Hi, Good Evening,
Sorry to have missed you earlier, wasnt expecting you to be online mid afternoon!
System Restore still not accessible no matter which route you take to get to it. Get same error message as before. Same Error message occurs when trying ti access My Computer > Properties or Control Panel > System.
Here are the logs you asked for;
Deckards Main and Extra;
Deckard's System Scanner v20071014.68
Run by whitenoiz on 2007-12-21 20:00:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; System Restore is disabled (service is not running).
-- Last 5 Restore Point(s) --
15: 2007-09-07 18:38:25 UTC - RP972 - System Checkpoint
14: 2007-09-06 14:53:35 UTC - RP971 - System Checkpoint
13: 2007-09-05 13:01:27 UTC - RP970 - Shockwave Player
12: 2007-09-05 11:40:56 UTC - RP969 - System Checkpoint
11: 2007-09-04 06:07:46 UTC - RP968 - System Checkpoint
-- First Restore Point --
1: 2007-08-21 06:33:43 UTC - RP958 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as whitenoiz.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:11, on 21/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\whitenoiz\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\whitenoiz.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.icq.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://uk.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
https://msnia.login.live.com/ppsecure/s ... rf?lc=2057O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher -
res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra button: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra 'Tools' menuitem: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
--
End of file - 10097 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071217-003933-546 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20071220-001905-112 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20071220-001905-239 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071220-001905-414 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071220-001905-228 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
backup-20071220-001905-317 O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ewido security suite driver - c:\program files\ewido anti-malware\guard.sys
R1 vobcom - c:\windows\system32\drivers\vobcom.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R1 vobiw - c:\windows\system32\drivers\vobiw.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R2 WebDriveFSD (WebDrive File System Driver) - c:\program files\netdrive\rffsd.sys
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 Cdrdrv - c:\windows\system32\drivers\cdrdrv.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 catchme - c:\docume~1\whiten~1\locals~1\temp\catchme.sys (file missing)
S3 DCamUSBSvis (Sound Vision Stream Driver) - c:\windows\system32\drivers\svstream.sys <Not Verified; Sound Vision Inc.; Sound Vision Stream Class Minidriver>
S3 Freeserve (TIDSLInstaller Device Driver) - c:\windows\system32\drivers\instl.sys <Not Verified; Allied Data Technologies; Installation helper>
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)
S3 TIAu5Bt (Copperjet ADSL modem Boot Device) - c:\windows\system32\drivers\tiau5bt.sys (file missing)
S3 TIAU5CO (Copperjet ADSL modem connecting with Freeserve Broadband) - c:\windows\system32\drivers\tiau5co.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 WebDriveService (WebDrive Service) - c:\program files\netdrive\wdservice.exe
S2 nhksrv (Netropa NHK Server) - c:\program files\netropa\multimedia keyboard\nhksrv.exe (file missing)
S3 Autocomplete (AutoComplete Service) - c:\progra~1\intern~2\autocomp.exe (file missing)
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 ewido security suite guard - c:\program files\ewido anti-malware\ewidoguard.exe <Not Verified; ewido networks; guard>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-12-20 12:10:02 436 --a------ C:\WINDOWS\Tasks\User_Feed_Synchronization-{420E147D-6489-424E-B37F-15BC34EB9780}.job
-- Files created between 2007-11-21 and 2007-12-21 -----------------------------
2007-12-20 22:39:19 3320 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-20 22:34:49 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-20 22:34:49 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-20 22:34:49 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-20 22:34:49 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-12-20 22:34:49 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-20 22:34:49 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-20 17:27:45 0 dr-h----- C:\Documents and Settings\whitenoiz\Recent
2007-12-20 16:45:40 0 d-------- C:\New Folder <NEWFOL~1>
2007-12-18 21:15:24 0 d-------- C:\Program Files\Common Files\Java
2007-12-18 21:04:12 0 d-------- C:\Documents and Settings\whitenoiz\Application Data\Sun
2007-12-17 06:25:26 0 d-------- C:\WINDOWS\63D3864E464B4379B8F4A8C92EED76F0.TMP
2007-12-17 05:55:20 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-17 04:11:55 0 d-------- C:\Program Files\Lavasoft
2007-12-17 04:11:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-16 23:09:00 0 d-------- C:\Program Files\Trend Micro
2007-12-14 13:51:25 0 d-------- C:\Documents and Settings\whitenoiz\.housecall6.6
2007-11-29 16:50:20 4096 --a------ C:\WINDOWS\system32\sysres.dll
2007-11-29 16:50:20 38567 --a------ C:\WINDOWS\system32\pcpbios.exe
-- Find3M Report ---------------------------------------------------------------
2007-12-19 02:05:10 40494 --a------ C:\WINDOWS\nsreg.dat
2007-11-04 05:40:14 0 d-------- C:\Program Files\Qumana3
2007-11-04 05:26:56 0 d-------- C:\Program Files\BlogPost
2007-10-19 15:28:40 53752 --a------ C:\Documents and Settings\whitenoiz\Application Data\GDIPFONTCACHEV1.DAT
2007-09-25 05:11:24 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [19/11/2002 22:01 C:\WINDOWS\SOUNDMAN.EXE]
"IW_ControlCenter"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [21/02/2003 10:27]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [30/09/2003 07:09]
"LWBMOUSE"="C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE" [09/11/2001 07:47]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [13/09/2003 21:36]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30/08/2007 13:15]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [21/12/2007 08:37]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/04/2006 01:39]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/10/2003 14:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/06/2007 14:08]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [11/06/2007 18:04]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [15/05/2007 11:10:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 localmachine # ***Inserted By STOPzilla***
127.0.0.1
http://www.searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.nude-teens-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.on-search.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.msmn.com # ***Inserted By STOPzilla***
20 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-12-21 20:02:55 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1023.48 MiB / 654.84 MiB
Pagefile Memory (total/avail): 2465.65 MiB / 2070.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.09 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 146.77 GiB total, 86.29 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3160021A - 146.8 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 146.8 GiB - C:
\\.\PHYSICALDRIVE3 - IN-WIN iAPP MMC/SD USB Device
\\.\PHYSICALDRIVE1 - IN-WIN iAPP CF USB Device
\\.\PHYSICALDRIVE2 - IN-WIN iAPP MS USB Device
\\.\PHYSICALDRIVE4 - IN-WIN iAPP SM USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: Bitdefender Firewall v8.0 (Softwin)
DisabledAV: Bitdefender Antivirus v8.0 (Softwin)
DisabledAV: AVG 7.5.516 v7.5.516 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\whitenoiz\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\whitenoiz
LOGONSERVER=\\MAIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WHITEN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WHITEN~1\LOCALS~1\Temp
USERDOMAIN=MAIN
USERNAME=whitenoiz
USERPROFILE=C:\Documents and Settings\whitenoiz
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
john veale
(admin)sylvie veale
(admin)Summer
(admin)Olivia
(admin)whitenoiz
(admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\Uninst.isu
--> MsiExec.exe /I{63D3864E-464B-4379-B8F4-A8C92EED76F0}
--> MsiExec.exe /I{88F9401B-D6C7-4DF9-A927-E4529B143C1E}
--> MsiExec.exe /I{8941046B-CC2F-49C9-990B-A812679C6935}
--> MsiExec.exe /I{8A8EC9E2-5E42-4084-AD3E-95C4AB7DE4A1}
--> MsiExec.exe /I{A03D094E-06A1-4B7A-94B7-ED456B725A08}
--> MsiExec.exe /I{A2B3D1A5-82CA-4876-AFFA-DB304A3A4FE1}
--> MsiExec.exe /I{AE9040D0-87F4-4544-AE0E-8700D5CD7699}
--> MsiExec.exe /I{D3D7C4C9-F9F0-4104-B3EC-7512A55BA473}
--> MsiExec.exe /I{E61B400A-DE10-43E5-8F45-37DB764BFCFB}
--> MsiExec.exe /I{F62D22AA-74C7-42B6-AB43-9A6B0264FC20}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AceHTML 5 Freeware --> C:\WINDOWS\iun6002.exe "C:\Program Files\Visicom Media\AceHTML 5 Pro\irunin.ini"
AceHTML 5 Pro --> C:\WINDOWS\iun6002.exe "C:\Program Files\Visicom Media\AceHTML 5 Pro\irunin.ini"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
Adsense Status --> "C:\Program Files\Airbear Software\Adsense Status\unins000.exe"
Advanced Diary v1.3 --> "C:\Program Files\Advanced Diary\unins000.exe"
AirNav ACARS Decoder 2 --> MsiExec.exe /I{2592AB46-A8B2-45F4-8568-CADD2EC434D1}
AirNav Suite --> C:\WINDOWS\uninst.exe -f"C:\Program Files\AirNav Systems\AirNav Suite 4\DeIsL1.isu" -c"C:\Program Files\AirNav Systems\AirNav Suite 4\_ISREG32.DLL"
AllMyFavorites --> "C:\Program Files\AllMyFavorites\uninstall.exe"
ArcSoft Camera Suite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\ArcSoft Camera Suite\Uninst.isu"
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{230CCBE9-14B0-4008-97AF-30C10F99E42C}\setup.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6762AB61-2BE9-45D8-B9F2-24014324CD35}\setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Blog Post Builder 0.41 --> C:\Program Files\BlogPost\uninst.exe
Blurty (remove only) --> "C:\Program Files\Blurty\blurty-uninstall.exe"
Canon CanoScan Toolbox 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}\setup.exe" -l0x9 anything
CoffeeCup Direct FTP 5.2 Shareware --> C:\PROGRA~1\COFFEE~1\DIRECT~1.2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\DIRECT~1.2\INSTALL.LOG
CoffeeCup HTML Editor --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
CoffeeCup HTML Editor 2006 --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
CSAPI (MS Office) spelling plugin for My Notes Center --> "C:\Program Files\My Notes CenterSpelling\uninstall.exe"
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Diary Book --> C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log
Disc API --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10C928A0-A8F9-45DE-B4FD-EB09245DAD6F}\setup.exe" -l0x9
DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\uninstal.log
Easy Thumbnails (Remove only) --> "C:\Program Files\Easy Thumbnails\unins000.exe"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DF4AC80-F76B-42AE-A263-15D2313D4472}\SETUP.EXE" -l0x9 UNINST
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPR220 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESPR220\REF_G\DOCUNINS.EXE
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
FileZilla Client 3.0.1 --> C:\Program Files\FileZilla Client\uninstall.exe
Flash Catcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C6B728E-31B1-48B3-99B5-6B6BB85BC896}\setup.exe"
Flickr Uploadr 2.1 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
Good Keywords v2.01.100107 --> "C:\Program Files\Softnik Technologies\Good Keywords v2.01\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop Plugin - Del.icio.us --> MsiExec.exe /X{54139492-27B5-4BFD-8429-7F8B9923DF06}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Notebook Extension for IE --> regsvr32 /u /s "C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-2072219938.dll"
Google Pack Screensaver --> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe" -uninstall
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Harry's Filters 3 --> C:\Program Files\HarrysFilters\SXUNINST.EXE
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
iDailyDiary 3.20 --> "C:\Program Files\iDailyDiary\unins000.exe"
IEimage --> C:\Program Files\IEimage\uninstall.exe
Internet Explorer 7 Beta 2 --> "C:\WINDOWS\$NtUninstallie7beta2$\spuninst\spuninst.exe"
Jasc Paint Shop Photo Album --> MsiExec.exe /I{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KONICA_MINOLTA DiMAGE remote camera driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99E67091-D392-4031-AD2A-E9547F3615F8}\setup.exe" -l0x9
LJ.NET --> MsiExec.exe /I{A45EB03D-5C02-497E-9F97-82F3727C3C8B}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Manual CanoScan 3200,3200F --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9C54C44-BB5A-4B03-8907-C01A9790195A}\setup.exe" -l0x9
Memotoo.com plugin for I.E. v1.1 --> "C:\Program Files\Memotoo.com plugin for I.E\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office Outlook Connector --> MsiExec.exe /I{61CC6D1A-672E-4519-B68F-DF796FB58906}
Microsoft Office Spell Checker --> C:\Program Files\OfficeSpeller\UnGins.exe "C:\Program Files\OfficeSpeller\install.log"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MoreKeys 1.2 --> "C:\Braser\MoreKeys\uninstall-mk.exe"
Mouse Driver Mouse Driver 3.5 --> C:\Program Files\Mouse Driver\Mouse Driver\3.5\unins000.EXE
Mozilla ActiveX Control v1.7.12 --> C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
NetDrive --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
Netscape Communicator 4.79 --> C:\WINDOWS\cd32.exe 4.79 (en)
Nic's XviD Decoder --> "C:\WINDOWS\System32\UninstXviDDec.exe"
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Office Keyboard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\Setup.exe" -l0x9
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Opera 9.0 --> MsiExec.exe /X{7D6D2D15-3C83-4124-90A8-27CB8A972AAA}
Photobucket Uploader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6EE0E6FB-156F-47CF-8CA1-91EF3D0F9F06}\Setup.exe" -l0x9
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Pinnacle InstantCD/DVD Suite --> MsiExec.exe /X{CFB93E3F-D045-4E78-9D35-CFA7AC35BE5D}
Plugin Commander Light --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\PICO_LIG.INF, DefaultUninstall.ntx86
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PSP Thumbnail Handler --> C:\Program Files\PSP Thumbnail Handler\Setup.exe /uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Quivic --> MsiExec.exe /I{78395B30-4920-476A-9C3C-7E61CEF263B3}
Qumana --> C:\Program Files\Qumana3\uninstall.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Registry Mechanic --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spanish Whiz 6.6 --> "C:\Braser\SpanWhiz 66\uninstall-sw.exe"
Spanish Whiz Full Version --> "C:\Documents and Settings\whitenoiz\Application Data\spanwhiz7\unins000.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StartSpanish 3.5 --> "C:\Program Files\StartSpanish35\uninstall-ss.exe"
StartSpanish 3.6 --> "C:\Program Files\StartSpanish35\uninstall-ss.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Virtual Magnifying Glass 2.00 --> "C:\Program Files\Virtual Magnifying Glass\unins000.exe"
w.bloggar 4.00 --> "C:\Program Files\w.bloggar\Uninstall.exe" "C:\Program Files\w.bloggar\install.log" -u
Webaroo --> MsiExec.exe /I{7112e6b7-b651-4b77-8f89-599f3ae27889}
Website Builder 7.0.1 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Website Builder\irunin.ini"
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
WinBackup --> MsiExec.exe /X{EC984406-5CBB-435A-BB4B-B25BB32EDDC2}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows WMF Metafile Vulnerability HotFix 1.4 --> "C:\Program Files\WindowsMetafileFix\unins000.exe"
WinHTTrack Website Copier 3.40-2 --> "C:\Program Files\WinHTTrack\unins000.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WordWax (remove only) --> "C:\Program Files\WordWax\uninst.exe"
Xenofex 1.0 --> C:\PROGRA~1\PHOTOS~1\PLUG-INS\UNWISE.EXE C:\PROGRA~1\PHOTOS~1\PLUG-INS\INSTALL.LOG
Yahoo! Anti-Spy --> C:\PROGRA~1\YAHOO!\COMMON\unypsr.exe
Yahoo! extras --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Photos Easy Upload Tool 1v6 --> C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins000.exe
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type6965 / Error
Event Submitted/Written: 12/21/2007 07:31:31 PM
Event ID/Source: 32045 / Microsoft Fax
Event Description:
Fax Service failed to initialize because it could not initialize the TAPI devices.
Verify that the fax modem was installed and configured correctly.
Win32 error code: -2147483576.
This error code indicates the cause of the error.
Event Record #/Type6964 / Error
Event Submitted/Written: 12/21/2007 07:31:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
Event Record #/Type6956 / Error
Event Submitted/Written: 12/21/2007 00:28:28 PM
Event ID/Source: 32045 / Microsoft Fax
Event Description:
Fax Service failed to initialize because it could not initialize the TAPI devices.
Verify that the fax modem was installed and configured correctly.
Win32 error code: -2147483576.
This error code indicates the cause of the error.
Event Record #/Type6955 / Error
Event Submitted/Written: 12/21/2007 00:28:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
Event Record #/Type6940 / Error
Event Submitted/Written: 12/20/2007 11:38:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module srrstr.dll, version 5.1.2600.2180, fault address 0x0001ca8c.
Processing media-specific event for [rundll32.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type116239 / Error
Event Submitted/Written: 12/21/2007 07:34:21 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056
Event Record #/Type116226 / Error
Event Submitted/Written: 12/21/2007 07:33:23 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type116225 / Error
Event Submitted/Written: 12/21/2007 07:33:23 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type116224 / Error
Event Submitted/Written: 12/21/2007 07:33:23 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Security Center service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type116223 / Error
Event Submitted/Written: 12/21/2007 07:33:23 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
-- End of Deckard's System Scanner: finished at 2007-12-21 20:02:55 ------------
SDFix;
System Report
*************
Run on 21/12/2007 at 20:15
Microsoft Windows XP [Version 5.1.2600]
Current user is an administrator
Running Processes:
\SystemRoot\System32\smss.exe [576]
\??\C:\WINDOWS\system32\csrss.exe [632]
\??\C:\WINDOWS\system32\winlogon.exe [660]
C:\WINDOWS\system32\services.exe [704]
C:\WINDOWS\system32\lsass.exe [716]
C:\WINDOWS\system32\svchost.exe [864]
C:\WINDOWS\system32\svchost.exe [996]
C:\WINDOWS\System32\svchost.exe [1212]
C:\WINDOWS\System32\svchost.exe [1344]
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1432]
C:\WINDOWS\system32\spoolsv.exe [1556]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [1668]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [1692]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [1724]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [1744]
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [1804]
C:\WINDOWS\System32\nvsvc32.exe [1824]
C:\WINDOWS\System32\svchost.exe [1864]
C:\WINDOWS\system32\wdfmgr.exe [2000]
C:\Program Files\NetDrive\wdService.exe [244]
C:\WINDOWS\system32\fxssvc.exe [344]
C:\WINDOWS\system32\svchost.exe [1172]
C:\WINDOWS\Explorer.EXE [1116]
C:\WINDOWS\SOUNDMAN.EXE [1444]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [284]
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [620]
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE [628]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [1532]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1256]
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe [916]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [760]
C:\Program Files\Netropa\Onscreen Display\OSD.exe [612]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [380]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [876]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [1156]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [204]
C:\WINDOWS\system32\ctfmon.exe [1912]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [280]
C:\Program Files\PowerArchiver\PASTARTER.EXE [1848]
C:\Program Files\WinZip\WZQKPICK.EXE [1228]
C:\Program Files\Mozilla Firefox\firefox.exe [2896]
Drivers:
ADDRESS: IMAGE PATH:
804D7000: \WINDOWS\system32\ntoskrnl.exe
806EC000: \WINDOWS\system32\hal.dll
F7A2F000: \WINDOWS\system32\KDCOM.DLL
F793F000: \WINDOWS\system32\BOOTVID.dll
F74E0000: ACPI.sys
F7A31000: \WINDOWS\System32\DRIVERS\WMILIB.SYS
F74CF000: pci.sys
F752F000: isapnp.sys
F753F000: ohci1394.sys
F754F000: \WINDOWS\System32\DRIVERS\1394BUS.SYS
F7A33000: viaide.sys
F77AF000: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F755F000: MountMgr.sys
F74B0000: ftdisk.sys
F77B7000: PartMgr.sys
F756F000: VolSnap.sys
F7498000: atapi.sys
F757F000: disk.sys
F758F000: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F7478000: fltmgr.sys
F7466000: sr.sys
F77BF000: PxHelp20.sys
F7443000: Fastfat.sys
F742C000: KSecDD.sys
F73FF000: NDIS.sys
F77C7000: viaagp1.sys
F73E4000: Mup.sys
F75BF000: \SystemRoot\System32\DRIVERS\nic1394.sys
F75CF000: \SystemRoot\System32\DRIVERS\amdk7.sys
F725E000: \SystemRoot\System32\DRIVERS\nv4_mini.sys
F724A000: \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F721A000: \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
F71F7000: \SystemRoot\System32\DRIVERS\ks.sys
F70F3000: \SystemRoot\System32\DRIVERS\HSF_DP.sys
F7058000: \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
F77DF000: \SystemRoot\System32\Drivers\Modem.SYS
F77E7000: \SystemRoot\System32\DRIVERS\usbuhci.sys
F7035000: \SystemRoot\System32\DRIVERS\USBPORT.SYS
F77EF000: \SystemRoot\System32\DRIVERS\usbehci.sys
F75DF000: \SystemRoot\System32\DRIVERS\i8042prt.sys
F77F7000: \SystemRoot\System32\DRIVERS\mouclass.sys
F7A35000: \SystemRoot\System32\DRIVERS\msikbd2k.sys
F77FF000: \SystemRoot\System32\DRIVERS\kbdclass.sys
F7807000: \SystemRoot\System32\DRIVERS\fdc.sys
F75EF000: \SystemRoot\System32\DRIVERS\serial.sys
F79B7000: \SystemRoot\System32\DRIVERS\serenum.sys
F6FF9000: \SystemRoot\System32\DRIVERS\parport.sys
F75FF000: \SystemRoot\System32\DRIVERS\imapi.sys
F79BB000: \SystemRoot\system32\drivers\pfc.sys
F780F000: \SystemRoot\System32\Drivers\ASAPIW2K.sys
F760F000: \SystemRoot\System32\DRIVERS\cdrom.sys
F761F000: \SystemRoot\System32\DRIVERS\redbook.sys
F6FE5000: \SystemRoot\System32\Drivers\Cdrdrv.sys
F762F000: \SystemRoot\System32\Drivers\Cdfs.SYS
F6FD4000: \SystemRoot\System32\Drivers\Udfs.SYS
F6F26000: \SystemRoot\system32\drivers\ALCXWDM.SYS
F6F02000: \SystemRoot\system32\drivers\portcls.sys
F763F000: \SystemRoot\system32\drivers\drmk.sys
F7817000: \SystemRoot\System32\DRIVERS\fetnd5.sys
F7B63000: \SystemRoot\System32\DRIVERS\audstub.sys
F7A37000: \SystemRoot\System32\Drivers\RootMdm.sys
F764F000: \SystemRoot\System32\DRIVERS\rasl2tp.sys
F79C3000: \SystemRoot\System32\DRIVERS\ndistapi.sys
F6EEB000: \SystemRoot\System32\DRIVERS\ndiswan.sys
F765F000: \SystemRoot\System32\DRIVERS\raspppoe.sys
F766F000: \SystemRoot\System32\DRIVERS\raspptp.sys
F781F000: \SystemRoot\System32\DRIVERS\TDI.SYS
F6E3A000: \SystemRoot\System32\DRIVERS\psched.sys
F767F000: \SystemRoot\System32\DRIVERS\msgpc.sys
F7827000: \SystemRoot\System32\DRIVERS\ptilink.sys
F782F000: \SystemRoot\System32\DRIVERS\raspti.sys
F768F000: \SystemRoot\System32\DRIVERS\termdd.sys
F7A39000: \SystemRoot\System32\DRIVERS\swenum.sys
F6E06000: \SystemRoot\System32\DRIVERS\update.sys
F79CF000: \SystemRoot\System32\DRIVERS\mssmbios.sys
F769F000: \SystemRoot\System32\Drivers\NDProxy.SYS
F79F3000: \SystemRoot\system32\drivers\MODEMCSA.sys
F76BF000: \SystemRoot\System32\DRIVERS\usbhub.sys
F7A3F000: \SystemRoot\System32\DRIVERS\USBD.SYS
F7837000: \SystemRoot\System32\DRIVERS\flpydisk.sys
F7847000: \SystemRoot\System32\Drivers\vobcom.SYS
F7A41000: \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B9D000: \SystemRoot\System32\Drivers\Null.SYS
F7A43000: \SystemRoot\System32\Drivers\Beep.SYS
F7BA0000: \SystemRoot\system32\drivers\avgclean.sys
F7BA2000: \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F784F000: \SystemRoot\System32\drivers\vga.sys
F7A45000: \SystemRoot\System32\Drivers\mnmdd.SYS
F7A47000: \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7857000: \SystemRoot\System32\Drivers\Msfs.SYS
F785F000: \SystemRoot\System32\Drivers\Npfs.SYS
F5C8C000: \SystemRoot\System32\Drivers\vobiw.SYS
F7A07000: \SystemRoot\System32\DRIVERS\rasacd.sys
F5C79000: \SystemRoot\System32\DRIVERS\ipsec.sys
F5C21000: \SystemRoot\System32\DRIVERS\tcpip.sys
F5C00000: \SystemRoot\System32\DRIVERS\ipnat.sys
F76DF000: \SystemRoot\System32\DRIVERS\wanarp.sys
F5BB0000: \SystemRoot\System32\DRIVERS\netbt.sys
F76EF000: \SystemRoot\System32\DRIVERS\arp1394.sys
F7A1B000: \SystemRoot\System32\drivers\ws2ifsl.sys
F5B8E000: \SystemRoot\System32\drivers\afd.sys
F76FF000: \SystemRoot\System32\DRIVERS\netbios.sys
F5B63000: \SystemRoot\System32\DRIVERS\rdbss.sys
F5AF4000: \SystemRoot\System32\DRIVERS\mrxsmb.sys
F770F000: \SystemRoot\System32\Drivers\Fips.SYS
F7BBB000: \??\C:\Program Files\ewido anti-malware\guard.sys
F598B000: \SystemRoot\System32\Drivers\avg7core.sys
F7867000: \SystemRoot\System32\DRIVERS\usbprint.sys
F786F000: \SystemRoot\System32\DRIVERS\USBSTOR.SYS
F7A49000: \SystemRoot\System32\Drivers\avg7rsw.sys
F7877000: \SystemRoot\System32\Drivers\avg7rsxp.sys
F7BE8000: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F5973000: \SystemRoot\System32\Drivers\dump_atapi.sys
F7A4B000: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000: \SystemRoot\System32\win32k.sys
F7019000: \SystemRoot\System32\drivers\Dxapi.sys
F787F000: \SystemRoot\System32\watchdog.sys
BF9C3000: \SystemRoot\System32\drivers\dxg.sys
F7C43000: \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000: \SystemRoot\System32\nv4_disp.dll
F4882000: \SystemRoot\System32\DRIVERS\atmuni.sys
F4948000: \SystemRoot\System32\DRIVERS\ndisuio.sys
F5A84000: \SystemRoot\System32\DRIVERS\rawwan.sys
F3E75000: \SystemRoot\System32\DRIVERS\mrxdav.sys
F7A6B000: \SystemRoot\System32\Drivers\ParVdm.SYS
F7A73000: \SystemRoot\System32\Drivers\avgtdi.sys
F3D3E000: \SystemRoot\System32\DRIVERS\HSF_FALL.sys
F3D21000: \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
F3CC1000: \SystemRoot\System32\DRIVERS\HSF_K56K.sys
F3F5E000: \SystemRoot\System32\DRIVERS\mdmxsdk.sys
F3C68000: \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
F7887000: \SystemRoot\System32\DRIVERS\strmdisp.sys
F3C28000: \??\C:\WINDOWS\system32\drivers\tmcomm.sys
F3EA2000: \SystemRoot\System32\DRIVERS\HSF_TONE.sys
F3AE8000: \SystemRoot\System32\DRIVERS\HSF_V124.sys
F3A96000: \SystemRoot\System32\DRIVERS\srv.sys
F3DB5000: \??\C:\Program Files\NetDrive\rffsd.sys
F3851000: \SystemRoot\system32\drivers\wdmaud.sys
F3BD8000: \SystemRoot\system32\drivers\sysaudio.sys
F3803000: \SystemRoot\system32\drivers\kmixer.sys
F3512000: \SystemRoot\System32\Drivers\HTTP.sys
F792F000: \??\C:\DOCUME~1\WHITEN~1\LOCALS~1\Temp\catchme.sys
7C900000: \WINDOWS\System32\ntdll.dll
Files Created/Modified - 60 Days :
C:\
‰>!–»—€>– t»L—¾Ã–‹>˜¹ ¬<?uŠ< tªCâñ±° 8t°.ª¬<?uŠ< t - 1252,
21 Dec 2007 19:30:30 1,610,612,736 A.SH. "C:\pagefile.sys"
21 Dec 2007 19:30:32 1,073,270,784 A.SH. "C:\hiberfil.sys"
19 Dec 2007 2:52:48 244 A..H. "C:\sqmnoopt00.sqm"
20 Dec 2007 4:41:50 12,196 A.... "C:\ComboFix2.txt"
20 Dec 2007 0:02:24 244 A..H. "C:\sqmnoopt01.sqm"
20 Dec 2007 0:02:24 268 A..H. "C:\sqmdata00.sqm"
20 Dec 2007 0:08:20 244 A..H. "C:\sqmnoopt02.sqm"
20 Dec 2007 0:08:20 268 A..H. "C:\sqmdata01.sqm"
27 Oct 2007 19:22:04 244 A..H. "C:\sqmnoopt18.sqm"
27 Oct 2007 19:22:04 232 A..H. "C:\sqmdata17.sqm"
19 Dec 2007 2:20:20 244 A..H. "C:\sqmnoopt19.sqm"
19 Dec 2007 2:20:20 268 A..H. "C:\sqmdata18.sqm"
19 Dec 2007 2:52:48 268 A..H. "C:\sqmdata19.sqm"
20 Dec 2007 22:39:46 4,408 A.... "C:\rapport.txt"
20 Dec 2007 22:54:00 13,560 A.... "C:\ComboFix.txt"
C:\WINDOWS\
20 Dec 2007 22:53:18 332 A.... "C:\WINDOWS\system.ini"
17 Dec 2007 3:04:30 1,393 A.... "C:\WINDOWS\imsins.log"
17 Dec 2007 6:43:10 210,608 A.... "C:\WINDOWS\setupact.log"
17 Dec 2007 3:04:30 718,104 A.... "C:\WINDOWS\ocgen.log"
17 Dec 2007 3:04:30 1,393,005 A.... "C:\WINDOWS\FaxSetup.log"
17 Dec 2007 3:04:30 213,599 A.... "C:\WINDOWS\iis6.log"
17 Dec 2007 3:04:30 467,474 A.... "C:\WINDOWS\comsetup.log"
17 Dec 2007 3:04:30 287,300 A.... "C:\WINDOWS\ntdtcsetup.log"
17 Dec 2007 3:04:30 536,330 A.... "C:\WINDOWS\tsoc.log"
17 Dec 2007 3:04:30 69,489 A.... "C:\WINDOWS\msgsocm.log"
17 Dec 2007 3:04:30 65,494 A.... "C:\WINDOWS\ocmsn.log"
21 Dec 2007 14:38:16 50 A.... "C:\WINDOWS\wiaservc.log"
21 Dec 2007 19:30:38 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
21 Dec 2007 19:31:32 32,638 A.... "C:\WINDOWS\SchedLgU.Txt"
21 Dec 2007 19:33:24 0 A.... "C:\WINDOWS\0.log"
19 Dec 2007 2:32:50 169 A.... "C:\WINDOWS\wininit.ini"
12 Dec 2007 7:39:58 8,843 A.... "C:\WINDOWS\KB943460.log"
17 Dec 2007 1:39:44 13,022 A.... "C:\WINDOWS\KB944653.log"
17 Dec 2007 1:39:50 12,411 A.... "C:\WINDOWS\KB941568.log"
17 Dec 2007 3:04:30 13,394 A.... "C:\WINDOWS\KB941569.log"
18 Dec 2007 20:06:14 56,746 A.... "C:\WINDOWS\setupapi.log"
21 Dec 2007 9:28:02 1,836 A.... "C:\WINDOWS\ModemLog_Standard 14400 bps Modem.txt"
21 Dec 2007 9:28:20 11,226 A.... "C:\WINDOWS\ModemLog_Standard 14400 bps Modem #2.txt"
4 Dec 2007 2:43:34 31 A.... "C:\WINDOWS\album.ini"
17 Dec 2007 9:11:02 9,528 A.... "C:\WINDOWS\KB892130.log"
21 Dec 2007 19:39:54 245 A.... "C:\WINDOWS\Msiosd.ini"
17 Dec 2007 1:39:56 24,506 A.... "C:\WINDOWS\KB942763.log"
21 Dec 2007 19:31:32 1,955,041 A.... "C:\WINDOWS\WindowsUpdate.log"
17 Dec 2007 1:39:54 1,393 A.... "C:\WINDOWS\imsins.BAK"
21 Dec 2007 12:53:12 54,156 A..H. "C:\WINDOWS\QTFont.qfn"
12 Dec 2007 7:39:54 50,191 A.... "C:\WINDOWS\updspapi.log"
20 Dec 2007 0:07:32 3,023,812 A.... "C:\WINDOWS\EventSystem.log"
19 Dec 2007 2:05:10 40,494 A.... "C:\WINDOWS\nsreg.dat"
20 Dec 2007 18:33:32 12,678 A.... "C:\WINDOWS\ie7_main.log"
20 Dec 2007 16:39:14 1,409 A.... "C:\WINDOWS\QTFont.for"
19 Dec 2007 2:23:34 173,159 A.... "C:\WINDOWS\wmsetup.log"
17 Dec 2007 1:56:06 1,074,476 A.... "C:\WINDOWS\setupapi.log.1.old"
20 Dec 2007 18:33:26 778 A.... "C:\WINDOWS\ie7beta2Uninst.log"
5 Nov 2007 3:52:08 12,515 A.... "C:\WINDOWS\KB941202.log"
5 Nov 2007 3:55:02 7,866 A.... "C:\WINDOWS\KB933729.log"
21 Dec 2007 9:28:02 3,886 A.... "C:\WINDOWS\ModemLog_CNXT V9x PCI Modem.txt"
21 Dec 2007 9:28:08 5,058 A.... "C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt"
21 Dec 2007 19:31:18 159 A.... "C:\WINDOWS\wiadebug.log"
3 Dec 2007 0:00:06 18,684,536 A.... "C:\WINDOWS\system32\MRT.exe"
21 Dec 2007 19:39:38 1,158 A.... "C:\WINDOWS\system32\wpa.dbl"
21 Dec 2007 19:40:52 77,174 A.... "C:\WINDOWS\system32\perfc009.dat"
21 Dec 2007 19:40:52 473,970 A.... "C:\WINDOWS\system32\perfh009.dat"
4 Dec 2007 1:00:44 136,704 A.... "C:\WINDOWS\system32\swsc.exe"
13 Dec 2007 21:26:52 156,160 A.... "C:\WINDOWS\system32\swreg.exe"
27 Oct 2007 17:40:06 227,328 A.... "C:\WINDOWS\system32\wmasf.dll"
29 Nov 2007 16:50:20 38,567 A.... "C:\WINDOWS\system32\pcpbios.exe"
29 Nov 2007 16:50:20 4,096 A.... "C:\WINDOWS\system32\sysres.dll"
29 Oct 2007 23:43:04 1,287,680 A.... "C:\WINDOWS\system32\quartz.dll"
13 Nov 2007 12:31:12 60,416 ..... "C:\WINDOWS\system32\tzchange.exe"
26 Oct 2007 4:34:02 8,460,288 A.... "C:\WINDOWS\system32\shell32.dll"
20 Dec 2007 22:39:20 3,320 A.... "C:\WINDOWS\system32\tmp.reg"
20 Dec 2007 22:39:20 0 A.... "C:\WINDOWS\system32\tmp.txt"
28 Oct 2007 10:56:32 224,024 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
21 Dec 2007 19:40:52 559,754 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
29 Oct 2007 11:04:04 350,720 A.... "C:\WINDOWS\system32\xpsp3res.dll"
19 Dec 2007 22:57:44 81,920 A.... "C:\WINDOWS\system32\IEDFix.exe"
17 Dec 2007 1:49:02 10,447 A.... "C:\WINDOWS\system32\DslWz.log"
18 Dec 2007 21:15:52 5,329 A.... "C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log"
17 Dec 2007 1:39:52 387,734 A.... "C:\WINDOWS\system32\TZLog.log"
14 Nov 2007 10:57:28 705 ..... "C:\WINDOWS\inf\branches.inf"
5 Nov 2007 3:51:50 993,248 A.... "C:\WINDOWS\inf\LAYOUT.PNF"
17 Dec 2007 3:02:44 222,180 A.... "C:\WINDOWS\inf\drvindex.PNF"
1 Nov 2007 14:23:46 7,800 A.... "C:\WINDOWS\inf\certclas.PNF"
17 Dec 2007 3:03:20 11,468 A.... "C:\WINDOWS\inf\hal.PNF"
5 Nov 2007 3:51:48 6,756 A.... "C:\WINDOWS\inf\SYSOC.PNF"
5 Nov 2007 3:51:50 12,416 A.... "C:\WINDOWS\inf\wbemoc.PNF"
5 Nov 2007 3:51:50 55,728 A.... "C:\WINDOWS\inf\fxsocm.PNF"
5 Nov 2007 3:51:50 16,448 A.... "C:\WINDOWS\inf\netoc.PNF"
5 Nov 2007 3:51:50 100,544 A.... "C:\WINDOWS\inf\iis.PNF"
5 Nov 2007 3:51:52 134,788 A.... "C:\WINDOWS\inf\comnt5.PNF"
5 Nov 2007 3:51:54 10,240 A.... "C:\WINDOWS\inf\dtcnt5.PNF"
5 Nov 2007 3:51:56 41,164 A.... "C:\WINDOWS\inf\setupqry.PNF"
5 Nov 2007 3:51:56 122,672 A.... "C:\WINDOWS\inf\tsoc.PNF"
5 Nov 2007 3:51:58 105,040 A.... "C:\WINDOWS\inf\ims.PNF"
5 Nov 2007 3:51:58 17,568 A.... "C:\WINDOWS\inf\fp40ext.PNF"
5 Nov 2007 3:52:00 87,456 A.... "C:\WINDOWS\inf\msmsgs.PNF"
5 Nov 2007 3:52:00 4,056 A.... "C:\WINDOWS\inf\wmaccess.PNF"
5 Nov 2007 3:52:00 3,932 A.... "C:\WINDOWS\inf\rootau.PNF"
5 Nov 2007 3:52:00 4,464 A.... "C:\WINDOWS\inf\ieaccess.PNF"
5 Nov 2007 3:52:00 4,384 A.... "C:\WINDOWS\inf\oeaccess.PNF"
5 Nov 2007 3:52:00 4,408 A.... "C:\WINDOWS\inf\wmpocm.PNF"
5 Nov 2007 3:52:00 15,092 A.... "C:\WINDOWS\inf\games.PNF"
5 Nov 2007 3:52:02 48,316 A.... "C:\WINDOWS\inf\accessor.PNF"
5 Nov 2007 3:52:02 17,476 A.... "C:\WINDOWS\inf\communic.PNF"
5 Nov 2007 3:52:02 11,984 A.... "C:\WINDOWS\inf\multimed.PNF"
5 Nov 2007 3:52:02 21,688 A.... "C:\WINDOWS\inf\optional.PNF"
5 Nov 2007 3:52:02 12,368 A.... "C:\WINDOWS\inf\pinball.PNF"
5 Nov 2007 3:52:02 16,656 A.... "C:\WINDOWS\inf\wordpad.PNF"
5 Nov 2007 3:52:04 13,260 A.... "C:\WINDOWS\inf\igames.PNF"
5 Nov 2007 3:52:04 19,232 A.... "C:\WINDOWS\inf\msnmsn.PNF"
5 Nov 2007 3:52:04 19,900 A.... "C:\WINDOWS\inf\netsnmp.PNF"
5 Nov 2007 3:52:04 6,928 A.... "C:\WINDOWS\inf\wbemsnmp.PNF"
5 Nov 2007 3:52:06 10,732 A.... "C:\WINDOWS\inf\nettpsmp.PNF"
5 Nov 2007 3:52:06 4,004 A.... "C:\WINDOWS\inf\netupnp.PNF"
5 Nov 2007 3:52:06 3,652 A.... "C:\WINDOWS\inf\netbeac.PNF"
5 Nov 2007 3:52:06 6,216 A.... "C:\WINDOWS\inf\netiprip.PNF"
5 Nov 2007 3:52:06 10,412 A.... "C:\WINDOWS\inf\netlpd.PNF"
5 Nov 2007 3:52:06 14,240 A.... "C:\WINDOWS\inf\p2p.PNF"
5 Nov 2007 3:52:04 105,644 A.... "C:\WINDOWS\inf\startoc.PNF"
19 Dec 2007 2:23:16 6,770 A.... "C:\WINDOWS\inf\DRM10.PNF"
19 Dec 2007 2:23:16 13,082 A.... "C:\WINDOWS\inf\codecs10.PNF"
19 Dec 2007 2:23:20 10,744 A.... "C:\WINDOWS\inf\WMFSDK10.PNF"
19 Dec 2007 2:23:18 22,146 A.... "C:\WINDOWS\inf\WMDM10.PNF"
19 Dec 2007 2:23:22 10,524 A.... "C:\WINDOWS\inf\WPD10.PNF"
1 Nov 2007 14:23:46 65,516 A.... "C:\WINDOWS\inf\WMP10.PNF"
19 Dec 2007 2:23:18 5,322 A.... "C:\WINDOWS\inf\MPCD10.PNF"
19 Dec 2007 2:23:18 5,346 A.... "C:\WINDOWS\inf\MPSTUB10.PNF"
19 Dec 2007 2:23:20 5,242 A.... "C:\WINDOWS\inf\WMSET10.PNF"
20 Dec 2007 0:22:00 0 A.... "C:\WINDOWS\Temp\T30DebugLogFile.txt"
21 Dec 2007 20:14:26 0 A.... "C:\WINDOWS\Temp\scs42.tmp"
21 Dec 2007 19:30:38 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
17 Dec 2007 1:43:08 20,768 A.... "C:\WINDOWS\Debug\mrt.log"
17 Dec 2007 1:43:08 2,918 A.... "C:\WINDOWS\Debug\mrteng.log"
21 Dec 2007 19:30:58 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
20 Dec 2007 12:10:02 436 A.... "C:\WINDOWS\Tasks\User_Feed_Synchronization-{420E147D-6489-424E-B37F-15BC34EB9780}.job"
1 Dec 2007 15:18:12 624 A.... "C:\WINDOWS\Downloaded Program Files\PCPitstop.inf"
17 Dec 2007 4:12:04 3,285,504 A.... "C:\WINDOWS\Installer\7e1c5.msi"
18 Dec 2007 21:15:28 1,480,704 A.... "C:\WINDOWS\Installer\8080a.msi"
11 Nov 2007 18:09:06 3,558,912 A.... "C:\WINDOWS\Installer\147dd75.msi"
5 Nov 2007 3:55:00 36,864 A.... "C:\WINDOWS\$NtUninstallKB933729$\reg00001"
24 Oct 2007 8:40:10 821,856 A.... "C:\WINDOWS\system32\drivers\avg7core.sys"
21 Dec 2007 8:39:28 10,760 A.... "C:\WINDOWS\system32\drivers\avgclean.sys"
14 Dec 2007 13:51:46 102,664 A.... "C:\WINDOWS\system32\drivers\tmcomm.sys"
13 Nov 2007 11:25:54 20,480 ..... "C:\WINDOWS\system32\drivers\secdrv.sys"
29 Oct 2007 23:43:04 1,287,680 ..... "C:\WINDOWS\system32\dllcache\quartz.dll"
26 Oct 2007 4:34:02 8,460,288 A.... "C:\WINDOWS\system32\dllcache\shell32.dll"
27 Oct 2007 17:40:06 227,328 A.... "C:\WINDOWS\system32\dllcache\wmasf.dll"
17 Dec 2007 8:14:52 3,734 A.... "C:\WINDOWS\system32\Restore\SR-Reg.TXT"
17 Dec 2007 8:14:52 17,932 A.... "C:\WINDOWS\system32\Restore\SR-RstrLog.TXT"
17 Dec 2007 8:14:54 2,579 A.... "C:\WINDOWS\system32\Restore\SR-RP.LOG"
17 Dec 2007 8:15:06 10,640,809 A.... "C:\WINDOWS\system32\Restore\SR-ChgLog.LOG"
5 Nov 2007 3:55:18 90,112 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe"
5 Nov 2007 3:55:18 2,560 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe"
5 Nov 2007 3:55:18 22,528 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe"
5 Nov 2007 3:55:18 3,584 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe"
5 Nov 2007 3:55:18 114,688 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe"
5 Nov 2007 3:55:18 34,304 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe"
5 Nov 2007 3:55:18 16,384 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe"
5 Nov 2007 3:55:18 30,720 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe"
5 Nov 2007 3:55:18 45,056 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe"
5 Nov 2007 3:55:18 766 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\graph.ico"
5 Nov 2007 3:55:18 8,192 A...R "C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe"
17 Dec 2007 4:12:04 1,038,336 A...R "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe"
17 Dec 2007 4:12:04 171,008 A...R "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe"
17 Dec 2007 4:12:04 8,704 A...R "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe"
17 Dec 2007 4:12:04 178,688 A...R "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\SC_Reader.exe"
11 Nov 2007 18:09:08 25,214 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\RMFFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\FDFFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\XDPFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\PDXFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\PDFFile_8.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\SecStoreFile.ico"
11 Nov 2007 18:09:08 295,606 A...R "C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81100000003}\APIFile_8.ico"
21 Dec 2007 20:00:56 220 A.... "C:\WINDOWS\erdnt\dss\README.txt"
21 Dec 2007 20:00:56 28,672 A.... "C:\WINDOWS\erdnt\dss\sam"
21 Dec 2007 20:01:52 28,876,800 A.... "C:\WINDOWS\erdnt\dss\software"
21 Dec 2007 20:01:56 5,382,144 A.... "C:\WINDOWS\erdnt\dss\system"
21 Dec 2007 20:01:56 339,968 A.... "C:\WINDOWS\erdnt\dss\default"
5 Nov 2007 3:51:48 370 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.txt"
5 Nov 2007 3:52:08 13,320 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.inf"
5 Nov 2007 3:55:00 348 A.... "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.txt"
5 Nov 2007 3:55:02 13,240 A.... "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.inf"
12 Dec 2007 7:39:50 400 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.txt"
12 Dec 2007 7:39:56 14,125 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.inf"
17 Dec 2007 1:39:34 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
17 Dec 2007 1:39:44 12,697 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
17 Dec 2007 1:39:46 312 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
17 Dec 2007 1:39:48 12,954 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
17 Dec 2007 1:39:54 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
17 Dec 2007 1:39:54 13,741 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
17 Dec 2007 3:04:18 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
17 Dec 2007 3:04:30 12,384 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
27 Oct 2007 16:39:46 371,424 ..... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll"
27 Oct 2007 16:39:36 213,216 ..... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
17 Dec 2007 9:11:00 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
30 Oct 2007 14:05:02 11,990 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB943460.cat"
13 Nov 2007 18:48:04 10,876 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB944653.cat"
30 Oct 2007 0:03:44 11,284 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB941568.cat"
14 Nov 2007 11:21:30 11,284 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB942763.cat"
27 Oct 2007 17:16:40 12,090 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB941569.cat"
4 Nov 2007 19:50:42 33,479 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
4 Nov 2007 19:50:42 45,218 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"
4 Dec 2007 2:55:54 15,802,849 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071204-015539-00.hdmp"
17 Dec 2007 0:43:08 7,639,052 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071216-234258-00.hdmp"
17 Dec 2007 11:51:46 10,787,608 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071217-105134-00.hdmp"
18 Dec 2007 13:16:16 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-121615-00.mdmp"
18 Dec 2007 13:16:30 12,856,473 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-121615-00.hdmp"
18 Dec 2007 21:07:26 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-200725-00.mdmp"
18 Dec 2007 21:07:36 12,197,908 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-200725-00.hdmp"
18 Dec 2007 21:17:44 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-201743-00.mdmp"
18 Dec 2007 21:17:56 8,036,388 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-201743-00.hdmp"
19 Dec 2007 0:51:22 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-235121-00.mdmp"
19 Dec 2007 0:51:30 8,422,916 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071218-235121-00.hdmp"
19 Dec 2007 3:08:36 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-020834-00.mdmp"
19 Dec 2007 3:08:46 12,311,104 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-020834-00.hdmp"
19 Dec 2007 13:30:26 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-123025-00.mdmp"
19 Dec 2007 13:30:36 8,083,320 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-123025-00.hdmp"
19 Dec 2007 19:47:36 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-184735-00.mdmp"
19 Dec 2007 19:47:46 7,938,068 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-184735-00.hdmp"
19 Dec 2007 23:37:10 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-223709-00.mdmp"
19 Dec 2007 23:37:20 8,251,388 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071219-223709-00.hdmp"
21 Dec 2007 12:28:16 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071221-112814-00.mdmp"
21 Dec 2007 12:28:24 15,707,105 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071221-112814-00.hdmp"
21 Dec 2007 19:31:20 0 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071221-183118-00.mdmp"
21 Dec 2007 19:31:30 10,220,075 A.... "C:\WINDOWS\PCHealth\ErrorRep\UserDumps\svchost.exe.20071221-183118-00.hdmp"
20 Dec 2007 22:53:44 460 A.... "C:\WINDOWS\erdnt\subs\F3M\ERDNT.INF"
20 Dec 2007 22:53:44 673 A.... "C:\WINDOWS\erdnt\subs\F3M\ERDNT.CON"
20 Dec 2007 22:53:34 65,536 A.... "C:\WINDOWS\erdnt\subs\F3M\SECURITY"
20 Dec 2007 22:53:42 30,347,264 A.... "C:\WINDOWS\erdnt\subs\F3M\SOFTWARE"
20 Dec 2007 22:53:44 7,323,648 A.... "C:\WINDOWS\erdnt\subs\F3M\SYSTEM"
20 Dec 2007 22:53:44 339,968 A.... "C:\WINDOWS\erdnt\subs\F3M\DEFAULT"
20 Dec 2007 22:53:44 28,672 A.... "C:\WINDOWS\erdnt\subs\F3M\SAM"
13 Nov 2007 18:44:06 21,487 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\update_SP2QFE.inf"
13 Nov 2007 18:48:04 10,876 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\KB944653.CAT"
13 Nov 2007 18:53:58 188 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\update.ver"
13 Nov 2007 18:33:56 496 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\updatebr.inf"
13 Nov 2007 18:33:56 705 ..... "C:\WINDOWS\$hf_mig$\KB944653\update\branches.inf"
13 Nov 2007 9:47:46 20,480 ..... "C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys"
29 Oct 2007 23:58:32 21,705 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\update_SP2QFE.inf"
30 Oct 2007 0:03:44 11,284 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\KB941568.CAT"
30 Oct 2007 4:43:08 204 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\update.ver"
29 Oct 2007 23:46:56 496 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\updatebr.inf"
29 Oct 2007 23:46:56 705 ..... "C:\WINDOWS\$hf_mig$\KB941568\update\branches.inf"
29 Oct 2007 23:35:14 1,287,680 ..... "C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll"
14 Nov 2007 11:14:22 52,007 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\update_SP2QFE.inf"
14 Nov 2007 11:21:30 11,284 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\KB942763.CAT"
14 Nov 2007 11:26:34 204 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\update.ver"
30 Oct 2007 8:39:18 496 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\updatebr.inf"
14 Nov 2007 10:57:28 705 ..... "C:\WINDOWS\$hf_mig$\KB942763\update\branches.inf"
13 Nov 2007 12:02:46 60,416 ..... "C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe"
C:\Program Files\
22 Oct 2007 16:45:44 115,960 A.... "C:\Program Files\ICQ6\IcqUpdater.exe"
22 Oct 2007 16:45:42 177,400 A.... "C:\Program Files\ICQ6\ICQ.exe"
22 Oct 2007 16:45:42 14,072 A.... "C:\Program Files\ICQ6\ICQLRun.exe"
22 Oct 2007 16:43:44 86,016 A.... "C:\Program Files\ICQ6\MBContainer.dll"
22 Oct 2007 16:37:02 2,211,840 A.... "C:\Program Files\ICQ6\MCore.dll"
22 Oct 2007 16:34:20 118,784 A.... "C:\Program Files\ICQ6\MCoreLib.dll"
22 Oct 2007 16:43:08 106,496 A.... "C:\Program Files\ICQ6\MCrashReport.dll"
22 Oct 2007 16:27:46 221,184 A.... "C:\Program Files\ICQ6\MDb.dll"
22 Oct 2007 16:28:00 49,152 A.... "C:\Program Files\ICQ6\MDevHelpers.dll"
22 Oct 2007 16:38:30 520,192 A.... "C:\Program Files\ICQ6\MISB.dll"
22 Oct 2007 16:28:34 233,472 A.... "C:\Program Files\ICQ6\MKernel.dll"
22 Oct 2007 16:34:02 77,312 A.... "C:\Program Files\ICQ6\MReport.dll"
22 Oct 2007 16:41:20 2,691,072 A.... "C:\Program Files\ICQ6\MUICore.dll"
22 Oct 2007 16:37:54 622,592 A.... "C:\Program Files\ICQ6\MUICoreLib.dll"
22 Oct 2007 16:42:50 913,408 A.... "C:\Program Files\ICQ6\MUIMessage.dll"
22 Oct 2007 16:34:46 389,120 A.... "C:\Program Files\ICQ6\MUIUtils.dll"
22 Oct 2007 16:27:32 282,624 A.... "C:\Program Files\ICQ6\MUtils.dll"
17 Dec 2007 5:55:22 2,175 A.... "C:\Program Files\RogueRemover FREE\unins000.dat"
17 Dec 2007 5:54:50 691,481 A.... "C:\Program Files\RogueRemover FREE\unins000.exe"
11 Dec 2007 21:02:58 278,208 A.... "C:\Program Files\RogueRemover FREE\RogueRemover.exe"
11 Dec 2007 21:02:58 40,640 A.... "C:\Program Files\RogueRemover FREE\RogueRemover.dll"
11 Dec 2007 21:03:00 57,536 A.... "C:\Program Files\RogueRemover FREE\zlib.dll"
11 Dec 2007 21:02:06 79,490 A.... "C:\Program Files\RogueRemover FREE\rules.dat"
17 Dec 2007 5:55:28 0 A.... "C:\Program Files\RogueRemover FREE\Excludes.dat"
11 Dec 2007 14:52:02 5 A.... "C:\Program Files\UseNeXT\port.dat"
11 Dec 2007 14:56:14 1,618 A.... "C:\Program Files\UseNeXT\config.dat"
11 Dec 2007 14:56:14 11 A.... "C:\Program Files\UseNeXT\downloadqueue.dat"
11 Dec 2007 14:56:14 10,998 A.... "C:\Program Files\UseNeXT\subscribed.dat"
11 Dec 2007 14:56:14 11 A.... "C:\Program Files\UseNeXT\wizard.dat"
11 Dec 2007 14:56:14 4,329 A.... "C:\Program Files\UseNeXT\articlestatus.dat"
4 Nov 2007 5:26:58 48,445 A.... "C:\Program Files\BlogPost\uninst.exe"
4 Nov 2007 5:27:40 58 A.... "C:\Program Files\BlogPost\test.dat"
4 Nov 2007 5:34:08 0 A.... "C:\Program Files\BlogPost\blogs.dat"
4 Nov 2007 5:34:20 256 A.... "C:\Program Files\BlogPost\settingcontext.dat"
4 Nov 2007 5:40:16 59,137 A.... "C:\Program Files\Qumana3\uninstall.exe"
2 Dec 2007 21:51:10 200,829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
2 Dec 2007 21:51:12 456,296 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
2 Dec 2007 21:50:58 13,952 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
2 Dec 2007 21:51:12 161,392 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
2 Dec 2007 21:51:12 378,472 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
2 Dec 2007 21:51:12 271,984 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
2 Dec 2007 21:51:12 34,424 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
2 Dec 2007 21:51:12 30,320 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
2 Dec 2007 21:51:16 112,232 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
2 Dec 2007 21:51:16 254,060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
2 Dec 2007 21:51:16 132,712 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
2 Dec 2007 21:51:16 13,416 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
2 Dec 2007 21:51:16 73,848 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll"
2 Dec 2007 21:51:16 422,000 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll"
2 Dec 2007 21:51:16 12,400 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll"
2 Dec 2007 21:51:10 7,650,416 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
2 Dec 2007 21:51:16 132,232 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
2 Dec 2007 21:51:16 73,336 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll"
29 Oct 2007 13:27:04 587,096 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
29 Oct 2007 12:21:08 1,914,224 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe"
31 Oct 2007 15:32:06 2,250,104 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe"
31 Oct 2007 15:18:06 2,336,080 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe"
29 Oct 2007 12:21:06 2,123,128 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe"
29 Oct 2007 13:58:28 1,586,528 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWLic.exe"
21 Dec 2007 8:38:58 620,032 A.... "C:\Program Files\Grisoft\AVG Free\avgupd.dll"
24 Oct 2007 8:40:14 615,936 A.... "C:\Program Files\Grisoft\AVG Free\avgcore.dll"
21 Dec 2007 8:37:52 905,728 A.... "C:\Program Files\Grisoft\AVG Free\avgctrl.dll"
21 Dec 2007 8:37:56 467,456 A.... "C:\Program Files\Grisoft\AVG Free\avgset.dll"
21 Dec 2007 8:37:48 435,712 A.... "C:\Program Files\Grisoft\AVG Free\avgabout.dll"
22 Nov 2007 10:05:08 303,104 A.... "C:\Program Files\Grisoft\AVG Free\avgresf.dll"
21 Dec 2007 8:37:48 579,072 A.... "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
21 Dec 2007 8:37:50 582,656 A.... "C:\Program Files\Grisoft\AVG Free\avgcckrn.dll"
21 Dec 2007 8:37:52 572,928 A.... "C:\Program Files\Grisoft\AVG Free\avgcfg.dll"
21 Dec 2007 8:37:54 406,528 A.... "C:\Program Files\Grisoft\AVG Free\avgemc.exe"
21 Dec 2007 8:37:54 416,768 A.... "C:\Program Files\Grisoft\AVG Free\avgemsui.dll"
21 Dec 2007 8:37:56 510,976 A.... "C:\Program Files\Grisoft\AVG Free\avginet.exe"
21 Dec 2007 8:37:58 604,160 A.... "C:\Program Files\Grisoft\AVG Free\avgtest.dll"
21 Dec 2007 8:38:00 328,192 A.... "C:\Program Files\Grisoft\AVG Free\avgwb.dat"
21 Dec 2007 8:38:00 124,928 A.... "C:\Program Files\Grisoft\AVG Free\avgxch32.dll"
21 Dec 2007 8:38:00 731,020 A.... "C:\Program Files\Grisoft\AVG Free\setup.dat"
21 Dec 2007 8:38:04 2,007,552 A.... "C:\Program Files\Grisoft\AVG Free\setup.exe"
24 Oct 2007 8:40:16 418,816 A.... "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"
24 Oct 2007 8:40:20 131,072 A.... "C:\Program Files\Grisoft\AVG Free\avginet.dll"
24 Oct 2007 8:40:20 1,282,560 A.... "C:\Program Files\Grisoft\AVG Free\avgres.dll"
24 Oct 2007 8:40:20 392,704 A.... "C:\Program Files\Grisoft\AVG Free\avgscan.dll"
24 Oct 2007 8:40:22 411,648 A.... "C:\Program Files\Grisoft\AVG Free\avgtmgr.dll"
24 Oct 2007 8:40:22 245,248 A.... "C:\Program Files\Grisoft\AVG Free\avgtres.dll"
24 Oct 2007 8:40:22 389,632 A.... "C:\Program Files\Grisoft\AVG Free\avgvv.exe"
24 Oct 2007 8:40:22 219,136 A.... "C:\Program Files\Grisoft\AVG Free\avgw.exe"
24 Oct 2007 8:40:24 49,257 A.... "C:\Program Files\Grisoft\AVG Free\dfncfg.dat"
24 Oct 2007 8:40:24 49,215 A.... "C:\Program Files\Grisoft\AVG Free\dfncfgfr.dat"
17 Dec 2007 2:26:44 18,658 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\heuristic.dat"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin2.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin3.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin4.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\QuickTime\Plugins\npqtplugin5.dll"
16 Dec 2007 23:09:02 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
16 Dec 2007 23:09:02 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\whitenoiz.exe"
31 Oct 2007 20:00:28 118,189 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip"
7 Nov 2007 20:00:32 149,060 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip"
7 Nov 2007 20:00:42 327,300 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip"
24 Oct 2007 20:00:46 102,905 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip"
7 Nov 2007 20:00:50 152,758 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip"
28 Nov 2007 20:00:58 304,574 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip"
5 Dec 2007 20:01:18 890,919 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip"
21 Dec 2007 19:41:04 72 A.... "C:\Program Files\Yahoo!\Messenger\ystats_B.dat"
17 Nov 2007 1:47:54 45,394 A.... "C:\Program Files\RssReader\HTML\http_3a_2f_2flatinapornstars.pornlivenews.com_2frss_2f.htm"
11 Dec 2007 20:31:14 26,205 A.... "C:\Program Files\RssReader\HTML\http_3a_2f_2fgayfirsttimers.xlogz.com_2ffeed_2f.htm"
17 Nov 2007 2:56:36 2,019 A.... "C:\Program Files\RssReader\HTML\item.htm"
2 Dec 2007 21:51:16 450,936 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
2 Dec 2007 21:51:12 22,664 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll"
14 Dec 2007 15:13:18 148,648 A.... "C:\Program Files\Mozilla Firefox\components\compreg.dat"
14 Dec 2007 15:13:16 96,340 A.... "C:\Program Files\Mozilla Firefox\components\xpti.dat"
2 Dec 2007 21:51:02 67,696 A.... "C:\Program Files\Mozilla Firefox\components\jar50.dll"
2 Dec 2007 21:51:02 54,376 A.... "C:\Program Files\Mozilla Firefox\components\jsd3250.dll"
2 Dec 2007 21:51:02 34,952 A.... "C:\Program Files\Mozilla Firefox\components\myspell.dll"
2 Dec 2007 21:51:06 46,720 A.... "C:\Program Files\Mozilla Firefox\components\spellchk.dll"
2 Dec 2007 21:51:06 172,144 A.... "C:\Program Files\Mozilla Firefox\components\xpinstal.dll"
2 Dec 2007 21:51:14 117 A.... "C:\Program Files\Mozilla Firefox\res\hiddenWindow.html"
17 Dec 2007 2:24:52 2,291 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3229.dat"
17 Dec 2007 2:24:52 3,402 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3230.dat"
17 Dec 2007 2:24:52 2,205 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3231.dat"
17 Dec 2007 2:24:54 2,981 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3232.dat"
17 Dec 2007 2:24:54 2,800 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3233.dat"
17 Dec 2007 2:24:54 2,037 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3234.dat"
17 Dec 2007 2:24:54 2,040 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3235.dat"
17 Dec 2007 2:24:56 1,719 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3236.dat"
17 Dec 2007 2:24:56 3,391 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3237.dat"
17 Dec 2007 2:24:56 376 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3238.dat"
17 Dec 2007 2:24:58 14,703 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3239.dat"
17 Dec 2007 2:24:58 16,969 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3240.dat"
17 Dec 2007 2:24:58 2,394 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3241.dat"
17 Dec 2007 2:25:00 1,901 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3242.dat"
17 Dec 2007 2:25:00 1,746 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3243.dat"
17 Dec 2007 2:25:00 1,449 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3244.dat"
17 Dec 2007 2:25:02 5,157 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3245.dat"
17 Dec 2007 2:25:02 3,044 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3246.dat"
17 Dec 2007 2:25:02 3,023 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3247.dat"
17 Dec 2007 2:25:02 134 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3248.dat"
17 Dec 2007 2:25:02 3,235 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3249.dat"
17 Dec 2007 2:25:04 3,937 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3250.dat"
17 Dec 2007 2:25:04 3,736 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3251.dat"
17 Dec 2007 2:25:06 3,976 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3252.dat"
17 Dec 2007 2:25:06 22,639 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3253.dat"
17 Dec 2007 2:25:08 3,250 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3254.dat"
17 Dec 2007 2:25:08 3,427 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3255.dat"
17 Dec 2007 2:25:10 4,132 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3256.dat"
17 Dec 2007 2:25:12 4,328 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3257.dat"
17 Dec 2007 2:25:16 2,666 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3258.dat"
17 Dec 2007 2:25:16 3,093 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3259.dat"
17 Dec 2007 2:25:16 2,371 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3260.dat"
17 Dec 2007 2:25:16 2,725 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3261.dat"
17 Dec 2007 2:25:18 2,055 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3262.dat"
17 Dec 2007 2:25:18 2,432 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3263.dat"
17 Dec 2007 2:25:18 2,573 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3264.dat"
17 Dec 2007 2:25:18 1,866 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3265.dat"
17 Dec 2007 2:25:18 2,320 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3266.dat"
17 Dec 2007 2:25:20 1,995 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3267.dat"
17 Dec 2007 2:25:20 2,190 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3268.dat"
17 Dec 2007 2:25:22 2,700 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3269.dat"
17 Dec 2007 2:25:22 2,377 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3270.dat"
17 Dec 2007 2:25:22 2,515 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3271.dat"
17 Dec 2007 2:25:24 2,064 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3272.dat"
17 Dec 2007 2:25:24 2,245 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3273.dat"
17 Dec 2007 2:25:26 31,081 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3274.dat"
17 Dec 2007 2:25:28 26,365 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3275.dat"
17 Dec 2007 2:25:30 35,143 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3276.dat"
17 Dec 2007 2:25:32 30,763 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3277.dat"
17 Dec 2007 2:25:34 138 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3278.dat"
17 Dec 2007 2:25:36 26,633 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3279.dat"
17 Dec 2007 2:25:38 26,311 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3280.dat"
17 Dec 2007 2:25:40 27,912 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3281.dat"
17 Dec 2007 2:25:40 4,146 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3282.dat"
17 Dec 2007 2:25:40 4,058 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3283.dat"
17 Dec 2007 2:25:42 3,880 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3284.dat"
17 Dec 2007 2:25:42 4,092 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3285.dat"
17 Dec 2007 2:25:44 3,281 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3286.dat"
17 Dec 2007 2:25:46 3,322 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3287.dat"
17 Dec 2007 2:25:46 77 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3288.dat"
17 Dec 2007 2:25:46 4,252 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3289.dat"
17 Dec 2007 2:25:46 4,308 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3290.dat"
17 Dec 2007 2:25:48 5,830 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3291.dat"
17 Dec 2007 2:25:48 4,734 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3292.dat"
17 Dec 2007 2:25:50 5,067 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3293.dat"
17 Dec 2007 2:25:50 4,195 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3294.dat"
17 Dec 2007 2:25:52 4,722 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3295.dat"
17 Dec 2007 2:25:52 4,078 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3296.dat"
17 Dec 2007 2:25:54 7,978 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3297.dat"
17 Dec 2007 2:25:54 7,216 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3298.dat"
17 Dec 2007 2:25:56 7,250 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3299.dat"
17 Dec 2007 2:25:56 6,750 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3300.dat"
17 Dec 2007 2:25:56 87 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3301.dat"
17 Dec 2007 2:25:56 3,749 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3302.dat"
17 Dec 2007 2:25:58 6,787 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3303.dat"
17 Dec 2007 2:25:58 6,267 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3304.dat"
17 Dec 2007 2:26:02 48,698 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3305.dat"
17 Dec 2007 2:26:04 43,441 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3306.dat"
17 Dec 2007 2:26:04 157 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3307.dat"
17 Dec 2007 2:26:08 36,397 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3308.dat"
17 Dec 2007 2:26:08 78 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3309.dat"
17 Dec 2007 2:26:12 38,639 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3310.dat"
17 Dec 2007 2:26:14 39,403 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3311.dat"
17 Dec 2007 2:26:20 42,473 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3312.dat"
17 Dec 2007 2:26:36 46,849 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3313.dat"
17 Dec 2007 2:26:36 5,659 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3314.dat"
17 Dec 2007 2:26:38 2,343 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3315.dat"
17 Dec 2007 2:26:38 4,890 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3316.dat"
17 Dec 2007 2:26:40 5,367 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3317.dat"
17 Dec 2007 2:26:40 222 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3318.dat"
17 Dec 2007 2:26:42 4,639 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3319.dat"
17 Dec 2007 2:26:42 4,295 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3320.dat"
17 Dec 2007 2:26:44 4,779 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\3321.dat"
7 Nov 2007 23:21:18 450,560 A.... "C:\Program Files\Real\RealOne Player\plugins\MPAMedia.dll"
29 Oct 2007 14:47:40 2,584 A.... "C:\Program Files\Yahoo!\Messenger\cache\P9TXOowxEy759UKpY.zViw--.Display.dat"
14 Dec 2007 19:40:30 0 A.... "C:\Program Files\Yahoo!\Messenger\cache\h47TkaFRjmsVohAjsd4J9Q--.ProfileMap.dat.tmp"
21 Dec 2007 19:41:00 0 A.... "C:\Program Files\Yahoo!\Messenger\cache\P9TXOowxEy759UKpY.zViw--.ProfileMap.dat"
2 Dec 2007 21:51:06 7,166 A.... "C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html"
11 Nov 2007 18:09:06 304,784 A.... "C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81100000003}\Setup.exe"
22 Oct 2007 16:37:20 81,920 A.... "C:\Program Files\ICQ6\services\icqApp\ver1\MNativeObjectService.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin2.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin3.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin4.dll"
8 Dec 2007 14:02:58 131,072 A.... "C:\Program Files\Netscape\Communicator\Program\Plugins\npqtplugin5.dll"
2 Dec 2007 21:51:08 99,840 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll"
2 Dec 2007 21:51:08 156,544 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll"
2 Dec 2007 21:51:08 14,456 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll"
2 Dec 2007 21:51:08 407,040 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe"
Files with hidden attributes:
Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"
Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Fri 7 Oct 2005 308,224 A.SHR --- "C:\WINDOWS\system32\avisynth.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll"
Wed 27 Oct 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 May 2003 43,008 A..H. --- "C:\System Volume Information\_restore{B1AF6306-70F0-4416-91D0-2A49F3B95B86}\RP972\A0222270.exe"
Fri 5 Oct 2007 24,576 ...H. --- "C:\Documents and Settings\Olivia\My Documents\Erotic Writings\~WRL3672.tmp"
Fri 5 Oct 2007 24,576 ...H. --- "C:\Documents and Settings\Olivia\My Documents\Erotic Writings\~WRL0822.tmp"
Sun 23 Apr 2006 20 A..H. --- "C:\Documents and Settings\sylvie veale\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 27 Oct 2004 4,348 ...H. --- "C:\Documents and Settings\sylvie veale\My Documents\My Music\License Backup\drmv1key.bak"
Wed 27 Oct 2004 400 A.SH. --- "C:\Documents and Settings\sylvie veale\My Documents\My Music\License Backup\drmv2key.bak"
Fri 12 Mar 2004 38,400 ...H. --- "C:\Documents and Settings\sylvie veale\My Documents\Medieum Development Group stuff\My Pic-responses to\~WRL2566.tmp"
Sat 24 Jun 2006 0 A..H. --- "C:\Documents and Settings\sylvie veale\Local Settings\Application Data\Google\Google Desktop\e9b7ab4d6fff\Slideshow\people.tribe.net~cea2d1a1-8749-4fc6-a0a9-1d378f9a190a~blog~rss\BIT429.tmp"
Catchme:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-21 20:15:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Program Folders:
C:\Program Files\
Acro Software
Adobe
Advanced Diary
Afreet
Airbear Software
AirNav Systems
allglyphs-ssaver
AllMyFavorites
AnfyTeam
aod
ArcSoft
A-Simple-Diary-files
ATnotes
attachments
avatars
AviSynth 2.5
Awasu
BlogCollector Lite
BlogPost
Blurty
BOS
byLight
Canon
CoffeeCup Software
Common Files
ComPlus Applications
Conexant
ConWare
CueCard
CyberLink
Diary
DIFX
DivX
DivXCodec
Easy Thumbnails
EPSON
EPSON Print CD
eQdigital
e-quit-diary
eRightSoft
ewido anti-malware
Extensis
FeedReader30
FileZilla Client
Fisher
Flickr Uploadr
Flight Explorer
Flock
FLVPlayer
FolderCons
FreshDevices
FreshGames
Funkitron
GameHouse
Google
Grammar Slammer Trial
Grisoft
HarrysFilters
Hello
Help
Hexacto Games
HighMAT CD Writing Wizard
HistoryKill
ICQ6
ICQToolbar
iDailyDiary
IEimage
IncrediMail
Infogrames
InstallShield Installation Information
interfac
Internet Explorer
IrfanView
iWin.com
Jasc Software Inc
Java
JavaSoft
JungleDisk
Justdo Software
Lavasoft
LEAD Technologies, Inc
LinKtoLinK 2
LinKtoLinK Pro
Lithic
LIUtilities
LiveJournal
LJ.NET
LogAnalyser
Macromedia
Memotoo.com plugin for I.E
Messenger
Metty
Micro DVD Player(2)
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Picture It! 9
Microsoft Reader
Microsoft Visual Studio
MMSSTV
Mouse Driver
Movie Maker
Mozilla ActiveX Control v1.7.12
Mozilla Firefox
Mozilla Thunderbird
MSN
MSN Gaming Zone
MSN Messenger
MSPress
My Notes Center
My Notes CenterSpelling
Napster
NetDrive
NETGUI
NetMeeting
Netropa
Netscape
NewSoft
NoAdware
Nvidia Corporation
OfficeSpeller
Online Services
Opera
Outlook Express
Packages
PC-HFDL
Photoshop
Pink Flamingo Publications eBook Reader
Pinnacle
Plaxo
Plugins
PNAV
PocketFMS
POSFIX
PowerArchiver
PSP Thumbnail Handler
PWRSMND1
Qualcomm
QuickTime
Qumana3
Rancon
Real
Registry Mechanic
RogueRemover FREE
RoughDraft
ROUTE66
RssReader
Rune Generator
ScanSoft
SDP
Sebran
SelinguaColumns
Semagic
Siber Systems
SlDB
Slide
Smileys
Softnik Technologies
Softwin
Sources
Spybot - Search & Destroy
StartSpanish35
STOPzilla!
Sunbelt Software
SuperBladePro
Themes
thriXXX
ToniArts
TreePadLite
Trend Micro
Trymedia
Ulead Systems
Ultimate Webshots Converter
Uninstall Information
Unipong
UseNeXT
vcom
VIA Technologies, INC
Virtual Magnifying Glass
Visicom Media
w.bloggar
Webaroo
Website Builder
Wide Angle Software
WinAce
Windows Journal Viewer
Windows Media Connect
Windows Media Player
Windows NT
WindowsMetafileFix
WindowsUpdate
WinHTTrack
WinRAR
WinZip
WON
WordWax
WordWeb
WPanorama
X2line
xerox
Xilokit
XoftSpy
Yahoo!
Zero G Registry
C:\Program Files\Common Files\
Adobe
Bcgsoft
Designer
EPSON
Fellowes
Fugawi
InstallShield
Java
Justdo
L&H
Macromedia
Microsoft Shared
MSSoap
ODBC
Real
Scanner
ScanSoft Shared
Services
Softwin
SpeechEngines
STOPzilla!
SWF Studio
Symantec Shared
System
Wise Installation Wizard
xing shared
Add/Remove Programs:
AceHTML 5 Freeware
AceHTML 5 Pro
Adobe Flash Player Plugin
Adobe Shockwave Player
Advanced Diary v1.3
AirNav Suite
AllMyFavorites
ArcSoft Camera Suite
AVG Free Edition
AVG Anti-Spyware 7.5
Blog Post Builder 0.41
Website Builder 7.0.1
Blurty (remove only)
CoffeeCup Direct FTP 5.2 Shareware
CoffeeCup HTML Editor
CoffeeCup HTML Editor 2006
CSAPI (MS Office) spelling plugin for My Notes Center
Diary Book
DivX Codec
Easy Thumbnails (Remove only)
EPSON Printer Software
ESPR220 User's Guide
ewido anti-malware
FileZilla Client 3.0.1
Flickr Uploadr 2.1
FLV Player 1.3.3
GMail Drive Shell Extension
Good Keywords v2.01.100107
Google Desktop
Google Pack Screensaver
Google Updater
Google Video Player
Harry's Filters 3
HijackThis 2.0.2
iDailyDiary 3.20
Internet Explorer 7 Beta 2
IEimage
EPSON Attach To Email
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Microsoft Data Access Components KB870669
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Hotfix for Windows XP (KB896344)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows Media Player 10 (KB936782)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' RogueRemover
Memotoo.com plugin for I.E. v1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office Spell Checker
Microsoft Interactive Training
MoreKeys 1.2
Mouse Driver Mouse Driver 3.5
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.11)
MSN
NetDrive
Netscape Communicator 4.79
NVIDIA Windows 2000/XP Display Drivers
NVIDIA Display Driver
Microsoft Picture It! Library 9
Microsoft Picture It! Express 9
Plugin Commander Light
Qumana
RealPlayer
Registry Mechanic
USB Storage Adapter FX (SM1)
Spanish Whiz 6.6
Spybot - Search & Destroy 1.3
StartSpanish 3.5
StartSpanish 3.6
Tweak UI
Virtual Magnifying Glass 2.00
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
WinAce Archiver
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows WMF Metafile Vulnerability HotFix 1.4
Windows XP Service Pack 2
WinHTTrack Website Copier 3.40-2
WordWax (remove only)
Xenofex 1.0
Nic's XviD Decoder
Yahoo! Anti-Spy
Yahoo! Toolbar
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Toolbar
Yahoo! Install Manager
MSN Encarta Plus Support Files
Office Keyboard
Adsense Status
Macromedia Dreamweaver 8
Security Update for CAPICOM (KB931906)
Disc API
Canon CanoScan Toolbox 4.5
Yahoo! Photos Print-at-Home Tool
EPSON Easy Photo Print
Google Earth
PSP Thumbnail Handler
EPSON Attach To Email
Google Talk (remove only)
ArcSoft PhotoStudio 5.5
Google Toolbar for Internet Explorer
AirNav ACARS Decoder 2
EPSON Scan Assistant
Cypress USB Mass Storage Driver Installation
Java(TM) 6 Update 3
Microsoft Windows Journal Viewer
DIGReqEx
Google Desktop Plugin - Del.icio.us
Macromedia Extension Manager
Windows Live Messenger
ICQ6
Microsoft Office Outlook Connector
Windows Genuine Advantage v1.3.0254.0
ArcSoft VideoImpression 2
PowerDVD
Photobucket Uploader
Webaroo
Microsoft .NET Framework 2.0
Quivic
OmniPage SE 2.0
Software Update for Web Folders
Opera 9.0
EPSON Web-To-Page
Jasc Paint Shop Pro 8
Flash Catcher
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Spanish Whiz Full Version
QuickTime
KONICA_MINOLTA DiMAGE remote camera driver
Microsoft Picture It! Library 9
LJ.NET
Adobe Reader 8.1.1
Microsoft Reader
Jasc Paint Shop Photo Album
PIF DESIGNER
Manual CanoScan 3200,3200F
Microsoft .NET Framework 1.1
Google Notebook Extension for IE
WinZip 11.1
Pinnacle InstantCD/DVD Suite
w.bloggar 4.00
Microsoft Picture It! Express 9
Ad-Aware 2007
WinBackup
Windows Live Sign-in Assistant
Windows Media Connect
Realtek AC'97 Audio
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
EPSON Print CD
Run Values:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"IW_ControlCenter"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe"
"MULTIMEDIA KEYBOARD"="C:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe"
"LWBMOUSE"="C:\\Program Files\\Mouse Driver\\Mouse Driver\\3.5\\MOUSE32A.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"UserFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,75,00,\
00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"PowerArchiver Tray"="C:\\Program Files\\PowerArchiver\\PASTARTER.EXE"
Bot Check:
SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START
SERVICE_NAME: sharedaccess
DISPLAY_NAME : Internet Connection Sharing
START_TYPE : 2 AUTO_START
SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START
SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"
ShellExecuteHooks:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
Environment:
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\QuickTime\QTSystem
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SecurityProviders:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Authentication Packages:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Non-Default IFEO Debugger:
Non-Default Installed Components:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{c59d0937-29a1-4290-81be-948afee47797}
StubPath REG_SZ RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
<NO NAME> REG_SZ Browser Customizations
Version REG_SZ 6,0,2800,1106
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
<NO NAME> REG_SZ Fax
Version REG_SZ 5.1
StubPath REG_SZ rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
<NO NAME> REG_SZ Fax Provider
Version REG_SZ 5.1
StubPath REG_SZ
Non-Default Safeboot Minimal:
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
<NO NAME> REG_SZ Service
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avg anti-spyware driver
<NO NAME> REG_SZ Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avg anti-spyware guard
<NO NAME> REG_SZ Service
File Associations:
[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"
[HKEY_CLASSES_ROOT\http\shell\open\command]
@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""
[HKEY_CLASSES_ROOT\https\shell\open\command]
@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""
[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""
[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"
[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"
Finished!
HJ this;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:42, on 21/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.icq.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://uk.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
https://msnia.login.live.com/ppsecure/s ... rf?lc=2057O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher -
res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra button: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra 'Tools' menuitem: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
--
End of file - 10167 bytes
Hope some or all of this helps
Thanks again
whitenoiz
Addition:
Hi, while we were online AVG popped up with a 'threat found' message. This is it:
AVG Detailed Complete Test (22.12.2007 - beginning 00.04am):
File Result/Infection Path
Boot Sector of Disc Change C:
shell32.dll Change C:\WINDOWS\System32\shell32.dll
39AF80EAd01 Virus identified Exploit C:\Documents and Settings\Olivia\Local Settings\Application Data\Mozilla Firefox\Profiles\6crfy655.default\Cache\39AF80EAd01
BB69C0EAd01 Virus identified Exploit C:\Documents and Settings\Olivia\Local Settings\Application Data\Mozilla Firefox\Profiles\6crfy655.default\Cache\BB69C0EBdo1
AVG has now finished scanning and has moved the infection to the Virus Vault.
As a result of this, we thought it best to do another HJ scan. The result is posted below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:36:00, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.icq.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://uk.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
https://msnia.login.live.com/ppsecure/s ... rf?lc=2057O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher -
res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll
O9 - Extra button: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: My bookmarks Memotoo.com - {5DB85338-3621-4a55-BAF1-B657765CCCAA} - Shdocvw.dll (file missing)
O9 - Extra button: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra 'Tools' menuitem: AllMyFavorites - {634D3B6D-B1FE-4538-8A09-FCE198C547E4} - C:\Program Files\AllMyFavorites\MyFavIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
--
End of file - 10088 bytes
I Don't know if that helps, but I thought it best to post this anyway.
Thanks again
whitenoiz