Trojan Horse BH0.JBZ & iehelper.dll (please help)

Started by MAANGO, July 07, 2009, 09:29:56 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

MAANGO

July 07, 2009, 09:29:56 PM
Hello everyone.

Let me start by saying that I'm pretty green when it comes to computers so sorry if some things go over my head.

A few days ago I got a warning from AVG telling me that my pc was infected by two trojan horse viruses and I clicked to heal files and move to vault. Antivirus PRO somehow got installed on there but I got rid of it and everything went smoothly for about two days until I got the same message from avg. I ran Malwarebytes Anti-Malware but it couldn't find anything. I got another message warning about the viruses but avg could only heal one of the two this time.

The files were in this location:

C:\WINDOWS\system32\iehelper.dll

The infection was : Trojan Horse BHO.JBZ

All this started after my little sisters were playing games online, but I can't figure out how to fix it this time(a few months ago we got smitfraud virus, but I took care of that through reading online).

Any help is greatly appreciated.

- Manny

MAANGO

#1
July 07, 2009, 09:31:10 PM

Here is the MBAM log from after the first notification(when the Antivirus PRO was still on here).>>>

Malwarebytes' Anti-Malware 1.26
Database version: 1113
Windows 5.1.2600 Service Pack 2

7/4/2009 4:34:48 AM
mbam-log-2009-07-04 (04-34-48).txt

Scan type: Quick Scan
Objects scanned: 74387
Time elapsed: 36 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lowriskfiletypes (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Delete on reboot.

Corrine

#2
July 07, 2009, 09:50:56 PM
Hi, Manny.  Welcome to LandzDown Forum.

Are you ready for some edumacation?  :lol:  

First things first -- before scanning with an anti-malware or antivirus software, it is necessary to check for updates.  Most antivirus software updates at least once a day and often three times per day.  It is the same with anti-malware software.  In fact, the current version of MBAM is 1.38, with the definitions at version 2385 -- and you have version 1.26, definitions 1113 installed!  

So, let's see where things stand.  Please do the following, exactly as posted.  Let us know if you have any questions.

Please download ATF Cleaner by Atribune from http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25 . Save it to your Desktop.

Run ATF Cleaner

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Click Exit on the Main menu to close the program.
  • Shutdown/restart the computer.
Update and scan with MBAM again:

  • Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  • Once the update has been installed and the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
Next, please do the following:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

winchester73

#3
July 07, 2009, 09:57:47 PM
Quote from: Corrine on July 07, 2009, 09:50:56 PM
Are you ready for some edumacation?  :lol:  

I got me an edumacation myself.   :D
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

MAANGO

#4
July 08, 2009, 12:17:20 AM

I can't believe I haven't updated MBAM once since I dl it . . . oops.

Here is the new MBAM log, I'm restarting and moving on to the next step now. Thanks so much for helping.

~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware 1.38
Database version: 2388
Windows 5.1.2600 Service Pack 2

7/7/2009 8:12:02 PM
mbam-log-2009-07-07 (20-12-02).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 150437
Time elapsed: 1 hour(s), 29 minute(s), 6 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\WINDOWS\ld12.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcnt5j0ec59 (Rogue.AntiVirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\ld12.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\no problem\Desktop\PopularScreensaversSetup2.3.50.19.ZRfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\~TM17A.tmp (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\proquota.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\Haruki Murakami.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\strt_1246695389.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

MAANGO

#5
July 08, 2009, 12:33:51 AM
Log.txt:>>>

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-07-07 20:25:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 14 GB (36%) free of 38 GB
Total RAM: 510 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:55 PM, on 7/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://c%3a%5cprogram%20files%5cnetscape%5cnetscape%5csearchplugins%5csbweb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\ql6forv2.slt\prefs.js)
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 surety.microsoft.com
O1 - Hosts: 209.44.111.62 aware-protect.com
O1 - Hosts: 209.44.111.62 www.aware-protect.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {483B0FFD-E30E-4DB3-A57C-B19CB6FD8E1F} - C:\WINDOWS\system32\cbXOEtUK.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray.exe] C:\Program Files\Rosetta Stone\Rosetta Stone V3\Patch.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105428806749
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wakwez.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8042 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll [2004-10-08 298168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-22 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{483B0FFD-E30E-4DB3-A57C-B19CB6FD8E1F}]
C:\WINDOWS\system32\cbXOEtUK.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll [2004-10-08 298168]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-02-10 118784]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-11 368706]
"YBrowser"=C:\Program Files\Yahoo!\browser\ybrwicon.exe [2003-07-11 57344]
"IPInSightLAN 02"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe [2003-06-11 380928]
"IPInSightMonitor 02"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [2003-06-11 122880]
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2003-12-10 380928]
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-06-25 57344]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-02-06 180269]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"IgfxTray.exe"=C:\Program Files\Rosetta Stone\Rosetta Stone V3\Patch.exe []
"Easy Dock"= []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
RCA Detective.lnk - C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wakwez.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\cbXOEtUK

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE"="C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\LucasArts\SWKotOR\swupdate.exe"="C:\Program Files\LucasArts\SWKotOR\swupdate.exe:*:Enabled:Star Wars: Knights of the old Republic Update Program"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Documents and Settings\Owner\Desktop\utorrent.exe"="C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EA GAMES\American McGee's Alice\alice.exe"="C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice"
"C:\WINDOWS\system32\a.exe"="C:\WINDOWS\system32\a.exe:*:Disabled:a"
"blank"="blank:*:Enabled:Yahoo! Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-07-07 20:25:14 ----D---- C:\rsit
2009-07-07 20:25:14 ----D---- C:\Program Files\trend micro
2009-07-01 09:26:11 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-06-15 06:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-15 06:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-15 06:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-15 06:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-15 06:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-07 20:25:14 ----AD---- C:\Program Files
2009-07-07 20:24:43 ----D---- C:\WINDOWS\Prefetch
2009-07-07 20:23:19 ----D---- C:\Program Files\Mozilla Firefox
2009-07-07 20:22:29 ----D---- C:\WINDOWS\Temp
2009-07-07 20:20:15 ----D---- C:\WINDOWS\system32\drivers
2009-07-07 20:20:15 ----D---- C:\WINDOWS
2009-07-07 20:19:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 20:12:02 ----D---- C:\WINDOWS\system32\wbem
2009-07-07 18:14:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-07 18:06:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-07 16:34:25 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-07-07 16:19:54 ----D---- C:\WINDOWS\system32
2009-07-07 16:19:52 ----HD---- C:\$AVG8.VAULT$
2009-07-07 15:45:29 ----A---- C:\WINDOWS\system.ini
2009-07-03 17:50:46 ----A---- C:\WINDOWS\LEXSTAT.INI
2009-07-01 09:25:12 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-19 16:57:31 ----D---- C:\Program Files\Lexmark X74-X75
2009-06-15 06:07:22 ----ASD---- C:\WINDOWS\inf
2009-06-15 06:07:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-15 06:07:03 ----A---- C:\WINDOWS\imsins.BAK
2009-06-15 06:06:41 ----D---- C:\Program Files\Internet Explorer
2009-06-15 06:05:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-15 06:01:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-10 01:33:02 ----D---- C:\Program Files\Soulseek

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-01 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-22 108552]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-01-09 223128]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-06-25 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-06-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-05-28 500568]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S2 W55U01;WINBOND W55U01 USB; C:\WINDOWS\System32\Drivers\W55U01.sys [2005-08-12 15232]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\ewdmaudn.sys []
S3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 SndTAudio;SndTAudio; C:\WINDOWS\system32\drivers\SndTAudio.sys [2009-03-02 23096]
S3 SndTVideo;SndTVideo; C:\WINDOWS\system32\DRIVERS\SndTVideo.sys [2009-03-02 3768]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-06-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-01 906520]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-06-25 303104]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-02 658432]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

MAANGO

#6
July 08, 2009, 12:35:13 AM
info.txt logfile of random's system information tool 1.06 2009-07-07 20:26:00

======Uninstall list======

-->"C:\Program Files\SBC Yahoo!\umuninst.exe" /S
-->"C:\WINDOWS\..\Program Files\SBC Yahoo!\Connection Manager\uninst.exe"
-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe  SBC
-->C:\PROGRA~1\Yahoo!\browser\unyb.exe
-->C:\PROGRA~1\Yahoo!\Common\unwise.exe /S C:\PROGRA~1\Yahoo!\Common\install.log
-->C:\PROGRA~1\Yahoo!\Common\unybase.exe
-->C:\PROGRA~1\Yahoo!\PARENT~1\unypc.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EverQuest II Trial of the Isle-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E217566-872F-41F3-B903-96B2E870A99A}\Setup.exe" -l0x9
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Japanese Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_190007_102274d9\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark X74-X75-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Netscape (7.2)-->C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
oggcodecs 0.69.8924-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RCA Detective 1.0.0.96-->"C:\Documents and Settings\Owner\My Documents\RCA Detective\unins000.exe"
RCA Detective™ 2.0.0.98-->"C:\Documents and Settings\Owner\My Documents\RCA Detective\unins001.exe"
RCA EasyRip™ 1.4.2.0-->"C:\Documents and Settings\Owner\My Documents\RCA EasyRip\unins000.exe"
RCA easyRip™ 2.0.8.0-->"C:\Documents and Settings\Owner\My Documents\RCA easyRip\unins001.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SBC Self Support Tool-->C:\WINDOWS\Motive\SBC\MCCUninst.exe
SBC Yahoo! Applications-->C:\Program Files\SBC Yahoo!\UninstallManager.exe
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Syberia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Syberia\Uninstall\setup.exe" -l0x9
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual IP InSight(SBC)-->C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Toolbar-->rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui

======Hosts File======

127.0.0.1 localhost
::1 localhost
209.44.111.62 surety.microsoft.com
209.44.111.62 aware-protect.com
209.44.111.62 www.aware-protect.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: DELL
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39908
Source Name: Cdrom
Time Written: 20090413203742.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39907
Source Name: Cdrom
Time Written: 20090413202945.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39906
Source Name: Cdrom
Time Written: 20090413202945.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39905
Source Name: Cdrom
Time Written: 20090413202945.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39904
Source Name: Cdrom
Time Written: 20090413202945.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: DELL
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20060.42618, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3590
Source Name: Application Hang
Time Written: 20060526220247.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20060.42618, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3589
Source Name: Application Hang
Time Written: 20060526215959.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20060.42618, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3588
Source Name: Application Hang
Time Written: 20060526215958.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 1002
Message: Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3587
Source Name: Application Hang
Time Written: 20060524184746.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 1517
Message: Windows saved user DELL\No Problem registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3585
Source Name: Userenv
Time Written: 20060523212401.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ZipGenius 6\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Corrine

#7
July 08, 2009, 12:59:10 AM
Hi, Manny.

You have a severely infected and out of date computer -- and it appears to me that there may have been problems for quite a while, with the recent infections exasperating the conditions.

Along with having a computer comes the responsibility of keeping it up to date.  That means not only Microsoft Security updates but also the other programs installed on the computer.  We will do our best to help you get the machine clean and also provide information on how to keep it that way.

Welcome to LandzDown Forum.

Please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

1)  Adobe Reader is out of date.  I strongly suggest you uninstall the current version and upgrade to the latest from http://www.adobe.com/products/reader/ or switch to an alternate PDF reader.  There are a number of open source readers available from http://pdfreaders.org/

2)  You also have extremely old and vulnerable versions of SunJava on the computer.  Please download JavaRa and unzip it to your desktop.


  • Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install Java SE Runtime Environment (JRE) 6 Update 14.   

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.

3)  Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2
Link 3

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.  This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you use AVG, you must also open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar as well as the following:

  • Click on Tools.
  • Select Advanced Settings.
  • In the left hand pane, scroll down to "Resident Shield".
  • In the main pane, deselect the option to "Enable Resident Shield."
  • To re-enable AVG 8, please select "Enable Resident Shield" again.

Now, please run ComboFix:

  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAANGO

#8
July 08, 2009, 02:52:17 AM
ComboFix 09-07-07.A2 - Owner 07/07/2009 22:24.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.212 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1e92ca17.msi
c:\windows\Installer\ce0c057.msi
c:\windows\patch.exe
c:\windows\system32\govsqxed.ini
c:\windows\system32\KUtEOXbc.ini
c:\windows\system32\KUtEOXbc.ini2
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


(((((((((((((((((((((((((   Files Created from 2009-06-08 to 2009-07-08  )))))))))))))))))))))))))))))))
.

2009-07-08 02:30 . 2004-08-04 07:56   50176   -c--a-w-   c:\windows\system32\dllcache\proquota.exe
2009-07-08 02:30 . 2004-08-04 07:56   50176   ----a-w-   c:\windows\system32\proquota.exe
2009-07-08 01:58 . 2009-07-08 02:11   --------   d-----w-   c:\documents and settings\Owner\.SunDownloadManager
2009-07-08 00:25 . 2009-07-08 00:26   --------   d-----w-   C:\rsit
2009-07-08 00:25 . 2009-07-08 00:25   --------   d-----w-   c:\program files\trend micro
2009-07-07 22:13 . 2009-07-07 22:13   3561743   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-04 07:31 . 2009-06-14 20:07   1004800   ----a-w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-01 14:01 . 2009-07-01 14:01   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-07-01 13:26 . 2009-07-01 13:25   832144   ----a-w-   c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-01 13:26 . 2009-07-04 07:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 01:54 . 2005-01-16 20:34   --------   d-----w-   c:\program files\Java
2009-07-08 01:51 . 2005-01-11 09:25   --------   d-----w-   c:\program files\Common Files\Adobe
2009-07-07 22:14 . 2008-09-04 21:25   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-07-07 22:06 . 2009-05-22 13:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2009-07-07 20:34 . 2006-02-26 07:24   --------   d-----w-   c:\documents and settings\Owner\Application Data\uTorrent
2009-07-01 13:25 . 2009-05-22 13:49   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-07-01 13:25 . 2009-05-22 13:49   327688   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-07-01 13:25 . 2009-05-22 13:49   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-06-19 20:57 . 2005-01-27 07:10   --------   d-----w-   c:\program files\Lexmark X74-X75
2009-06-17 15:27 . 2008-09-04 21:25   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-09-04 21:25   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-10 05:33 . 2007-02-07 01:08   --------   d-----w-   c:\program files\Soulseek
2009-06-06 21:29 . 2009-05-24 03:32   --------   d-----w-   c:\program files\DOSBox-0.72
2009-05-29 03:51 . 2009-03-07 22:03   20   ---h--w-   c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-05-28 04:09 . 2005-01-11 08:23   --------   d-----w-   c:\program files\Trillian
2009-05-26 03:12 . 2009-05-26 03:12   2855   ----a-w-   c:\windows\PIF\INSTALL.PIF
2009-05-22 14:06 . 2009-05-22 14:06   --------   d-----w-   c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-22 13:49 . 2009-05-22 13:49   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-05-22 13:49 . 2009-05-22 13:49   --------   d-----w-   c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-05-22 13:49 . 2009-05-22 13:49   --------   d-----w-   c:\program files\AVG
2009-05-13 03:49 . 2005-01-11 07:28   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-05-07 15:44 . 2002-06-25 21:40   344064   ----a-w-   c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2004-01-08 23:23   659456   ----a-w-   c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2009-04-14 00:23   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2002-06-25 21:50   1846656   ----a-w-   c:\windows\system32\win32k.sys
2009-04-17 04:36 . 2009-04-17 04:36   0   ----a-w-   c:\windows\PowerReg.dat
2009-04-15 15:11 . 2005-01-11 08:14   584192   ----a-w-   c:\windows\system32\rpcrt4.dll
2005-10-07 01:54 . 2005-10-07 01:54   816782   ----a-w-   c:\program files\oggcodecs_0.69.8924.exe
2005-04-22 01:17 . 2005-04-22 01:17   491768   ----a-w-   c:\program files\ie6setup.exe
2005-01-24 08:25 . 2005-01-24 08:22   7741336   ----a-w-   c:\program files\DivX521XP2K.exe
2005-01-11 09:45 . 2005-01-11 07:23   767   ----a-w-   c:\program files\Internet Explorer.lnk
2005-01-11 08:50 . 2005-01-11 08:50   823296   ----a-w-   c:\program files\winmx353.exe
2005-01-11 08:20 . 2005-01-11 08:20   4918270   ----a-w-   c:\program files\Firefox+Setup+1.0.exe
2006-01-19 22:19 . 2006-01-19 22:19   10856   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2002-06-25 21:47   12800   0F7D9C87B0CE1FA520473119752C6F79   c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2004-08-04 07:56   14336   8F078AE4ED187AAABC0A305146DE6716   c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12   14336   27C6D03BCDB8CFEB96B716F3D8BE3E18   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[7] 2004-08-04 07:56   14336   8F078AE4ED187AAABC0A305146DE6716   c:\windows\system32\svchost.exe

[7] 2004-06-17 17:58   560128   31FB2D788A9AA618452C02E8375B6DCD   c:\windows\$hf_mig$\KB840987\SP1QFE\user32.dll
[7] 2005-03-02 18:19   577024   1800F293BCCC8EDE8A70E12B88D80036   c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48   578048   7AA4F6C00405DFC4B70ED4214E7D687B   c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-06-17 17:55   528896   530FE6F930201285D4D2BBBBC6A584AE   c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-06-25 21:48   561152   BE57A5C3ABD240514B98F6BCA872FB21   c:\windows\$NtUninstallKB840987$\user32.dll
[7] 2004-08-04 07:56   577024   C72661F8552ACE7C5C85E16A3CF505C4   c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09   577024   DE2DB164BBB35DB061AF0997E4499054   c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 07:56   577024   C72661F8552ACE7C5C85E16A3CF505C4   c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12   578560   B26B135FF1B9F60C9388B4A7D16F600B   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[7] 2007-03-08 15:36   577536   B409909F6E2E8A7067076ED748ABF1E7   c:\windows\system32\user32.dll
[7] 2007-03-08 15:36   577536   B409909F6E2E8A7067076ED748ABF1E7   c:\windows\system32\dllcache\user32.dll

[-] 2002-06-25 21:51   75264   8529C295DF59B564D37A73B5629162B1   c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2004-08-04 07:56   82944   2ED0B7F12A60F90092081C50FA0EC2B2   c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12   82432   2CCC474EB85CEAA3E1FA1726580A3E5A   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[7] 2004-08-04 07:56   82944   2ED0B7F12A60F90092081C50FA0EC2B2   c:\windows\system32\ws2_32.dll

[7] 2004-09-29 18:27   656896   2C07195588D69A067C2AFDAA31759295   c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2005-01-27 17:08   657920   A8EAC5330876548E9966A7D13025D196   c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2005-05-02 20:57   658944   E1E18136F9DD3DF1AD9C82193A5898A6   c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[7] 2005-03-10 07:43   657920   C8663B488996E89A84C3D17C1D12B79E   c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[7] 2005-09-02 23:53   660480   97A6FD7CAFD688CF2C78939EBAF0CD0C   c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-07-03 02:09   659456   6E533D155B259EB2363D3E04B5BE309F   c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2005-10-21 03:38   661504   AF785C4947676A7FC1673FDC5C8D0B5B   c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 03:58   663552   C0845ECBF4F9164E618EE381B79C9032   c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:25   663552   D94CFFDB53E7AC867438E2DFD50E7CBC   c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-06-23 11:25   664576   64CE26DB72810B30F7855EA51E1DF836   c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2006-09-14 08:31   664576   D207370287CF769AEBEBF03837784963   c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2006-10-23 15:34   664576   231EF4179ACABE486376B5CA893F1076   c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[7] 2007-01-04 14:05   665088   3FFA1573FC274E5AA7467D03941C45EE   c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[7] 2007-02-20 09:52   665600   B258C922D22DEEC880B60720531D7627   c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[7] 2007-04-18 12:46   665600   4261BA03AFD659DE04F0A17DFBDD454D   c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[7] 2007-06-26 14:35   665600   E1A3DD68B5380B360A7310A64D9BB188   c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[7] 2007-08-22 12:55   665600   A1BC17EB3758D73C3938B2318820F5B4   c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[7] 2007-10-11 05:57   666112   80D660A49E0D118144423099B2A9F5DA   c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-12-07 00:44   666112   085A7C37F9C6EDE1BA870B7DBEC06399   c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[7] 2008-02-16 09:32   666112   BB1EACD6AB47E78EBCA02EB781550D55   c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[7] 2008-04-21 06:56   666624   2E7DE1BF9418B071799EB53DE8CC22F5   c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-21 06:44   666112   2B0C24AA747A93A28987B6D65A4A74BC   c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:24   666624   26F240C250E5B4B395CB4B178BA75437   c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-06-23 16:12   667136   611ACE3F4201E9610AF8452F7C268995   c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[7] 2008-06-23 15:09   666112   F12FBB673DE9CC802C5DC518FE99AA2F   c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:54   666624   972299B7241EC325D8C7E5638C884925   c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-08-20 05:33   667648   C91E3A6EF094202F6B5CA8960DFCF243   c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 05:30   666112   9AF5F25124FBDC36E2B510729CBA2674   c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 04:58   666624   94418F53D2612C26DBADC04DAFBC197C   c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-10-16 10:20   667648   93C9D0A216498EE14EB9B26119BB95EE   c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[7] 2008-10-16 01:00   666112   1576318BF08D28CC61D1278114AD8D5B   c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04   667136   E8FCE58A470999350F64C591557F9E42   c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2009-02-20 08:14   668160   1EA0E6DD74199209D60991FD46CE8643   c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[7] 2009-02-20 08:10   666112   5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E   c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50   667648   711FEABED387B29FF7ED61BC6806A06C   c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2009-04-29 04:31   668160   9E36A148748C5DE4EA1F47B9B625F412   c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[7] 2009-04-29 04:46   666624   6002073519FA478BF89977369CDFD156   c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[7] 2009-04-29 04:21   668160   04BCB4F87B35502568F6CF33433543A5   c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2004-01-08 23:23   585216   6626545292428AE1ED5B4237404B346A   c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56   656384   C0823FC5469663BA63E7DB88F9919D70   c:\windows\$NtUninstallKB834707$\wininet.dll
[7] 2002-03-05 16:56   582656   C71AE1D2FA7C6BD6D3924215EF216FAB   c:\windows\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
[7] 2004-09-29 18:47   656896   CBA65B573C66FE23F647FF96E3A10994   c:\windows\$NtUninstallKB867282$\wininet.dll
[7] 2005-03-10 08:02   656896   6F018D6319BE4F96426EA829B79E05D5   c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2005-01-27 17:13   656896   B5E043E440B210014E021B24CF0A72E3   c:\windows\$NtUninstallKB890923$\wininet.dll
[7] 2005-07-03 02:11   658432   5B5FF992C0FA762CCF8655FC290E6E52   c:\windows\$NtUninstallKB896688$\wininet.dll
[7] 2005-05-02 20:52   657920   1A078AF3F85D10BA56444C23B3A18E74   c:\windows\$NtUninstallKB896727$\wininet.dll
[7] 2005-09-02 23:52   658432   AF61EBB1F550175EFF406D545D6AB086   c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:39   658432   E7B27B6B6E06CE34EA019FD8B858C613   c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:33   658432   1C0979C7A489BEE573CD0BF4AD94BB06   c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:23   658432   38AB7A56F566D9AAAD31812494944824   c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:02   658944   2B4DB890936430C71419037039502752   c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-09-14 08:39   658944   621AF3F6174A3F60677F5230E28BCC07   c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-10-23 15:17   658944   6B2735ADFF5A5D3B9130CA4A794722F0   c:\windows\$NtUninstallKB928090$\wininet.dll
[7] 2007-01-04 13:37   658944   8C393DF5234CBCBFF1EE31902D6B40AE   c:\windows\$NtUninstallKB931768$\wininet.dll
[7] 2007-02-20 09:48   658944   30D1C47E40EFBB792FF8D3C3B51CE507   c:\windows\$NtUninstallKB933566$\wininet.dll
[7] 2007-04-18 12:31   658944   B7156CD97E739F3014BC4D61758F868A   c:\windows\$NtUninstallKB937143$\wininet.dll
[7] 2007-06-26 14:09   658944   184E47C8F7B331025E6DC92740DB188F   c:\windows\$NtUninstallKB939653$\wininet.dll
[7] 2007-08-22 13:12   658944   1901AD51DA8BE9F8B38D5D526E5D1788   c:\windows\$NtUninstallKB942615$\wininet.dll
[7] 2007-10-11 06:13   659456   2005AD86A22AEE68E21EE59F9CCB77F2   c:\windows\$NtUninstallKB944533$\wininet.dll
[7] 2007-12-07 01:07   659456   57D1B5150CF6331FAC6B3E04C1FCB966   c:\windows\$NtUninstallKB947864$\wininet.dll
[7] 2008-02-16 08:59   659456   0C690E77C0E924C45B4D7045B182FFF1   c:\windows\$NtUninstallKB950759$\wininet.dll
[7] 2008-04-21 07:04   659456   1EFB8A3EA8454AEC1BB8A240A2845598   c:\windows\$NtUninstallKB953838$\wininet.dll
[7] 2008-06-23 15:38   659456   9EEA04BC4C3FA521D256D89940FAB4DB   c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2008-08-20 05:38   659456   87E694D09893978F22024FEEEDF35342   c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-10-16 10:37   659456   6F1E4BFD78C4E0D05FF3725D59B72925   c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:30   659456   F1DBF177AA0DB2150E626595D0EFF604   c:\windows\$NtUninstallKB969897$\wininet.dll
[7] 2004-08-04 07:56   656384   C0823FC5469663BA63E7DB88F9919D70   c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 00:12   666112   7A4F775ABB2F1C97DEF3E73AFA2FAEDD   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[7] 2009-04-29 04:52   659456   9D6E5AEB8F237E03D5892951EB3D6A7E   c:\windows\system32\wininet.dll
[7] 2009-04-29 04:52   659456   9D6E5AEB8F237E03D5892951EB3D6A7E   c:\windows\system32\dllcache\wininet.dll

[7] 2005-05-25 19:07   359936   63FDFEA54EB53DE2D863EE454937CE1E   c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07   360448   5562CC0A47B2AEF06D3417B733F3C195   c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18   360576   B2220C618B42A2212A59D91EBD6FC4B4   c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53   360832   64798ECFA43D78C7178375FCDD16D8C8   c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44   360960   744E57C99232201AE98C49168B918F48   c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51   361600   9AEFA14BD6B182D61E3119FA5F436D3D   c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59   361600   AD978A1B783B5719720CFF204B666C8E   c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2002-06-25 21:47   327168   E7774698BB0D14B0710A9A31E209F9B6   c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14   359040   9F4B36614A0FC234525BA224957DE55C   c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 19:04   359808   88763A98A4C26C409741B4AA162720C9   c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28   359808   583E063FDC888CA30D05C2724B0D7EF4   c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51   359808   1DBF125862891817F374F407626967F4   c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20   360064   90CAFF4B094573449A0872A0F919B178   c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 06:14   359040   9F4B36614A0FC234525BA224957DE55C   c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 19:20   361344   93EA8D04EC73A85DB02EB8805988F733   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2008-06-20 10:45   360320   2A5554FC5B1E04E131230E3CE035C3F9   c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45   360320   2A5554FC5B1E04E131230E3CE035C3F9   c:\windows\system32\drivers\tcpip.sys

[7] 2004-05-27 01:38   483328   E7F9D2E4E4A94A6F58014E5FFA16A65E   c:\windows\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[7] 2004-05-27 01:38   483328   E7F9D2E4E4A94A6F58014E5FFA16A65E   c:\windows\$hf_mig$\KB841533\SP1QFE\winlogon.exe
[7] 2004-05-12 22:15   430592   5DC59DAAFDA8E8D11BDE999E478A0C8F   c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2002-06-25 21:50   429056   C605FFF733AAD029D6B533E609C8A6E6   c:\windows\$NtUninstallKB841533$\winlogon.exe
[7] 2004-08-04 07:56   502272   01C3346C241652F43AED8E2149881BFE   c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12   507904   ED0EF0A136DEC83DF69F04118870003E   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[7] 2004-08-04 07:56   502272   01C3346C241652F43AED8E2149881BFE   c:\windows\system32\winlogon.exe

[-] 2002-06-25 21:42   161536   3EFD4F59BA0A340DE0A3AB984001DBF7   c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2004-08-04 06:14   182912   558635D3AF1C7546D26067D5D9B6959E   c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20   182656   1DF7F42665C94B825322FAE71721130D   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[7] 2004-08-04 06:14   182912   558635D3AF1C7546D26067D5D9B6959E   c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00   29056   4448006B6BC60E6C027932CFC38D6855   c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53   36608   3BB22519A194418D5FEC05D800A19AD0   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[7] 2004-08-04 06:00   29056   4448006B6BC60E6C027932CFC38D6855   c:\windows\system32\drivers\ip6fw.sys

[7] 2004-06-17 08:03   1954688   ED0D7A5F1138CCFD3ECAF8F6AC691F13   c:\windows\$hf_mig$\KB840987\SP1QFE\ntkrnlpa.exe
[7] 2005-03-02 00:36   2056832   D8ABA3EAB509627E707A3B14F00FBB6B   c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2006-12-19 16:12   2059392   BA4B97C00A437C1CC3DA365D93EE1E9D   c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 09:15   2059392   4D3DBDCCBF97F5BA1E74F322B155C3BA   c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49   2062976   9D832AF3FD1917DB0E1E8B2F000A2E3A   c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 23:02   2066048   5BA7F2141BC6DB06100D0E5A732C617A   c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30   2066176   607352B9CB3D708C67F6039097801B5A   c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18   2062976   63EC865DFF6CCFC7BEF94B5C50297CAD   c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33   2066048   4AC58F03EB94A72809949D757FC39D80   c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 19:39   2066048   A25E9B86EFFB2AF33BF51E676B68BFB0   c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2004-06-17 17:00   1903872   37EEE86E396C2FC1508E3A499631F709   c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2002-06-25 21:43   1897856   01FD1F7C82B263F1667A1CEA095756C5   c:\windows\$NtUninstallKB840987$\ntkrnlpa.exe
[7] 2004-08-04 05:58   2056832   947FB1D86D14AFCFFDB54BF837EC25D0   c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 00:34   2056832   81013F36B21C7F72CF784CC6731E0002   c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2006-12-19 12:55   2057600   1D659BFB788ED2BA45075624B748D249   c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:22   2057728   BA002228743B6824D87F0551DBC86D45   c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 08:38   2057600   515D30E2C90A3665A2739309334C9283   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-06 16:49   2057728   3006410E24772CC6953F0B5C01BEB35F   c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2004-08-04 05:58   2056832   947FB1D86D14AFCFFDB54BF837EC25D0   c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31   2065792   109F8E3E3C82E337BB71B6BC9B895D61   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[7] 2009-02-06 16:49   2057728   3006410E24772CC6953F0B5C01BEB35F   c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49   2057728   3006410E24772CC6953F0B5C01BEB35F   c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2004-06-17 17:22   2051584   F240DC474F8EDB2D95514D831DF069E5   c:\windows\$hf_mig$\KB840987\SP1QFE\ntoskrnl.exe
[7] 2005-03-02 01:04   2179456   28187802B7C368C0D3AEF7D4C382AABB   c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2006-12-19 16:51   2182016   CEF243F6DEFD20BE4ADDE26C7ECACB54   c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 09:55   2182144   5A5C8DB4AA962C714C8371FBDF189FC9   c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32   2186112   6A936E9D7BADAF3CAAEED1E1966EC1B0   c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08   2189056   7A95B10A73737EBF24139AAA63F5212B   c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 23:35   2189184   EFE8EACE83EAAD5849A7A548FB75B584   c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57   2185984   CE69DBD54221F2D40E49FF6DB77C6507   c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11   2189184   EEAF32F8E15A24F62BECB1BD403BB5C5   c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 20:11   2189184   31914172342BFF330063F343AC6958FE   c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2004-06-17 17:00   1881856   2CEBD574C16191344F207ED8A65AE4F6   c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2002-06-25 21:43   1875584   257AAFD1F77990355BB6E83650D52680   c:\windows\$NtUninstallKB840987$\ntoskrnl.exe
[7] 2004-08-04 06:19   2180992   CE218BC7088681FAA06633E218596CA7   c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 00:59   2179328   4D4CF2C14550A4B7718E94A6E581856E   c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2006-12-19 14:17   2180352   8F0DEAB1F81FB83F9C5995853CE48B9F   c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:00   2180352   21C91DA9CB53AA8A37041BA9684A8458   c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 09:10   2180352   582A8DBAA58C3B1F176EB2817DAEE77C   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 17:24   2180480   FACEBB0CA3154F77009CDFEE78A00BBB   c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2004-08-04 06:19   2180992   CE218BC7088681FAA06633E218596CA7   c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 19:27   2188928   0C89243C7C3EE199B96FCC16990E0679   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[7] 2009-02-06 17:24   2180480   FACEBB0CA3154F77009CDFEE78A00BBB   c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24   2180480   FACEBB0CA3154F77009CDFEE78A00BBB   c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2007-06-13 10:23   1033216   97BD6515465659FF8F3B7BE375B2EA87   c:\windows\explorer.exe
[7] 2007-06-13 11:26   1033216   7712DF0CDDE3A5AC89843E61CD5B3658   c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2002-06-25 21:38   1000960   5A26FC6010886D25B3E412493DD95ED8   c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56   1032192   A0732187050030AE399B241436565E64   c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2004-08-04 07:56   1032192   A0732187050030AE399B241436565E64   c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12   1033728   12896823FB95BFB3DC9B46BCAEDC9923   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[7] 2007-06-13 10:23   1033216   97BD6515465659FF8F3B7BE375B2EA87   c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 10:22   110592   4712531AB7A01B7EE059853CA17D39BD   c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11   110592   65DF52F5B8B6E9BBD183505225C37315   c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06   110592   020CEAAEDC8EB655B6506B8C70D53BB6   c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2002-06-25 21:45   101376   E3DF4A0252D287C44606EE55355E1623   c:\windows\$NtServicePackUninstall$\services.exe
[7] 2004-08-04 07:56   108032   C6CE6EEC82F187615D1002BB3BB50ED4   c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 07:56   108032   C6CE6EEC82F187615D1002BB3BB50ED4   c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 00:12   108544   0E776ED5F7CC9F94299E70461B7B8185   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[7] 2009-02-06 17:14   110592   37561F8D4160D62DA86D24AE41FAE8DE   c:\windows\system32\services.exe
[7] 2009-02-06 17:14   110592   37561F8D4160D62DA86D24AE41FAE8DE   c:\windows\system32\dllcache\services.exe

[-] 2002-06-25 21:40   11776   8A590EA109B5E0C7629E022F8A6B17C5   c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2004-08-04 07:56   13312   84885F9B82F4D55C6146EBF6065D75D2   c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12   13312   BF2466B3E18E970D8A976FB95FC1CA85   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[7] 2004-08-04 07:56   13312   84885F9B82F4D55C6146EBF6065D75D2   c:\windows\system32\lsass.exe

[-] 2002-06-25 21:37   13312   85B1054DB58D13AA42D7DCA778C30F57   c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2004-08-04 07:56   15360   24232996A38C0B0CF151C2140AE29FC8   c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12   15360   5F1D5F88303D4A4DBC8E5F97BA967CC3   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[7] 2004-08-04 07:56   15360   24232996A38C0B0CF151C2140AE29FC8   c:\windows\system32\ctfmon.exe

[7] 2005-06-11 00:17   57856   AD3D9D191AEA7B5445FE1D82FFBB4788   c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2002-06-25 21:47   51200   9B4155BA58192D4073082B8FC5D42612   c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56   57856   7435B108B935E42EA92CA94F59C8E717   c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2004-08-04 07:56   57856   7435B108B935E42EA92CA94F59C8E717   c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12   57856   D8E14A61ACC1D4A6CD0D38AEBAC7FA3B   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[7] 2005-06-10 23:53   57856   DA81EC57ACD4CDC3D4C51CF3D409AF9F   c:\windows\system32\spoolsv.exe

[7] 2004-08-04 07:56   111104   4126D27CECE4471E00E425411F7306B5   c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2008-04-14 00:12   111104   ED7262E52C31CF1625B65039102BC16C   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe
[7] 2008-10-16 19:09   51224   E654B78D2F1D791B30D0ED9A8195EC22   c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09   51224   E654B78D2F1D791B30D0ED9A8195EC22   c:\windows\system32\dllcache\wuauclt.exe

[-] 2002-06-25 21:48   21504   585398603F570F9705774D65D292E5D1   c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2004-08-04 07:56   24576   39B1FFB03C2296323832ACBAE50D2AFF   c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12   26112   A93AEE1928A9D7CE3E16D24EC7380F89   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[7] 2004-08-04 07:56   24576   39B1FFB03C2296323832ACBAE50D2AFF   c:\windows\system32\userinit.exe

[7] 2002-06-25 21:48   197632   344784BB9B02891E813260C192F271DE   c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2004-08-04 07:56   295424   B60C877D16D9C880B952FDA04ADF16E6   c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12   295424   FF3477C03BE7201C294C35F684B3479F   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[7] 2004-08-04 07:56   295424   B60C877D16D9C880B952FDA04ADF16E6   c:\windows\system32\termsrv.dll

[7] 2004-06-17 17:58   930816   FCA73DE7B988A2F7837FFBFFCFBED088   c:\windows\$hf_mig$\KB840987\SP1QFE\kernel32.dll
[7] 2006-07-05 10:57   985088   0FDD84928A5DDE2510761B7EC76CCEC9   c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:07   986112   09F7CB3687F86EDAA4CA081F7AB66C03   c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54   989184   80202858D245FF07DAA1739C57A3E19B   c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06   989696   B921FB870C9AC0D509B2CCABBBBE95F3   c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59   991744   DA11D9D6ECBDF0F93436A4B7C13F7BEC   c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-06-17 17:55   898048   EBC65C59E5BFE6B167FA895E75840B5D   c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2002-06-25 21:39   926720   379B0B31D7F8D2C9F7FF302B454A6C54   c:\windows\$NtUninstallKB840987$\kernel32.dll
[7] 2004-08-04 07:56   983552   888190E31455FAD793312F8D087146EB   c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:55   984064   D8DB5397DE07577C1CB50BA6D23B3AD4   c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:52   984576   A01F9CA902A88F7CED06884174D6419D   c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2004-08-04 07:56   983552   888190E31455FAD793312F8D087146EB   c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 00:11   989696   C24B983D211C34DA8FCC1AC38477971D   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[7] 2009-03-21 14:18   986112   B6ACAED7588295129791E0E6A2B0FADE   c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18   986112   B6ACAED7588295129791E0E6A2B0FADE   c:\windows\system32\dllcache\kernel32.dll

[-] 2002-06-25 21:44   14848   865AD7CCB20856727D5BD994B094DC5E   c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2004-08-04 07:56   17408   1B5F6923ABB450692E9FE0672C897AED   c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12   17408   50A166237A0FA771261275A405646CC0   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[7] 2004-08-04 07:56   17408   1B5F6923ABB450692E9FE0672C897AED   c:\windows\system32\powrprof.dll

[-] 2002-06-25 21:38   96768   E046037FD5BCDF92CE1A122B749B9B09   c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2004-08-04 07:56   110080   87CA7CE6469577F059297B9D6556D66D   c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11   110080   0DA85218E92526972A821587E6A8BF8F   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[7] 2004-08-04 07:56   110080   87CA7CE6469577F059297B9D6556D66D   c:\windows\system32\imm32.dll

[-] 2002-06-25 21:46   1562112   9E415EFDF50F26BCBC97C80F4E6C30CC   c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2004-08-04 07:56   1580544   30A609E00BD1D4FFC49D6B5A432BE7F2   c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12   1614848   9DD07AF82244867CA36681EA2D29CE79   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[7] 2004-08-04 07:56   1580544   30A609E00BD1D4FFC49D6B5A432BE7F2   c:\windows\system32\sfcfiles.dll


[-] 2002-06-25 21:39   23424   9C30CD464D87102497FD7C32910E6253   c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2004-08-04 05:58   24576   EBDEE8A2EE5393890A1ACEE971C4C246   c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39   24576   463C1EC80CD17420A542B7F36A36F128   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[7] 2004-08-04 05:58   24576   EBDEE8A2EE5393890A1ACEE971C4C246   c:\windows\system32\drivers\kbdclass.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07   1004800   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-06 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2008-12-25 1069056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-2-2 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 13:25   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"blank"= blank:Yahoo! Messenger
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2009 9:49 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2009 9:49 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/22/2009 9:49 AM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/22/2009 9:49 AM 298776]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Owner\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [3/11/2009 5:34 PM 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [3/11/2009 5:34 PM 3768]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
BHO-{483B0FFD-E30E-4DB3-A57C-B19CB6FD8E1F} - c:\windows\system32\cbXOEtUK.dll
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-IgfxTray.exe - c:\program files\Rosetta Stone\Rosetta Stone V3\Patch.exe
HKLM-Run-Easy Dock - (no file)


.
------- Supplementary Scan -------
.
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z0djtchf.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101740&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 22:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-220523388-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:aa,60,23,8b,83,0a,0a,63,0d,26,ee,73,a9,5d,56,a4,c1,de,bd,2f,5c,
   f0,3e,de,70,66,6d,d1,78,db,20,c5,bc,47,ff,18,d7,8a,b5,f5,64,82,68,4e,4b,6d,\
"rkeysecu"=hex:a5,34,7f,ea,32,71,61,b9,af,82,da,8d,b4,2f,df,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1520)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\windows\system32\browselc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Lexmark X74-X75\lxbbbmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-08 22:46 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-08 02:45

Pre-Run: 14,367,842,304 bytes free
Post-Run: 16,517,103,616 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

452   --- E O F ---   2009-06-15 10:07

MAANGO

#9
July 08, 2009, 02:55:07 AM
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-07-07 22:53:00
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 16 GB (41%) free of 38 GB
Total RAM: 510 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:23 PM, on 7/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://c%3a%5cprogram%20files%5cnetscape%5cnetscape%5csearchplugins%5csbweb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\ql6forv2.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {483B0FFD-E30E-4DB3-A57C-B19CB6FD8E1F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105428806749
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 7715 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll [2004-10-08 298168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-22 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{483B0FFD-E30E-4DB3-A57C-B19CB6FD8E1F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll [2004-10-08 298168]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-02-10 118784]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-11 368706]
"YBrowser"=C:\Program Files\Yahoo!\browser\ybrwicon.exe [2003-07-11 57344]
"IPInSightLAN 02"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe [2003-06-11 380928]
"IPInSightMonitor 02"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [2003-06-11 122880]
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2003-12-10 380928]
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-06-25 57344]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-02-06 180269]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
RCA Detective.lnk - C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108735
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Documents and Settings\Owner\Desktop\utorrent.exe"="C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent"
"blank"="blank:*:Enabled:Yahoo! Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-07-07 22:46:53 ----D---- C:\WINDOWS\temp
2009-07-07 22:46:50 ----A---- C:\ComboFix.txt
2009-07-07 22:30:38 ----A---- C:\WINDOWS\system32\proquota.exe
2009-07-07 22:22:32 ----A---- C:\Boot.bak
2009-07-07 22:22:24 ----RASHD---- C:\cmdcons
2009-07-07 22:19:29 ----A---- C:\WINDOWS\zip.exe
2009-07-07 22:19:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-07 22:19:29 ----A---- C:\WINDOWS\SWSC.exe
2009-07-07 22:19:29 ----A---- C:\WINDOWS\SWREG.exe
2009-07-07 22:19:29 ----A---- C:\WINDOWS\sed.exe
2009-07-07 22:19:29 ----A---- C:\WINDOWS\PEV.exe
2009-07-07 22:19:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-07 22:19:29 ----A---- C:\WINDOWS\grep.exe
2009-07-07 22:19:23 ----D---- C:\WINDOWS\ERDNT
2009-07-07 22:19:17 ----D---- C:\Qoobox
2009-07-07 21:51:15 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-07 21:39:44 ----SHD---- C:\Config.Msi
2009-07-07 20:25:14 ----D---- C:\rsit
2009-07-07 20:25:14 ----D---- C:\Program Files\trend micro
2009-07-01 09:26:11 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-06-15 06:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-15 06:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-15 06:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-15 06:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-15 06:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-07 22:48:33 ----D---- C:\WINDOWS\Prefetch
2009-07-07 22:47:48 ----D---- C:\Program Files\Mozilla Firefox
2009-07-07 22:46:54 ----D---- C:\WINDOWS\system32\drivers
2009-07-07 22:46:54 ----D---- C:\WINDOWS\system32
2009-07-07 22:46:53 ----D---- C:\WINDOWS
2009-07-07 22:44:51 ----SD---- C:\WINDOWS\Tasks
2009-07-07 22:40:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-07 22:39:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-07 22:35:18 ----A---- C:\WINDOWS\system.ini
2009-07-07 22:31:19 ----D---- C:\WINDOWS\system32\config
2009-07-07 22:30:09 ----SHD---- C:\WINDOWS\Installer
2009-07-07 22:27:57 ----D---- C:\WINDOWS\AppPatch
2009-07-07 22:27:45 ----D---- C:\Program Files\Common Files
2009-07-07 22:22:32 ----RASH---- C:\boot.ini
2009-07-07 22:21:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 21:54:30 ----D---- C:\Program Files\Java
2009-07-07 21:51:44 ----D---- C:\Program Files\Common Files\Adobe
2009-07-07 21:50:10 ----D---- C:\Program Files\Adobe
2009-07-07 21:38:45 ----AD---- C:\Program Files
2009-07-07 20:12:02 ----D---- C:\WINDOWS\system32\wbem
2009-07-07 19:13:10 ----HD---- C:\$AVG8.VAULT$
2009-07-07 18:14:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-07 18:06:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-07 16:34:25 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-07-03 17:50:46 ----A---- C:\WINDOWS\LEXSTAT.INI
2009-07-01 09:25:12 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-19 16:57:31 ----D---- C:\Program Files\Lexmark X74-X75
2009-06-15 06:07:22 ----ASD---- C:\WINDOWS\inf
2009-06-15 06:07:03 ----A---- C:\WINDOWS\imsins.BAK
2009-06-15 06:06:41 ----D---- C:\Program Files\Internet Explorer
2009-06-15 06:05:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-10 01:33:02 ----D---- C:\Program Files\Soulseek

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-01 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-22 108552]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-01-09 223128]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-06-25 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-06-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-05-28 500568]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S2 W55U01;WINBOND W55U01 USB; C:\WINDOWS\System32\Drivers\W55U01.sys [2005-08-12 15232]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\ewdmaudn.sys []
S3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 SndTAudio;SndTAudio; C:\WINDOWS\system32\drivers\SndTAudio.sys [2009-03-02 23096]
S3 SndTVideo;SndTVideo; C:\WINDOWS\system32\DRIVERS\SndTVideo.sys [2009-03-02 3768]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-06-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-01 906520]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-06-25 303104]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-02 658432]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Corrine

#10
July 08, 2009, 02:16:19 PM
Hi, Manny.

We're making progress.  I would suggest, however, that the source of the problems was not so much your little sisters playing online games but the combination of the vulnerable software and using the P2P program, uTorrent.  P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late.

I strongly suggest you go to add/remove programs and uninstall uTorrent. 

Then, to continue with the cleanup, please do the following:

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

File::
c:\docume~1\Owner\LOCALS~1\Temp\ewdmaudn.sys

Folder::
C:\Program Files\Java\jre1.5.0_06

Driver::
ewdmaudn

Registry::
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -
O2 - BHO: (no name) - {483B0FFD-E30E-4DB3-A57C-B19CB6FD8E1F} -
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} -
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

How is the computer now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAANGO

#11
July 08, 2009, 04:26:32 PM
Corrine

I did what you said and this is the ComboFix log:>>>

~~~~~~~~~~~~~~

ComboFix 09-07-07.A2 - Owner 07/08/2009 11:55.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.151 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\ewdmaudn.sys"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Java\jre1.5.0_06
c:\program files\Java\jre1.5.0_06\bin\awt.dll
c:\program files\Java\jre1.5.0_06\bin\axbridge.dll
c:\program files\Java\jre1.5.0_06\bin\client\classes.jsa
c:\program files\Java\jre1.5.0_06\bin\client\jvm.dll
c:\program files\Java\jre1.5.0_06\bin\client\Xusage.txt
c:\program files\Java\jre1.5.0_06\bin\cmm.dll
c:\program files\Java\jre1.5.0_06\bin\dcpr.dll
c:\program files\Java\jre1.5.0_06\bin\deploy.dll
c:\program files\Java\jre1.5.0_06\bin\dt_shmem.dll
c:\program files\Java\jre1.5.0_06\bin\dt_socket.dll
c:\program files\Java\jre1.5.0_06\bin\fontmanager.dll
c:\program files\Java\jre1.5.0_06\bin\hpi.dll
c:\program files\Java\jre1.5.0_06\bin\hprof.dll
c:\program files\Java\jre1.5.0_06\bin\instrument.dll
c:\program files\Java\jre1.5.0_06\bin\ioser12.dll
c:\program files\Java\jre1.5.0_06\bin\j2pkcs11.dll
c:\program files\Java\jre1.5.0_06\bin\jaas_nt.dll
c:\program files\Java\jre1.5.0_06\bin\java.dll
c:\program files\Java\jre1.5.0_06\bin\java.exe
c:\program files\Java\jre1.5.0_06\bin\java_crw_demo.dll
c:\program files\Java\jre1.5.0_06\bin\javacpl.exe
c:\program files\Java\jre1.5.0_06\bin\javaw.exe
c:\program files\Java\jre1.5.0_06\bin\JavaWebStart.dll
c:\program files\Java\jre1.5.0_06\bin\javaws.exe
c:\program files\Java\jre1.5.0_06\bin\jawt.dll
c:\program files\Java\jre1.5.0_06\bin\JdbcOdbc.dll
c:\program files\Java\jre1.5.0_06\bin\jdwp.dll
c:\program files\Java\jre1.5.0_06\bin\jpeg.dll
c:\program files\Java\jre1.5.0_06\bin\jpicom32.dll
c:\program files\Java\jre1.5.0_06\bin\jpicpl32.cpl
c:\program files\Java\jre1.5.0_06\bin\jpiexp32.dll
c:\program files\Java\jre1.5.0_06\bin\jpinscp.dll
c:\program files\Java\jre1.5.0_06\bin\jpioji.dll
c:\program files\Java\jre1.5.0_06\bin\jpishare.dll
c:\program files\Java\jre1.5.0_06\bin\jsound.dll
c:\program files\Java\jre1.5.0_06\bin\jsoundds.dll
c:\program files\Java\jre1.5.0_06\bin\jucheck.exe
c:\program files\Java\jre1.5.0_06\bin\jusched.exe
c:\program files\Java\jre1.5.0_06\bin\keytool.exe
c:\program files\Java\jre1.5.0_06\bin\kinit.exe
c:\program files\Java\jre1.5.0_06\bin\klist.exe
c:\program files\Java\jre1.5.0_06\bin\ktab.exe
c:\program files\Java\jre1.5.0_06\bin\management.dll
c:\program files\Java\jre1.5.0_06\bin\net.dll
c:\program files\Java\jre1.5.0_06\bin\nio.dll
c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
c:\program files\Java\jre1.5.0_06\bin\orbd.exe
c:\program files\Java\jre1.5.0_06\bin\pack200.exe
c:\program files\Java\jre1.5.0_06\bin\policytool.exe
c:\program files\Java\jre1.5.0_06\bin\RegUtils.dll
c:\program files\Java\jre1.5.0_06\bin\rmi.dll
c:\program files\Java\jre1.5.0_06\bin\rmid.exe
c:\program files\Java\jre1.5.0_06\bin\rmiregistry.exe
c:\program files\Java\jre1.5.0_06\bin\servertool.exe
c:\program files\Java\jre1.5.0_06\bin\ssv.dll
c:\program files\Java\jre1.5.0_06\bin\tnameserv.exe
c:\program files\Java\jre1.5.0_06\bin\unicows.dll
c:\program files\Java\jre1.5.0_06\bin\unpack.dll
c:\program files\Java\jre1.5.0_06\bin\unpack200.exe
c:\program files\Java\jre1.5.0_06\bin\verify.dll
c:\program files\Java\jre1.5.0_06\bin\w2k_lsa_auth.dll
c:\program files\Java\jre1.5.0_06\bin\zip.dll
c:\program files\Java\jre1.5.0_06\CHANGES
c:\program files\Java\jre1.5.0_06\COPYRIGHT
c:\program files\Java\jre1.5.0_06\lib\classlist
c:\program files\Java\jre1.5.0_06\lib\cmm\CIEXYZ.pf
c:\program files\Java\jre1.5.0_06\lib\cmm\GRAY.pf
c:\program files\Java\jre1.5.0_06\lib\cmm\LINEAR_RGB.pf
c:\program files\Java\jre1.5.0_06\lib\cmm\sRGB.pf
c:\program files\Java\jre1.5.0_06\lib\content-types.properties
c:\program files\Java\jre1.5.0_06\lib\deploy.jar
c:\program files\Java\jre1.5.0_06\lib\ext\dnsns.jar
c:\program files\Java\jre1.5.0_06\lib\ext\QTJava.zip
c:\program files\Java\jre1.5.0_06\lib\ext\sunjce_provider.jar
c:\program files\Java\jre1.5.0_06\lib\ext\sunpkcs11.jar
c:\program files\Java\jre1.5.0_06\lib\flavormap.properties
c:\program files\Java\jre1.5.0_06\lib\fontconfig.98.bfc
c:\program files\Java\jre1.5.0_06\lib\fontconfig.98.properties.src
c:\program files\Java\jre1.5.0_06\lib\fontconfig.bfc
c:\program files\Java\jre1.5.0_06\lib\fontconfig.Me.bfc
c:\program files\Java\jre1.5.0_06\lib\fontconfig.Me.properties.src
c:\program files\Java\jre1.5.0_06\lib\fontconfig.properties.src
c:\program files\Java\jre1.5.0_06\lib\fonts\LucidaSansRegular.ttf
c:\program files\Java\jre1.5.0_06\lib\i386\jvm.cfg
c:\program files\Java\jre1.5.0_06\lib\im\indicim.jar
c:\program files\Java\jre1.5.0_06\lib\im\thaiim.jar
c:\program files\Java\jre1.5.0_06\lib\images\cursors\cursors.properties
c:\program files\Java\jre1.5.0_06\lib\images\cursors\invalid32x32.gif
c:\program files\Java\jre1.5.0_06\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Java\jre1.5.0_06\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Java\jre1.5.0_06\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Java\jre1.5.0_06\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Java\jre1.5.0_06\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Java\jre1.5.0_06\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Java\jre1.5.0_06\lib\javaws.jar
c:\program files\Java\jre1.5.0_06\lib\javaws\messages.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_de.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_es.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_fr.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_it.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_ja.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_ko.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_sv.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_zh_CN.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_zh_HK.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\messages_zh_TW.properties
c:\program files\Java\jre1.5.0_06\lib\javaws\miniSplash.jpg
c:\program files\Java\jre1.5.0_06\lib\jce.jar
c:\program files\Java\jre1.5.0_06\lib\jsse.jar
c:\program files\Java\jre1.5.0_06\lib\jvm.hprof.txt
c:\program files\Java\jre1.5.0_06\lib\logging.properties
c:\program files\Java\jre1.5.0_06\lib\management\jmxremote.access
c:\program files\Java\jre1.5.0_06\lib\management\jmxremote.password.template
c:\program files\Java\jre1.5.0_06\lib\management\management.properties
c:\program files\Java\jre1.5.0_06\lib\management\snmp.acl.template
c:\program files\Java\jre1.5.0_06\lib\net.properties
c:\program files\Java\jre1.5.0_06\lib\plugin.jar
c:\program files\Java\jre1.5.0_06\lib\psfont.properties.ja
c:\program files\Java\jre1.5.0_06\lib\psfontj2d.properties
c:\program files\Java\jre1.5.0_06\lib\rt.jar
c:\program files\Java\jre1.5.0_06\lib\security\cacerts
c:\program files\Java\jre1.5.0_06\lib\security\java.policy
c:\program files\Java\jre1.5.0_06\lib\security\java.security
c:\program files\Java\jre1.5.0_06\lib\security\javaws.policy
c:\program files\Java\jre1.5.0_06\lib\security\local_policy.jar
c:\program files\Java\jre1.5.0_06\lib\security\US_export_policy.jar
c:\program files\Java\jre1.5.0_06\lib\sound.properties
c:\program files\Java\jre1.5.0_06\lib\tzmappings
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Abidjan
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Accra
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Addis_Ababa
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Algiers
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Asmera
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Bamako
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Bangui
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Banjul
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Bissau
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Blantyre
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Brazzaville
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Bujumbura
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Cairo
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Casablanca
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Ceuta
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Conakry
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Dakar
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Dar_es_Salaam
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Djibouti
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Douala
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\El_Aaiun
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Freetown
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Gaborone
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Harare
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Johannesburg
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Kampala
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Khartoum
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Kigali
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Kinshasa
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Lagos
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Libreville
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Lome
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Luanda
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Lubumbashi
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Lusaka
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Malabo
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Maputo
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Maseru
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Mbabane
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Mogadishu
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Monrovia
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Nairobi
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Ndjamena
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Niamey
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Nouakchott
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Ouagadougou
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Porto-Novo
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Sao_Tome
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Tripoli
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Tunis
c:\program files\Java\jre1.5.0_06\lib\zi\Africa\Windhoek
c:\program files\Java\jre1.5.0_06\lib\zi\America\Adak
c:\program files\Java\jre1.5.0_06\lib\zi\America\Anchorage
c:\program files\Java\jre1.5.0_06\lib\zi\America\Anguilla
c:\program files\Java\jre1.5.0_06\lib\zi\America\Antigua
c:\program files\Java\jre1.5.0_06\lib\zi\America\Araguaina
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\Catamarca
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\Cordoba
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\Jujuy
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\La_Rioja
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\Mendoza
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\San_Juan
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\Tucuman
c:\program files\Java\jre1.5.0_06\lib\zi\America\Argentina\Ushuaia
c:\program files\Java\jre1.5.0_06\lib\zi\America\Aruba
c:\program files\Java\jre1.5.0_06\lib\zi\America\Asuncion
c:\program files\Java\jre1.5.0_06\lib\zi\America\Bahia
c:\program files\Java\jre1.5.0_06\lib\zi\America\Barbados
c:\program files\Java\jre1.5.0_06\lib\zi\America\Belem
c:\program files\Java\jre1.5.0_06\lib\zi\America\Belize
c:\program files\Java\jre1.5.0_06\lib\zi\America\Boa_Vista
c:\program files\Java\jre1.5.0_06\lib\zi\America\Bogota
c:\program files\Java\jre1.5.0_06\lib\zi\America\Boise
c:\program files\Java\jre1.5.0_06\lib\zi\America\Cambridge_Bay
c:\program files\Java\jre1.5.0_06\lib\zi\America\Campo_Grande
c:\program files\Java\jre1.5.0_06\lib\zi\America\Cancun
c:\program files\Java\jre1.5.0_06\lib\zi\America\Caracas
c:\program files\Java\jre1.5.0_06\lib\zi\America\Cayenne
c:\program files\Java\jre1.5.0_06\lib\zi\America\Cayman
c:\program files\Java\jre1.5.0_06\lib\zi\America\Chicago
c:\program files\Java\jre1.5.0_06\lib\zi\America\Chihuahua
c:\program files\Java\jre1.5.0_06\lib\zi\America\Coral_Harbour
c:\program files\Java\jre1.5.0_06\lib\zi\America\Costa_Rica
c:\program files\Java\jre1.5.0_06\lib\zi\America\Cuiaba
c:\program files\Java\jre1.5.0_06\lib\zi\America\Curacao
c:\program files\Java\jre1.5.0_06\lib\zi\America\Danmarkshavn
c:\program files\Java\jre1.5.0_06\lib\zi\America\Dawson
c:\program files\Java\jre1.5.0_06\lib\zi\America\Dawson_Creek
c:\program files\Java\jre1.5.0_06\lib\zi\America\Denver
c:\program files\Java\jre1.5.0_06\lib\zi\America\Detroit
c:\program files\Java\jre1.5.0_06\lib\zi\America\Dominica
c:\program files\Java\jre1.5.0_06\lib\zi\America\Edmonton
c:\program files\Java\jre1.5.0_06\lib\zi\America\Eirunepe
c:\program files\Java\jre1.5.0_06\lib\zi\America\El_Salvador
c:\program files\Java\jre1.5.0_06\lib\zi\America\Fortaleza
c:\program files\Java\jre1.5.0_06\lib\zi\America\Glace_Bay
c:\program files\Java\jre1.5.0_06\lib\zi\America\Godthab
c:\program files\Java\jre1.5.0_06\lib\zi\America\Goose_Bay
c:\program files\Java\jre1.5.0_06\lib\zi\America\Grand_Turk
c:\program files\Java\jre1.5.0_06\lib\zi\America\Grenada
c:\program files\Java\jre1.5.0_06\lib\zi\America\Guadeloupe
c:\program files\Java\jre1.5.0_06\lib\zi\America\Guatemala
c:\program files\Java\jre1.5.0_06\lib\zi\America\Guayaquil
c:\program files\Java\jre1.5.0_06\lib\zi\America\Guyana
c:\program files\Java\jre1.5.0_06\lib\zi\America\Halifax
c:\program files\Java\jre1.5.0_06\lib\zi\America\Havana
c:\program files\Java\jre1.5.0_06\lib\zi\America\Hermosillo
c:\program files\Java\jre1.5.0_06\lib\zi\America\Indiana\Indianapolis
c:\program files\Java\jre1.5.0_06\lib\zi\America\Indiana\Knox
c:\program files\Java\jre1.5.0_06\lib\zi\America\Indiana\Marengo
c:\program files\Java\jre1.5.0_06\lib\zi\America\Indiana\Vevay
c:\program files\Java\jre1.5.0_06\lib\zi\America\Inuvik
c:\program files\Java\jre1.5.0_06\lib\zi\America\Iqaluit
c:\program files\Java\jre1.5.0_06\lib\zi\America\Jamaica
c:\program files\Java\jre1.5.0_06\lib\zi\America\Juneau
c:\program files\Java\jre1.5.0_06\lib\zi\America\Kentucky\Louisville
c:\program files\Java\jre1.5.0_06\lib\zi\America\Kentucky\Monticello
c:\program files\Java\jre1.5.0_06\lib\zi\America\La_Paz
c:\program files\Java\jre1.5.0_06\lib\zi\America\Lima
c:\program files\Java\jre1.5.0_06\lib\zi\America\Los_Angeles
c:\program files\Java\jre1.5.0_06\lib\zi\America\Maceio
c:\program files\Java\jre1.5.0_06\lib\zi\America\Managua
c:\program files\Java\jre1.5.0_06\lib\zi\America\Manaus
c:\program files\Java\jre1.5.0_06\lib\zi\America\Martinique
c:\program files\Java\jre1.5.0_06\lib\zi\America\Mazatlan
c:\program files\Java\jre1.5.0_06\lib\zi\America\Menominee
c:\program files\Java\jre1.5.0_06\lib\zi\America\Merida
c:\program files\Java\jre1.5.0_06\lib\zi\America\Mexico_City
c:\program files\Java\jre1.5.0_06\lib\zi\America\Miquelon
c:\program files\Java\jre1.5.0_06\lib\zi\America\Monterrey
c:\program files\Java\jre1.5.0_06\lib\zi\America\Montevideo
c:\program files\Java\jre1.5.0_06\lib\zi\America\Montreal
c:\program files\Java\jre1.5.0_06\lib\zi\America\Montserrat
c:\program files\Java\jre1.5.0_06\lib\zi\America\Nassau
c:\program files\Java\jre1.5.0_06\lib\zi\America\New_York
c:\program files\Java\jre1.5.0_06\lib\zi\America\Nipigon
c:\program files\Java\jre1.5.0_06\lib\zi\America\Nome
c:\program files\Java\jre1.5.0_06\lib\zi\America\Noronha
c:\program files\Java\jre1.5.0_06\lib\zi\America\North_Dakota\Center
c:\program files\Java\jre1.5.0_06\lib\zi\America\Panama
c:\program files\Java\jre1.5.0_06\lib\zi\America\Pangnirtung
c:\program files\Java\jre1.5.0_06\lib\zi\America\Paramaribo
c:\program files\Java\jre1.5.0_06\lib\zi\America\Phoenix
c:\program files\Java\jre1.5.0_06\lib\zi\America\Port-au-Prince
c:\program files\Java\jre1.5.0_06\lib\zi\America\Port_of_Spain
c:\program files\Java\jre1.5.0_06\lib\zi\America\Porto_Velho
c:\program files\Java\jre1.5.0_06\lib\zi\America\Puerto_Rico
c:\program files\Java\jre1.5.0_06\lib\zi\America\Rainy_River
c:\program files\Java\jre1.5.0_06\lib\zi\America\Rankin_Inlet
c:\program files\Java\jre1.5.0_06\lib\zi\America\Recife
c:\program files\Java\jre1.5.0_06\lib\zi\America\Regina
c:\program files\Java\jre1.5.0_06\lib\zi\America\Rio_Branco
c:\program files\Java\jre1.5.0_06\lib\zi\America\Santiago
c:\program files\Java\jre1.5.0_06\lib\zi\America\Santo_Domingo
c:\program files\Java\jre1.5.0_06\lib\zi\America\Sao_Paulo
c:\program files\Java\jre1.5.0_06\lib\zi\America\Scoresbysund
c:\program files\Java\jre1.5.0_06\lib\zi\America\St_Johns
c:\program files\Java\jre1.5.0_06\lib\zi\America\St_Kitts
c:\program files\Java\jre1.5.0_06\lib\zi\America\St_Lucia
c:\program files\Java\jre1.5.0_06\lib\zi\America\St_Thomas
c:\program files\Java\jre1.5.0_06\lib\zi\America\St_Vincent
c:\program files\Java\jre1.5.0_06\lib\zi\America\Swift_Current
c:\program files\Java\jre1.5.0_06\lib\zi\America\Tegucigalpa
c:\program files\Java\jre1.5.0_06\lib\zi\America\Thule
c:\program files\Java\jre1.5.0_06\lib\zi\America\Thunder_Bay
c:\program files\Java\jre1.5.0_06\lib\zi\America\Tijuana
c:\program files\Java\jre1.5.0_06\lib\zi\America\Toronto
c:\program files\Java\jre1.5.0_06\lib\zi\America\Tortola
c:\program files\Java\jre1.5.0_06\lib\zi\America\Vancouver
c:\program files\Java\jre1.5.0_06\lib\zi\America\Whitehorse
c:\program files\Java\jre1.5.0_06\lib\zi\America\Winnipeg
c:\program files\Java\jre1.5.0_06\lib\zi\America\Yakutat
c:\program files\Java\jre1.5.0_06\lib\zi\America\Yellowknife
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\Casey
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\Davis
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\DumontDUrville
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\Mawson
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\McMurdo
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\Palmer
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\Rothera
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\Syowa
c:\program files\Java\jre1.5.0_06\lib\zi\Antarctica\Vostok
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Aden
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Almaty
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Amman
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Anadyr
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Aqtau
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Aqtobe
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Ashgabat
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Baghdad
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Bahrain
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Baku
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Bangkok
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Beirut
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Bishkek
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Brunei
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Calcutta
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Choibalsan
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Chongqing
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Colombo
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Damascus
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Dhaka
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Dili
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Dubai
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Dushanbe
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Gaza
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Harbin
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Hong_Kong
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Hovd
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Irkutsk
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Jakarta
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Jayapura
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Jerusalem
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Kabul
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Kamchatka
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Karachi
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Kashgar
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Katmandu
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Krasnoyarsk
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Kuala_Lumpur
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Kuching
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Kuwait
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Macau
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Magadan
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Makassar
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Manila
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Muscat
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Nicosia
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Novosibirsk
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Omsk
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Oral
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Phnom_Penh
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Pontianak
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Pyongyang
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Qatar
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Qyzylorda
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Rangoon
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh87
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh88
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Riyadh89
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Saigon
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Sakhalin
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Samarkand
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Seoul
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Shanghai
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Singapore
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Taipei
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Tashkent
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Tbilisi
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Tehran
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Thimphu
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Tokyo
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Ulaanbaatar
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Urumqi
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Vientiane
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Vladivostok
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Yakutsk
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Yekaterinburg
c:\program files\Java\jre1.5.0_06\lib\zi\Asia\Yerevan
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\Azores
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\Bermuda
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\Canary
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\Cape_Verde
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\Faeroe
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\Madeira
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\Reykjavik
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\South_Georgia
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\St_Helena
c:\program files\Java\jre1.5.0_06\lib\zi\Atlantic\Stanley
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Adelaide
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Brisbane
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Broken_Hill
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Currie
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Darwin
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Hobart
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Lindeman
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Lord_Howe
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Melbourne
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Perth
c:\program files\Java\jre1.5.0_06\lib\zi\Australia\Sydney
c:\program files\Java\jre1.5.0_06\lib\zi\CET
c:\program files\Java\jre1.5.0_06\lib\zi\EET
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-1
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-10
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-11
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-12
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-13
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-14
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-2
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-3
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-4
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-5
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-6
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-7
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-8
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT-9
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+1
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+10
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+11
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+12
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+2
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+3
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+4
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+5
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+6
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+7
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+8
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\GMT+9
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\UCT
c:\program files\Java\jre1.5.0_06\lib\zi\Etc\UTC
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Amsterdam
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Andorra
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Athens
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Belgrade
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Berlin
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Brussels
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Bucharest
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Budapest
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Chisinau
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Copenhagen
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Dublin
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Gibraltar
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Helsinki
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Istanbul
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Kaliningrad
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Kiev
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Lisbon
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\London
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Luxembourg
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Madrid
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Malta
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Minsk
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Monaco
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Moscow
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Oslo
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Paris
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Prague
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Riga
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Rome
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Samara
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Simferopol
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Sofia
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Stockholm
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Tallinn
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Tirane
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Uzhgorod
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Vaduz
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Vienna
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Vilnius
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Warsaw
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Zaporozhye
c:\program files\Java\jre1.5.0_06\lib\zi\Europe\Zurich
c:\program files\Java\jre1.5.0_06\lib\zi\GMT
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Antananarivo
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Chagos
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Christmas
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Cocos
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Comoro
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Kerguelen
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Mahe
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Maldives
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Mauritius
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Mayotte
c:\program files\Java\jre1.5.0_06\lib\zi\Indian\Reunion
c:\program files\Java\jre1.5.0_06\lib\zi\MET
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Apia
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Auckland
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Chatham
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Easter
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Efate
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Enderbury
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Fakaofo
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Fiji
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Funafuti
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Galapagos
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Gambier
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Guadalcanal
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Guam
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Honolulu
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Johnston
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Kiritimati
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Kosrae
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Kwajalein
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Majuro
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Marquesas
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Midway
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Nauru
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Niue
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Norfolk
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Noumea
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Pago_Pago
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Palau
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Pitcairn
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Ponape
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Port_Moresby
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Rarotonga
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Saipan
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Tahiti
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Tarawa
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Tongatapu
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Truk
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Wake
c:\program files\Java\jre1.5.0_06\lib\zi\Pacific\Wallis
c:\program files\Java\jre1.5.0_06\lib\zi\WET
c:\program files\Java\jre1.5.0_06\lib\zi\ZoneInfoMappings
c:\program files\Java\jre1.5.0_06\LICENSE
c:\program files\Java\jre1.5.0_06\README.txt
c:\program files\Java\jre1.5.0_06\THIRDPARTYLICENSEREADME.txt
c:\program files\Java\jre1.5.0_06\Welcome.html

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EWDMAUDN
-------\Service_ewdmaudn


(((((((((((((((((((((((((   Files Created from 2009-06-08 to 2009-07-08  )))))))))))))))))))))))))))))))
.

2009-07-08 02:30 . 2004-08-04 07:56   50176   -c--a-w-   c:\windows\system32\dllcache\proquota.exe
2009-07-08 02:30 . 2004-08-04 07:56   50176   ----a-w-   c:\windows\system32\proquota.exe
2009-07-08 01:58 . 2009-07-08 02:11   --------   d-----w-   c:\documents and settings\Owner\.SunDownloadManager
2009-07-08 00:25 . 2009-07-08 02:53   --------   d-----w-   c:\program files\trend micro
2009-07-08 00:25 . 2009-07-08 00:26   --------   d-----w-   C:\rsit
2009-07-07 22:13 . 2009-07-07 22:13   3561743   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-04 07:31 . 2009-06-14 20:07   1004800   ----a-w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-01 14:01 . 2009-07-01 14:01   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-07-01 13:26 . 2009-07-01 13:25   832144   ----a-w-   c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-01 13:26 . 2009-07-04 07:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 16:05 . 2005-01-16 20:34   --------   d-----w-   c:\program files\Java
2009-07-08 15:45 . 2006-02-26 07:24   --------   d-----w-   c:\documents and settings\Owner\Application Data\uTorrent
2009-07-08 15:42 . 2007-02-07 01:08   --------   d-----w-   c:\program files\Soulseek
2009-07-08 01:51 . 2005-01-11 09:25   --------   d-----w-   c:\program files\Common Files\Adobe
2009-07-07 22:14 . 2008-09-04 21:25   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-07-07 22:06 . 2009-05-22 13:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2009-07-01 13:25 . 2009-05-22 13:49   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-07-01 13:25 . 2009-05-22 13:49   327688   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-07-01 13:25 . 2009-05-22 13:49   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-06-19 20:57 . 2005-01-27 07:10   --------   d-----w-   c:\program files\Lexmark X74-X75
2009-06-17 15:27 . 2008-09-04 21:25   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-09-04 21:25   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-06 21:29 . 2009-05-24 03:32   --------   d-----w-   c:\program files\DOSBox-0.72
2009-05-29 03:51 . 2009-03-07 22:03   20   ---h--w-   c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-05-28 04:09 . 2005-01-11 08:23   --------   d-----w-   c:\program files\Trillian
2009-05-26 03:12 . 2009-05-26 03:12   2855   ----a-w-   c:\windows\PIF\INSTALL.PIF
2009-05-22 14:06 . 2009-05-22 14:06   --------   d-----w-   c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-22 13:49 . 2009-05-22 13:49   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-05-22 13:49 . 2009-05-22 13:49   --------   d-----w-   c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-05-22 13:49 . 2009-05-22 13:49   --------   d-----w-   c:\program files\AVG
2009-05-13 03:49 . 2005-01-11 07:28   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-05-07 15:44 . 2002-06-25 21:40   344064   ----a-w-   c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2004-01-08 23:23   659456   ----a-w-   c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2009-04-14 00:23   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2002-06-25 21:50   1846656   ----a-w-   c:\windows\system32\win32k.sys
2009-04-17 04:36 . 2009-04-17 04:36   0   ----a-w-   c:\windows\PowerReg.dat
2009-04-15 15:11 . 2005-01-11 08:14   584192   ----a-w-   c:\windows\system32\rpcrt4.dll
2005-10-07 01:54 . 2005-10-07 01:54   816782   ----a-w-   c:\program files\oggcodecs_0.69.8924.exe
2005-04-22 01:17 . 2005-04-22 01:17   491768   ----a-w-   c:\program files\ie6setup.exe
2005-01-24 08:25 . 2005-01-24 08:22   7741336   ----a-w-   c:\program files\DivX521XP2K.exe
2005-01-11 09:45 . 2005-01-11 07:23   767   ----a-w-   c:\program files\Internet Explorer.lnk
2005-01-11 08:50 . 2005-01-11 08:50   823296   ----a-w-   c:\program files\winmx353.exe
2005-01-11 08:20 . 2005-01-11 08:20   4918270   ----a-w-   c:\program files\Firefox+Setup+1.0.exe
2006-01-19 22:19 . 2006-01-19 22:19   10856   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2002-06-25 21:47   12800   0F7D9C87B0CE1FA520473119752C6F79   c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2004-08-04 07:56   14336   8F078AE4ED187AAABC0A305146DE6716   c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12   14336   27C6D03BCDB8CFEB96B716F3D8BE3E18   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[7] 2004-08-04 07:56   14336   8F078AE4ED187AAABC0A305146DE6716   c:\windows\system32\svchost.exe

[7] 2004-06-17 17:58   560128   31FB2D788A9AA618452C02E8375B6DCD   c:\windows\$hf_mig$\KB840987\SP1QFE\user32.dll
[7] 2005-03-02 18:19   577024   1800F293BCCC8EDE8A70E12B88D80036   c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48   578048   7AA4F6C00405DFC4B70ED4214E7D687B   c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-06-17 17:55   528896   530FE6F930201285D4D2BBBBC6A584AE   c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-06-25 21:48   561152   BE57A5C3ABD240514B98F6BCA872FB21   c:\windows\$NtUninstallKB840987$\user32.dll
[7] 2004-08-04 07:56   577024   C72661F8552ACE7C5C85E16A3CF505C4   c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09   577024   DE2DB164BBB35DB061AF0997E4499054   c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 07:56   577024   C72661F8552ACE7C5C85E16A3CF505C4   c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12   578560   B26B135FF1B9F60C9388B4A7D16F600B   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[7] 2007-03-08 15:36   577536   B409909F6E2E8A7067076ED748ABF1E7   c:\windows\system32\user32.dll
[7] 2007-03-08 15:36   577536   B409909F6E2E8A7067076ED748ABF1E7   c:\windows\system32\dllcache\user32.dll

[-] 2002-06-25 21:51   75264   8529C295DF59B564D37A73B5629162B1   c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2004-08-04 07:56   82944   2ED0B7F12A60F90092081C50FA0EC2B2   c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12   82432   2CCC474EB85CEAA3E1FA1726580A3E5A   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[7] 2004-08-04 07:56   82944   2ED0B7F12A60F90092081C50FA0EC2B2   c:\windows\system32\ws2_32.dll

[7] 2004-09-29 18:27   656896   2C07195588D69A067C2AFDAA31759295   c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2005-01-27 17:08   657920   A8EAC5330876548E9966A7D13025D196   c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2005-05-02 20:57   658944   E1E18136F9DD3DF1AD9C82193A5898A6   c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[7] 2005-03-10 07:43   657920   C8663B488996E89A84C3D17C1D12B79E   c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[7] 2005-09-02 23:53   660480   97A6FD7CAFD688CF2C78939EBAF0CD0C   c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-07-03 02:09   659456   6E533D155B259EB2363D3E04B5BE309F   c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2005-10-21 03:38   661504   AF785C4947676A7FC1673FDC5C8D0B5B   c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 03:58   663552   C0845ECBF4F9164E618EE381B79C9032   c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:25   663552   D94CFFDB53E7AC867438E2DFD50E7CBC   c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-06-23 11:25   664576   64CE26DB72810B30F7855EA51E1DF836   c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2006-09-14 08:31   664576   D207370287CF769AEBEBF03837784963   c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2006-10-23 15:34   664576   231EF4179ACABE486376B5CA893F1076   c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[7] 2007-01-04 14:05   665088   3FFA1573FC274E5AA7467D03941C45EE   c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[7] 2007-02-20 09:52   665600   B258C922D22DEEC880B60720531D7627   c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[7] 2007-04-18 12:46   665600   4261BA03AFD659DE04F0A17DFBDD454D   c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[7] 2007-06-26 14:35   665600   E1A3DD68B5380B360A7310A64D9BB188   c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[7] 2007-08-22 12:55   665600   A1BC17EB3758D73C3938B2318820F5B4   c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[7] 2007-10-11 05:57   666112   80D660A49E0D118144423099B2A9F5DA   c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-12-07 00:44   666112   085A7C37F9C6EDE1BA870B7DBEC06399   c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[7] 2008-02-16 09:32   666112   BB1EACD6AB47E78EBCA02EB781550D55   c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[7] 2008-04-21 06:56   666624   2E7DE1BF9418B071799EB53DE8CC22F5   c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-21 06:44   666112   2B0C24AA747A93A28987B6D65A4A74BC   c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:24   666624   26F240C250E5B4B395CB4B178BA75437   c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-06-23 16:12   667136   611ACE3F4201E9610AF8452F7C268995   c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[7] 2008-06-23 15:09   666112   F12FBB673DE9CC802C5DC518FE99AA2F   c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:54   666624   972299B7241EC325D8C7E5638C884925   c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-08-20 05:33   667648   C91E3A6EF094202F6B5CA8960DFCF243   c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 05:30   666112   9AF5F25124FBDC36E2B510729CBA2674   c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 04:58   666624   94418F53D2612C26DBADC04DAFBC197C   c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-10-16 10:20   667648   93C9D0A216498EE14EB9B26119BB95EE   c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[7] 2008-10-16 01:00   666112   1576318BF08D28CC61D1278114AD8D5B   c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04   667136   E8FCE58A470999350F64C591557F9E42   c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2009-02-20 08:14   668160   1EA0E6DD74199209D60991FD46CE8643   c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[7] 2009-02-20 08:10   666112   5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E   c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50   667648   711FEABED387B29FF7ED61BC6806A06C   c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2009-04-29 04:31   668160   9E36A148748C5DE4EA1F47B9B625F412   c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[7] 2009-04-29 04:46   666624   6002073519FA478BF89977369CDFD156   c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[7] 2009-04-29 04:21   668160   04BCB4F87B35502568F6CF33433543A5   c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2004-01-08 23:23   585216   6626545292428AE1ED5B4237404B346A   c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56   656384   C0823FC5469663BA63E7DB88F9919D70   c:\windows\$NtUninstallKB834707$\wininet.dll
[7] 2002-03-05 16:56   582656   C71AE1D2FA7C6BD6D3924215EF216FAB   c:\windows\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
[7] 2004-09-29 18:47   656896   CBA65B573C66FE23F647FF96E3A10994   c:\windows\$NtUninstallKB867282$\wininet.dll
[7] 2005-03-10 08:02   656896   6F018D6319BE4F96426EA829B79E05D5   c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2005-01-27 17:13   656896   B5E043E440B210014E021B24CF0A72E3   c:\windows\$NtUninstallKB890923$\wininet.dll
[7] 2005-07-03 02:11   658432   5B5FF992C0FA762CCF8655FC290E6E52   c:\windows\$NtUninstallKB896688$\wininet.dll
[7] 2005-05-02 20:52   657920   1A078AF3F85D10BA56444C23B3A18E74   c:\windows\$NtUninstallKB896727$\wininet.dll
[7] 2005-09-02 23:52   658432   AF61EBB1F550175EFF406D545D6AB086   c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:39   658432   E7B27B6B6E06CE34EA019FD8B858C613   c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:33   658432   1C0979C7A489BEE573CD0BF4AD94BB06   c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:23   658432   38AB7A56F566D9AAAD31812494944824   c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:02   658944   2B4DB890936430C71419037039502752   c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-09-14 08:39   658944   621AF3F6174A3F60677F5230E28BCC07   c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-10-23 15:17   658944   6B2735ADFF5A5D3B9130CA4A794722F0   c:\windows\$NtUninstallKB928090$\wininet.dll
[7] 2007-01-04 13:37   658944   8C393DF5234CBCBFF1EE31902D6B40AE   c:\windows\$NtUninstallKB931768$\wininet.dll
[7] 2007-02-20 09:48   658944   30D1C47E40EFBB792FF8D3C3B51CE507   c:\windows\$NtUninstallKB933566$\wininet.dll
[7] 2007-04-18 12:31   658944   B7156CD97E739F3014BC4D61758F868A   c:\windows\$NtUninstallKB937143$\wininet.dll
[7] 2007-06-26 14:09   658944   184E47C8F7B331025E6DC92740DB188F   c:\windows\$NtUninstallKB939653$\wininet.dll
[7] 2007-08-22 13:12   658944   1901AD51DA8BE9F8B38D5D526E5D1788   c:\windows\$NtUninstallKB942615$\wininet.dll
[7] 2007-10-11 06:13   659456   2005AD86A22AEE68E21EE59F9CCB77F2   c:\windows\$NtUninstallKB944533$\wininet.dll
[7] 2007-12-07 01:07   659456   57D1B5150CF6331FAC6B3E04C1FCB966   c:\windows\$NtUninstallKB947864$\wininet.dll
[7] 2008-02-16 08:59   659456   0C690E77C0E924C45B4D7045B182FFF1   c:\windows\$NtUninstallKB950759$\wininet.dll
[7] 2008-04-21 07:04   659456   1EFB8A3EA8454AEC1BB8A240A2845598   c:\windows\$NtUninstallKB953838$\wininet.dll
[7] 2008-06-23 15:38   659456   9EEA04BC4C3FA521D256D89940FAB4DB   c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2008-08-20 05:38   659456   87E694D09893978F22024FEEEDF35342   c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-10-16 10:37   659456   6F1E4BFD78C4E0D05FF3725D59B72925   c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:30   659456   F1DBF177AA0DB2150E626595D0EFF604   c:\windows\$NtUninstallKB969897$\wininet.dll
[7] 2004-08-04 07:56   656384   C0823FC5469663BA63E7DB88F9919D70   c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 00:12   666112   7A4F775ABB2F1C97DEF3E73AFA2FAEDD   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[7] 2009-04-29 04:52   659456   9D6E5AEB8F237E03D5892951EB3D6A7E   c:\windows\system32\wininet.dll
[7] 2009-04-29 04:52   659456   9D6E5AEB8F237E03D5892951EB3D6A7E   c:\windows\system32\dllcache\wininet.dll

[7] 2005-05-25 19:07   359936   63FDFEA54EB53DE2D863EE454937CE1E   c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07   360448   5562CC0A47B2AEF06D3417B733F3C195   c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18   360576   B2220C618B42A2212A59D91EBD6FC4B4   c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53   360832   64798ECFA43D78C7178375FCDD16D8C8   c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44   360960   744E57C99232201AE98C49168B918F48   c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51   361600   9AEFA14BD6B182D61E3119FA5F436D3D   c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59   361600   AD978A1B783B5719720CFF204B666C8E   c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2002-06-25 21:47   327168   E7774698BB0D14B0710A9A31E209F9B6   c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14   359040   9F4B36614A0FC234525BA224957DE55C   c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 19:04   359808   88763A98A4C26C409741B4AA162720C9   c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28   359808   583E063FDC888CA30D05C2724B0D7EF4   c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51   359808   1DBF125862891817F374F407626967F4   c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20   360064   90CAFF4B094573449A0872A0F919B178   c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 06:14   359040   9F4B36614A0FC234525BA224957DE55C   c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 19:20   361344   93EA8D04EC73A85DB02EB8805988F733   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2008-06-20 10:45   360320   2A5554FC5B1E04E131230E3CE035C3F9   c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45   360320   2A5554FC5B1E04E131230E3CE035C3F9   c:\windows\system32\drivers\tcpip.sys

[7] 2004-05-27 01:38   483328   E7F9D2E4E4A94A6F58014E5FFA16A65E   c:\windows\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[7] 2004-05-27 01:38   483328   E7F9D2E4E4A94A6F58014E5FFA16A65E   c:\windows\$hf_mig$\KB841533\SP1QFE\winlogon.exe
[7] 2004-05-12 22:15   430592   5DC59DAAFDA8E8D11BDE999E478A0C8F   c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2002-06-25 21:50   429056   C605FFF733AAD029D6B533E609C8A6E6   c:\windows\$NtUninstallKB841533$\winlogon.exe
[7] 2004-08-04 07:56   502272   01C3346C241652F43AED8E2149881BFE   c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12   507904   ED0EF0A136DEC83DF69F04118870003E   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[7] 2004-08-04 07:56   502272   01C3346C241652F43AED8E2149881BFE   c:\windows\system32\winlogon.exe

[-] 2002-06-25 21:42   161536   3EFD4F59BA0A340DE0A3AB984001DBF7   c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2004-08-04 06:14   182912   558635D3AF1C7546D26067D5D9B6959E   c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20   182656   1DF7F42665C94B825322FAE71721130D   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[7] 2004-08-04 06:14   182912   558635D3AF1C7546D26067D5D9B6959E   c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00   29056   4448006B6BC60E6C027932CFC38D6855   c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53   36608   3BB22519A194418D5FEC05D800A19AD0   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[7] 2004-08-04 06:00   29056   4448006B6BC60E6C027932CFC38D6855   c:\windows\system32\drivers\ip6fw.sys

[7] 2004-06-17 08:03   1954688   ED0D7A5F1138CCFD3ECAF8F6AC691F13   c:\windows\$hf_mig$\KB840987\SP1QFE\ntkrnlpa.exe
[7] 2005-03-02 00:36   2056832   D8ABA3EAB509627E707A3B14F00FBB6B   c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2006-12-19 16:12   2059392   BA4B97C00A437C1CC3DA365D93EE1E9D   c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 09:15   2059392   4D3DBDCCBF97F5BA1E74F322B155C3BA   c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49   2062976   9D832AF3FD1917DB0E1E8B2F000A2E3A   c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 23:02   2066048   5BA7F2141BC6DB06100D0E5A732C617A   c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30   2066176   607352B9CB3D708C67F6039097801B5A   c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18   2062976   63EC865DFF6CCFC7BEF94B5C50297CAD   c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33   2066048   4AC58F03EB94A72809949D757FC39D80   c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 19:39   2066048   A25E9B86EFFB2AF33BF51E676B68BFB0   c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2004-06-17 17:00   1903872   37EEE86E396C2FC1508E3A499631F709   c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2002-06-25 21:43   1897856   01FD1F7C82B263F1667A1CEA095756C5   c:\windows\$NtUninstallKB840987$\ntkrnlpa.exe
[7] 2004-08-04 05:58   2056832   947FB1D86D14AFCFFDB54BF837EC25D0   c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 00:34   2056832   81013F36B21C7F72CF784CC6731E0002   c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2006-12-19 12:55   2057600   1D659BFB788ED2BA45075624B748D249   c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:22   2057728   BA002228743B6824D87F0551DBC86D45   c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 08:38   2057600   515D30E2C90A3665A2739309334C9283   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-06 16:49   2057728   3006410E24772CC6953F0B5C01BEB35F   c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2004-08-04 05:58   2056832   947FB1D86D14AFCFFDB54BF837EC25D0   c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31   2065792   109F8E3E3C82E337BB71B6BC9B895D61   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[7] 2009-02-06 16:49   2057728   3006410E24772CC6953F0B5C01BEB35F   c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49   2057728   3006410E24772CC6953F0B5C01BEB35F   c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2004-06-17 17:22   2051584   F240DC474F8EDB2D95514D831DF069E5   c:\windows\$hf_mig$\KB840987\SP1QFE\ntoskrnl.exe
[7] 2005-03-02 01:04   2179456   28187802B7C368C0D3AEF7D4C382AABB   c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2006-12-19 16:51   2182016   CEF243F6DEFD20BE4ADDE26C7ECACB54   c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 09:55   2182144   5A5C8DB4AA962C714C8371FBDF189FC9   c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32   2186112   6A936E9D7BADAF3CAAEED1E1966EC1B0   c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08   2189056   7A95B10A73737EBF24139AAA63F5212B   c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 23:35   2189184   EFE8EACE83EAAD5849A7A548FB75B584   c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57   2185984   CE69DBD54221F2D40E49FF6DB77C6507   c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11   2189184   EEAF32F8E15A24F62BECB1BD403BB5C5   c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 20:11   2189184   31914172342BFF330063F343AC6958FE   c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2004-06-17 17:00   1881856   2CEBD574C16191344F207ED8A65AE4F6   c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2002-06-25 21:43   1875584   257AAFD1F77990355BB6E83650D52680   c:\windows\$NtUninstallKB840987$\ntoskrnl.exe
[7] 2004-08-04 06:19   2180992   CE218BC7088681FAA06633E218596CA7   c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 00:59   2179328   4D4CF2C14550A4B7718E94A6E581856E   c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2006-12-19 14:17   2180352   8F0DEAB1F81FB83F9C5995853CE48B9F   c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:00   2180352   21C91DA9CB53AA8A37041BA9684A8458   c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 09:10   2180352   582A8DBAA58C3B1F176EB2817DAEE77C   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 17:24   2180480   FACEBB0CA3154F77009CDFEE78A00BBB   c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2004-08-04 06:19   2180992   CE218BC7088681FAA06633E218596CA7   c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 19:27   2188928   0C89243C7C3EE199B96FCC16990E0679   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[7] 2009-02-06 17:24   2180480   FACEBB0CA3154F77009CDFEE78A00BBB   c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24   2180480   FACEBB0CA3154F77009CDFEE78A00BBB   c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2007-06-13 10:23   1033216   97BD6515465659FF8F3B7BE375B2EA87   c:\windows\explorer.exe
[7] 2007-06-13 11:26   1033216   7712DF0CDDE3A5AC89843E61CD5B3658   c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2002-06-25 21:38   1000960   5A26FC6010886D25B3E412493DD95ED8   c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56   1032192   A0732187050030AE399B241436565E64   c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2004-08-04 07:56   1032192   A0732187050030AE399B241436565E64   c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12   1033728   12896823FB95BFB3DC9B46BCAEDC9923   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[7] 2007-06-13 10:23   1033216   97BD6515465659FF8F3B7BE375B2EA87   c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 10:22   110592   4712531AB7A01B7EE059853CA17D39BD   c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11   110592   65DF52F5B8B6E9BBD183505225C37315   c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06   110592   020CEAAEDC8EB655B6506B8C70D53BB6   c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2002-06-25 21:45   101376   E3DF4A0252D287C44606EE55355E1623   c:\windows\$NtServicePackUninstall$\services.exe
[7] 2004-08-04 07:56   108032   C6CE6EEC82F187615D1002BB3BB50ED4   c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 07:56   108032   C6CE6EEC82F187615D1002BB3BB50ED4   c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 00:12   108544   0E776ED5F7CC9F94299E70461B7B8185   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[7] 2009-02-06 17:14   110592   37561F8D4160D62DA86D24AE41FAE8DE   c:\windows\system32\services.exe
[7] 2009-02-06 17:14   110592   37561F8D4160D62DA86D24AE41FAE8DE   c:\windows\system32\dllcache\services.exe

[-] 2002-06-25 21:40   11776   8A590EA109B5E0C7629E022F8A6B17C5   c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2004-08-04 07:56   13312   84885F9B82F4D55C6146EBF6065D75D2   c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12   13312   BF2466B3E18E970D8A976FB95FC1CA85   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[7] 2004-08-04 07:56   13312   84885F9B82F4D55C6146EBF6065D75D2   c:\windows\system32\lsass.exe

[-] 2002-06-25 21:37   13312   85B1054DB58D13AA42D7DCA778C30F57   c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2004-08-04 07:56   15360   24232996A38C0B0CF151C2140AE29FC8   c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12   15360   5F1D5F88303D4A4DBC8E5F97BA967CC3   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[7] 2004-08-04 07:56   15360   24232996A38C0B0CF151C2140AE29FC8   c:\windows\system32\ctfmon.exe

[7] 2005-06-11 00:17   57856   AD3D9D191AEA7B5445FE1D82FFBB4788   c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2002-06-25 21:47   51200   9B4155BA58192D4073082B8FC5D42612   c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56   57856   7435B108B935E42EA92CA94F59C8E717   c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2004-08-04 07:56   57856   7435B108B935E42EA92CA94F59C8E717   c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12   57856   D8E14A61ACC1D4A6CD0D38AEBAC7FA3B   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[7] 2005-06-10 23:53   57856   DA81EC57ACD4CDC3D4C51CF3D409AF9F   c:\windows\system32\spoolsv.exe

[7] 2004-08-04 07:56   111104   4126D27CECE4471E00E425411F7306B5   c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2008-04-14 00:12   111104   ED7262E52C31CF1625B65039102BC16C   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe
[7] 2008-10-16 19:09   51224   E654B78D2F1D791B30D0ED9A8195EC22   c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09   51224   E654B78D2F1D791B30D0ED9A8195EC22   c:\windows\system32\dllcache\wuauclt.exe

[-] 2002-06-25 21:48   21504   585398603F570F9705774D65D292E5D1   c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2004-08-04 07:56   24576   39B1FFB03C2296323832ACBAE50D2AFF   c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12   26112   A93AEE1928A9D7CE3E16D24EC7380F89   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[7] 2004-08-04 07:56   24576   39B1FFB03C2296323832ACBAE50D2AFF   c:\windows\system32\userinit.exe

[7] 2002-06-25 21:48   197632   344784BB9B02891E813260C192F271DE   c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2004-08-04 07:56   295424   B60C877D16D9C880B952FDA04ADF16E6   c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12   295424   FF3477C03BE7201C294C35F684B3479F   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[7] 2004-08-04 07:56   295424   B60C877D16D9C880B952FDA04ADF16E6   c:\windows\system32\termsrv.dll

[7] 2004-06-17 17:58   930816   FCA73DE7B988A2F7837FFBFFCFBED088   c:\windows\$hf_mig$\KB840987\SP1QFE\kernel32.dll
[7] 2006-07-05 10:57   985088   0FDD84928A5DDE2510761B7EC76CCEC9   c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:07   986112   09F7CB3687F86EDAA4CA081F7AB66C03   c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54   989184   80202858D245FF07DAA1739C57A3E19B   c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06   989696   B921FB870C9AC0D509B2CCABBBBE95F3   c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59   991744   DA11D9D6ECBDF0F93436A4B7C13F7BEC   c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-06-17 17:55   898048   EBC65C59E5BFE6B167FA895E75840B5D   c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2002-06-25 21:39   926720   379B0B31D7F8D2C9F7FF302B454A6C54   c:\windows\$NtUninstallKB840987$\kernel32.dll
[7] 2004-08-04 07:56   983552   888190E31455FAD793312F8D087146EB   c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:55   984064   D8DB5397DE07577C1CB50BA6D23B3AD4   c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:52   984576   A01F9CA902A88F7CED06884174D6419D   c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2004-08-04 07:56   983552   888190E31455FAD793312F8D087146EB   c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 00:11   989696   C24B983D211C34DA8FCC1AC38477971D   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[7] 2009-03-21 14:18   986112   B6ACAED7588295129791E0E6A2B0FADE   c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18   986112   B6ACAED7588295129791E0E6A2B0FADE   c:\windows\system32\dllcache\kernel32.dll

[-] 2002-06-25 21:44   14848   865AD7CCB20856727D5BD994B094DC5E   c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2004-08-04 07:56   17408   1B5F6923ABB450692E9FE0672C897AED   c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12   17408   50A166237A0FA771261275A405646CC0   c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[7] 2004-08-04 07:56   17408   1B5F6923ABB450692E9FE0672C897AED   c:\windows\system32\powrprof.dll

[-] 2002-06-25 21:38   96768   E046037FD5BCDF92CE1A122B749B9B09   c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2004-08-04 07:56   110080   87CA7CE6469577F059297B9D6556D66D   c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11

Corrine

#12
July 08, 2009, 05:07:06 PM
Hi, Manny.

The forum software limits the size of posts.  As a result, the rest of your ComboFix log was cut off.  I don't need to see the rest of the "Sigcheck" but would like to see from from Reg Loading Points to the end. Please open the Combofix.txt from today's date and post from the following to the end:

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

Also, let us know how your computer is performing now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAANGO

#13
July 08, 2009, 05:51:14 PM
Corrine

The computer is running a little slowly, but nothing too bad right now. Around 6 Gb of space has been freed up since I started following your instructions. Thanks again.

~~~~~~~~~~~~~~~~~~~

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07   1004800   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-06 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2008-12-25 1069056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-2-2 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 13:25   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"blank"= blank:Yahoo! Messenger
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2009 9:49 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2009 9:49 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/22/2009 9:49 AM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/22/2009 9:49 AM 298776]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [3/11/2009 5:34 PM 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [3/11/2009 5:34 PM 3768]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{483B0FFD-E30E-4DB3-A57C-B19CB6FD8E1F} - (no file)


.
------- Supplementary Scan -------
.
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z0djtchf.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101740&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 12:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-220523388-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:aa,60,23,8b,83,0a,0a,63,0d,26,ee,73,a9,5d,56,a4,c1,de,bd,2f,5c,
   f0,3e,de,70,66,6d,d1,78,db,20,c5,bc,47,ff,18,d7,8a,b5,f5,64,82,68,4e,4b,6d,\
"rkeysecu"=hex:a5,34,7f,ea,32,71,61,b9,af,82,da,8d,b4,2f,df,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2056)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\windows\system32\browselc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Lexmark X74-X75\lxbbbmon.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-08 12:21 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-08 16:20
ComboFix2.txt  2009-07-08 02:46

Pre-Run: 16,688,361,472 bytes free
Post-Run: 16,657,235,968 bytes free

983   --- E O F ---   2009-06-15 10:07

Corrine

#14
July 08, 2009, 07:01:30 PM
Hi, Manny.

AVG's LinkScanner is known to slow down computers (See the comments section of Grisoft/AVG Version 8 Includes Yahoo Search Bar).  In addition, somewhere along the line, you have picked up the undesirable AskToolbar (See Current Practices of IAC/Ask Toolbars).

That said, let's run ATF Cleaner again.  The original instructions I provided you are here:  http://www.landzdown.com/index.php?topic=34407.msg109631#msg109631

Next, please do an on-line scan.  Please go here to run an online scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1 2
User actions