Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:57 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://support.gateway.com/support/prof ... itStop.CABO16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
http://dl.tvunetworks.com/TVUAx.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se5483.cabO16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
http://support.gateway.com/support/seri ... /gwCID.CABO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5171 bytes
ComboFix 09-04-23.02 - Owner 04/22/2009 15:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.207 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning disabled* (Updated)
FW: Defender Pro Firewall *disabled*
* Created a new restore point
FILE ::
c:\program files\msbb.log
c:\program files\msbb_kyf.dat
c:\program files\msbbau.dat
c:\windows\system32\dowurumi.dll
c:\windows\system32\mibevilo.exe
c:\windows\system32\wugakuwa.dll
c:\windows\system32\yasijote.dll.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Azureus
c:\documents and settings\All Users\Application Data\Azureus\azCID.txt
c:\documents and settings\Owner\Application Data\Azureus
c:\documents and settings\Owner\Application Data\Azureus\.certs
c:\documents and settings\Owner\Application Data\Azureus\.keystore
c:\documents and settings\Owner\Application Data\Azureus\.lock
c:\documents and settings\Owner\Application Data\Azureus\active\
0027AA045B1F9769991D34F23E08C70BFDC48711.dat
c:\documents and settings\Owner\Application Data\Azureus\active\
0027AA045B1F9769991D34F23E08C70BFDC48711.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\
00D0DA35EF4932E7945DB6091330C01C0EF46F7C.dat
c:\documents and settings\Owner\Application Data\Azureus\active\
00D0DA35EF4932E7945DB6091330C01C0EF46F7C.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\
03E9C4B0F9F9954912D474C58F629CA86547A6D1.dat
c:\documents and settings\Owner\Application Data\Azureus\active\
03E9C4B0F9F9954912D474C58F629CA86547A6D1.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\
06891D243BDB8E4931945461BF12133A020F53B2.dat
c:\documents and settings\Owner\Application Data\Azureus\active\
06891D243BDB8E4931945461BF12133A020F53B2.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\
0F1A7747CB1B32EF47CFEEF4B59BE70026E46103.dat
c:\documents and settings\Owner\Application Data\Azureus\active\
0F1A7747CB1B32EF47CFEEF4B59BE70026E46103.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\15AA06AB6B8F81A8ECEF0D5A10FDB1F92B058EC5.dat
c:\documents and settings\Owner\Application Data\Azureus\active\15AA06AB6B8F81A8ECEF0D5A10FDB1F92B058EC5.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\18D57059B1D0A3478D40841A11B3F37A73E65CDC.dat
c:\documents and settings\Owner\Application Data\Azureus\active\18D57059B1D0A3478D40841A11B3F37A73E65CDC.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\1AC86CB379F929943379F69DFA0A490024FD9439.dat
c:\documents and settings\Owner\Application Data\Azureus\active\1AC86CB379F929943379F69DFA0A490024FD9439.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\247E705C8D16518BA8574C38EBA879866D2726A3.dat
c:\documents and settings\Owner\Application Data\Azureus\active\247E705C8D16518BA8574C38EBA879866D2726A3.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\2629FD8F1EBE737FC8B267A524AF1658CB4E8462.dat
c:\documents and settings\Owner\Application Data\Azureus\active\2629FD8F1EBE737FC8B267A524AF1658CB4E8462.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\2D4B24FF6EE049691A42E3FF1208C35B361A182A.dat
c:\documents and settings\Owner\Application Data\Azureus\active\2D4B24FF6EE049691A42E3FF1208C35B361A182A.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\3333926AC56E9D6B46903C1384D4716B8E4DAD4D.dat
c:\documents and settings\Owner\Application Data\Azureus\active\3333926AC56E9D6B46903C1384D4716B8E4DAD4D.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\531E0454E16E6D0DA8192CC7AFC76B54FB17E04F.dat
c:\documents and settings\Owner\Application Data\Azureus\active\531E0454E16E6D0DA8192CC7AFC76B54FB17E04F.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\59DA82DA04F51F9C85F681FFEC35406E2CF64D56.dat
c:\documents and settings\Owner\Application Data\Azureus\active\59DA82DA04F51F9C85F681FFEC35406E2CF64D56.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\5DC2B9CDA3EBC878EE20A896773282F0918F581C.dat
c:\documents and settings\Owner\Application Data\Azureus\active\5DC2B9CDA3EBC878EE20A896773282F0918F581C.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\739496DCB4CD1F6C1740668558DB2372118CAF6F.dat
c:\documents and settings\Owner\Application Data\Azureus\active\739496DCB4CD1F6C1740668558DB2372118CAF6F.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\759736CA508B0E9796B170E56920B9BD0CAA7703.dat
c:\documents and settings\Owner\Application Data\Azureus\active\759736CA508B0E9796B170E56920B9BD0CAA7703.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\7905E21949FB456239418407D94333DAFDB1E3B7.dat
c:\documents and settings\Owner\Application Data\Azureus\active\7905E21949FB456239418407D94333DAFDB1E3B7.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\7F096F496535E659BA970C47317248A27B6AFB42.dat
c:\documents and settings\Owner\Application Data\Azureus\active\7F096F496535E659BA970C47317248A27B6AFB42.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\817C5B850BC5519AD4530979B59FCB9DD19A9D47.dat
c:\documents and settings\Owner\Application Data\Azureus\active\817C5B850BC5519AD4530979B59FCB9DD19A9D47.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\89A2846E60E8EB3F5BFB37351BF36146C54B2484.dat
c:\documents and settings\Owner\Application Data\Azureus\active\89A2846E60E8EB3F5BFB37351BF36146C54B2484.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\8AF43EB2A038CE24684C26C152176304F2CCCDAE.dat
c:\documents and settings\Owner\Application Data\Azureus\active\8AF43EB2A038CE24684C26C152176304F2CCCDAE.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\8D9B52E8FCAE5133A3A55388260CCA0E3709E9BC.dat
c:\documents and settings\Owner\Application Data\Azureus\active\8D9B52E8FCAE5133A3A55388260CCA0E3709E9BC.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\9003E9356A392022C3BC0D01B307D02C456C1762.dat
c:\documents and settings\Owner\Application Data\Azureus\active\9003E9356A392022C3BC0D01B307D02C456C1762.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\92FDAFF9A8F692EF89AADDD9A76A84729E8605A7.dat
c:\documents and settings\Owner\Application Data\Azureus\active\92FDAFF9A8F692EF89AADDD9A76A84729E8605A7.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\9A03C18938D535F5CF336FB1D222C0C7C2714451.dat
c:\documents and settings\Owner\Application Data\Azureus\active\9A03C18938D535F5CF336FB1D222C0C7C2714451.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\A1F685AF7BF9CF1CD9635554066E25BEB2B44B92.dat
c:\documents and settings\Owner\Application Data\Azureus\active\A1F685AF7BF9CF1CD9635554066E25BEB2B44B92.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\A6D5BFF9C692D781E5DA2B10340D34B18145209A.dat
c:\documents and settings\Owner\Application Data\Azureus\active\A6D5BFF9C692D781E5DA2B10340D34B18145209A.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\AE5823600CFADEE3661C2E297F7BDFE7BAB4514D.dat
c:\documents and settings\Owner\Application Data\Azureus\active\AE5823600CFADEE3661C2E297F7BDFE7BAB4514D.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\AFE83B90291DC58EE1FD71589A7DDB7659206303.dat
c:\documents and settings\Owner\Application Data\Azureus\active\AFE83B90291DC58EE1FD71589A7DDB7659206303.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\B11394C9BC5326B6C70AB116529EF86E5A723E08.dat
c:\documents and settings\Owner\Application Data\Azureus\active\B11394C9BC5326B6C70AB116529EF86E5A723E08.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\B9324E39591E1BA6955C92FA8EBD73647DAC1D9A.dat
c:\documents and settings\Owner\Application Data\Azureus\active\B9324E39591E1BA6955C92FA8EBD73647DAC1D9A.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\BAEC18043A32992A24F0177B49641DA1DAC36201.dat
c:\documents and settings\Owner\Application Data\Azureus\active\BAEC18043A32992A24F0177B49641DA1DAC36201.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\BC82B8FA7700FC878092A4DFACC67250609A5F73.dat
c:\documents and settings\Owner\Application Data\Azureus\active\BC82B8FA7700FC878092A4DFACC67250609A5F73.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\cache.dat
c:\documents and settings\Owner\Application Data\Azureus\active\CCE19C031D4D20D4A2E0D990358DF420211A2BA3.dat
c:\documents and settings\Owner\Application Data\Azureus\active\CCE19C031D4D20D4A2E0D990358DF420211A2BA3.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\D1AFDB1D893C524042334DB4AC31423102CD32AE.dat
c:\documents and settings\Owner\Application Data\Azureus\active\D1AFDB1D893C524042334DB4AC31423102CD32AE.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\D83A80F23D26BFFF045545341B98C8176006F826.dat
c:\documents and settings\Owner\Application Data\Azureus\active\D83A80F23D26BFFF045545341B98C8176006F826.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\DA4DC1024FBE812FE3A35A90F35806FA94D6D1B3.dat
c:\documents and settings\Owner\Application Data\Azureus\active\DA4DC1024FBE812FE3A35A90F35806FA94D6D1B3.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\E39B39D2C106BE7A83D17F8313EF7EC0BC870D42.dat
c:\documents and settings\Owner\Application Data\Azureus\active\E39B39D2C106BE7A83D17F8313EF7EC0BC870D42.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\F07A86E0138800C5C53D0BCE89B8DC5A7E527DF0.dat
c:\documents and settings\Owner\Application Data\Azureus\active\F07A86E0138800C5C53D0BCE89B8DC5A7E527DF0.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\F6B6DD62B26B3A78328CA09994E1BFFE19532F8D.dat
c:\documents and settings\Owner\Application Data\Azureus\active\F6B6DD62B26B3A78328CA09994E1BFFE19532F8D.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\FEF87B617BD187AF924772E13E96DF5F7A8FD4D9.dat
c:\documents and settings\Owner\Application Data\Azureus\active\FEF87B617BD187AF924772E13E96DF5F7A8FD4D9.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\azureus.config
c:\documents and settings\Owner\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Owner\Application Data\Azureus\azureus.statistics
c:\documents and settings\Owner\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Owner\Application Data\Azureus\banips.config
c:\documents and settings\Owner\Application Data\Azureus\banips.config.bak
c:\documents and settings\Owner\Application Data\Azureus\cnetworks.config
c:\documents and settings\Owner\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\general.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\version.dat
c:\documents and settings\Owner\Application Data\Azureus\downloads.config
c:\documents and settings\Owner\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Owner\Application Data\Azureus\friends.config
c:\documents and settings\Owner\Application Data\Azureus\friends.config.bak
c:\documents and settings\Owner\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Owner\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Owner\Application Data\Azureus\metasearch.config
c:\documents and settings\Owner\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Owner\Application Data\Azureus\net\pm_209.dat
c:\documents and settings\Owner\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Owner\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Owner\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\Owner\Application Data\Azureus\subs\
06EEEFBF26D02F824C84.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\
07ABDD32A54D704B48FE.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\2193CFBF2A957A71BCC8.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\2DF43E7396E6157D8CE5.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\3C174BCFB894FF459D45.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\447229A3A371779E8871.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A12C9287BC80463D6AE0.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A4A08E81783B5A421A5F.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\AD8051E73A76B5270EC8.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\C732D6BA9C09C29B2FA3.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\ED7A4A68D27A7C72BABE.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\F14DB936646DBBA8A53E.vuze
c:\documents and settings\Owner\Application Data\Azureus\subscriptions.config
c:\documents and settings\Owner\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Owner\Application Data\Azureus\tables.config
c:\documents and settings\Owner\Application Data\Azureus\tables.config.bak
c:\documents and settings\Owner\Application Data\Azureus\timingstats.dat
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29529.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29530.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29531.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29532.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29533.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29534.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29535.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29536.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29537.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29538.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29539.tmp
c:\documents and settings\Owner\Application Data\Azureus\tracker.config
c:\documents and settings\Owner\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Owner\Application Data\Azureus\unsentdata.config
c:\documents and settings\Owner\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Owner\Application Data\Azureus\update.log
c:\documents and settings\Owner\Application Data\Azureus\update.properties
c:\documents and settings\Owner\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Owner\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Owner\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\
00871ABB
c:\program files\AskBarDis\bar\Cache\
00871CAF
c:\program files\AskBarDis\bar\Cache\
00871FDB.bin
c:\program files\AskBarDis\bar\Cache\
00872598.bin
c:\program files\AskBarDis\bar\Cache\
00872663.bin
c:\program files\AskBarDis\bar\Cache\
0087279C.bin
c:\program files\AskBarDis\bar\Cache\
00872A3B.bin
c:\program files\AskBarDis\bar\Cache\
00872C8D.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\PopSwatter\History\allowed
c:\program files\AskBarDis\PopSwatter\History\notallow
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\Coupons
c:\program files\Coupons\Coupons.com.url
c:\program files\Coupons\uninstall.exe
c:\program files\Coupons\Uninstall\IRIMG1.JPG
c:\program files\Coupons\Uninstall\IRIMG2.JPG
c:\program files\Coupons\Uninstall\IRIMG3.JPG
c:\program files\Coupons\Uninstall\IRIMG4.JPG
c:\program files\Coupons\Uninstall\IRIMG5.JPG
c:\program files\Coupons\Uninstall\IRIMG6.JPG
c:\program files\Coupons\Uninstall\IRIMG7.JPG
c:\program files\Coupons\Uninstall\IRIMG8.JPG
c:\program files\Coupons\Uninstall\uninstall.dat
c:\program files\Coupons\Uninstall\uninstall.xml
c:\program files\Kazaa Lite K++
c:\program files\Kazaa Lite K++\BannedIPs\BannedIpRanges.txt.bak
c:\program files\Kazaa Lite K++\Kazupernodes\favorites.kzf
c:\program files\Kazaa Lite K++\Thumbs.db
c:\program files\Kazaa Lite K++\web\Thumbs.db
c:\program files\msbb.log
c:\program files\msbb_kyf.dat
c:\program files\msbbau.dat
c:\program files\Vuze
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.34
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.zip
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.5
c:\windows\system32\dowurumi.dll
c:\windows\system32\mibevilo.exe
c:\windows\system32\yasijote.dll.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TGQNQYDB
((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.
2009-04-21 02:12 . 2009-04-21 02:16 1374 ----a-w c:\windows\imsins.BAK
2009-04-20 12:42 . 2009-04-20 12:44 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-20 12:24 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-20 12:24 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-20 12:24 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-08 03:40 . 2009-04-08 03:40 113120 ----a-w C:\regbackup.reg
2009-04-03 20:47 . 2009-04-03 20:47 25740144 ----a-w C:\wmp11-windowsxp-x86-enu.exe
2009-04-01 09:35 . 2009-04-01 09:35 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\wlvsouqo
2009-04-01 09:35 . 2009-04-01 09:35 -------- d-----w c:\documents and settings\Owner\Application Data\wlvsouqo
2009-04-01 09:33 . 2009-04-01 09:33 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\wlvsouqo
2009-04-01 09:33 . 2009-04-01 09:33 -------- d-----w c:\documents and settings\NetworkService\Application Data\wlvsouqo
2009-04-01 03:11 . 2009-04-01 03:11 -------- d-----w c:\program files\Trend Micro
2009-03-30 00:13 . 2009-03-30 00:13 -------- d-----w c:\documents and settings\Owner\LocalLow
2009-03-30 00:13 . 2009-03-30 00:13 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\TVU Networks
2009-03-30 00:13 . 2009-03-30 00:13 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-03-30 00:09 . 2009-03-30 01:26 -------- d-----w c:\documents and settings\Owner\Application Data\Winamp
2009-03-29 23:47 . 2009-04-01 05:34 -------- d-----w c:\documents and settings\Owner\Application Data\mp3rocket
2009-03-29 23:47 . 2009-03-29 23:48 -------- d-----w c:\program files\MP3 Rocket
2009-03-29 23:23 . 2009-03-29 23:36 -------- d-----w c:\program files\GRETECH
2009-03-29 23:15 . 2009-03-29 23:16 -------- d-----w c:\program files\Paint.NET
2009-03-29 23:15 . 2009-03-29 23:20 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET
2009-03-26 16:07 . 2009-03-26 16:07 59904 ----a-w c:\windows\system32\zlib1.dll
2009-03-26 16:03 . 2009-03-26 16:03 286720 ----a-w c:\windows\system32\libcurl.dll
2009-03-26 16:03 . 2009-03-26 16:03 143360 ----a-w c:\windows\system32\libexpatw.dll
2009-03-25 04:54 . 2009-03-25 04:54 -------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2009-03-25 04:52 . 2009-03-25 04:52 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-25 04:18 . 2009-03-25 05:54 -------- d-----w C:\HostsXpert
2009-03-24 07:48 . 2009-04-11 13:33 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-24 07:48 . 2009-03-24 07:48 1409 ----a-w c:\windows\QTFont.for
2009-03-24 05:26 . 2009-03-24 05:26 -------- d-----w c:\program files\Common Files\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 02:13 . 2009-02-16 12:25 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-20 11:55 . 2005-03-26 17:29 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-20 11:55 . 2005-03-26 17:29 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-15 05:15 . 2008-09-28 23:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 20:32 . 2008-09-28 23:17 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2008-09-28 23:17 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 10:24 . 2009-03-19 03:46 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-01 09:29 . 2002-02-15 16:51 -------- d-----w c:\program files\Common Files\Mozilla Shared
2009-04-01 09:19 . 2008-11-26 08:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-30 00:14 . 2009-02-26 07:32 3532 ----a-w C:\drmHeader.bin
2009-03-30 00:08 . 2009-01-21 17:08 -------- d-----w c:\documents and settings\Owner\Application Data\Move Networks
2009-03-27 19:22 . 2008-11-26 19:04 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-26 16:03 . 2003-01-08 20:15 196608 ----a-w c:\windows\system32\ssleay32.dll
2009-03-26 16:03 . 2003-01-08 20:15 1028096 ----a-w c:\windows\system32\libeay32.dll
2009-03-25 05:02 . 2009-01-17 02:36 -------- d-----w c:\documents and settings\All Users\Application Data\eFax Messenger 4.4 Setup
2009-03-24 06:50 . 2005-03-01 01:47 -------- d-----w c:\program files\ActMon-Password-Recovery
2009-03-24 06:30 . 2005-03-03 06:47 -------- d-----w c:\program files\Ethereal
2009-03-24 04:33 . 2009-03-16 19:00 -------- d-----w c:\program files\Wordster
2009-03-14 20:38 . 2009-01-05 13:04 -------- d-----w c:\documents and settings\Owner\Application Data\foobar2000
2009-03-14 17:10 . 2009-03-14 17:10 -------- d-----w c:\documents and settings\Owner\Application Data\SanDisk
2009-03-13 18:19 . 2009-03-13 18:18 -------- d-----w c:\program files\Rhapsody
2009-03-13 18:19 . 2002-02-15 18:15 -------- d-----w c:\program files\Real
2009-03-11 19:44 . 2009-03-11 19:44 -------- d-----w c:\documents and settings\All Users\Application Data\2B177
2009-03-06 14:22 . 2002-02-15 16:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 01:50 . 2009-03-04 01:50 -------- d-----w c:\program files\PixiePack Codec Pack
2009-03-04 01:48 . 2009-03-04 01:46 -------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-03-04 01:46 . 2009-03-04 01:46 -------- d-----w c:\program files\RapidSolution
2009-03-04 01:18 . 2009-03-04 01:18 -------- d-----w c:\program files\Daniusoft
2009-03-03 00:31 . 2009-03-03 00:31 -------- d-----w c:\documents and settings\Owner\Application Data\Amazon
2009-03-03 00:27 . 2009-03-03 00:27 -------- d-----w c:\program files\Amazon
2009-03-03 00:18 . 2004-02-07 02:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 02:08 . 2007-05-06 04:31 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-02-23 13:49 . 2004-09-02 09:36 546928 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 18:09 . 2004-08-04 07:56 78336 ------w c:\windows\system32\ieencode.dll
2009-02-16 08:52 . 2004-11-12 02:51 8224 -c--a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 12:10 . 2002-02-15 16:51 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2002-02-15 18:11 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2002-02-15 16:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2002-02-15 16:50 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2002-02-15 16:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2002-02-15 16:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2002-08-29 01:04 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2002-02-15 16:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2002-08-29 01:04 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2002-02-15 16:51 56832 ----a-w c:\windows\system32\secur32.dll
2005-03-01 02:03 . 2005-03-01 02:03 128 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\2B177 ----
2009-03-11 19:44 . 2008-12-09 05:31 4501 ----a-w c:\documents and settings\All Users\Application Data\2B177\{FF5D5766-B7CC-4BF8-902D-37FCBB9993BB}.swf
---- Directory of c:\documents and settings\Owner\Application Data\wlvsouqo ----
2009-04-01 09:56 . 2009-04-01 09:56 0 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\places.sqlite-journal
2009-04-01 09:56 . 2009-04-01 09:56 524 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\prefs.js
2009-04-01 09:35 . 2009-04-01 09:35 569 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\localstore.rdf
2009-04-01 09:35 . 2009-04-01 09:35 4049 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\pluginreg.dat
2009-04-01 09:35 . 2009-04-01 10:01 2048 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\webappsstore.sqlite
2009-04-01 09:35 . 2009-04-01 09:35 4096 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\formhistory.sqlite
2009-04-01 09:35 . 2009-04-01 09:37 131072 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\places.sqlite
2009-04-01 09:35 . 2009-04-01 09:37 16384 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\key3.db
2009-04-01 09:35 . 2009-04-01 09:37 65536 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\cert8.db
2009-04-01 09:35 . 2009-04-01 09:35 16384 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\secmod.db
2009-04-01 09:35 . 2009-04-01 10:04 2048 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\cookies.sqlite
2009-04-01 09:35 . 2009-04-01 09:35 2048 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\permissions.sqlite
2009-04-01 09:35 . 2009-04-01 09:56 127885 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\compreg.dat
2009-04-01 09:35 . 2009-04-01 09:56 96173 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\xpti.dat
2009-04-01 09:35 . 2009-04-01 09:56 207 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\compatibility.ini
2009-04-01 09:35 . 2009-04-01 09:35 111 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\profiles.ini
((((((((((((((((((((((((((((( SnapShot@2009-04-20_12.21.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 13:10 . 2009-04-21 13:10 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
- 2009-04-20 12:20 . 2009-04-20 12:20 16384 c:\windows\Temp\Perflib_Perfdata_5f0.dat
+ 2009-04-22 20:55 . 2009-04-22 20:55 16384 c:\windows\Temp\Perflib_Perfdata_5f0.dat
- 2004-09-03 07:15 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
+ 2004-09-03 07:15 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-04-03 20:50 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2002-02-15 16:51 . 2009-03-25 05:38 68828 c:\windows\system32\perfc009.dat
+ 2002-02-15 16:51 . 2009-04-21 13:14 68828 c:\windows\system32\perfc009.dat
+ 2002-02-15 18:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2002-02-15 18:11 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
- 2002-02-15 18:11 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2002-02-15 18:11 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2002-02-15 17:57 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2002-02-15 17:57 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 23:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 23:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2002-02-15 16:51 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2002-02-15 16:51 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2002-02-15 16:51 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 23:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-04-20 12:25 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-02-20 10:20 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 10:20 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-02-16 12:27 . 2009-04-21 02:13 35088 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-16 12:27 . 2009-02-28 03:12 35088 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-16 12:27 . 2009-02-28 03:12 18704 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-16 12:27 . 2009-04-21 02:13 18704 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-16 12:27 . 2009-04-21 02:13 20240 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-16 12:27 . 2009-02-28 03:12 20240 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-21 02:16 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-21 02:16 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-21 02:16 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
- 2004-09-03 04:59 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-09-03 04:59 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2002-02-15 17:57 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2002-02-15 17:57 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2002-02-15 17:57 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2002-02-15 16:51 . 2009-04-21 13:14 434838 c:\windows\system32\perfh009.dat
- 2002-02-15 16:51 . 2009-03-25 05:38 434838 c:\windows\system32\perfh009.dat
- 2002-02-15 16:51 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2002-02-15 18:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2002-02-15 18:11 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
- 2002-02-15 18:11 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2002-02-15 18:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2002-02-15 18:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
- 2002-02-15 16:51 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2002-02-15 16:51 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 17:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 17:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2002-02-15 16:51 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2002-02-15 16:51 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 07:56 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 07:56 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2009-04-20 12:25 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-04-20 12:25 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2009-03-03 00:18 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2009-04-20 12:25 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2009-04-20 12:25 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-20 12:25 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-04-20 12:25 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-04-20 12:25 . 2009-02-09 12:10 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2009-02-28 04:54 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-02-20 05:14 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-04-20 12:25 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-04-20 12:25 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
- 2002-02-15 16:50 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2002-02-15 16:50 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2009-02-16 12:27 . 2009-02-28 03:12 888080 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-16 12:27 . 2009-04-21 02:13 888080 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-16 12:27 . 2009-04-21 02:13 217864 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-16 12:27 . 2009-02-28 03:12 217864 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-21 02:16 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-21 02:16 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-21 02:16 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-21 02:16 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2009-03-16 19:01 . 2009-03-16 19:01 452488 c:\windows\Downloaded Program Files\wlscBase.dll
+ 2003-07-14 00:03 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2003-07-14 00:03 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2003-05-30 17:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
- 2003-05-30 17:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2003-07-14 00:02 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
- 2007-02-12 21:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
+ 2007-02-12 21:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2009-02-20 18:09 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:14 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2009-04-20 12:25 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-20 12:25 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-20 12:25 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-07-09 14:25 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-21 02:16 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-21 02:16 . 2009-01-17 03:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-21 02:16 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2008-10-14 23:09 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-14 23:09 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 23:09 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 23:09 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 23:09 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 23:09 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-14 23:09 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-21 02:14 . 2009-04-06 12:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-03-24 79872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-03 98304]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-04 21:23 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Defender Pro Defrag.lnk]
backup=c:\windows\pss\Defender Pro Defrag.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]
backup=c:\windows\pss\MiniMavis.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Memento.lnk]
backup=c:\windows\pss\Memento.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"WUSB54GCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"rpcapd"=3 (0x3)
"PCTAVSvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"defenderProDefragService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2004-12-28 18208]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:59]
2009-02-11 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-02-11 21:46]
2009-04-22 c:\windows\Tasks\User_Feed_Synchronization-{92C02AEF-39E3-4954-B1DE-160E84FD2EAA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uDefault_Search_URL =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/mSearch Bar =
hxxp://www.google.com/mSearchMigratedDefaultURL =
hxxp://www.google.com/uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
mSearchURL =
hxxp://www.google.com/.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-22 15:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-604989122-1283460115-496195412-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-22 15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 20:58
ComboFix2.txt 2009-04-20 12:24
Pre-Run: 159,611,801,600 bytes free
Post-Run: 160,331,640,832 bytes free
734 --- E O F --- 2009-04-21 02:16
I could not do the Kapersky scan because it stated that I had to install Java 1.5 or later. I update the java but I followed the link to the java website and when I clicked on it, it stated I had the recommended version. I tried to use run again to see and it stated the program didn't exist. In other words, it worked, then it didn't work. The only thing I did that is different was download the acrobat reader 9.