Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Process IS360srv.exe questionable

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Process IS360srv.exe questionable

Unread postby social misfit » June 22nd, 2009, 8:34 pm

My computer has been slow and freezing. I decided to Google running processes and found IS360srv.exe Is360tray.exe may be indicative of a problem. I ran HJT and below are is the report. Let me state in advance I appreciate any help you may give me regarding this situation. Thanx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:23 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.83
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Google Update Service (gupdate1c9becfe8eb9712) (gupdate1c9becfe8eb9712) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - Unknown owner - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 7721 bytes
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am
Advertisement
Register to Remove

Re: Process IS360srv.exe questionable

Unread postby Bio-Hazard » June 26th, 2009, 4:35 am

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

No Reply Within 5 Days Will Result In Your Topic Being Closed!!



Looking at your log i see signs of Mcafee Norton and IObit Security 360. What is the security program that you are using at the moment?

I decided to Google running processes and found IS360srv.exe Is360tray.exe may be indicative of a problem.


These files belongs to a securtiy program called IObit Security 360. It is still in beta tesing which mean it can cause problems.


STEP 1

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop from:

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


STEP 2


Gmer

Please download Gmer by Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.



Next Reply

Please reply with:
  • DDS.txt
  • Attach.txt
  • Gmer log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Process IS360srv.exe questionable

Unread postby social misfit » July 1st, 2009, 3:07 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/15/2006 8:12:35 PM
System Uptime: 6/29/2009 6:49:44 AM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | Kamet2
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2075/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 27.314 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.974 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP934: 5/29/2009 3:00:56 AM - Software Distribution Service 3.0
RP935: 5/30/2009 10:19:39 AM - Software Distribution Service 3.0
RP936: 5/31/2009 3:00:37 AM - Software Distribution Service 3.0
RP937: 6/1/2009 3:02:37 AM - Software Distribution Service 3.0
RP938: 6/2/2009 3:00:22 AM - Software Distribution Service 3.0
RP939: 6/3/2009 3:00:27 AM - Software Distribution Service 3.0
RP940: 6/4/2009 3:02:11 AM - Software Distribution Service 3.0
RP941: 6/5/2009 3:04:06 AM - Software Distribution Service 3.0
RP942: 6/6/2009 3:00:27 AM - Software Distribution Service 3.0
RP943: 6/7/2009 3:04:37 AM - Software Distribution Service 3.0
RP944: 6/7/2009 3:39:54 AM - Software Distribution Service 3.0
RP945: 6/8/2009 3:51:44 AM - Software Distribution Service 3.0
RP946: 6/9/2009 3:00:33 AM - Software Distribution Service 3.0
RP947: 6/10/2009 3:00:39 AM - Software Distribution Service 3.0
RP948: 6/11/2009 12:56:46 AM - Removed Adobe Reader 7.0.9
RP949: 6/11/2009 12:58:08 AM - Installed Adobe Reader 9.1.
RP950: 6/12/2009 3:09:23 AM - Software Distribution Service 3.0
RP951: 6/13/2009 3:00:35 AM - Software Distribution Service 3.0
RP952: 6/14/2009 3:01:08 AM - Software Distribution Service 3.0
RP953: 6/15/2009 3:00:27 AM - Software Distribution Service 3.0
RP954: 6/15/2009 6:31:29 PM - Software Distribution Service 3.0
RP955: 6/15/2009 6:37:54 PM - Software Distribution Service 3.0
RP956: 6/15/2009 7:03:16 PM - Software Distribution Service 3.0
RP957: 6/15/2009 7:26:34 PM - Installed Windows Defender
RP958: 6/15/2009 7:28:31 PM - Software Distribution Service 3.0
RP959: 6/15/2009 7:32:26 PM - Software Distribution Service 3.0
RP960: 6/15/2009 8:39:21 PM - Windows Defender Checkpoint
RP961: 6/15/2009 8:44:53 PM - Configured 303 Game Collection
RP962: 6/15/2009 8:45:13 PM - Configured 303 Game Collection
RP963: 6/15/2009 9:22:54 PM - Removed J2SE Runtime Environment 5.0 Update 8
RP964: 6/15/2009 9:30:12 PM - Removed Ringtone Ripper
RP965: 6/15/2009 9:35:43 PM - Software Distribution Service 3.0
RP966: 6/16/2009 1:26:51 AM - Software Distribution Service 3.0
RP967: 6/16/2009 12:56:21 PM - Software Distribution Service 3.0
RP968: 6/16/2009 1:24:53 PM - Software Distribution Service 3.0
RP969: 6/16/2009 1:58:20 PM - Software Distribution Service 3.0
RP970: 6/16/2009 11:46:37 PM - Advanced SystemCare RestorePoint
RP971: 6/17/2009 3:02:49 AM - Software Distribution Service 3.0
RP972: 6/17/2009 4:06:57 AM - Software Distribution Service 3.0
RP973: 6/17/2009 9:11:24 AM - Removed Windows Defender
RP974: 6/17/2009 9:13:43 AM - Removed Apple Mobile Device Support
RP975: 6/17/2009 9:15:24 AM - Removed Apple Software Update
RP976: 6/17/2009 9:17:18 AM - Removed Bonjour
RP977: 6/17/2009 9:22:35 AM - Removed Google Earth.
RP978: 6/17/2009 9:28:09 AM - Removed Photoshop Album Starter Edition
RP979: 6/17/2009 6:47:45 PM - registry
RP980: 6/18/2009 6:50:06 PM - System Checkpoint
RP981: 6/19/2009 6:24:28 PM - Paint.NET v3.36
RP982: 6/20/2009 10:59:32 AM - Restore Operation
RP983: 6/21/2009 11:20:52 AM - System Checkpoint
RP984: 6/21/2009 2:24:19 PM - optamize
RP985: 6/21/2009 11:15:23 PM - Advanced SystemCare RestorePoint
RP986: 6/22/2009 4:17:51 PM - Software Distribution Service 3.0
RP987: 6/22/2009 6:24:42 PM - Installed Error Fix
RP988: 6/22/2009 6:29:32 PM - error fix
RP989: 6/22/2009 6:55:43 PM - error fix
RP990: 6/22/2009 7:06:34 PM - Software Distribution Service 3.0
RP991: 6/22/2009 8:28:39 PM - Software Distribution Service 3.0
RP992: 6/23/2009 10:49:37 AM - Restore Operation
RP993: 6/23/2009 11:01:48 AM - Software Distribution Service 3.0
RP994: 6/23/2009 12:48:17 PM - Removed Error Fix
RP995: 6/23/2009 12:49:16 PM - Removed eDrawings 2008.
RP996: 6/23/2009 7:21:26 PM - Software Distribution Service 3.0
RP997: 6/23/2009 11:35:09 PM - Paint.NET v3.36
RP998: 6/24/2009 2:18:17 AM - Software Distribution Service 3.0
RP999: 6/24/2009 2:40:10 AM - Software Distribution Service 3.0
RP1000: 6/24/2009 10:16:54 AM - Removed Norton Personal Firewall
RP1001: 6/24/2009 10:56:18 AM - Software Distribution Service 3.0
RP1002: 6/25/2009 1:03:15 PM - System Checkpoint
RP1003: 6/26/2009 3:50:42 PM - System Checkpoint
RP1004: 6/26/2009 8:18:51 PM - Software Distribution Service 3.0
RP1005: 6/27/2009 8:39:25 PM - System Checkpoint
RP1006: 6/28/2009 9:01:54 AM - Software Distribution Service 3.0
RP1007: 6/28/2009 5:49:02 PM - Restore Operation
RP1008: 6/28/2009 11:12:22 PM - Software Distribution Service 3.0
RP1009: 6/29/2009 1:32:11 AM - Restore Operation
RP1010: 6/29/2009 4:44:25 AM - Software Distribution Service 3.0

==== Installed Programs ======================


7-Zip 4.42
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album Starter Edition
Adobe Reader 9.1.2
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
CCleaner (remove only)
CCScore
Choice Guard
Compaq Instant Support
Critical Update for Windows Media Player 11 (KB959772)
CyberDefender Early Detection Center
Delicious 2 Deluxe
DVD Decrypter (Remove Only)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Excavation from Compaq (remove only)
fflink
Five Card Frenzy from Compaq (remove only)
GameHouse
Google Earth
Google Toolbar for Firefox
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HpSdpAppCoreApp
Huffyuv AVI lossless video codec (Remove Only)
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 13
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KhalSetup
Kodak EasyShare software
Lexmark 4300 Series
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Shockwave Player
Magic Online
Magic Online III
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nanny Mania (remove only)
netbrdg
NILE THEME
OfotoXMI
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
Out from Boneville 1.5
Overball from Compaq (remove only)
Paint.NET v3.36
Polar Bowler from Compaq (remove only)
Prism Video Converter
PS2
QuickTime
RealPlayer
Rhapsody Player Engine
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scientific Atlanta WebSTAR 2000 series Cable Modem
SecureDNA 2005
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Slyder from Compaq (remove only)
Smart Defrag 1.11
staticcr
Switch Sound File Converter
TaskExplorer 2005 SR1
tooltips
TurboTax Deluxe Deduction Maximizer 2006
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
Videora iPod Converter 4.05
VPRINTOL
WebFldrs XP
WexTech AnswerWorks
What's Running 2.2
Who Wants To Be A Millionaire 2nd Edition
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.1 beta5
WIRELESS
Wireshark 1.2.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/29/2009 12:58:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the rpcapd service.
6/29/2009 1:22:37 AM, error: Print [6161] - The document Full page fax print owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 829192. Number of bytes printed: 829192. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BURTON. Win32 error code returned by the print processor: 6 (0x6).
6/29/2009 1:22:00 AM, error: Print [6161] - The document Full page photo print owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 694599. Number of bytes printed: 694599. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BURTON. Win32 error code returned by the print processor: 6 (0x6).
6/28/2009 4:35:07 PM, error: Service Control Manager [7034] - The IECPOKTGAUEI service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:10:30 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service lxce_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106D}
6/28/2009 2:10:30 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/28/2009 2:07:54 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
6/28/2009 2:07:51 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:07:02 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:07:02 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:00:38 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 2 time(s).
6/28/2009 10:01:28 AM, error: Print [6161] - The document xp registry manual boot restore instructions - Notepad owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 11633800. Number of bytes printed: 0. Total number of pages in the document: 17. Number of pages printed: 0. Client machine: \\BURTON. Win32 error code returned by the print processor: 0 (0x0).
6/28/2009 1:55:02 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 1:52:06 PM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
6/27/2009 1:22:50 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/26/2009 8:29:12 PM, error: Service Control Manager [7034] - The lxce_device service terminated unexpectedly. It has done this 1 time(s).
6/26/2009 8:28:44 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
6/26/2009 8:17:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
6/26/2009 8:17:37 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2009 10:56:24 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/25/2009 8:51:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 fasttx2k SISAGP
6/25/2009 7:55:50 PM, error: Print [6161] - The document Paul Blanco's Fresh Start C... owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 747896. Number of bytes printed: 747896. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BURTON. Win32 error code returned by the print processor: 6 (0x6).
6/24/2009 3:08:23 AM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
6/24/2009 2:59:47 AM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
6/24/2009 2:59:47 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/24/2009 2:59:47 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/24/2009 2:59:47 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
6/24/2009 2:59:47 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
6/24/2009 2:42:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word Viewer 2003 (KB950625).
6/24/2009 2:42:13 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB954478).
6/24/2009 2:42:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB953404).
6/24/2009 2:41:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
6/24/2009 2:40:43 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word Viewer 2003 (KB934041).
6/24/2009 2:25:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IS360service service to connect.
6/24/2009 2:25:22 AM, error: Service Control Manager [7000] - The IS360service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2009 10:15:21 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/23/2009 7:08:13 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 2 time(s).
6/23/2009 12:53:50 PM, error: Print [6161] - The document MySpace.com Blogs - kevin M... owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 1986814. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 2. Client machine: \\BURTON. Win32 error code returned by the print processor: 0 (0x0).
6/23/2009 11:38:06 PM, error: Service Control Manager [7001] - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/23/2009 11:36:37 PM, error: Service Control Manager [7001] - The ClipBook service depends on the Network DDE service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/15/2006 8:12:35 PM
System Uptime: 6/29/2009 6:49:44 AM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | Kamet2
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2075/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 27.314 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.974 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP934: 5/29/2009 3:00:56 AM - Software Distribution Service 3.0
RP935: 5/30/2009 10:19:39 AM - Software Distribution Service 3.0
RP936: 5/31/2009 3:00:37 AM - Software Distribution Service 3.0
RP937: 6/1/2009 3:02:37 AM - Software Distribution Service 3.0
RP938: 6/2/2009 3:00:22 AM - Software Distribution Service 3.0
RP939: 6/3/2009 3:00:27 AM - Software Distribution Service 3.0
RP940: 6/4/2009 3:02:11 AM - Software Distribution Service 3.0
RP941: 6/5/2009 3:04:06 AM - Software Distribution Service 3.0
RP942: 6/6/2009 3:00:27 AM - Software Distribution Service 3.0
RP943: 6/7/2009 3:04:37 AM - Software Distribution Service 3.0
RP944: 6/7/2009 3:39:54 AM - Software Distribution Service 3.0
RP945: 6/8/2009 3:51:44 AM - Software Distribution Service 3.0
RP946: 6/9/2009 3:00:33 AM - Software Distribution Service 3.0
RP947: 6/10/2009 3:00:39 AM - Software Distribution Service 3.0
RP948: 6/11/2009 12:56:46 AM - Removed Adobe Reader 7.0.9
RP949: 6/11/2009 12:58:08 AM - Installed Adobe Reader 9.1.
RP950: 6/12/2009 3:09:23 AM - Software Distribution Service 3.0
RP951: 6/13/2009 3:00:35 AM - Software Distribution Service 3.0
RP952: 6/14/2009 3:01:08 AM - Software Distribution Service 3.0
RP953: 6/15/2009 3:00:27 AM - Software Distribution Service 3.0
RP954: 6/15/2009 6:31:29 PM - Software Distribution Service 3.0
RP955: 6/15/2009 6:37:54 PM - Software Distribution Service 3.0
RP956: 6/15/2009 7:03:16 PM - Software Distribution Service 3.0
RP957: 6/15/2009 7:26:34 PM - Installed Windows Defender
RP958: 6/15/2009 7:28:31 PM - Software Distribution Service 3.0
RP959: 6/15/2009 7:32:26 PM - Software Distribution Service 3.0
RP960: 6/15/2009 8:39:21 PM - Windows Defender Checkpoint
RP961: 6/15/2009 8:44:53 PM - Configured 303 Game Collection
RP962: 6/15/2009 8:45:13 PM - Configured 303 Game Collection
RP963: 6/15/2009 9:22:54 PM - Removed J2SE Runtime Environment 5.0 Update 8
RP964: 6/15/2009 9:30:12 PM - Removed Ringtone Ripper
RP965: 6/15/2009 9:35:43 PM - Software Distribution Service 3.0
RP966: 6/16/2009 1:26:51 AM - Software Distribution Service 3.0
RP967: 6/16/2009 12:56:21 PM - Software Distribution Service 3.0
RP968: 6/16/2009 1:24:53 PM - Software Distribution Service 3.0
RP969: 6/16/2009 1:58:20 PM - Software Distribution Service 3.0
RP970: 6/16/2009 11:46:37 PM - Advanced SystemCare RestorePoint
RP971: 6/17/2009 3:02:49 AM - Software Distribution Service 3.0
RP972: 6/17/2009 4:06:57 AM - Software Distribution Service 3.0
RP973: 6/17/2009 9:11:24 AM - Removed Windows Defender
RP974: 6/17/2009 9:13:43 AM - Removed Apple Mobile Device Support
RP975: 6/17/2009 9:15:24 AM - Removed Apple Software Update
RP976: 6/17/2009 9:17:18 AM - Removed Bonjour
RP977: 6/17/2009 9:22:35 AM - Removed Google Earth.
RP978: 6/17/2009 9:28:09 AM - Removed Photoshop Album Starter Edition
RP979: 6/17/2009 6:47:45 PM - registry
RP980: 6/18/2009 6:50:06 PM - System Checkpoint
RP981: 6/19/2009 6:24:28 PM - Paint.NET v3.36
RP982: 6/20/2009 10:59:32 AM - Restore Operation
RP983: 6/21/2009 11:20:52 AM - System Checkpoint
RP984: 6/21/2009 2:24:19 PM - optamize
RP985: 6/21/2009 11:15:23 PM - Advanced SystemCare RestorePoint
RP986: 6/22/2009 4:17:51 PM - Software Distribution Service 3.0
RP987: 6/22/2009 6:24:42 PM - Installed Error Fix
RP988: 6/22/2009 6:29:32 PM - error fix
RP989: 6/22/2009 6:55:43 PM - error fix
RP990: 6/22/2009 7:06:34 PM - Software Distribution Service 3.0
RP991: 6/22/2009 8:28:39 PM - Software Distribution Service 3.0
RP992: 6/23/2009 10:49:37 AM - Restore Operation
RP993: 6/23/2009 11:01:48 AM - Software Distribution Service 3.0
RP994: 6/23/2009 12:48:17 PM - Removed Error Fix
RP995: 6/23/2009 12:49:16 PM - Removed eDrawings 2008.
RP996: 6/23/2009 7:21:26 PM - Software Distribution Service 3.0
RP997: 6/23/2009 11:35:09 PM - Paint.NET v3.36
RP998: 6/24/2009 2:18:17 AM - Software Distribution Service 3.0
RP999: 6/24/2009 2:40:10 AM - Software Distribution Service 3.0
RP1000: 6/24/2009 10:16:54 AM - Removed Norton Personal Firewall
RP1001: 6/24/2009 10:56:18 AM - Software Distribution Service 3.0
RP1002: 6/25/2009 1:03:15 PM - System Checkpoint
RP1003: 6/26/2009 3:50:42 PM - System Checkpoint
RP1004: 6/26/2009 8:18:51 PM - Software Distribution Service 3.0
RP1005: 6/27/2009 8:39:25 PM - System Checkpoint
RP1006: 6/28/2009 9:01:54 AM - Software Distribution Service 3.0
RP1007: 6/28/2009 5:49:02 PM - Restore Operation
RP1008: 6/28/2009 11:12:22 PM - Software Distribution Service 3.0
RP1009: 6/29/2009 1:32:11 AM - Restore Operation
RP1010: 6/29/2009 4:44:25 AM - Software Distribution Service 3.0

==== Installed Programs ======================


7-Zip 4.42
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album Starter Edition
Adobe Reader 9.1.2
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
CCleaner (remove only)
CCScore
Choice Guard
Compaq Instant Support
Critical Update for Windows Media Player 11 (KB959772)
CyberDefender Early Detection Center
Delicious 2 Deluxe
DVD Decrypter (Remove Only)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Excavation from Compaq (remove only)
fflink
Five Card Frenzy from Compaq (remove only)
GameHouse
Google Earth
Google Toolbar for Firefox
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HpSdpAppCoreApp
Huffyuv AVI lossless video codec (Remove Only)
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 13
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
KhalSetup
Kodak EasyShare software
Lexmark 4300 Series
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Shockwave Player
Magic Online
Magic Online III
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nanny Mania (remove only)
netbrdg
NILE THEME
OfotoXMI
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
Out from Boneville 1.5
Overball from Compaq (remove only)
Paint.NET v3.36
Polar Bowler from Compaq (remove only)
Prism Video Converter
PS2
QuickTime
RealPlayer
Rhapsody Player Engine
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scientific Atlanta WebSTAR 2000 series Cable Modem
SecureDNA 2005
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Slyder from Compaq (remove only)
Smart Defrag 1.11
staticcr
Switch Sound File Converter
TaskExplorer 2005 SR1
tooltips
TurboTax Deluxe Deduction Maximizer 2006
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
Videora iPod Converter 4.05
VPRINTOL
WebFldrs XP
WexTech AnswerWorks
What's Running 2.2
Who Wants To Be A Millionaire 2nd Edition
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.1 beta5
WIRELESS
Wireshark 1.2.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/29/2009 12:58:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the rpcapd service.
6/29/2009 1:22:37 AM, error: Print [6161] - The document Full page fax print owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 829192. Number of bytes printed: 829192. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BURTON. Win32 error code returned by the print processor: 6 (0x6).
6/29/2009 1:22:00 AM, error: Print [6161] - The document Full page photo print owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 694599. Number of bytes printed: 694599. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BURTON. Win32 error code returned by the print processor: 6 (0x6).
6/28/2009 4:35:07 PM, error: Service Control Manager [7034] - The IECPOKTGAUEI service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:10:30 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service lxce_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106D}
6/28/2009 2:10:30 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/28/2009 2:07:54 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
6/28/2009 2:07:51 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:07:02 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:07:02 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:00:38 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 2 time(s).
6/28/2009 10:01:28 AM, error: Print [6161] - The document xp registry manual boot restore instructions - Notepad owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 11633800. Number of bytes printed: 0. Total number of pages in the document: 17. Number of pages printed: 0. Client machine: \\BURTON. Win32 error code returned by the print processor: 0 (0x0).
6/28/2009 1:55:02 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 1:52:06 PM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
6/27/2009 1:22:50 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/26/2009 8:29:12 PM, error: Service Control Manager [7034] - The lxce_device service terminated unexpectedly. It has done this 1 time(s).
6/26/2009 8:28:44 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
6/26/2009 8:17:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
6/26/2009 8:17:37 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2009 10:56:24 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/25/2009 8:51:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 fasttx2k SISAGP
6/25/2009 7:55:50 PM, error: Print [6161] - The document Paul Blanco's Fresh Start C... owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 747896. Number of bytes printed: 747896. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BURTON. Win32 error code returned by the print processor: 6 (0x6).
6/24/2009 3:08:23 AM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
6/24/2009 2:59:47 AM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
6/24/2009 2:59:47 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/24/2009 2:59:47 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/24/2009 2:59:47 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
6/24/2009 2:59:47 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
6/24/2009 2:42:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word Viewer 2003 (KB950625).
6/24/2009 2:42:13 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB954478).
6/24/2009 2:42:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB953404).
6/24/2009 2:41:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
6/24/2009 2:40:43 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word Viewer 2003 (KB934041).
6/24/2009 2:25:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IS360service service to connect.
6/24/2009 2:25:22 AM, error: Service Control Manager [7000] - The IS360service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2009 10:15:21 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/23/2009 7:08:13 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 2 time(s).
6/23/2009 12:53:50 PM, error: Print [6161] - The document MySpace.com Blogs - kevin M... owned by KEVIN failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 1986814. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 2. Client machine: \\BURTON. Win32 error code returned by the print processor: 0 (0x0).
6/23/2009 11:38:06 PM, error: Service Control Manager [7001] - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/23/2009 11:36:37 PM, error: Service Control Manager [7001] - The ClipBook service depends on the Network DDE service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-30 06:40:16
Windows 5.1.2600 Service Pack 3


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\ProgID@ APIRouter.APIRouter.1
Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\TypeLib@ {065DAF02-2C96-11D1-A2BE-00A024C0EB3C}
Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{188C7B14-02ED-BE63-7A31-CE75523FF1FB}\VersionIndependentProgID@ APIRouter.APIRouter
Reg HKLM\SOFTWARE\Classes\CLSID\{1AB2B180-AB92-2774-739A-4B95F8B39142}\InprocServer32@ c:\Program Files\Common Files\Microsoft Shared\Shoebox\sbox7.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{1AB2B180-AB92-2774-739A-4B95F8B39142}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{1AB2B180-AB92-2774-739A-4B95F8B39142}\ProgID@ Shoebox.ShoeboxThumbnail.7
Reg HKLM\SOFTWARE\Classes\CLSID\{1AB2B180-AB92-2774-739A-4B95F8B39142}\TypeLib@ {4F3F0212-7411-40c2-8983-18BE4ACFD83A}
Reg HKLM\SOFTWARE\Classes\CLSID\{1AB2B180-AB92-2774-739A-4B95F8B39142}\VersionIndependentProgID@ Shoebox.ShoeboxThumbnail
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32@Class System.Runtime.Remoting.Metadata.W3cXsd2001.SoapInteger
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32\1.0.5000.0@Class System.Runtime.Remoting.Metadata.W3cXsd2001.SoapInteger
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\InprocServer32\2.0.0.0@Class System.Runtime.Remoting.Metadata.W3cXsd2001.SoapInteger
Reg HKLM\SOFTWARE\Classes\CLSID\{1E670AD2-6312-4E0A-E166-BEC42679CA09}\ProgId@ System.Runtime.Remoting.Metadata.W3cXsd2001.SoapInteger
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\InprocServer32\1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\InprocServer32\1.1.4322@ImplementedInThisVersion
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\InprocServer32\1.1.4322@ 1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\InprocServer32\2.0.50727
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\InprocServer32\2.0.50727@ImplementedInThisVersion
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\InprocServer32\2.0.50727@ 2.0.50727
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\ProgID@ CorSymWriter_SxS
Reg HKLM\SOFTWARE\Classes\CLSID\{35DE2BAA-145C-2AB9-87CC-69DE655F3621}\Server@ diasymreader.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32\1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32\1.1.4322@ImplementedInThisVersion
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32\1.1.4322@ 1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32\2.0.50727
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32\2.0.50727@ImplementedInThisVersion
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32\2.0.50727@ 2.0.50727
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\ProgID@ CorSymWriter_SxS
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\Server@ diasymreader.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{46B0219A-C6D0-21D1-5516-8D72250DA2A7}\InprocHandler32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{46B0219A-C6D0-21D1-5516-8D72250DA2A7}\InprocServer32@ C:\WINDOWS\System32\msi.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{46B0219A-C6D0-21D1-5516-8D72250DA2A7}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{46B0219A-C6D0-21D1-5516-8D72250DA2A7}\ProgId@ WindowsInstaller.Installer
Reg HKLM\SOFTWARE\Classes\CLSID\{46B0219A-C6D0-21D1-5516-8D72250DA2A7}\TypeLib@ {000C1092-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{583D2B74-B50A-E0CE-36E2-C97CBAC9CF21}\Verb@
Reg HKLM\SOFTWARE\Classes\CLSID\{583D2B74-B50A-E0CE-36E2-C97CBAC9CF21}\Verb\0
Reg HKLM\SOFTWARE\Classes\CLSID\{583D2B74-B50A-E0CE-36E2-C97CBAC9CF21}\Verb\0@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{583D2B74-B50A-E0CE-36E2-C97CBAC9CF21}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{583D2B74-B50A-E0CE-36E2-C97CBAC9CF21}\Verb\1@ &Open,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{5E747A35-9560-4965-3DC6-642C302054F0}\LocalServer32@ C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{5E747A35-9560-4965-3DC6-642C302054F0}\ProgID@ Symantec.stCheckForUpdates.1
Reg HKLM\SOFTWARE\Classes\CLSID\{5E747A35-9560-4965-3DC6-642C302054F0}\TypeLib@ {51B9BCA6-4A06-11D3-B538-00902771A435}
Reg HKLM\SOFTWARE\Classes\CLSID\{5E747A35-9560-4965-3DC6-642C302054F0}\VersionIndependentProgID@ Symantec.stCheckForUpdates
Reg HKLM\SOFTWARE\Classes\CLSID\{AB35CCB6-940C-C903-1BFC-8E0B382A26E8}\InprocServer32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32@Class com.motive.plugin.incidentmgr.IncidentManager
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32@Assembly pchealthplugin, Version=1.0.1271.37434, Culture=neutral, PublicKeyToken=822b6df6f89a141f
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32@RuntimeVersion v1.0.3705
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32@CodeBase file:///C:/PROGRA~1/COMPAQ~2/Presario/XPHNARP4EN/plugin/bin/pchealthplugin.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32\1.0.1271.37434
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32\1.0.1271.37434@Class com.motive.plugin.incidentmgr.IncidentManager
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32\1.0.1271.37434@Assembly pchealthplugin, Version=1.0.1271.37434, Culture=neutral, PublicKeyToken=822b6df6f89a141f
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32\1.0.1271.37434@RuntimeVersion v1.0.3705
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocServer32\1.0.1271.37434@CodeBase file:///C:/PROGRA~1/COMPAQ~2/Presario/XPHNARP4EN/plugin/bin/pchealthplugin.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\ProgId@ com.motive.plugin.incidentmgr.IncidentManager
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\InprocServer32@ C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\InprocServer32@InprocServer32 )l1^Vn-}f(ZXfeAR6.jiOUTLOOKNonBootFiles>79fwn,^@p9*fKpaP0.Vv?
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\ProgID@ OVCtl.OVCtl.1
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\ToolboxBitmap32@ C:\PROGRA~1\MI1933~1\OFFICE11\OUTLCTL.DLL, 1
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\Typelib@ {0006F062-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{EFCB1236-8091-8A61-C175-2F6DEEA4E7AD}\VersionIndependentProgID@ OVCtl.OVCtl
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\LocalServer32@ C:\WINDOWS\System32\igfxdiag.exe
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\ProgID@ igfx.DiagServices.1
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\VersionIndependentProgID@ igfx.DiagServices

---- EOF - GMER 1.0.15 ----
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am

Re: Process IS360srv.exe questionable

Unread postby Bio-Hazard » July 4th, 2009, 3:06 am

Security Check

  • Download Security Check by screen317 from:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.


Remove programs

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    CyberDefender Early Detection Center
    MediaTickets by OIN

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.



Remove HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.


Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the Perform Full Scan option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Securitycheck log
  • Malwarebytes Antimalware log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Process IS360srv.exe questionable

Unread postby social misfit » July 5th, 2009, 2:30 am

Screen317's Security Check / Malwarebytes' Anti-Malware 1.38 / Trend Micro HijackThis logs

CyberDefender would not uninstall. Uninstall wizard said uninstall complete but it still remains in add or
remove programs. Tried numerous times with same result. Also could not locate MediaTickets by OIN for removal.


My computer behavior is unusually slow and freezez when opening certain Apps. I maybe should have mentioned this before.
I ran a Malware bytes scan while waiting for a reply to my post. I realize you did not request it but here are the results that lead me to believe I may be somehow infected. I understand the unrequested log deviates from
your instructed course of action and I apologize but it was the easiest way to convey my concerns.

Again Sorry and Thanx



UNREQUESTED LOG SCANNED PRIOR TO MRU's INVALUABLE ASSISTANCE

Malwarebytes' Anti-Malware 1.38
Database version: 2332
Windows 5.1.2600 Service Pack 3

6/25/2009 8:48:07 AM
mbam-log-2009-06-25 (08-47-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 266951
Time elapsed: 3 hour(s), 17 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data:

85.255.113.92 85.255.112.83 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data:

85.255.113.92 85.255.112.83 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data:

85.255.113.92 85.255.112.83 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data:

85.255.113.92 85.255.112.83 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{bc9f3c70-f33f-48fb-93c7-198e1a9b1607}\RP944\A0091727.dll (Adware.Shopper)

-> No action taken.
c:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> No action taken.
c:\documents and settings\Owner\Desktop\SmileyCentralPFSetup2.3.50.19.ZNfox000.exe (Adware.MyWeb) -> No action

taken.
c:\documents and settings\Owner\local settings\Temp\z+143CMA.exe.part (Trojan.Tracur) -> No action taken.
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\V1IWGHDR\porn_video_player

[1].exe (Trojan.Tracur) -> No action taken.




FOLLOWING ARE REQUESTED LOGS.




Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

MVPS Hosts File
CA Yahoo! Anti-Spy (remove only)
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 17 seconds.
`````````End of Log```````````



Malwarebytes' Anti-Malware 1.38
Database version: 2372
Windows 5.1.2600 Service Pack 3

7/4/2009 9:48:41 PM
mbam-log-2009-07-04 (21-48-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 269332
Time elapsed: 2 hour(s), 50 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{bc9f3c70-f33f-48fb-93c7-198e1a9b1607}\RP1001\A0103524.exe (Adware.MyWeb)

-> No action taken.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:52 PM, on 7/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA}

- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6

\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6

\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11

\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Google Update Service (gupdate1c9becfe8eb9712) (gupdate1c9becfe8eb9712) - Google Inc. -

C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Lexmark International, Inc. - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - Lexmark International, Inc. - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. -

C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks

Shared\Service\SolidWorksLicensing.exe

--
End of file - 6080 bytes
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am

Re: Process IS360srv.exe questionable

Unread postby Bio-Hazard » July 5th, 2009, 2:52 am

Hello!

Turn Off WordWrap

  • Click Start
  • All Programs
  • Accessories
  • Notepad
  • On the menu bar in Notepad select Format
  • Click on WordWrap so it appears unchecked


Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

  • You must download it to and run it from your Desktop
  • ComboFix SHOULD NOT be used unless requested by a forum helper.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE
  • Double click on ComboFix.exe and follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • Combofix should never take more that 20 minutes including the reboot if malware is detected.

IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.


Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Process IS360srv.exe questionable

Unread postby social misfit » July 6th, 2009, 9:31 pm

Requested ComboFix & HJS

ComboFix 09-07-06.02 - KEVIN 07/06/2009 17:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.208 [GMT -7:00]
Running from: c:\documents and settings\KEVIN\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-05 15:17 . 2009-07-05 15:17 -------- d-----w- c:\program files\Shavlik Technologies
2009-07-05 14:52 . 2009-07-05 14:52 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Google
2009-07-05 04:58 . 2009-07-05 04:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\WinPcap
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\Wireshark
2009-07-04 15:38 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 15:38 . 2009-07-04 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 15:38 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 14:12 . 2009-07-04 14:27 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-04 05:15 . 2009-07-04 05:15 37008 ----a-w- c:\documents and settings\Kal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:35 . 2009-07-01 18:35 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-29 09:15 . 2009-06-29 09:15 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Logitech-LS
2009-06-28 15:52 . 2009-06-28 15:52 -------- d-sh--w- c:\documents and settings\KEVIN\IECompatCache
2009-06-27 21:23 . 2009-06-28 15:36 -------- d-----w- c:\documents and settings\KEVIN\Tracing
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Microsoft
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-27 20:25 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live
2009-06-27 20:19 . 2009-06-27 20:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-26 18:16 . 2009-06-26 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-26 16:30 . 2009-06-26 16:30 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-26 16:30 . 2009-06-26 16:32 -------- d-----w- c:\documents and settings\KEVIN\.housecall6.6
2009-06-26 04:03 . 2009-06-26 04:03 -------- d-----w- c:\program files\CCleaner
2009-06-26 04:01 . 2009-06-26 04:01 -------- d-----w- C:\rsit
2009-06-26 03:11 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Apple Computer
2009-06-26 03:05 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Apple Computer
2009-06-25 16:25 . 2009-06-25 16:25 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Yahoo!
2009-06-25 06:32 . 2009-06-25 06:32 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Malwarebytes
2009-06-25 06:31 . 2009-06-25 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 06:10 . 2009-06-27 17:14 -------- d-----w- c:\program files\WhatsRunning
2009-06-24 06:33 . 2009-07-06 15:51 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Paint.NET
2009-06-24 06:13 . 2009-06-24 06:13 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\KodakGallery
2009-06-24 03:48 . 2009-06-24 03:48 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Yahoo
2009-06-23 20:55 . 2009-06-23 20:56 -------- d-----w- c:\documents and settings\KEVIN\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\DivX
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\Apple Computer
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\alot
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\AdobeUM
2009-06-23 17:51 . 2009-07-04 05:16 -------- d-----w- c:\documents and settings\Kal\Local Settings\Application Data\Paint.NET
2009-06-23 09:55 . 2009-06-23 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-06-23 08:22 . 2009-06-23 17:50 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Adobe
2009-06-23 05:32 . 2009-06-23 05:32 262144 ----a-w- C:\ntuser.dat
2009-06-23 04:52 . 2009-06-23 04:52 -------- d-sh--w- c:\documents and settings\KEVIN\PrivacIE
2009-06-23 03:39 . 2009-06-23 03:39 -------- d-----w- c:\documents and settings\Kerry\Local Settings\Application Data\Mozilla
2009-06-23 01:25 . 2009-06-23 19:00 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Error Fix
2009-06-23 01:24 . 2009-06-23 19:48 -------- d-----w- c:\program files\Error Fix
2009-06-23 01:22 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Motive
2009-06-22 06:32 . 2009-06-22 06:32 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Mozilla
2009-06-22 06:14 . 2009-06-25 06:51 -------- d-----w- c:\documents and settings\KEVIN\Application Data\IObit
2009-06-22 04:53 . 2009-06-22 04:53 390664 ----a-w- c:\documents and settings\Kal\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-22 00:07 . 2009-06-22 00:07 190 ----a-w- c:\documents and settings\Kal\Application Data\FKMonitor\delself.bat
2009-06-21 19:59 . 2009-06-21 19:59 -------- d-----w- c:\program files\FKMonitor
2009-06-21 07:17 . 2009-06-21 07:18 -------- d-----w- c:\program files\work area
2009-06-18 12:38 . 2009-06-18 12:38 -------- d-----w- C:\xpspchk
2009-06-17 18:23 . 2009-06-17 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-06-16 22:52 . 2009-06-16 22:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-16 20:02 . 2009-06-17 18:23 -------- d-----w- c:\program files\IObit
2009-06-16 18:44 . 2009-06-16 18:44 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-16 17:05 . 2009-06-16 18:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-16 13:48 . 2009-06-16 13:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-16 13:39 . 2009-06-16 13:39 -------- d-----w- c:\program files\The M&K Network
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\scripting
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\l2schemas
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\en
2009-06-16 04:12 . 2009-06-16 04:12 -------- d-----w- c:\program files\ACW
2009-06-16 02:22 . 2009-06-16 02:22 -------- d-----w- c:\program files\Alwil Software
2009-06-16 02:17 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-16 02:17 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 02:16 . 2009-06-16 02:17 -------- d-----w- c:\windows\ie8updates
2009-06-16 02:15 . 2009-06-16 02:15 -------- d-----w- c:\program files\Trend Micro
2009-06-16 02:14 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-16 02:09 . 2009-06-16 02:13 -------- dc-h--w- c:\windows\ie8
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
2009-06-11 07:40 . 2009-06-11 07:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-11 07:38 . 2009-06-11 07:38 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 23:59 . 2006-04-19 04:06 -------- d-----w- c:\program files\Lx_cats
2009-07-04 15:45 . 2006-04-16 13:27 37008 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 12:54 . 2006-05-02 17:59 -------- d-----w- c:\program files\Yahoo! Games
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-29 00:49 . 2008-12-07 23:52 -------- d-----w- c:\program files\Coupons
2009-06-27 20:45 . 2009-06-21 19:33 37008 ----a-w- c:\documents and settings\KEVIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 20:27 . 2006-04-22 00:17 -------- d-----w- c:\program files\MSN Messenger
2009-06-27 03:34 . 2006-12-01 03:27 -------- d-----w- c:\program files\SpywareGuard
2009-06-27 03:34 . 2006-12-01 03:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-24 17:18 . 2003-10-14 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-24 17:17 . 2006-04-29 00:58 -------- d-----w- c:\program files\Symantec
2009-06-24 06:35 . 2006-05-02 01:02 -------- d-----w- c:\program files\Paint.NET
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\interMute
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\InstallShield
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\gtk-2.0
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\IObit
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Motive
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\PVST Manager
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\NCH Software
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\SampleView
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Sonic
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Wireshark
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Symantec
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Yahoo!
2009-06-23 17:50 . 2006-04-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-23 05:32 . 2006-04-16 03:12 -------- d-----w- c:\program files\Yahoo!
2009-06-23 05:32 . 2006-04-22 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-23 03:37 . 2009-06-23 03:37 36480 ----a-w- c:\documents and settings\Kerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 11:27 . 2006-04-19 04:05 -------- d-----w- c:\program files\Lexmark 4300 Series
2009-06-17 16:28 . 2003-10-11 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 16:25 . 2007-09-19 23:32 -------- d-----w- c:\program files\RealArcade
2009-06-17 16:21 . 2006-04-17 04:35 -------- d-----w- c:\program files\Google
2009-06-17 16:16 . 2009-02-08 08:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-17 16:14 . 2009-02-06 08:04 -------- d-----w- c:\program files\Common Files\Apple
2009-06-17 12:17 . 2003-10-11 06:45 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-16 13:25 . 2003-10-11 10:15 80795 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-16 13:21 . 2009-06-16 13:21 4096 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 159744 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2009-06-16 13:21 . 2009-06-16 13:21 344064 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2009-06-16 13:21 . 2009-06-16 13:21 77824 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 213089 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motive.zip
2009-06-16 13:21 . 2009-06-16 13:21 315392 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2009-06-16 13:21 . 2009-06-16 13:21 212992 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2009-06-16 13:21 . 2009-06-16 13:21 49152 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2009-06-16 13:21 . 2009-06-16 13:21 155877 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\js.zip
2009-06-16 13:21 . 2009-06-16 13:21 114688 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2009-06-16 04:31 . 2006-12-16 02:32 -------- d-----w- c:\program files\SmartSMS
2009-06-16 04:25 . 2006-11-09 01:41 -------- d-----w- c:\program files\MumboJumbo
2009-06-16 04:24 . 2007-11-11 14:59 -------- d-----w- c:\program files\Jackpot Kings Casino
2009-06-16 04:22 . 2003-10-11 12:11 -------- d-----w- c:\program files\InterVideo
2009-06-16 04:19 . 2006-04-20 20:20 -------- d-----w- c:\program files\eGames
2009-06-16 04:18 . 2006-11-11 22:56 -------- d-----w- c:\program files\DivX
2009-06-16 04:15 . 2006-05-21 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-16 04:14 . 2007-12-11 20:55 -------- d-----w- c:\program files\Click'N Design 3D (V5)
2009-06-16 04:10 . 2006-11-10 00:36 -------- d-----w- c:\program files\PopCap Games
2009-06-16 04:04 . 2007-05-25 17:33 -------- d-----w- c:\program files\GameHouse
2009-06-16 03:59 . 2006-05-01 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-16 03:49 . 2006-07-26 07:40 -------- d-----w- c:\program files\303 Game Collection
2009-06-11 08:01 . 2003-10-11 12:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 19:05 . 2006-05-18 06:27 83 -c--a-w- c:\windows\popcinfo.dat
2009-05-13 05:15 . 2006-05-02 01:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-10-31 20:05 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 21:32 . 2006-05-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-17 12:26 . 2003-10-11 10:06 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 02:51 . 2009-04-17 02:51 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 14:51 . 2006-05-02 00:58 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 19:49 . 2009-04-14 19:49 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-14 17:34 . 2009-04-14 17:34 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2006-08-13 18:46 . 2006-08-13 18:46 2525 -c--a-w- c:\program files\altnet.def
2006-08-13 03:49 . 2006-08-13 03:49 53248 -c--a-w- c:\program files\KazaaBegone.exe
2006-08-13 03:32 . 2006-08-13 03:32 67733 -c--a-w- c:\program files\kazaa.def
2006-08-13 03:28 . 2006-08-13 03:28 6821 -c--a-w- c:\program files\bullguard.def
2006-08-13 02:23 . 2006-08-13 02:23 8300 -c--a-w- c:\program files\other.def
2006-08-12 22:29 . 2006-08-12 22:29 3077 -c--a-w- c:\program files\p2pnetworking.def
2006-08-12 22:23 . 2006-08-12 22:23 2016 -c--a-w- c:\program files\myway.def
2006-08-12 21:07 . 2006-08-12 21:07 572 -c--a-w- c:\program files\gator.def
2006-08-06 21:18 . 2006-08-06 21:18 726 -c--a-w- c:\program files\perfectnav.def
2006-08-06 20:41 . 2006-08-06 20:41 1032 -c--a-w- c:\program files\medialoads.def
2006-07-30 23:44 . 2006-07-30 23:44 1800 -c--a-w- c:\program files\webhancer.def
2006-07-30 23:43 . 2006-07-30 23:43 858 -c--a-w- c:\program files\savenow.def
2006-07-30 23:41 . 2006-07-30 23:41 1274 -c--a-w- c:\program files\onflow.def
2006-07-30 23:41 . 2006-07-30 23:41 1951 -c--a-w- c:\program files\newdotnet.def
2006-07-30 23:37 . 2006-07-30 23:37 1713 -c--a-w- c:\program files\delfin.def
2006-07-30 23:37 . 2006-07-30 23:37 1948 -c--a-w- c:\program files\cydoor.def
2006-07-30 23:37 . 2006-07-30 23:37 5227 -c--a-w- c:\program files\commonname.def
2006-07-30 23:36 . 2006-07-30 23:36 7120 -c--a-w- c:\program files\bde.def
2006-05-17 06:25 . 2006-05-17 06:25 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-05-29 17:28 . 2006-05-29 17:28 438594 --sh--w- c:\windows\system32\dgjlm.bak1
2006-05-31 14:51 . 2006-05-30 05:28 453092 --sh--w- c:\windows\system32\dgjlm.bak2
2006-05-31 01:58 . 2006-05-31 01:45 446398 --sh--w- c:\windows\system32\dgjlm.tmp
2006-06-15 10:19 . 2006-06-15 10:19 697013 --sh--w- c:\windows\system32\ihkmp.bak1
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-11-02 05:26 528896 68E1F4EF02DF52CA9C5E157045D23582 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2002-08-29 12:00 560128 DD9269230C21EE8FB7FD3FCCC3B1CFCB c:\windows\$NtUninstallQ328310$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2002-08-29 12:00 599040 F3587750A7481DCCBEA13D473A0700BE c:\windows\$NtUninstallKB912812-IE6SP1-20060322.182418$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\ie7\wininet.dll
[7] 2006-11-08 04:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2002-08-29 12:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2002-08-29 12:00 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtUninstallQ815485$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2002-08-29 19:00 1947904 0E8EFB15746878A9B256E75267337233 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2002-08-29 12:00 2042240 B9080D97DBD631AADF9128F7316958D2 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572_0$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2002-08-29 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll


[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 gupdate1c9becfe8eb9712;Google Update Service (gupdate1c9becfe8eb9712);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 133104]
R2 mrtRate;mrtRate; [x]
R3 CDAVFS;CDAVFS; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
FF - ProfilePath - c:\documents and settings\KEVIN\Application Data\Mozilla\Firefox\Profiles\3g0lnu2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 17:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(936)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-07 18:18
ComboFix-quarantined-files.txt 2009-07-07 01:18

Pre-Run: 33,097,412,608 bytes free
Post-Run: 33,080,365,056 bytes free

551 --- E O F --- 2009-06-29 11:46



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:04 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Google Update Service (gupdate1c9becfe8eb9712) (gupdate1c9becfe8eb9712) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Lexmark International, Inc. - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - Lexmark International, Inc. - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5917 bytes
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am

Re: Process IS360srv.exe questionable

Unread postby social misfit » July 6th, 2009, 9:32 pm

Requested ComboFix & HJS

ComboFix 09-07-06.02 - KEVIN 07/06/2009 17:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.208 [GMT -7:00]
Running from: c:\documents and settings\KEVIN\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-05 15:17 . 2009-07-05 15:17 -------- d-----w- c:\program files\Shavlik Technologies
2009-07-05 14:52 . 2009-07-05 14:52 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Google
2009-07-05 04:58 . 2009-07-05 04:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\WinPcap
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\Wireshark
2009-07-04 15:38 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 15:38 . 2009-07-04 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 15:38 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 14:12 . 2009-07-04 14:27 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-04 05:15 . 2009-07-04 05:15 37008 ----a-w- c:\documents and settings\Kal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:35 . 2009-07-01 18:35 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-29 09:15 . 2009-06-29 09:15 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Logitech-LS
2009-06-28 15:52 . 2009-06-28 15:52 -------- d-sh--w- c:\documents and settings\KEVIN\IECompatCache
2009-06-27 21:23 . 2009-06-28 15:36 -------- d-----w- c:\documents and settings\KEVIN\Tracing
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Microsoft
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-27 20:25 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live
2009-06-27 20:19 . 2009-06-27 20:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-26 18:16 . 2009-06-26 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-26 16:30 . 2009-06-26 16:30 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-26 16:30 . 2009-06-26 16:32 -------- d-----w- c:\documents and settings\KEVIN\.housecall6.6
2009-06-26 04:03 . 2009-06-26 04:03 -------- d-----w- c:\program files\CCleaner
2009-06-26 04:01 . 2009-06-26 04:01 -------- d-----w- C:\rsit
2009-06-26 03:11 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Apple Computer
2009-06-26 03:05 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Apple Computer
2009-06-25 16:25 . 2009-06-25 16:25 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Yahoo!
2009-06-25 06:32 . 2009-06-25 06:32 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Malwarebytes
2009-06-25 06:31 . 2009-06-25 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 06:10 . 2009-06-27 17:14 -------- d-----w- c:\program files\WhatsRunning
2009-06-24 06:33 . 2009-07-06 15:51 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Paint.NET
2009-06-24 06:13 . 2009-06-24 06:13 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\KodakGallery
2009-06-24 03:48 . 2009-06-24 03:48 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Yahoo
2009-06-23 20:55 . 2009-06-23 20:56 -------- d-----w- c:\documents and settings\KEVIN\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\DivX
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\Apple Computer
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\alot
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\AdobeUM
2009-06-23 17:51 . 2009-07-04 05:16 -------- d-----w- c:\documents and settings\Kal\Local Settings\Application Data\Paint.NET
2009-06-23 09:55 . 2009-06-23 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-06-23 08:22 . 2009-06-23 17:50 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Adobe
2009-06-23 05:32 . 2009-06-23 05:32 262144 ----a-w- C:\ntuser.dat
2009-06-23 04:52 . 2009-06-23 04:52 -------- d-sh--w- c:\documents and settings\KEVIN\PrivacIE
2009-06-23 03:39 . 2009-06-23 03:39 -------- d-----w- c:\documents and settings\Kerry\Local Settings\Application Data\Mozilla
2009-06-23 01:25 . 2009-06-23 19:00 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Error Fix
2009-06-23 01:24 . 2009-06-23 19:48 -------- d-----w- c:\program files\Error Fix
2009-06-23 01:22 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Motive
2009-06-22 06:32 . 2009-06-22 06:32 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Mozilla
2009-06-22 06:14 . 2009-06-25 06:51 -------- d-----w- c:\documents and settings\KEVIN\Application Data\IObit
2009-06-22 04:53 . 2009-06-22 04:53 390664 ----a-w- c:\documents and settings\Kal\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-22 00:07 . 2009-06-22 00:07 190 ----a-w- c:\documents and settings\Kal\Application Data\FKMonitor\delself.bat
2009-06-21 19:59 . 2009-06-21 19:59 -------- d-----w- c:\program files\FKMonitor
2009-06-21 07:17 . 2009-06-21 07:18 -------- d-----w- c:\program files\work area
2009-06-18 12:38 . 2009-06-18 12:38 -------- d-----w- C:\xpspchk
2009-06-17 18:23 . 2009-06-17 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-06-16 22:52 . 2009-06-16 22:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-16 20:02 . 2009-06-17 18:23 -------- d-----w- c:\program files\IObit
2009-06-16 18:44 . 2009-06-16 18:44 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-16 17:05 . 2009-06-16 18:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-16 13:48 . 2009-06-16 13:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-16 13:39 . 2009-06-16 13:39 -------- d-----w- c:\program files\The M&K Network
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\scripting
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\l2schemas
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\en
2009-06-16 04:12 . 2009-06-16 04:12 -------- d-----w- c:\program files\ACW
2009-06-16 02:22 . 2009-06-16 02:22 -------- d-----w- c:\program files\Alwil Software
2009-06-16 02:17 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-16 02:17 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 02:16 . 2009-06-16 02:17 -------- d-----w- c:\windows\ie8updates
2009-06-16 02:15 . 2009-06-16 02:15 -------- d-----w- c:\program files\Trend Micro
2009-06-16 02:14 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-16 02:09 . 2009-06-16 02:13 -------- dc-h--w- c:\windows\ie8
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
2009-06-11 07:40 . 2009-06-11 07:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-11 07:38 . 2009-06-11 07:38 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 23:59 . 2006-04-19 04:06 -------- d-----w- c:\program files\Lx_cats
2009-07-04 15:45 . 2006-04-16 13:27 37008 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 12:54 . 2006-05-02 17:59 -------- d-----w- c:\program files\Yahoo! Games
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-29 00:49 . 2008-12-07 23:52 -------- d-----w- c:\program files\Coupons
2009-06-27 20:45 . 2009-06-21 19:33 37008 ----a-w- c:\documents and settings\KEVIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 20:27 . 2006-04-22 00:17 -------- d-----w- c:\program files\MSN Messenger
2009-06-27 03:34 . 2006-12-01 03:27 -------- d-----w- c:\program files\SpywareGuard
2009-06-27 03:34 . 2006-12-01 03:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-24 17:18 . 2003-10-14 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-24 17:17 . 2006-04-29 00:58 -------- d-----w- c:\program files\Symantec
2009-06-24 06:35 . 2006-05-02 01:02 -------- d-----w- c:\program files\Paint.NET
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\interMute
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\InstallShield
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\gtk-2.0
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\IObit
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Motive
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\PVST Manager
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\NCH Software
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\SampleView
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Sonic
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Wireshark
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Symantec
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Yahoo!
2009-06-23 17:50 . 2006-04-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-23 05:32 . 2006-04-16 03:12 -------- d-----w- c:\program files\Yahoo!
2009-06-23 05:32 . 2006-04-22 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-23 03:37 . 2009-06-23 03:37 36480 ----a-w- c:\documents and settings\Kerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 11:27 . 2006-04-19 04:05 -------- d-----w- c:\program files\Lexmark 4300 Series
2009-06-17 16:28 . 2003-10-11 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 16:25 . 2007-09-19 23:32 -------- d-----w- c:\program files\RealArcade
2009-06-17 16:21 . 2006-04-17 04:35 -------- d-----w- c:\program files\Google
2009-06-17 16:16 . 2009-02-08 08:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-17 16:14 . 2009-02-06 08:04 -------- d-----w- c:\program files\Common Files\Apple
2009-06-17 12:17 . 2003-10-11 06:45 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-16 13:25 . 2003-10-11 10:15 80795 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-16 13:21 . 2009-06-16 13:21 4096 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 159744 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2009-06-16 13:21 . 2009-06-16 13:21 344064 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2009-06-16 13:21 . 2009-06-16 13:21 77824 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 213089 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motive.zip
2009-06-16 13:21 . 2009-06-16 13:21 315392 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2009-06-16 13:21 . 2009-06-16 13:21 212992 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2009-06-16 13:21 . 2009-06-16 13:21 49152 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2009-06-16 13:21 . 2009-06-16 13:21 155877 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\js.zip
2009-06-16 13:21 . 2009-06-16 13:21 114688 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2009-06-16 04:31 . 2006-12-16 02:32 -------- d-----w- c:\program files\SmartSMS
2009-06-16 04:25 . 2006-11-09 01:41 -------- d-----w- c:\program files\MumboJumbo
2009-06-16 04:24 . 2007-11-11 14:59 -------- d-----w- c:\program files\Jackpot Kings Casino
2009-06-16 04:22 . 2003-10-11 12:11 -------- d-----w- c:\program files\InterVideo
2009-06-16 04:19 . 2006-04-20 20:20 -------- d-----w- c:\program files\eGames
2009-06-16 04:18 . 2006-11-11 22:56 -------- d-----w- c:\program files\DivX
2009-06-16 04:15 . 2006-05-21 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-16 04:14 . 2007-12-11 20:55 -------- d-----w- c:\program files\Click'N Design 3D (V5)
2009-06-16 04:10 . 2006-11-10 00:36 -------- d-----w- c:\program files\PopCap Games
2009-06-16 04:04 . 2007-05-25 17:33 -------- d-----w- c:\program files\GameHouse
2009-06-16 03:59 . 2006-05-01 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-16 03:49 . 2006-07-26 07:40 -------- d-----w- c:\program files\303 Game Collection
2009-06-11 08:01 . 2003-10-11 12:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 19:05 . 2006-05-18 06:27 83 -c--a-w- c:\windows\popcinfo.dat
2009-05-13 05:15 . 2006-05-02 01:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-10-31 20:05 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 21:32 . 2006-05-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-17 12:26 . 2003-10-11 10:06 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 02:51 . 2009-04-17 02:51 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 14:51 . 2006-05-02 00:58 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 19:49 . 2009-04-14 19:49 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-14 17:34 . 2009-04-14 17:34 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2006-08-13 18:46 . 2006-08-13 18:46 2525 -c--a-w- c:\program files\altnet.def
2006-08-13 03:49 . 2006-08-13 03:49 53248 -c--a-w- c:\program files\KazaaBegone.exe
2006-08-13 03:32 . 2006-08-13 03:32 67733 -c--a-w- c:\program files\kazaa.def
2006-08-13 03:28 . 2006-08-13 03:28 6821 -c--a-w- c:\program files\bullguard.def
2006-08-13 02:23 . 2006-08-13 02:23 8300 -c--a-w- c:\program files\other.def
2006-08-12 22:29 . 2006-08-12 22:29 3077 -c--a-w- c:\program files\p2pnetworking.def
2006-08-12 22:23 . 2006-08-12 22:23 2016 -c--a-w- c:\program files\myway.def
2006-08-12 21:07 . 2006-08-12 21:07 572 -c--a-w- c:\program files\gator.def
2006-08-06 21:18 . 2006-08-06 21:18 726 -c--a-w- c:\program files\perfectnav.def
2006-08-06 20:41 . 2006-08-06 20:41 1032 -c--a-w- c:\program files\medialoads.def
2006-07-30 23:44 . 2006-07-30 23:44 1800 -c--a-w- c:\program files\webhancer.def
2006-07-30 23:43 . 2006-07-30 23:43 858 -c--a-w- c:\program files\savenow.def
2006-07-30 23:41 . 2006-07-30 23:41 1274 -c--a-w- c:\program files\onflow.def
2006-07-30 23:41 . 2006-07-30 23:41 1951 -c--a-w- c:\program files\newdotnet.def
2006-07-30 23:37 . 2006-07-30 23:37 1713 -c--a-w- c:\program files\delfin.def
2006-07-30 23:37 . 2006-07-30 23:37 1948 -c--a-w- c:\program files\cydoor.def
2006-07-30 23:37 . 2006-07-30 23:37 5227 -c--a-w- c:\program files\commonname.def
2006-07-30 23:36 . 2006-07-30 23:36 7120 -c--a-w- c:\program files\bde.def
2006-05-17 06:25 . 2006-05-17 06:25 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-05-29 17:28 . 2006-05-29 17:28 438594 --sh--w- c:\windows\system32\dgjlm.bak1
2006-05-31 14:51 . 2006-05-30 05:28 453092 --sh--w- c:\windows\system32\dgjlm.bak2
2006-05-31 01:58 . 2006-05-31 01:45 446398 --sh--w- c:\windows\system32\dgjlm.tmp
2006-06-15 10:19 . 2006-06-15 10:19 697013 --sh--w- c:\windows\system32\ihkmp.bak1
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-11-02 05:26 528896 68E1F4EF02DF52CA9C5E157045D23582 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2002-08-29 12:00 560128 DD9269230C21EE8FB7FD3FCCC3B1CFCB c:\windows\$NtUninstallQ328310$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2002-08-29 12:00 599040 F3587750A7481DCCBEA13D473A0700BE c:\windows\$NtUninstallKB912812-IE6SP1-20060322.182418$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\ie7\wininet.dll
[7] 2006-11-08 04:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2002-08-29 12:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2002-08-29 12:00 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtUninstallQ815485$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2002-08-29 19:00 1947904 0E8EFB15746878A9B256E75267337233 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2002-08-29 12:00 2042240 B9080D97DBD631AADF9128F7316958D2 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572_0$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2002-08-29 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll


[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 gupdate1c9becfe8eb9712;Google Update Service (gupdate1c9becfe8eb9712);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 133104]
R2 mrtRate;mrtRate; [x]
R3 CDAVFS;CDAVFS; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
FF - ProfilePath - c:\documents and settings\KEVIN\Application Data\Mozilla\Firefox\Profiles\3g0lnu2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 17:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(936)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-07 18:18
ComboFix-quarantined-files.txt 2009-07-07 01:18

Pre-Run: 33,097,412,608 bytes free
Post-Run: 33,080,365,056 bytes free

551 --- E O F --- 2009-06-29 11:46



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:04 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Google Update Service (gupdate1c9becfe8eb9712) (gupdate1c9becfe8eb9712) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Lexmark International, Inc. - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - Lexmark International, Inc. - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5917 bytes
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am

Re: Process IS360srv.exe questionable

Unread postby social misfit » July 6th, 2009, 9:33 pm

Requested ComboFix & HJS

ComboFix 09-07-06.02 - KEVIN 07/06/2009 17:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.208 [GMT -7:00]
Running from: c:\documents and settings\KEVIN\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-05 15:17 . 2009-07-05 15:17 -------- d-----w- c:\program files\Shavlik Technologies
2009-07-05 14:52 . 2009-07-05 14:52 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Google
2009-07-05 04:58 . 2009-07-05 04:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\WinPcap
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\Wireshark
2009-07-04 15:38 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 15:38 . 2009-07-04 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 15:38 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 14:12 . 2009-07-04 14:27 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-04 05:15 . 2009-07-04 05:15 37008 ----a-w- c:\documents and settings\Kal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:35 . 2009-07-01 18:35 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-29 09:15 . 2009-06-29 09:15 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Logitech-LS
2009-06-28 15:52 . 2009-06-28 15:52 -------- d-sh--w- c:\documents and settings\KEVIN\IECompatCache
2009-06-27 21:23 . 2009-06-28 15:36 -------- d-----w- c:\documents and settings\KEVIN\Tracing
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Microsoft
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-27 20:25 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live
2009-06-27 20:19 . 2009-06-27 20:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-26 18:16 . 2009-06-26 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-26 16:30 . 2009-06-26 16:30 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-26 16:30 . 2009-06-26 16:32 -------- d-----w- c:\documents and settings\KEVIN\.housecall6.6
2009-06-26 04:03 . 2009-06-26 04:03 -------- d-----w- c:\program files\CCleaner
2009-06-26 04:01 . 2009-06-26 04:01 -------- d-----w- C:\rsit
2009-06-26 03:11 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Apple Computer
2009-06-26 03:05 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Apple Computer
2009-06-25 16:25 . 2009-06-25 16:25 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Yahoo!
2009-06-25 06:32 . 2009-06-25 06:32 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Malwarebytes
2009-06-25 06:31 . 2009-06-25 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 06:10 . 2009-06-27 17:14 -------- d-----w- c:\program files\WhatsRunning
2009-06-24 06:33 . 2009-07-06 15:51 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Paint.NET
2009-06-24 06:13 . 2009-06-24 06:13 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\KodakGallery
2009-06-24 03:48 . 2009-06-24 03:48 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Yahoo
2009-06-23 20:55 . 2009-06-23 20:56 -------- d-----w- c:\documents and settings\KEVIN\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\DivX
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\Apple Computer
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\alot
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\AdobeUM
2009-06-23 17:51 . 2009-07-04 05:16 -------- d-----w- c:\documents and settings\Kal\Local Settings\Application Data\Paint.NET
2009-06-23 09:55 . 2009-06-23 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-06-23 08:22 . 2009-06-23 17:50 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Adobe
2009-06-23 05:32 . 2009-06-23 05:32 262144 ----a-w- C:\ntuser.dat
2009-06-23 04:52 . 2009-06-23 04:52 -------- d-sh--w- c:\documents and settings\KEVIN\PrivacIE
2009-06-23 03:39 . 2009-06-23 03:39 -------- d-----w- c:\documents and settings\Kerry\Local Settings\Application Data\Mozilla
2009-06-23 01:25 . 2009-06-23 19:00 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Error Fix
2009-06-23 01:24 . 2009-06-23 19:48 -------- d-----w- c:\program files\Error Fix
2009-06-23 01:22 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Motive
2009-06-22 06:32 . 2009-06-22 06:32 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Mozilla
2009-06-22 06:14 . 2009-06-25 06:51 -------- d-----w- c:\documents and settings\KEVIN\Application Data\IObit
2009-06-22 04:53 . 2009-06-22 04:53 390664 ----a-w- c:\documents and settings\Kal\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-22 00:07 . 2009-06-22 00:07 190 ----a-w- c:\documents and settings\Kal\Application Data\FKMonitor\delself.bat
2009-06-21 19:59 . 2009-06-21 19:59 -------- d-----w- c:\program files\FKMonitor
2009-06-21 07:17 . 2009-06-21 07:18 -------- d-----w- c:\program files\work area
2009-06-18 12:38 . 2009-06-18 12:38 -------- d-----w- C:\xpspchk
2009-06-17 18:23 . 2009-06-17 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-06-16 22:52 . 2009-06-16 22:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-16 20:02 . 2009-06-17 18:23 -------- d-----w- c:\program files\IObit
2009-06-16 18:44 . 2009-06-16 18:44 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-16 17:05 . 2009-06-16 18:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-16 13:48 . 2009-06-16 13:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-16 13:39 . 2009-06-16 13:39 -------- d-----w- c:\program files\The M&K Network
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\scripting
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\l2schemas
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\en
2009-06-16 04:12 . 2009-06-16 04:12 -------- d-----w- c:\program files\ACW
2009-06-16 02:22 . 2009-06-16 02:22 -------- d-----w- c:\program files\Alwil Software
2009-06-16 02:17 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-16 02:17 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 02:16 . 2009-06-16 02:17 -------- d-----w- c:\windows\ie8updates
2009-06-16 02:15 . 2009-06-16 02:15 -------- d-----w- c:\program files\Trend Micro
2009-06-16 02:14 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-16 02:09 . 2009-06-16 02:13 -------- dc-h--w- c:\windows\ie8
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
2009-06-11 07:40 . 2009-06-11 07:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-11 07:38 . 2009-06-11 07:38 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 23:59 . 2006-04-19 04:06 -------- d-----w- c:\program files\Lx_cats
2009-07-04 15:45 . 2006-04-16 13:27 37008 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 12:54 . 2006-05-02 17:59 -------- d-----w- c:\program files\Yahoo! Games
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-29 00:49 . 2008-12-07 23:52 -------- d-----w- c:\program files\Coupons
2009-06-27 20:45 . 2009-06-21 19:33 37008 ----a-w- c:\documents and settings\KEVIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 20:27 . 2006-04-22 00:17 -------- d-----w- c:\program files\MSN Messenger
2009-06-27 03:34 . 2006-12-01 03:27 -------- d-----w- c:\program files\SpywareGuard
2009-06-27 03:34 . 2006-12-01 03:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-24 17:18 . 2003-10-14 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-24 17:17 . 2006-04-29 00:58 -------- d-----w- c:\program files\Symantec
2009-06-24 06:35 . 2006-05-02 01:02 -------- d-----w- c:\program files\Paint.NET
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\interMute
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\InstallShield
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\gtk-2.0
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\IObit
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Motive
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\PVST Manager
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\NCH Software
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\SampleView
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Sonic
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Wireshark
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Symantec
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Yahoo!
2009-06-23 17:50 . 2006-04-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-23 05:32 . 2006-04-16 03:12 -------- d-----w- c:\program files\Yahoo!
2009-06-23 05:32 . 2006-04-22 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-23 03:37 . 2009-06-23 03:37 36480 ----a-w- c:\documents and settings\Kerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 11:27 . 2006-04-19 04:05 -------- d-----w- c:\program files\Lexmark 4300 Series
2009-06-17 16:28 . 2003-10-11 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 16:25 . 2007-09-19 23:32 -------- d-----w- c:\program files\RealArcade
2009-06-17 16:21 . 2006-04-17 04:35 -------- d-----w- c:\program files\Google
2009-06-17 16:16 . 2009-02-08 08:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-17 16:14 . 2009-02-06 08:04 -------- d-----w- c:\program files\Common Files\Apple
2009-06-17 12:17 . 2003-10-11 06:45 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-16 13:25 . 2003-10-11 10:15 80795 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-16 13:21 . 2009-06-16 13:21 4096 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 159744 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2009-06-16 13:21 . 2009-06-16 13:21 344064 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2009-06-16 13:21 . 2009-06-16 13:21 77824 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 213089 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motive.zip
2009-06-16 13:21 . 2009-06-16 13:21 315392 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2009-06-16 13:21 . 2009-06-16 13:21 212992 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2009-06-16 13:21 . 2009-06-16 13:21 49152 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2009-06-16 13:21 . 2009-06-16 13:21 155877 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\js.zip
2009-06-16 13:21 . 2009-06-16 13:21 114688 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2009-06-16 04:31 . 2006-12-16 02:32 -------- d-----w- c:\program files\SmartSMS
2009-06-16 04:25 . 2006-11-09 01:41 -------- d-----w- c:\program files\MumboJumbo
2009-06-16 04:24 . 2007-11-11 14:59 -------- d-----w- c:\program files\Jackpot Kings Casino
2009-06-16 04:22 . 2003-10-11 12:11 -------- d-----w- c:\program files\InterVideo
2009-06-16 04:19 . 2006-04-20 20:20 -------- d-----w- c:\program files\eGames
2009-06-16 04:18 . 2006-11-11 22:56 -------- d-----w- c:\program files\DivX
2009-06-16 04:15 . 2006-05-21 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-16 04:14 . 2007-12-11 20:55 -------- d-----w- c:\program files\Click'N Design 3D (V5)
2009-06-16 04:10 . 2006-11-10 00:36 -------- d-----w- c:\program files\PopCap Games
2009-06-16 04:04 . 2007-05-25 17:33 -------- d-----w- c:\program files\GameHouse
2009-06-16 03:59 . 2006-05-01 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-16 03:49 . 2006-07-26 07:40 -------- d-----w- c:\program files\303 Game Collection
2009-06-11 08:01 . 2003-10-11 12:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 19:05 . 2006-05-18 06:27 83 -c--a-w- c:\windows\popcinfo.dat
2009-05-13 05:15 . 2006-05-02 01:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-10-31 20:05 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 21:32 . 2006-05-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-17 12:26 . 2003-10-11 10:06 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 02:51 . 2009-04-17 02:51 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 14:51 . 2006-05-02 00:58 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 19:49 . 2009-04-14 19:49 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-14 17:34 . 2009-04-14 17:34 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2006-08-13 18:46 . 2006-08-13 18:46 2525 -c--a-w- c:\program files\altnet.def
2006-08-13 03:49 . 2006-08-13 03:49 53248 -c--a-w- c:\program files\KazaaBegone.exe
2006-08-13 03:32 . 2006-08-13 03:32 67733 -c--a-w- c:\program files\kazaa.def
2006-08-13 03:28 . 2006-08-13 03:28 6821 -c--a-w- c:\program files\bullguard.def
2006-08-13 02:23 . 2006-08-13 02:23 8300 -c--a-w- c:\program files\other.def
2006-08-12 22:29 . 2006-08-12 22:29 3077 -c--a-w- c:\program files\p2pnetworking.def
2006-08-12 22:23 . 2006-08-12 22:23 2016 -c--a-w- c:\program files\myway.def
2006-08-12 21:07 . 2006-08-12 21:07 572 -c--a-w- c:\program files\gator.def
2006-08-06 21:18 . 2006-08-06 21:18 726 -c--a-w- c:\program files\perfectnav.def
2006-08-06 20:41 . 2006-08-06 20:41 1032 -c--a-w- c:\program files\medialoads.def
2006-07-30 23:44 . 2006-07-30 23:44 1800 -c--a-w- c:\program files\webhancer.def
2006-07-30 23:43 . 2006-07-30 23:43 858 -c--a-w- c:\program files\savenow.def
2006-07-30 23:41 . 2006-07-30 23:41 1274 -c--a-w- c:\program files\onflow.def
2006-07-30 23:41 . 2006-07-30 23:41 1951 -c--a-w- c:\program files\newdotnet.def
2006-07-30 23:37 . 2006-07-30 23:37 1713 -c--a-w- c:\program files\delfin.def
2006-07-30 23:37 . 2006-07-30 23:37 1948 -c--a-w- c:\program files\cydoor.def
2006-07-30 23:37 . 2006-07-30 23:37 5227 -c--a-w- c:\program files\commonname.def
2006-07-30 23:36 . 2006-07-30 23:36 7120 -c--a-w- c:\program files\bde.def
2006-05-17 06:25 . 2006-05-17 06:25 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-05-29 17:28 . 2006-05-29 17:28 438594 --sh--w- c:\windows\system32\dgjlm.bak1
2006-05-31 14:51 . 2006-05-30 05:28 453092 --sh--w- c:\windows\system32\dgjlm.bak2
2006-05-31 01:58 . 2006-05-31 01:45 446398 --sh--w- c:\windows\system32\dgjlm.tmp
2006-06-15 10:19 . 2006-06-15 10:19 697013 --sh--w- c:\windows\system32\ihkmp.bak1
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-11-02 05:26 528896 68E1F4EF02DF52CA9C5E157045D23582 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2002-08-29 12:00 560128 DD9269230C21EE8FB7FD3FCCC3B1CFCB c:\windows\$NtUninstallQ328310$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2002-08-29 12:00 599040 F3587750A7481DCCBEA13D473A0700BE c:\windows\$NtUninstallKB912812-IE6SP1-20060322.182418$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\ie7\wininet.dll
[7] 2006-11-08 04:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2002-08-29 12:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2002-08-29 12:00 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtUninstallQ815485$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2002-08-29 19:00 1947904 0E8EFB15746878A9B256E75267337233 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2002-08-29 12:00 2042240 B9080D97DBD631AADF9128F7316958D2 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572_0$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2002-08-29 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll


[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 gupdate1c9becfe8eb9712;Google Update Service (gupdate1c9becfe8eb9712);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 133104]
R2 mrtRate;mrtRate; [x]
R3 CDAVFS;CDAVFS; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
FF - ProfilePath - c:\documents and settings\KEVIN\Application Data\Mozilla\Firefox\Profiles\3g0lnu2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 17:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(936)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-07 18:18
ComboFix-quarantined-files.txt 2009-07-07 01:18

Pre-Run: 33,097,412,608 bytes free
Post-Run: 33,080,365,056 bytes free

551 --- E O F --- 2009-06-29 11:46



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:04 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Google Update Service (gupdate1c9becfe8eb9712) (gupdate1c9becfe8eb9712) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Lexmark International, Inc. - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - Lexmark International, Inc. - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5917 bytes
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am

Re: Process IS360srv.exe questionable

Unread postby social misfit » July 6th, 2009, 9:34 pm

Requested ComboFix & HJS

ComboFix 09-07-06.02 - KEVIN 07/06/2009 17:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.208 [GMT -7:00]
Running from: c:\documents and settings\KEVIN\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-05 15:17 . 2009-07-05 15:17 -------- d-----w- c:\program files\Shavlik Technologies
2009-07-05 14:52 . 2009-07-05 14:52 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Google
2009-07-05 04:58 . 2009-07-05 04:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\WinPcap
2009-07-05 04:57 . 2009-07-05 04:57 -------- d-----w- c:\program files\Wireshark
2009-07-04 15:38 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 15:38 . 2009-07-04 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 15:38 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 14:12 . 2009-07-04 14:27 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-04 05:15 . 2009-07-04 05:15 37008 ----a-w- c:\documents and settings\Kal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:35 . 2009-07-01 18:35 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-29 09:15 . 2009-06-29 09:15 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Logitech-LS
2009-06-28 15:52 . 2009-06-28 15:52 -------- d-sh--w- c:\documents and settings\KEVIN\IECompatCache
2009-06-27 21:23 . 2009-06-28 15:36 -------- d-----w- c:\documents and settings\KEVIN\Tracing
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Microsoft
2009-06-27 20:26 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-27 20:25 . 2009-06-27 20:26 -------- d-----w- c:\program files\Windows Live
2009-06-27 20:19 . 2009-06-27 20:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-26 18:16 . 2009-06-26 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-26 16:30 . 2009-06-26 16:30 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-26 16:30 . 2009-06-26 16:32 -------- d-----w- c:\documents and settings\KEVIN\.housecall6.6
2009-06-26 04:03 . 2009-06-26 04:03 -------- d-----w- c:\program files\CCleaner
2009-06-26 04:01 . 2009-06-26 04:01 -------- d-----w- C:\rsit
2009-06-26 03:11 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Apple Computer
2009-06-26 03:05 . 2009-06-26 03:11 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Apple Computer
2009-06-25 16:25 . 2009-06-25 16:25 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Yahoo!
2009-06-25 06:32 . 2009-06-25 06:32 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Malwarebytes
2009-06-25 06:31 . 2009-06-25 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 06:10 . 2009-06-27 17:14 -------- d-----w- c:\program files\WhatsRunning
2009-06-24 06:33 . 2009-07-06 15:51 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Paint.NET
2009-06-24 06:13 . 2009-06-24 06:13 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\KodakGallery
2009-06-24 03:48 . 2009-06-24 03:48 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Yahoo
2009-06-23 20:55 . 2009-06-23 20:56 -------- d-----w- c:\documents and settings\KEVIN\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\FKMonitor
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\DivX
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\Apple Computer
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\alot
2009-06-23 17:53 . 2009-06-23 17:53 -------- d-----w- c:\documents and settings\Kal\Application Data\AdobeUM
2009-06-23 17:51 . 2009-07-04 05:16 -------- d-----w- c:\documents and settings\Kal\Local Settings\Application Data\Paint.NET
2009-06-23 09:55 . 2009-06-23 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-06-23 08:22 . 2009-06-23 17:50 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Adobe
2009-06-23 05:32 . 2009-06-23 05:32 262144 ----a-w- C:\ntuser.dat
2009-06-23 04:52 . 2009-06-23 04:52 -------- d-sh--w- c:\documents and settings\KEVIN\PrivacIE
2009-06-23 03:39 . 2009-06-23 03:39 -------- d-----w- c:\documents and settings\Kerry\Local Settings\Application Data\Mozilla
2009-06-23 01:25 . 2009-06-23 19:00 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Error Fix
2009-06-23 01:24 . 2009-06-23 19:48 -------- d-----w- c:\program files\Error Fix
2009-06-23 01:22 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\KEVIN\Application Data\Motive
2009-06-22 06:32 . 2009-06-22 06:32 -------- d-----w- c:\documents and settings\KEVIN\Local Settings\Application Data\Mozilla
2009-06-22 06:14 . 2009-06-25 06:51 -------- d-----w- c:\documents and settings\KEVIN\Application Data\IObit
2009-06-22 04:53 . 2009-06-22 04:53 390664 ----a-w- c:\documents and settings\Kal\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-22 00:07 . 2009-06-22 00:07 190 ----a-w- c:\documents and settings\Kal\Application Data\FKMonitor\delself.bat
2009-06-21 19:59 . 2009-06-21 19:59 -------- d-----w- c:\program files\FKMonitor
2009-06-21 07:17 . 2009-06-21 07:18 -------- d-----w- c:\program files\work area
2009-06-18 12:38 . 2009-06-18 12:38 -------- d-----w- C:\xpspchk
2009-06-17 18:23 . 2009-06-17 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-06-16 22:52 . 2009-06-16 22:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-16 20:02 . 2009-06-17 18:23 -------- d-----w- c:\program files\IObit
2009-06-16 18:44 . 2009-06-16 18:44 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-16 17:05 . 2009-06-16 18:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-16 13:48 . 2009-06-16 13:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-16 13:39 . 2009-06-16 13:39 -------- d-----w- c:\program files\The M&K Network
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\scripting
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\l2schemas
2009-06-16 13:15 . 2009-06-16 13:15 -------- d-----w- c:\windows\system32\en
2009-06-16 04:12 . 2009-06-16 04:12 -------- d-----w- c:\program files\ACW
2009-06-16 02:22 . 2009-06-16 02:22 -------- d-----w- c:\program files\Alwil Software
2009-06-16 02:17 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-16 02:17 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 02:16 . 2009-06-16 02:17 -------- d-----w- c:\windows\ie8updates
2009-06-16 02:15 . 2009-06-16 02:15 -------- d-----w- c:\program files\Trend Micro
2009-06-16 02:14 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-16 02:09 . 2009-06-16 02:13 -------- dc-h--w- c:\windows\ie8
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-11 08:59 . 2009-06-11 08:59 25214 ----a-r- c:\documents and settings\Kal\Application Data\Microsoft\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
2009-06-11 07:40 . 2009-06-11 07:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-11 07:38 . 2009-06-11 07:38 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-11 07:37 . 2009-06-11 13:30 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 23:59 . 2006-04-19 04:06 -------- d-----w- c:\program files\Lx_cats
2009-07-04 15:45 . 2006-04-16 13:27 37008 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 12:54 . 2006-05-02 17:59 -------- d-----w- c:\program files\Yahoo! Games
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 00:50 . 2006-05-13 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-29 00:49 . 2008-12-07 23:52 -------- d-----w- c:\program files\Coupons
2009-06-27 20:45 . 2009-06-21 19:33 37008 ----a-w- c:\documents and settings\KEVIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 20:27 . 2006-04-22 00:17 -------- d-----w- c:\program files\MSN Messenger
2009-06-27 03:34 . 2006-12-01 03:27 -------- d-----w- c:\program files\SpywareGuard
2009-06-27 03:34 . 2006-12-01 03:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-24 17:18 . 2003-10-14 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-24 17:17 . 2006-04-29 00:58 -------- d-----w- c:\program files\Symantec
2009-06-24 06:35 . 2006-05-02 01:02 -------- d-----w- c:\program files\Paint.NET
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\interMute
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\InstallShield
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\gtk-2.0
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\IObit
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Motive
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\PVST Manager
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\NCH Software
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\SampleView
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Sonic
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Wireshark
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Symantec
2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\documents and settings\Kal\Application Data\Yahoo!
2009-06-23 17:50 . 2006-04-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-23 05:32 . 2006-04-16 03:12 -------- d-----w- c:\program files\Yahoo!
2009-06-23 05:32 . 2006-04-22 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-23 03:37 . 2009-06-23 03:37 36480 ----a-w- c:\documents and settings\Kerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 11:27 . 2006-04-19 04:05 -------- d-----w- c:\program files\Lexmark 4300 Series
2009-06-17 16:28 . 2003-10-11 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 16:25 . 2007-09-19 23:32 -------- d-----w- c:\program files\RealArcade
2009-06-17 16:21 . 2006-04-17 04:35 -------- d-----w- c:\program files\Google
2009-06-17 16:16 . 2009-02-08 08:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-17 16:14 . 2009-02-06 08:04 -------- d-----w- c:\program files\Common Files\Apple
2009-06-17 12:17 . 2003-10-11 06:45 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-16 13:25 . 2003-10-11 10:15 80795 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-16 13:21 . 2009-06-16 13:21 4096 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\winverifytrustwrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 159744 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHButton.exe
2009-06-16 13:21 . 2009-06-16 13:21 344064 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\api.dll
2009-06-16 13:21 . 2009-06-16 13:21 77824 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\FDIWrapper.dll
2009-06-16 13:21 . 2009-06-16 13:21 213089 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\motive.zip
2009-06-16 13:21 . 2009-06-16 13:21 315392 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\pchmsxml.dll
2009-06-16 13:21 . 2009-06-16 13:21 212992 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2009-06-16 13:21 . 2009-06-16 13:21 49152 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\PCHI18N.dll
2009-06-16 13:21 . 2009-06-16 13:21 155877 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\js.zip
2009-06-16 13:21 . 2009-06-16 13:21 114688 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\jsharpde\asst_ui.dll
2009-06-16 04:31 . 2006-12-16 02:32 -------- d-----w- c:\program files\SmartSMS
2009-06-16 04:25 . 2006-11-09 01:41 -------- d-----w- c:\program files\MumboJumbo
2009-06-16 04:24 . 2007-11-11 14:59 -------- d-----w- c:\program files\Jackpot Kings Casino
2009-06-16 04:22 . 2003-10-11 12:11 -------- d-----w- c:\program files\InterVideo
2009-06-16 04:19 . 2006-04-20 20:20 -------- d-----w- c:\program files\eGames
2009-06-16 04:18 . 2006-11-11 22:56 -------- d-----w- c:\program files\DivX
2009-06-16 04:15 . 2006-05-21 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-16 04:14 . 2007-12-11 20:55 -------- d-----w- c:\program files\Click'N Design 3D (V5)
2009-06-16 04:10 . 2006-11-10 00:36 -------- d-----w- c:\program files\PopCap Games
2009-06-16 04:04 . 2007-05-25 17:33 -------- d-----w- c:\program files\GameHouse
2009-06-16 03:59 . 2006-05-01 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-16 03:49 . 2006-07-26 07:40 -------- d-----w- c:\program files\303 Game Collection
2009-06-11 08:01 . 2003-10-11 12:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 19:05 . 2006-05-18 06:27 83 -c--a-w- c:\windows\popcinfo.dat
2009-05-13 05:15 . 2006-05-02 01:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-10-31 20:05 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 21:32 . 2006-05-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-17 12:26 . 2003-10-11 10:06 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 02:51 . 2009-04-17 02:51 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 14:51 . 2006-05-02 00:58 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 19:49 . 2009-04-14 19:49 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-14 17:34 . 2009-04-14 17:34 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2006-08-13 18:46 . 2006-08-13 18:46 2525 -c--a-w- c:\program files\altnet.def
2006-08-13 03:49 . 2006-08-13 03:49 53248 -c--a-w- c:\program files\KazaaBegone.exe
2006-08-13 03:32 . 2006-08-13 03:32 67733 -c--a-w- c:\program files\kazaa.def
2006-08-13 03:28 . 2006-08-13 03:28 6821 -c--a-w- c:\program files\bullguard.def
2006-08-13 02:23 . 2006-08-13 02:23 8300 -c--a-w- c:\program files\other.def
2006-08-12 22:29 . 2006-08-12 22:29 3077 -c--a-w- c:\program files\p2pnetworking.def
2006-08-12 22:23 . 2006-08-12 22:23 2016 -c--a-w- c:\program files\myway.def
2006-08-12 21:07 . 2006-08-12 21:07 572 -c--a-w- c:\program files\gator.def
2006-08-06 21:18 . 2006-08-06 21:18 726 -c--a-w- c:\program files\perfectnav.def
2006-08-06 20:41 . 2006-08-06 20:41 1032 -c--a-w- c:\program files\medialoads.def
2006-07-30 23:44 . 2006-07-30 23:44 1800 -c--a-w- c:\program files\webhancer.def
2006-07-30 23:43 . 2006-07-30 23:43 858 -c--a-w- c:\program files\savenow.def
2006-07-30 23:41 . 2006-07-30 23:41 1274 -c--a-w- c:\program files\onflow.def
2006-07-30 23:41 . 2006-07-30 23:41 1951 -c--a-w- c:\program files\newdotnet.def
2006-07-30 23:37 . 2006-07-30 23:37 1713 -c--a-w- c:\program files\delfin.def
2006-07-30 23:37 . 2006-07-30 23:37 1948 -c--a-w- c:\program files\cydoor.def
2006-07-30 23:37 . 2006-07-30 23:37 5227 -c--a-w- c:\program files\commonname.def
2006-07-30 23:36 . 2006-07-30 23:36 7120 -c--a-w- c:\program files\bde.def
2006-05-17 06:25 . 2006-05-17 06:25 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-05-29 17:28 . 2006-05-29 17:28 438594 --sh--w- c:\windows\system32\dgjlm.bak1
2006-05-31 14:51 . 2006-05-30 05:28 453092 --sh--w- c:\windows\system32\dgjlm.bak2
2006-05-31 01:58 . 2006-05-31 01:45 446398 --sh--w- c:\windows\system32\dgjlm.tmp
2006-06-15 10:19 . 2006-06-15 10:19 697013 --sh--w- c:\windows\system32\ihkmp.bak1
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-11-02 05:26 528896 68E1F4EF02DF52CA9C5E157045D23582 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2002-08-29 12:00 560128 DD9269230C21EE8FB7FD3FCCC3B1CFCB c:\windows\$NtUninstallQ328310$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2002-08-29 12:00 599040 F3587750A7481DCCBEA13D473A0700BE c:\windows\$NtUninstallKB912812-IE6SP1-20060322.182418$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\ie7\wininet.dll
[7] 2006-11-08 04:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2002-08-29 12:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2002-08-29 12:00 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtUninstallQ815485$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2002-08-29 19:00 1947904 0E8EFB15746878A9B256E75267337233 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2002-08-29 12:00 2042240 B9080D97DBD631AADF9128F7316958D2 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572_0$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2002-08-29 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll


[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 12:00 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 gupdate1c9becfe8eb9712;Google Update Service (gupdate1c9becfe8eb9712);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 133104]
R2 mrtRate;mrtRate; [x]
R3 CDAVFS;CDAVFS; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 20:13]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
FF - ProfilePath - c:\documents and settings\KEVIN\Application Data\Mozilla\Firefox\Profiles\3g0lnu2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 17:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(936)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-07 18:18
ComboFix-quarantined-files.txt 2009-07-07 01:18

Pre-Run: 33,097,412,608 bytes free
Post-Run: 33,080,365,056 bytes free

551 --- E O F --- 2009-06-29 11:46



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:04 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Google Update Service (gupdate1c9becfe8eb9712) (gupdate1c9becfe8eb9712) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Lexmark International, Inc. - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - Lexmark International, Inc. - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5917 bytes
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am

Re: Process IS360srv.exe questionable

Unread postby Bio-Hazard » July 8th, 2009, 2:44 am

Hello!

Before we continue i need you install Antivirus program.

Antivirus

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:


It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Process IS360srv.exe questionable

Unread postby NonSuch » July 11th, 2009, 5:06 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware