icn_DF3BFD2025FC3814B8ACA221D784884F
2008-02-28 16:06 625 --a------ C:\ProgramData\SecTaskMan\icn_409D4822831C85B439CEC563A25B31A0
2008-02-28 16:06 624 --a------ C:\ProgramData\SecTaskMan\icn_2B250E985AC5A7B4FAC082AC82630B03.dll
2008-02-28 16:06 621 --a------ C:\ProgramData\SecTaskMan\icn_8994BF104C33134458DE70E9E3FE7ED5
2008-02-28 16:06 616 --a------ C:\ProgramData\SecTaskMan\icn_64B6C8222E46E40498A8FE800306E34F
2008-02-28 16:06 609 --a------ C:\ProgramData\SecTaskMan\icn_990BFB432B7059E46A3737266D80662A
2008-02-28 16:06 60 --a------ C:\ProgramData\SecTaskMan\icn_00002109910090400000000000F01FEC.dll
2008-02-28 16:06 5988 --a------ C:\ProgramData\SecTaskMan\icn_098990BCF5D15D11E99A0005AB3E711E.dll
2008-02-28 16:06 596 --a------ C:\ProgramData\SecTaskMan\icn_AA73C45227B60034486F898A429181E7
2008-02-28 16:06 594 --a------ C:\ProgramData\SecTaskMan\icn_C0F8BA8DBEEC92A4E85F12B96084314F.dll
2008-02-28 16:06 585 --a------ C:\ProgramData\SecTaskMan\icn_00002109020090400000000000F01FEC
2008-02-28 16:06 581 --a------ C:\ProgramData\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C
2008-02-28 16:06 575 --a------ C:\ProgramData\SecTaskMan\icn_D27204BABA2903F43BB622DE1EF6F85E
2008-02-28 16:06 571 --a------ C:\ProgramData\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
2008-02-28 16:06 571 --a------ C:\ProgramData\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
2008-02-28 16:06 57 --a------ C:\ProgramData\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4.dll
2008-02-28 16:06 569 --a------ C:\ProgramData\SecTaskMan\icn_2FB174867F1F98C4BBAB04B049995669
2008-02-28 16:06 564 --a------ C:\ProgramData\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1
2008-02-28 16:06 562 --a------ C:\ProgramData\SecTaskMan\icn_014A4CD768999234E9D586B7C224AC93
2008-02-28 16:06 561 --a------ C:\ProgramData\SecTaskMan\icn_C9ECDE8240331334A83B3FBE9EC4534B
2008-02-28 16:06 559 --a------ C:\ProgramData\SecTaskMan\icn_BCD0B40006C4B564F810440B4A111178
2008-02-28 16:06 558 --a------ C:\ProgramData\SecTaskMan\icn_1017755FCC3311742853A359CB4DD90B
2008-02-28 16:06 558 --a------ C:\ProgramData\SecTaskMan\icn_0A88C3DDC35C0D142AB1D62091182DE3.dll
2008-02-28 16:06 555 --a------ C:\ProgramData\SecTaskMan\icn_00002159FA0090400000000000F01FEC
2008-02-28 16:06 554 --a------ C:\ProgramData\SecTaskMan\icn_06AF0DABFC901144EAA62C48C48821AF
2008-02-28 16:06 552 --a------ C:\ProgramData\SecTaskMan\icn_53A4D966B6414134981FA13C7D8B3876
2008-02-28 16:06 551 --a------ C:\ProgramData\SecTaskMan\icn_00002109E60090400000000000F01FEC
2008-02-28 16:06 548 --a------ C:\ProgramData\SecTaskMan\icn_496CAE8309D0F544C871B805DAEF1326
2008-02-28 16:06 546 --a------ C:\ProgramData\SecTaskMan\icn_80B4D503708557441B8C5D6458358446
2008-02-28 16:06 545 --a------ C:\ProgramData\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A
2008-02-28 16:06 545 --a------ C:\ProgramData\SecTaskMan\icn_ABA8F2805D487384D9CF3F569DA1704D
2008-02-28 16:06 544 --a------ C:\ProgramData\SecTaskMan\icn_01DF9DF7F7F9FDD49B0F192190FFC0AE
2008-02-28 16:06 539 --a------ C:\ProgramData\SecTaskMan\icn_652D325CD31366843BA63FED252864FE
2008-02-28 16:06 539 --a------ C:\ProgramData\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
2008-02-28 16:06 538 --a------ C:\ProgramData\SecTaskMan\icn_252B3F7F277EAA8439BE9746CB230676
2008-02-28 16:06 537 --a------ C:\ProgramData\SecTaskMan\icn_72CCAE0F927AC604B96F8C1FC0CE638F
2008-02-28 16:06 537 --a------ C:\ProgramData\SecTaskMan\icn_000021091A0090400000000000F01FEC
2008-02-28 16:06 535 --a------ C:\ProgramData\SecTaskMan\icn_E5BEA2712BBCDDC44AFC836800288593.dll
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_F12159CA67518B54287F93112D87286E
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_E77CD80EA90D63e408766DBDCB5C8FCD
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_E5BEA2712BBCDDC44AFC836800288593
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_CF04870A36EC8BC40803FEB4895029A5
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_B9B847BE278F59E4898EC57A5E24D5FA
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_B9B47E60F1368734FBA3048D8654C050
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_b25099274a207264182f8181add555d0
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_A9EE636FCE9F6064CBAF77DDE0127088
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_A94906C89F647DD4ABF9870CD0D9C4D8
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_9DCFCAC4B17FA314D85FA146915DDC6C
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_9CE2AD5624609E74AA2E5B62A71AD457
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_59E19E4BAB5A05E44A56BDE7EF1B678E
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_4D5A904E1E729744CA7AD4FA5269214C
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_4C20F4D6FA6F95649A33F70C26538A5D
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_3569BFDAC44FC064FB8581C95C25FDEF
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_2B250E985AC5A7B4FAC082AC82630B03
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_0A88C3DDC35C0D142AB1D62091182DE3
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_06367A21E88372B4BABE5DCF3587DDA2
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109F100C0400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109F100A0C00000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109F10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109C20090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109B10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109AB0090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109A10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109910090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109810090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109711090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109610090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109511090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109510090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\ProgramData\SecTaskMan\icn_00002109411090400000000000F01FEC
2008-02-28 16:06 51 --a------ C:\ProgramData\SecTaskMan\icn_4D5A904E1E729744CA7AD4FA5269214C.dll
2008-02-28 16:06 51 --a------ C:\ProgramData\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll
2008-02-28 16:06 5084 --a------ C:\ProgramData\SecTaskMan\icn_00002119F20000000000000000F01FEC.dll
2008-02-28 16:06 48 --a------ C:\ProgramData\SecTaskMan\icn_72CCAE0F927AC604B96F8C1FC0CE638F.dll
2008-02-28 16:06 4705 --a------ C:\ProgramData\SecTaskMan\icn_C8149E1AE8B3B8E4E8D4DEA7529B4ED1.dll
2008-02-28 16:06 468 --a------ C:\ProgramData\SecTaskMan\icn_F12159CA67518B54287F93112D87286E.dll
2008-02-28 16:06 423 --a------ C:\ProgramData\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
2008-02-28 16:06 41 --a------ C:\ProgramData\SecTaskMan\icn_2FB174867F1F98C4BBAB04B049995669.dll
2008-02-28 16:06 39 --a------ C:\ProgramData\SecTaskMan\icn_53A4D966B6414134981FA13C7D8B3876.dll
2008-02-28 16:06 384 --a------ C:\ProgramData\SecTaskMan\icn_FB37A4CCE83991C45A3558C330C5B91A.dll
2008-02-28 16:06 3743 --a------ C:\ProgramData\SecTaskMan\icn_98B69DFB967B6DC41BE17EF9DF640F76.dll
2008-02-28 16:06 37 --a------ C:\ProgramData\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll
2008-02-28 16:06 3583 --a------ C:\ProgramData\SecTaskMan\icn_F633BB1185E077948B662FF43A4316B6.dll
2008-02-28 16:06 35 --a------ C:\ProgramData\SecTaskMan\icn_C9ECDE8240331334A83B3FBE9EC4534B.dll
2008-02-28 16:06 304 --a------ C:\ProgramData\SecTaskMan\icn_1D2EA3C8D45805647AD37CCCE73EB608.dll
2008-02-28 16:06 300 --a------ C:\ProgramData\SecTaskMan\icn_01DF9DF7F7F9FDD49B0F192190FFC0AE.dll
2008-02-28 16:06 30 --a------ C:\ProgramData\SecTaskMan\icn_B9B847BE278F59E4898EC57A5E24D5FA.dll
2008-02-28 16:06 29 --a------ C:\ProgramData\SecTaskMan\icn_4C20F4D6FA6F95649A33F70C26538A5D.dll
2008-02-28 16:06 279 --a------ C:\ProgramData\SecTaskMan\icn_FF26F08EC3D591A4489079122F292860.dll
2008-02-28 16:06 27 --a------ C:\ProgramData\SecTaskMan\icn_E77CD80EA90D63e408766DBDCB5C8FCD.dll
2008-02-28 16:06 27 --a------ C:\ProgramData\SecTaskMan\icn_409D4822831C85B439CEC563A25B31A0.dll
2008-02-28 16:06 27 --a------ C:\ProgramData\SecTaskMan\icn_05F4EABC9CF97554BA638962FDC301C3.dll
2008-02-28 16:06 27 --a------ C:\ProgramData\SecTaskMan\icn_014A4CD768999234E9D586B7C224AC93.dll
2008-02-28 16:06 266 --a------ C:\ProgramData\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2008-02-28 16:06 26 --a------ C:\ProgramData\SecTaskMan\icn_A94906C89F647DD4ABF9870CD0D9C4D8.dll
2008-02-28 16:06 26 --a------ C:\ProgramData\SecTaskMan\icn_252B3F7F277EAA8439BE9746CB230676.dll
2008-02-28 16:06 2400 --a------ C:\ProgramData\SecTaskMan\icn_3569BFDAC44FC064FB8581C95C25FDEF.dll
2008-02-28 16:06 2308 --a------ C:\ProgramData\SecTaskMan\icn_DF3BFD2025FC3814B8ACA221D784884F.dll
2008-02-28 16:06 2028 --a------ C:\ProgramData\SecTaskMan\icn_0DC8CB51B56A0D742ADD098A4295F08A.dll
2008-02-28 16:06 1971 --a------ C:\ProgramData\SecTaskMan\icn_06AF0DABFC901144EAA62C48C48821AF.dll
2008-02-28 16:06 191 --a------ C:\ProgramData\SecTaskMan\icn_D27204BABA2903F43BB622DE1EF6F85E.dll
2008-02-28 16:06 1861 --a------ C:\ProgramData\SecTaskMan\icn_00002109030000000000000000F01FEC
2008-02-28 16:06 183 --a------ C:\ProgramData\SecTaskMan\icn_80B4D503708557441B8C5D6458358446.dll
2008-02-28 16:06 180 --a------ C:\ProgramData\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll
2008-02-28 16:06 1788 --a------ C:\ProgramData\SecTaskMan\icn_135DCCF583B149A429C421F727F20133
2008-02-28 16:06 176 --a------ C:\ProgramData\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll
2008-02-28 16:06 166 --a------ C:\ProgramData\SecTaskMan\icn_64B6C8222E46E40498A8FE800306E34F.dll
2008-02-28 16:06 160 --a------ C:\ProgramData\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll
2008-02-28 16:06 152 --a------ C:\ProgramData\SecTaskMan\icn_652D325CD31366843BA63FED252864FE.dll
2008-02-28 16:06 152 --a------ C:\ProgramData\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2008-02-28 16:06 1509 --a------ C:\ProgramData\SecTaskMan\icn_00002109440090400000000000F01FEC.dll
2008-02-28 16:06 1470 --a------ C:\ProgramData\SecTaskMan\icn_9DCFCAC4B17FA314D85FA146915DDC6C.dll
2008-02-28 16:06 1422 --a------ C:\ProgramData\SecTaskMan\icn_166A73803CEF3B8478C6197E3D02849A.dll
2008-02-28 16:06 142 --a------ C:\ProgramData\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll
2008-02-28 16:06 13708 --a------ C:\ProgramData\SecTaskMan\icn_00002109030000000000000000F01FEC.dll
2008-02-28 16:06 1360 --a------ C:\ProgramData\SecTaskMan\icn_ABA8F2805D487384D9CF3F569DA1704D.dll
2008-02-28 16:06 130 --a------ C:\ProgramData\SecTaskMan\icn_06367A21E88372B4BABE5DCF3587DDA2.dll
2008-02-28 16:06 1234 --a------ C:\ProgramData\SecTaskMan\icn_929fd20b7a922df4a907186a446b537f.dll
2008-02-28 16:06 122 --a------ C:\ProgramData\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1.dll
2008-02-28 16:06 1214 --a------ C:\ProgramData\SecTaskMan\icn_8994BF104C33134458DE70E9E3FE7ED5.dll
2008-02-28 16:06 1180 --a------ C:\ProgramData\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
2008-02-28 16:06 1123 --a------ C:\ProgramData\SecTaskMan\icn_00002119F20000000000000000F01FEC
2008-02-28 16:06 1121 --a------ C:\ProgramData\SecTaskMan\icn_C8149E1AE8B3B8E4E8D4DEA7529B4ED1
2008-02-28 16:06 1115 --a------ C:\ProgramData\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll
2008-02-28 16:06 1082 --a------ C:\ProgramData\SecTaskMan\icn_CF04870A36EC8BC40803FEB4895029A5.dll
2008-02-28 16:06 1082 --a------ C:\ProgramData\SecTaskMan\icn_59E19E4BAB5A05E44A56BDE7EF1B678E.dll
2008-02-28 16:06 108 --a------ C:\ProgramData\SecTaskMan\icn_00002109810090400000000000F01FEC.dll
2008-02-28 16:06 1077 --a------ C:\ProgramData\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
2008-02-28 16:06 107 --a------ C:\ProgramData\SecTaskMan\icn_00002109510090400000000000F01FEC.dll
2008-02-28 16:06 1024 --a------ C:\ProgramData\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C.dll
2008-02-28 16:06 1023 --a------ C:\ProgramData\SecTaskMan\icn_46B0531A8FA1B794CA7003D76FF78B4D.dll
2008-02-28 16:06 1004 --a------ C:\ProgramData\SecTaskMan\icn_C0F8BA8DBEEC92A4E85F12B96084314F
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_AA73C45227B60034486F898A429181E7.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_9CE2AD5624609E74AA2E5B62A71AD457.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_496CAE8309D0F544C871B805DAEF1326.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_1017755FCC3311742853A359CB4DD90B.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_00002109711090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_00002109511090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\ProgramData\SecTaskMan\icn_00002109411090400000000000F01FEC.dll
2006-11-02 05:47 1162656 --a------ C:\ProgramData\SecTaskMan\_enviewlist.dll
2006-11-02 05:46 770048 --a------ C:\ProgramData\SecTaskMan\_entreelist.dll

---- Directory of C:\Users\All Users\SecTaskMan ----

2008-03-08 02:37 688 --a------ C:\Users\All Users\SecTaskMan\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0
2008-03-08 02:37 522 --a------ C:\Users\All Users\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A
2008-03-08 02:37 27 --a------ C:\Users\All Users\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A.dll
2008-03-08 02:37 259 --a------ C:\Users\All Users\SecTaskMan\icn_0D00C83EB86A81348A6A7F4D5B1BFDE0.dll
2008-02-28 16:06 962 --a------ C:\Users\All Users\SecTaskMan\icn_A9EE636FCE9F6064CBAF77DDE0127088.dll
2008-02-28 16:06 934 --a------ C:\Users\All Users\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE
2008-02-28 16:06 92 --a------ C:\Users\All Users\SecTaskMan\icn_00002109610090400000000000F01FEC.dll
2008-02-28 16:06 907 --a------ C:\Users\All Users\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2008-02-28 16:06 891 --a------ C:\Users\All Users\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
2008-02-28 16:06 88 --a------ C:\Users\All Users\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll
2008-02-28 16:06 87 --a------ C:\Users\All Users\SecTaskMan\icn_B9B47E60F1368734FBA3048D8654C050.dll
2008-02-28 16:06 81 --a------ C:\Users\All Users\SecTaskMan\icn_BCD0B40006C4B564F810440B4A111178.dll
2008-02-28 16:06 796 --a------ C:\Users\All Users\SecTaskMan\icn_929fd20b7a922df4a907186a446b537f
2008-02-28 16:06 7884 --a------ C:\Users\All Users\SecTaskMan\icn_135DCCF583B149A429C421F727F20133.dll
2008-02-28 16:06 771 --a------ C:\Users\All Users\SecTaskMan\icn_F633BB1185E077948B662FF43A4316B6
2008-02-28 16:06 771 --a------ C:\Users\All Users\SecTaskMan\icn_0DC8CB51B56A0D742ADD098A4295F08A
2008-02-28 16:06 7584 --a------ C:\Users\All Users\SecTaskMan\icn_990BFB432B7059E46A3737266D80662A.dll
2008-02-28 16:06 744 --a------ C:\Users\All Users\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030.dll
2008-02-28 16:06 74 --a------ C:\Users\All Users\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
2008-02-28 16:06 74 --a------ C:\Users\All Users\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
2008-02-28 16:06 74 --a------ C:\Users\All Users\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll
2008-02-28 16:06 736 --a------ C:\Users\All Users\SecTaskMan\icn_05F4EABC9CF97554BA638962FDC301C3
2008-02-28 16:06 728 --a------ C:\Users\All Users\SecTaskMan\icn_090938E486B3A6343BFC2A0AC883DD62
2008-02-28 16:06 716 --a------ C:\Users\All Users\SecTaskMan\icn_68AB67CA7DA73301B7448A2100000030
2008-02-28 16:06 707 --a------ C:\Users\All Users\SecTaskMan\icn_FF26F08EC3D591A4489079122F292860
2008-02-28 16:06 699 --a------ C:\Users\All Users\SecTaskMan\icn_46B0531A8FA1B794CA7003D76FF78B4D
2008-02-28 16:06 699 --a------ C:\Users\All Users\SecTaskMan\icn_1D2EA3C8D45805647AD37CCCE73EB608
2008-02-28 16:06 669 --a------ C:\Users\All Users\SecTaskMan\icn_166A73803CEF3B8478C6197E3D02849A
2008-02-28 16:06 656 --a------ C:\Users\All Users\SecTaskMan\icn_00002109440090400000000000F01FEC
2008-02-28 16:06 653 --a------ C:\Users\All Users\SecTaskMan\icn_FB37A4CCE83991C45A3558C330C5B91A
2008-02-28 16:06 653 --a------ C:\Users\All Users\SecTaskMan\icn_98B69DFB967B6DC41BE17EF9DF640F76
2008-02-28 16:06 647 --a------ C:\Users\All Users\SecTaskMan\icn_098990BCF5D15D11E99A0005AB3E711E
2008-02-28 16:06 641 --a------ C:\Users\All Users\SecTaskMan\icn_090938E486B3A6343BFC2A0AC883DD62.dll
2008-02-28 16:06 634 --a------ C:\Users\All Users\SecTaskMan\icn_DF3BFD2025FC3814B8ACA221D784884F
2008-02-28 16:06 625 --a------ C:\Users\All Users\SecTaskMan\icn_409D4822831C85B439CEC563A25B31A0
2008-02-28 16:06 624 --a------ C:\Users\All Users\SecTaskMan\icn_2B250E985AC5A7B4FAC082AC82630B03.dll
2008-02-28 16:06 621 --a------ C:\Users\All Users\SecTaskMan\icn_8994BF104C33134458DE70E9E3FE7ED5
2008-02-28 16:06 616 --a------ C:\Users\All Users\SecTaskMan\icn_64B6C8222E46E40498A8FE800306E34F
2008-02-28 16:06 609 --a------ C:\Users\All Users\SecTaskMan\icn_990BFB432B7059E46A3737266D80662A
2008-02-28 16:06 60 --a------ C:\Users\All Users\SecTaskMan\icn_00002109910090400000000000F01FEC.dll
2008-02-28 16:06 5988 --a------ C:\Users\All Users\SecTaskMan\icn_098990BCF5D15D11E99A0005AB3E711E.dll
2008-02-28 16:06 596 --a------ C:\Users\All Users\SecTaskMan\icn_AA73C45227B60034486F898A429181E7
2008-02-28 16:06 594 --a------ C:\Users\All Users\SecTaskMan\icn_C0F8BA8DBEEC92A4E85F12B96084314F.dll
2008-02-28 16:06 585 --a------ C:\Users\All Users\SecTaskMan\icn_00002109020090400000000000F01FEC
2008-02-28 16:06 581 --a------ C:\Users\All Users\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C
2008-02-28 16:06 575 --a------ C:\Users\All Users\SecTaskMan\icn_D27204BABA2903F43BB622DE1EF6F85E
2008-02-28 16:06 571 --a------ C:\Users\All Users\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
2008-02-28 16:06 571 --a------ C:\Users\All Users\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
2008-02-28 16:06 57 --a------ C:\Users\All Users\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4.dll
2008-02-28 16:06 569 --a------ C:\Users\All Users\SecTaskMan\icn_2FB174867F1F98C4BBAB04B049995669
2008-02-28 16:06 564 --a------ C:\Users\All Users\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1
2008-02-28 16:06 562 --a------ C:\Users\All Users\SecTaskMan\icn_014A4CD768999234E9D586B7C224AC93
2008-02-28 16:06 561 --a------ C:\Users\All Users\SecTaskMan\icn_C9ECDE8240331334A83B3FBE9EC4534B
2008-02-28 16:06 559 --a------ C:\Users\All Users\SecTaskMan\icn_BCD0B40006C4B564F810440B4A111178
2008-02-28 16:06 558 --a------ C:\Users\All Users\SecTaskMan\icn_1017755FCC3311742853A359CB4DD90B
2008-02-28 16:06 558 --a------ C:\Users\All Users\SecTaskMan\icn_0A88C3DDC35C0D142AB1D62091182DE3.dll
2008-02-28 16:06 555 --a------ C:\Users\All Users\SecTaskMan\icn_00002159FA0090400000000000F01FEC
2008-02-28 16:06 554 --a------ C:\Users\All Users\SecTaskMan\icn_06AF0DABFC901144EAA62C48C48821AF
2008-02-28 16:06 552 --a------ C:\Users\All Users\SecTaskMan\icn_53A4D966B6414134981FA13C7D8B3876
2008-02-28 16:06 551 --a------ C:\Users\All Users\SecTaskMan\icn_00002109E60090400000000000F01FEC
2008-02-28 16:06 548 --a------ C:\Users\All Users\SecTaskMan\icn_496CAE8309D0F544C871B805DAEF1326
2008-02-28 16:06 546 --a------ C:\Users\All Users\SecTaskMan\icn_80B4D503708557441B8C5D6458358446
2008-02-28 16:06 545 --a------ C:\Users\All Users\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A
2008-02-28 16:06 545 --a------ C:\Users\All Users\SecTaskMan\icn_ABA8F2805D487384D9CF3F569DA1704D
2008-02-28 16:06 544 --a------ C:\Users\All Users\SecTaskMan\icn_01DF9DF7F7F9FDD49B0F192190FFC0AE
2008-02-28 16:06 539 --a------ C:\Users\All Users\SecTaskMan\icn_652D325CD31366843BA63FED252864FE
2008-02-28 16:06 539 --a------ C:\Users\All Users\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
2008-02-28 16:06 538 --a------ C:\Users\All Users\SecTaskMan\icn_252B3F7F277EAA8439BE9746CB230676
2008-02-28 16:06 537 --a------ C:\Users\All Users\SecTaskMan\icn_72CCAE0F927AC604B96F8C1FC0CE638F
2008-02-28 16:06 537 --a------ C:\Users\All Users\SecTaskMan\icn_000021091A0090400000000000F01FEC
2008-02-28 16:06 535 --a------ C:\Users\All Users\SecTaskMan\icn_E5BEA2712BBCDDC44AFC836800288593.dll
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_F12159CA67518B54287F93112D87286E
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_E83E246D42D0C684A9D23E61DD96F6B4
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_E77CD80EA90D63e408766DBDCB5C8FCD
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_E5BEA2712BBCDDC44AFC836800288593
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_CF04870A36EC8BC40803FEB4895029A5
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_B9B847BE278F59E4898EC57A5E24D5FA
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_B9B47E60F1368734FBA3048D8654C050
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_b25099274a207264182f8181add555d0
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_A9EE636FCE9F6064CBAF77DDE0127088
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_A94906C89F647DD4ABF9870CD0D9C4D8
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_9DCFCAC4B17FA314D85FA146915DDC6C
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_9CE2AD5624609E74AA2E5B62A71AD457
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_59E19E4BAB5A05E44A56BDE7EF1B678E
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_4D5A904E1E729744CA7AD4FA5269214C
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_4C20F4D6FA6F95649A33F70C26538A5D
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_3569BFDAC44FC064FB8581C95C25FDEF
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_2B250E985AC5A7B4FAC082AC82630B03
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_0A88C3DDC35C0D142AB1D62091182DE3
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_06367A21E88372B4BABE5DCF3587DDA2
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F100C0400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F100A0C00000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109C20090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109B10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109AB0090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109A10090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109910090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109810090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109711090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109610090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109511090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109510090400000000000F01FEC
2008-02-28 16:06 522 --a------ C:\Users\All Users\SecTaskMan\icn_00002109411090400000000000F01FEC
2008-02-28 16:06 51 --a------ C:\Users\All Users\SecTaskMan\icn_4D5A904E1E729744CA7AD4FA5269214C.dll
2008-02-28 16:06 51 --a------ C:\Users\All Users\SecTaskMan\icn_000021091A0090400000000000F01FEC.dll
2008-02-28 16:06 5084 --a------ C:\Users\All Users\SecTaskMan\icn_00002119F20000000000000000F01FEC.dll
2008-02-28 16:06 48 --a------ C:\Users\All Users\SecTaskMan\icn_72CCAE0F927AC604B96F8C1FC0CE638F.dll
2008-02-28 16:06 4705 --a------ C:\Users\All Users\SecTaskMan\icn_C8149E1AE8B3B8E4E8D4DEA7529B4ED1.dll
2008-02-28 16:06 468 --a------ C:\Users\All Users\SecTaskMan\icn_F12159CA67518B54287F93112D87286E.dll
2008-02-28 16:06 423 --a------ C:\Users\All Users\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
2008-02-28 16:06 41 --a------ C:\Users\All Users\SecTaskMan\icn_2FB174867F1F98C4BBAB04B049995669.dll
2008-02-28 16:06 39 --a------ C:\Users\All Users\SecTaskMan\icn_53A4D966B6414134981FA13C7D8B3876.dll
2008-02-28 16:06 384 --a------ C:\Users\All Users\SecTaskMan\icn_FB37A4CCE83991C45A3558C330C5B91A.dll
2008-02-28 16:06 3743 --a------ C:\Users\All Users\SecTaskMan\icn_98B69DFB967B6DC41BE17EF9DF640F76.dll
2008-02-28 16:06 37 --a------ C:\Users\All Users\SecTaskMan\icn_00002109AB0090400000000000F01FEC.dll
2008-02-28 16:06 3583 --a------ C:\Users\All Users\SecTaskMan\icn_F633BB1185E077948B662FF43A4316B6.dll
2008-02-28 16:06 35 --a------ C:\Users\All Users\SecTaskMan\icn_C9ECDE8240331334A83B3FBE9EC4534B.dll
2008-02-28 16:06 304 --a------ C:\Users\All Users\SecTaskMan\icn_1D2EA3C8D45805647AD37CCCE73EB608.dll
2008-02-28 16:06 300 --a------ C:\Users\All Users\SecTaskMan\icn_01DF9DF7F7F9FDD49B0F192190FFC0AE.dll
2008-02-28 16:06 30 --a------ C:\Users\All Users\SecTaskMan\icn_B9B847BE278F59E4898EC57A5E24D5FA.dll
2008-02-28 16:06 29 --a------ C:\Users\All Users\SecTaskMan\icn_4C20F4D6FA6F95649A33F70C26538A5D.dll
2008-02-28 16:06 279 --a------ C:\Users\All Users\SecTaskMan\icn_FF26F08EC3D591A4489079122F292860.dll
2008-02-28 16:06 27 --a------ C:\Users\All Users\SecTaskMan\icn_E77CD80EA90D63e408766DBDCB5C8FCD.dll
2008-02-28 16:06 27 --a------ C:\Users\All Users\SecTaskMan\icn_409D4822831C85B439CEC563A25B31A0.dll
2008-02-28 16:06 27 --a------ C:\Users\All Users\SecTaskMan\icn_05F4EABC9CF97554BA638962FDC301C3.dll
2008-02-28 16:06 27 --a------ C:\Users\All Users\SecTaskMan\icn_014A4CD768999234E9D586B7C224AC93.dll
2008-02-28 16:06 266 --a------ C:\Users\All Users\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2008-02-28 16:06 26 --a------ C:\Users\All Users\SecTaskMan\icn_A94906C89F647DD4ABF9870CD0D9C4D8.dll
2008-02-28 16:06 26 --a------ C:\Users\All Users\SecTaskMan\icn_252B3F7F277EAA8439BE9746CB230676.dll
2008-02-28 16:06 2400 --a------ C:\Users\All Users\SecTaskMan\icn_3569BFDAC44FC064FB8581C95C25FDEF.dll
2008-02-28 16:06 2308 --a------ C:\Users\All Users\SecTaskMan\icn_DF3BFD2025FC3814B8ACA221D784884F.dll
2008-02-28 16:06 2028 --a------ C:\Users\All Users\SecTaskMan\icn_0DC8CB51B56A0D742ADD098A4295F08A.dll
2008-02-28 16:06 1971 --a------ C:\Users\All Users\SecTaskMan\icn_06AF0DABFC901144EAA62C48C48821AF.dll
2008-02-28 16:06 191 --a------ C:\Users\All Users\SecTaskMan\icn_D27204BABA2903F43BB622DE1EF6F85E.dll
2008-02-28 16:06 1861 --a------ C:\Users\All Users\SecTaskMan\icn_00002109030000000000000000F01FEC
2008-02-28 16:06 183 --a------ C:\Users\All Users\SecTaskMan\icn_80B4D503708557441B8C5D6458358446.dll
2008-02-28 16:06 180 --a------ C:\Users\All Users\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll
2008-02-28 16:06 1788 --a------ C:\Users\All Users\SecTaskMan\icn_135DCCF583B149A429C421F727F20133
2008-02-28 16:06 176 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll
2008-02-28 16:06 166 --a------ C:\Users\All Users\SecTaskMan\icn_64B6C8222E46E40498A8FE800306E34F.dll
2008-02-28 16:06 160 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll
2008-02-28 16:06 152 --a------ C:\Users\All Users\SecTaskMan\icn_652D325CD31366843BA63FED252864FE.dll
2008-02-28 16:06 152 --a------ C:\Users\All Users\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2008-02-28 16:06 1509 --a------ C:\Users\All Users\SecTaskMan\icn_00002109440090400000000000F01FEC.dll
2008-02-28 16:06 1470 --a------ C:\Users\All Users\SecTaskMan\icn_9DCFCAC4B17FA314D85FA146915DDC6C.dll
2008-02-28 16:06 1422 --a------ C:\Users\All Users\SecTaskMan\icn_166A73803CEF3B8478C6197E3D02849A.dll
2008-02-28 16:06 142 --a------ C:\Users\All Users\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll
2008-02-28 16:06 13708 --a------ C:\Users\All Users\SecTaskMan\icn_00002109030000000000000000F01FEC.dll
2008-02-28 16:06 1360 --a------ C:\Users\All Users\SecTaskMan\icn_ABA8F2805D487384D9CF3F569DA1704D.dll
2008-02-28 16:06 130 --a------ C:\Users\All Users\SecTaskMan\icn_06367A21E88372B4BABE5DCF3587DDA2.dll
2008-02-28 16:06 1234 --a------ C:\Users\All Users\SecTaskMan\icn_929fd20b7a922df4a907186a446b537f.dll
2008-02-28 16:06 122 --a------ C:\Users\All Users\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1.dll
2008-02-28 16:06 1214 --a------ C:\Users\All Users\SecTaskMan\icn_8994BF104C33134458DE70E9E3FE7ED5.dll
2008-02-28 16:06 1180 --a------ C:\Users\All Users\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
2008-02-28 16:06 1123 --a------ C:\Users\All Users\SecTaskMan\icn_00002119F20000000000000000F01FEC
2008-02-28 16:06 1121 --a------ C:\Users\All Users\SecTaskMan\icn_C8149E1AE8B3B8E4E8D4DEA7529B4ED1
2008-02-28 16:06 1115 --a------ C:\Users\All Users\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll
2008-02-28 16:06 1082 --a------ C:\Users\All Users\SecTaskMan\icn_CF04870A36EC8BC40803FEB4895029A5.dll
2008-02-28 16:06 1082 --a------ C:\Users\All Users\SecTaskMan\icn_59E19E4BAB5A05E44A56BDE7EF1B678E.dll
2008-02-28 16:06 108 --a------ C:\Users\All Users\SecTaskMan\icn_00002109810090400000000000F01FEC.dll
2008-02-28 16:06 1077 --a------ C:\Users\All Users\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
2008-02-28 16:06 107 --a------ C:\Users\All Users\SecTaskMan\icn_00002109510090400000000000F01FEC.dll
2008-02-28 16:06 1024 --a------ C:\Users\All Users\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C.dll
2008-02-28 16:06 1023 --a------ C:\Users\All Users\SecTaskMan\icn_46B0531A8FA1B794CA7003D76FF78B4D.dll
2008-02-28 16:06 1004 --a------ C:\Users\All Users\SecTaskMan\icn_C0F8BA8DBEEC92A4E85F12B96084314F
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_BD72CDA88C2EC6445A6761C6502CDD42.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_AA73C45227B60034486F898A429181E7.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_9CE2AD5624609E74AA2E5B62A71AD457.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_496CAE8309D0F544C871B805DAEF1326.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_1017755FCC3311742853A359CB4DD90B.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_00002109711090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_00002109511090400000000000F01FEC.dll
2008-02-28 16:06 10 --a------ C:\Users\All Users\SecTaskMan\icn_00002109411090400000000000F01FEC.dll
2006-11-02 05:47 1162656 --a------ C:\Users\All Users\SecTaskMan\_enviewlist.dll
2006-11-02 05:46 770048 --a------ C:\Users\All Users\SecTaskMan\_entreelist.dll


((((((((((((((((((((((((((((( snapshot@2008-03-18_16.12.25.88 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-18 19:52:29 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-20 00:56:57 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-08-31 08:31:28 120,464 ----a-w C:\Windows\Downloaded Installations\Macromedia Flash 8\FL_Client_Installer.exe
+ 2005-04-04 18:49:16 2,003,176 ----a-w C:\Windows\Downloaded Installations\Macromedia Flash 8\WindowsInstaller-KB884016-v2-x86.exe
+ 2008-03-20 00:37:29 65,536 ----a-r C:\Windows\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe
+ 2008-03-19 21:09:04 19,230 ----a-r C:\Windows\Installer\{70553946-F6FD-41F4-A3BB-EB3F6CACCB07}\ARPPRODUCTICON.exe
+ 2008-03-20 00:33:41 53,248 ----a-r C:\Windows\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
- 2008-03-18 19:53:55 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-20 01:00:41 208,896 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-03-18 20:11:49 217,088 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-20 04:08:48 217,088 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-03-18 01:30:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-19 01:35:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-18 01:30:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-19 01:35:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-18 01:30:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-19 05:19:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-10-30 15:30:30 10,032 ----a-w C:\Windows\System32\drivers\SBTEDrv.sys
- 2007-11-21 00:52:38 2,884,992 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll
+ 2005-08-27 18:08:06 1,398,408 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll
+ 2005-11-02 15:39:14 131,072 ----a-w C:\Windows\System32\MD5.dll
+ 2005-11-02 15:39:16 24,924 ----a-w C:\Windows\System32\openports.dll
- 2008-03-18 19:58:25 104,868 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-20 01:02:53 104,868 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-18 19:58:25 621,552 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-20 01:02:53 621,552 ----a-w C:\Windows\System32\perfh009.dat
+ 2003-02-21 11:16:08 49,152 ----a-w C:\Windows\System32\REGTLIB.EXE
+ 2007-06-15 18:37:00 27,376 ----a-w C:\Windows\System32\SBBD.exe
+ 2005-11-02 15:39:16 40,960 ----a-w C:\Windows\System32\SDelete.dll
- 2008-03-18 19:55:11 7,888 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3382365644-1707238206-1353470732-1000_UserData.bin
+ 2008-03-20 00:59:30 7,888 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3382365644-1707238206-1353470732-1000_UserData.bin
- 2008-03-18 19:55:11 78,606 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-20 00:59:29 78,606 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-18 19:55:11 49,830 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-20 00:59:27 50,542 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-03-15 23:14:09 303,706 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-03-19 20:28:46 303,818 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-06-22 19:40:28 493,400 ----a-w C:\Windows\System32\XceedZip.dll
- 2008-03-14 06:01:10 13,773 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-19 18:43:54 2,021,087 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"TivoTransfer"="C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.exe" [2007-09-25 11:33 1195008]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 01:38 316728]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 04:29 102400]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 17:54 554320]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-03-09 17:34 1502976]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-17 03:31 579072]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 03:28 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3382365644-1707238206-1353470732-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EFB2612-BEB1-4647-9DC3-9ED1B6D0D9BB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6FB32505-7F0B-44E7-8703-EB9A59BB25A3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F9A471-8027-46D7-B87D-3B00E00613F1}"= Profile=Public|C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B53655B4-6403-4A16-BB77-041FD462C49C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{74E5DB12-D017-492B-B993-FFF9701F2105}"= Profile=Public|C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E73B2710-B2FF-465E-BC5C-AA3D29276B63}"= Profile=Public|C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CF287071-5D4C-4D49-A130-57AD93A3761F}"= UDP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{4D7B5BD7-0604-4795-8792-367589A61034}"= TCP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{EE19D5F3-EE6B-4CB8-A2FE-EE0B8D34F160}"= UDP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{E0F1EA5C-2DCA-4BF4-BEE9-FE3758227A28}"= TCP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{F04C0A4A-F7B1-4628-B977-7FEAF18FA43C}"= UDP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{F2370B4A-8191-43B1-A765-254F041EC238}"= TCP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{F2E71D0C-CB27-4332-9457-4A51E86C7BA6}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{9A56F7FD-9A08-45FB-A9D6-655DB5447432}"= UDP:7288:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7288
"{835565FE-F42A-417A-AF6A-2298DF5CD111}"= UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{04987883-6C20-4305-AC39-9A4B0600B244}"= UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{91CE0B88-4729-47F3-BE3A-6E896D154AFE}"= UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{E19A5EF1-FD70-4E5B-9306-412AE33A06ED}"= UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{2BC5BA6A-9A41-4134-8D3A-CBB89DB283A3}"= UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{F7390C8A-0709-4E2A-A74E-8EB185000257}"= UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{73BB25BA-7376-4F88-8290-3F145F362F47}"= UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{FCA589E7-4E6E-48C9-B850-D78D3DE8979D}"= UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{4D61C3A7-A038-4DC3-94F8-1265706305F5}"= UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"{7D7AFD64-D66B-40B0-A2CB-E3AF41D39CE8}"= UDP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{F33F4519-7D6B-4BF5-8145-D269910E31BB}"= TCP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{A81A14BF-4D89-4F4E-8357-ECEB6922AAFD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{26ADAEBA-2503-44B8-AC07-380A7C7A30D1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{674E7496-6041-4C69-96C1-A3614664F6DE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2AA41A32-304C-4807-AB7E-5F4AC5FD6D2C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F05158BA-8DBA-4899-869F-F17791B93A3A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"UDP Query User{14DE48DA-3A55-4CB4-BA38-B0BD46B4608E}C:\\program files\\tivo\\desktop\\tivoserver.exe"= TCP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process
"TCP Query User{D78780D4-647B-4E58-828B-38830112B091}C:\\program files\\tivo\\desktop\\tivoserver.exe"= UDP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process
"{9D4D8A53-5158-4B3C-A3C6-EF7A78A76F5E}"= UDP:C:\Users\Wes & Amanda\Desktop\utorrent.exe:µTorrent
"{B15178EA-3159-4613-B123-0986FF535594}"= TCP:C:\Users\Wes & Amanda\Desktop\utorrent.exe:µTorrent
"{DD54F49C-7BA9-4BD0-ACBE-3D93A9537035}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B8FA16EC-B08D-489D-BBC8-C829465A4858}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A1423DB3-2847-48AC-8096-2867AC9C62AF}"= Disabled:C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{476FA16A-6239-42D7-83C5-7D695000A813}"= Disabled:UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{36988A04-BE2C-49E7-9849-712A61068D2E}"= Disabled:TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C29E7929-B310-477F-AA98-4026A4A08A40}"= Disabled:C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E66FEEFD-9EE0-4328-8EF1-99520E285CA9}"= Disabled:C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8149E853-1634-43FA-9C6C-C059CBE45777}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{4D5C0395-A475-4778-A37F-A6C14C759F7F}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"TCP Query User{D3EB0C50-DB8D-4C9D-A8B0-8F820834BAF3}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{65908253-8424-4F0F-92F7-BD616DE7D07B}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-03-09 17:34]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-03-09 17:34]
R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 13:12]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 12:18]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-03-04 17:07]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 10:52]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 23:34]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 10:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 19:40]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-12 15:53]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 14:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 17:50]
S2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 23:34]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-02-24 03:31]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]

*Newly Created Service* - SBAPIFS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 05:32:18 C:\Windows\Tasks\User_Feed_Synchronization-{C6ED93B1-991F-4EF5-8EC1-09C5B3AE5EC0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 00:08:49
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-20 0:10:07
ComboFix-quarantined-files.txt 2008-03-20 04:10:03
ComboFix2.txt 2008-03-18 20:13:03
.
2008-03-19 16:36:54 --- E O F ---
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 20th, 2008, 11:04 am

Hi,

Your second post it the ComboFix log again and not a fresh HijackThis log.

sorry it took me all day to get this back to you, I had a lot of projects to do today.

You're fastest person I've helped in ages...

I don't think I have AVG firewall, atleast if I do I can't find it. It's not listed anywhere in the Control Center's (AVG) options or services. How would I find out if I have it for sure?

If it isn't present and you don't know you're paying for it you probably don't have it...

I also just wanted to tell you that I'm trying out the CounterSpy program now, I think I have a 15 day trial period. I decided that either way, if I fix this problem or not, that I don't want to use PC Spyware Doctor anymore. Either it may have caused the problem or also because it just seems to take up too much resources. Let me know what you think ...

Well, one thing I noticed is that you're running an enormous amount of Anti-Virus and Anti-Spyware programs. Currently, while we're cleaning your computer, I think it's best not to install anything new. Looking at the amount of programs you've tried I'd prefer that you remove one or two above adding more. We can work on prevention after your problems are gone.

Your registry has to be edited and because it is very vulnerable I asked for some assistance of other helpers. This may take one or more days (I will keep you updated) so please don't be impatient.

Please post a fresh HijackThis log.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 20th, 2008, 2:54 pm

hey john, thankyou again for helping me. My mistake, I thought I posted the HJT log, but I was copying and pasting and I guess the second copy didn't take so it just repasted the Combofix. I'll do that now. Also, the reason I have a lot of antivirus and spyware programs is that I kept trying new ones to see if they would work when the problem first came up, and now this problem has been going on for near about two weeks so I guess a lot have accumulated. I'm pretty sure that I uninstalled all the ones that wouldn't work as well, so maybe there might be some remnants still hanging around though. The ones that I kept should only be the AVG and Comodo Firewall which is supposed to have virus and spyware protection/scans also (and I think Avast still but I disabled and stopped it) ... and CounterSpy and the MalwareByte's now for spyware (Defender is off). I also have the programs you advised (combofix, HJT, CCleaner) as well as some other options I found in other posts that I tried before you contacted me (Deckers). None of my prior registry cleaners work now, but I did use Registry Mechanic and Registry Booster. Should I go through and try to erase all the remnants of the programs I uninstalled? Well, let me know, and thankyou again. I'll wait to hear back from you.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:12 AM, on 3/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\PROGRAM FILES\COMMON FILES\TIVO SHARED\Transfer\TIVOTRANSFER.EXE" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7570 bytes
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby John B. » March 22nd, 2008, 2:16 pm

Hi,

As all your logs are clean we'll start fixing your problems, beginning with AVG. We'll do this by reinstalling AVG.

Please copy the fix to Word, or print it, because you won't always have internet access!

Step 1: Download Installer
From the official Grisoft website, download the installer of the AVG (Free Edition, I guess) edition you're using. Download it to your desktop.

Step 2: Disconnect from the internet
Because you will soon be without Anti-Virus it's best to disconnect from the internet. This way you will not be vulnerable to malware.

Step 3: Uninstall AVG
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following:

    AVG 7.5

Step 4: Remove possible leftover
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside the item listed below (if present):

    O20 - Winlogon Notify: avgwlntf - C:\Windows\

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 5: Reboot
To make sure the uninstallation has completed please reboot your computer and disconnect immediately after booting (if connected automatically).

Step 6: Install AVG
Now run the installer you downloaded from the Grisoft website.

Step 7: Reboot
To make sure the installation has completed please reboot your computer and connect after booting (if disconnected automatically).

Step 8: Reply
Please tell post a fresh HijackThis log. Also give me a list of programs and/or functions of XP which you know are not working. Then we can see on which we can work.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: PLEASE PLEASE HELP, can't open any of my Antivirus, registry

Unread postby kitneyes » March 22nd, 2008, 11:56 pm

Hey again, I just got done uninstalling and reinstalling AVG, I upgraded to the newer AVG Pro 8. No change though, those programs are still not working. Here is a list of what I know does not want to work anymore, and the error message " ... has stopped working" shows up right away after I click on the program in question ...

Spyware Doctor (which I don't want anymore anyways), Registry Mechanic, Registry Booster2, Security Task Manager and the trial for BitDefender (which didn't really say the "has stopped working" thing, but instead about two minutes after restarting the computer would freeze EVERYTHING and I'd have to manually power off, task manager would not work).

Also, I have Vista home Premium, not XP, although I wish I did have XP ... I liked that one. Vista seems to be nothing but problems. It also has a tendency to not allow me to move or delete files, telling me I don't have permission, when I'm the owner and admin and the only account on my computer - guest account not active. I wish I could go back for free, they should really do that for all the people who are not satisfied with Vista.

Included below I've also pasted some of the errors that have been going on etc ...



Here is the main program and the one that I first noticed wouldn't work anymore.

I liked Spyware Doc in the beginning, but I don't think I wanna use it anymore.

It seems to use too much resources and I read a lot of bad things about it ...

Product
PC Tools GUI Application

Problem
Stopped working

Date
3/12/2008 11:36 PM

Status
Not Reported

Problem signature
Problem Event Name: APPCRASH
Application Name: pctsGui.exe
Application Version: 5.5.0.204
Application Timestamp: 2a425e19
Fault Module Name: StackHash_e51a
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 00000000
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: e51a
Additional Information 2: 4c0d4d78887f76d971d5d00f1f20a433
Additional Information 3: e51a
Additional Information 4: 4c0d4d78887f76d971d5d00f1f20a433





Here is a different error for the same program, Spyware Doc...

Product
PC Tools Tray Application

Problem
Stopped working

Date
3/10/2008 5:35 PM

Status
Not Reported

Problem signature
Problem Event Name: APPCRASH
Application Name: pctsTray.exe
Application Version: 5.5.0.106
Application Timestamp: 2a425e19
Fault Module Name: StackHash_e51a
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 00000000
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: e51a
Additional Information 2: 4c0d4d78887f76d971d5d00f1f20a433
Additional Information 3: e51a
Additional Information 4: 4c0d4d78887f76d971d5d00f1f20a433





And here is another similar error with Registry Mechanic ...

Product
Registry Mechanic 7.0

Problem
Stopped working

Date
3/10/2008 7:10 PM

Status
Not Reported

Problem signature
Problem Event Name: APPCRASH
Application Name: RegMech.exe
Application Version: 7.0.0.1010
Application Timestamp: 469c7102
Fault Module Name: StackHash_290f
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000096
Exception Offset: 01df312f
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 290f
Additional Information 2: 31a83b6b61fec06f9c9a0596d488cfd9
Additional Information 3: 93e5
Additional Information 4: 2db70b254698db96c7d9fdcd7570671d








Product
Adobe Illustrator CS3

Problem
Stopped working

Date
3/17/2008 1:19 AM

Status
Not Reported

Problem signature
Problem Event Name: APPCRASH
Application Name: Illustrator.exe
Application Version: 13.0.128.0
Application Timestamp: 45fa64db
Fault Module Name: kernel32.dll
Fault Module Version: 6.0.6000.16386
Fault Module Timestamp: 4549bd80
Exception Code: e06d7363
Exception Offset: 0001b09e
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 2f2a
Additional Information 2: 52b8051b3892f9e311edde6f73f7058d
Additional Information 3: e878
Additional Information 4: dc7b2260c9a6d1ad3416b78998de1529






I'm not even sure what this is, but it happened about a day before I uninstalled

ESET and all the problems began. They probably aren't related though, it only

happened that one time and none since ...

Product
Client Server Runtime Process

Problem
Stopped working

Date
3/8/2008 5:06 PM

Status
Not Reported

Problem signature
Problem Event Name: BEX
Application Name: csrss.exe
Application Version: 6.0.6000.16386
Application Timestamp: 4549ad3f
Fault Module Name: smumhook.dll_unloaded
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 2a425e19
Exception Offset: 636f2291
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 6d71
Additional Information 2: 4a5f612bb66b18b8e1691acf09ec1a9c
Additional Information 3: db15
Additional Information 4: 5d0a55c699c5321488aa1cc17c7f901c

Files that help describe the problem
Version.txt
AppCompat.txt
memory.hdmp
minidump.mdmp






This also happened within a day of the issue starting, but again, only happened

the one time ...

Product
Host Process for Windows Services

Problem
Stopped working

Date
3/10/2008 5:20 PM

Status
Not Reported

Problem signature
Problem Event Name: BEX
Application Name: svchost.exe
Application Version: 6.0.6000.16386
Application Timestamp: 4549adc4
Fault Module Name: smumhook.dll_unloaded
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 2a425e19
Exception Offset: 636f2291
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 452e
Additional Information 2: a8948a9b04fd6e9e41b1da2d58fdce23
Additional Information 3: f09c
Additional Information 4: 53a8bb48ab789905d724f970c560c135







RegRun and Security Task Manager both show the "stackhash ..." fault module

error.




And this showed up when I was trying to watch a movie ...


Product
Windows

Problem
Video hardware error

Date
2/27/2008 2:02 AM

Status
Not Reported

Description
A problem with your video hardware caused Windows to stop working correctly.

Problem signature
Problem Event Name: LiveKernelEvent
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033

Files that help describe the problem
WD-20080227-0101.dmp
sysdata.xml
Version.txt

Extra information about the problem
BCCode: 117
BCP1: D3F8A040
BCP2: 8B6C1190
BCP3: 00000000
BCP4: 00000000
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1







Also, this service shows up in my WinPatrol under services, but it does not

exist. Can't find it in the directory that it says its in. Also, WinPatrol says

file not foundv...


C:\WINDOWS\SYSTEM32\APPMGMTS.DLL
kitneyes
Regular Member
 
Posts: 29
Joined: March 6th, 2008, 8:25 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware