Help - Search - Members
Full Version: Disappearing desktop
Piriform Community Forums > Computer Help and Discussion > Spyware Hell
boomtown
Dec 27 2008, 01:36 AM
Ok, my pc just lost icons i have to hit alt+ctrl+del and press file run new process to get firefox up.. heres a hjt log, its the best i can do at the moment, working on a combofix log. mad.gif

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:28:41 PM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\winloggn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: D - {07D84A71-05C2-3F28-879C-1B304E890B77} - C:\WINDOWS\system32\xwr86866.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\khfEXolK.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: (no name) - {FAEEF9C7-57E2-46A8-A1C0-0AF7B565CD1A} - C:\WINDOWS\system32\jkkICsTJ.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series (Copy 1) on Sniper-moms-pc] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P62 "Auto EPSON Stylus Photo R200 Series (Copy 1) on Sniper-moms-pc" /O25 "\\SNIPER-MOMS-PC\EPSONSty" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [\\SNIPER-MOMS-PC\EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P56 "\\SNIPER-MOMS-PC\EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SNIPERMO-OAMGPX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on SNIPERMO-OAMGPX" /O26 "\\SNIPERMO-OAMGPX\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SNIPERMOM-PC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P51 "Auto EPSON Stylus Photo R200 Series on SNIPERMOM-PC" /O45 "\\SNIPERMOM-PC\EPSON Stylus Photo R200 Series" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NOD-UE] C:\Program Files\Eset\NOD-UE.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on HOME-BDW60E38EW] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on HOME-BDW60E38EW" /O26 "\\HOME-BDW60E38EW\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Eqagevoyoxajijo] rundll32.exe "C:\WINDOWS\Vrojirak.dll",e
O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BLACKBART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kjimplumbup.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O21 - SSODL: ieModule - {68D36013-4440-4D3C-B65C-6AB12F80F04B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {80AB76D6-DFDA-4BFB-B58C-A6B4A345C6FD} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\fvfugpdzuf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 16215 bytes



ComboFix 08-12-06.06 - BLACKBART 2008-12-26 18:46:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.490 [GMT -6:00]
Running from: c:\documents and settings\BLACKBART\Desktop\Will\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\uninstall.exe
c:\program files\Spyware Guard 2008\vbase.vdb
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\mcrh.tmp
c:\windows\vmreg.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-26 18:42 . 2008-12-26 18:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
2008-12-26 18:42 . 2008-12-26 18:42 15,000 --a------ c:\windows\system32\tyshb36rfjdf.dll
2008-12-26 18:41 . 2008-12-26 18:45 888,694 --ahs---- c:\windows\system32\JTsCIkkj.ini
2008-12-26 18:41 . 2008-12-26 18:45 888,516 --ahs---- c:\windows\system32\JTsCIkkj.ini2
2008-12-26 18:41 . 2008-12-26 18:41 236,032 --a------ c:\windows\system32\jkkICsTJ.dll
2008-12-26 18:41 . 2008-12-26 18:42 705 --a------ C:\kgxvqe.exe
2008-12-26 18:40 . 2008-12-26 18:40 384,000 --a------ c:\windows\system32\winscenter.exe
2008-12-26 18:39 . 2008-12-26 18:41 81,931 --a------ C:\ueuvxgc.exe
2008-12-26 18:39 . 2008-12-26 18:39 29,701 --a------ c:\documents and settings\All Users\Application Data\svhost.exe
2008-12-26 18:36 . 2008-12-26 18:36 139,264 --a------ C:\atjur.exe
2008-12-26 18:36 . 2008-12-26 18:36 44,032 --a------ C:\xncyp.exe
2008-12-26 18:36 . 2008-12-26 18:36 44,032 --a------ c:\windows\Vrojirak.dll
2008-12-26 18:36 . 2008-12-26 18:36 36,864 --a------ c:\windows\system32\khfEXolK.dll
2008-12-26 18:36 . 2008-12-26 18:39 29,701 --a------ C:\csunxrk.exe
2008-12-26 18:36 . 2008-12-26 18:36 15,000 --a------ c:\windows\system32\jkse73hedfdgf.dll
2008-12-26 18:36 . 2008-12-26 18:36 8,192 --a------ C:\hlikid.exe
2008-12-26 18:36 . 2008-12-26 18:36 2 --a------ C:\-528861120
2008-12-26 17:49 . 2008-12-26 18:28 892,562 --ahs---- c:\windows\system32\mmnpYJlm.ini2
2008-12-26 17:48 . 2008-12-26 17:48 236,032 --a------ c:\windows\system32\mlJYpnmm(2).dll
2008-12-26 17:26 . 2008-12-26 17:26 36,864 --a------ c:\windows\system32\iiffEuSj.dll
2008-12-26 17:24 . 2008-12-26 18:00 3,162,278 --------- c:\windows\{00000001-00000000-00000007-00001102-00000004-005C1102}.BAK
2008-12-25 16:06 . 2008-12-25 16:04 20,480 --a------ c:\windows\system32\normaliz.dll
2008-12-25 16:03 . 2008-12-25 16:03 <DIR> d-------- c:\windows\%DownloadedProgramFiles%
2008-12-25 15:02 . 2006-10-04 08:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb
2008-12-25 15:02 . 2006-10-04 08:06 764,868 -----c--- c:\windows\system32\dllcache\apph_sp.sdb
2008-12-25 15:02 . 2006-10-04 08:06 217,118 -----c--- c:\windows\system32\dllcache\apphelp.sdb
2008-12-25 15:01 . 2008-12-25 15:01 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-25 14:59 . 2008-12-25 15:00 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-24 12:19 . 2008-12-24 12:19 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
2008-12-24 12:19 . 2008-12-24 12:19 <DIR> d-------- c:\documents and settings\BLACKBART\Application Data\Roxio
2008-12-23 17:35 . 2008-12-23 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-23 17:31 . 2008-12-23 17:34 <DIR> d-------- c:\program files\Roxio
2008-12-23 17:31 . 2008-12-23 17:35 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-23 17:31 . 2008-12-23 17:32 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-12-23 17:31 . 2008-12-23 18:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-12-21 20:22 . 2008-12-21 20:22 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-21 20:19 . 2008-12-21 20:19 <DIR> d-------- c:\program files\Microsoft
2008-12-21 20:18 . 2008-12-21 20:18 <DIR> d-------- c:\program files\Windows Live SkyDrive
2008-12-21 12:44 . 2008-12-21 12:48 <DIR> d-------- c:\program files\SmartFTP Client
2008-12-17 18:38 . 2008-12-17 18:38 1,305,600 --a------ c:\windows\system32\xa151518062.exe
2008-12-17 18:38 . 2008-12-17 18:38 1,305,600 --a------ c:\windows\system32\xa151516875.exe
2008-12-17 18:38 . 2008-12-17 18:38 172,032 --a------ c:\windows\system32\xwr86866.dll
2008-12-17 18:38 . 2008-12-17 18:38 172,032 --a------ c:\windows\system32\wr86866.dll
2008-12-17 17:52 . 2008-12-17 17:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-13 14:33 . 2008-12-13 14:33 24 --a------ C:\url_history.xml
2008-12-13 12:54 . 2008-12-13 12:54 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-12 16:16 . 2008-12-13 14:33 <DIR> d-------- c:\program files\SecondLife
2008-12-11 14:37 . 2008-12-11 14:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-10 23:21 . 2008-12-10 23:21 <DIR> d-------- c:\program files\Avery Dennison
2008-12-07 20:39 . 2008-12-07 20:40 7,860 --a------ c:\windows\system32\tmp.reg
2008-12-07 20:38 . 2008-12-07 20:53 <DIR> d-------- c:\documents and settings\BLACKBART\SmitfraudFix
2008-12-05 15:37 . 2008-12-05 15:37 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-05 02:20 . 2008-12-05 02:20 <DIR> d-------- c:\program files\America's Army
2008-12-04 22:55 . 2008-12-04 22:55 307,560 --a------ c:\windows\WLXPGSS.SCR
2008-12-04 15:41 . 2008-12-05 02:25 <DIR> d-------- c:\program files\America's Army Deploy Client
2008-12-04 15:41 . 2008-12-04 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-12-03 21:08 . 2008-12-21 20:23 <DIR> d-------- c:\documents and settings\BLACKBART\Tracing
2008-12-03 21:07 . 2008-12-03 21:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-03 20:55 . 2008-12-03 20:55 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
2008-12-02 22:21 . 2008-12-02 22:21 268 --ah----- C:\sqmdata05.sqm
2008-12-02 22:21 . 2008-12-02 22:21 244 --ah----- C:\sqmnoopt05.sqm
2008-11-27 10:16 . 2008-11-27 10:16 <DIR> d-------- c:\program files\Phantom EFX
2008-11-27 10:16 . 2008-12-23 18:40 <DIR> d-------- c:\documents and settings\BLACKBART\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 00:29 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-27 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-26 12:07 --------- d-----w c:\documents and settings\BLACKBART\Application Data\uTorrent
2008-12-26 03:41 --------- d-----w c:\program files\Trillian Pro
2008-12-26 00:43 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-25 16:04 --------- d-----w c:\program files\FlashGet
2008-12-24 20:14 202,352 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-24 20:14 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-23 23:25 --------- d-----w c:\program files\Common Files\Research In Motion
2008-12-22 02:22 --------- d-----w c:\program files\Windows Live
2008-12-19 21:07 --------- d-----w c:\documents and settings\BLACKBART\Application Data\Xfire
2008-12-19 20:28 --------- d-----w c:\program files\Xfire
2008-12-17 23:52 --------- d-----w c:\program files\Java
2008-12-15 18:00 --------- d-----w c:\program files\Steam
2008-12-13 18:54 --------- d-----w c:\program files\Google
2008-12-12 23:25 --------- d-----w c:\documents and settings\BLACKBART\Application Data\SecondLife
2008-12-11 05:22 --------- d-----w c:\program files\Fish Tycoon
2008-12-09 18:30 --------- d-----w c:\documents and settings\BLACKBART\Application Data\SolSuite
2008-12-08 05:03 --------- d-----w c:\program files\Opera
2008-12-07 18:27 31 ----a-w c:\documents and settings\BLACKBART\jagex_runescape_preferences.dat
2008-12-05 21:39 --------- d-----w c:\documents and settings\BLACKBART\Application Data\Ventrilo
2008-12-05 21:37 --------- d-----w c:\program files\Ventrilo
2008-12-05 21:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-03 17:34 --------- d-----w c:\program files\Tales of Pirates Online
2008-11-27 16:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 04:12 --------- d-----w c:\documents and settings\BLACKBART\Application Data\Research In Motion
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-11-15 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames
2008-11-15 17:30 --------- d-----w c:\program files\SolSuite
2008-11-11 01:39 --------- d-----w c:\program files\MySpace
2008-07-24 01:02 22,328 ----a-w c:\documents and settings\BLACKBART\Application Data\PnkBstrK.sys
2008-05-07 16:47 0 ----a-w c:\program files\temp01
2007-07-30 23:18 24,192 ----a-w c:\documents and settings\BLACKBART\usbsermptxp.sys
2007-07-30 23:18 22,768 ----a-w c:\documents and settings\BLACKBART\usbsermpt.sys
2006-08-11 00:52 56 --sh--r c:\windows\system32\06EF3642A4.sys
2006-08-11 00:52 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-07_20.34.17.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
- 2004-06-16 11:02:10 323,584 ----a-w c:\windows\Downloaded Program Files\isusweb.dll
+ 2006-09-11 10:40:36 484,272 ----a-w c:\windows\Downloaded Program Files\isusweb.dll
+ 2004-08-04 06:56:42 61,440 -c----w c:\windows\ie7\admparse.dll
+ 2004-08-04 06:56:42 99,840 -c----w c:\windows\ie7\advpack.dll
+ 2004-08-04 06:56:42 35,328 -c----w c:\windows\ie7\corpol.dll
+ 2007-01-04 14:05:28 357,888 -c----w c:\windows\ie7\dxtmsft.dll
+ 2007-01-04 14:05:28 205,312 -c----w c:\windows\ie7\dxtrans.dll
+ 2007-01-04 14:05:28 55,808 -c----w c:\windows\ie7\extmgr.dll
+ 2004-08-04 06:56:44 38,912 -c----w c:\windows\ie7\hmmapi.dll
+ 2004-08-04 06:56:52 34,304 -c----w c:\windows\ie7\ie4uinit.exe
+ 2004-08-04 06:56:44 139,264 -c----w c:\windows\ie7\ieakeng.dll
+ 2004-08-04 06:56:44 216,576 -c----w c:\windows\ie7\ieaksie.dll
+ 2003-07-07 12:00:00 221,184 -c----w c:\windows\ie7\ieakui.dll
+ 2004-08-04 06:56:44 323,584 -c----w c:\windows\ie7\iedkcs32.dll
+ 2007-01-04 11:03:40 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2004-08-04 06:56:44 81,920 -c----w c:\windows\ie7\ieencode.dll
+ 2007-01-04 14:05:28 251,904 -c----w c:\windows\ie7\iepeers.dll
+ 2004-08-04 06:56:44 48,640 -c----w c:\windows\ie7\iernonce.dll
+ 2004-08-04 06:56:44 62,976 -c----w c:\windows\ie7\iesetup.dll
+ 2004-08-04 06:56:52 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2004-08-04 06:56:44 35,840 -c----w c:\windows\ie7\imgutil.dll
+ 2007-01-04 14:05:29 96,256 -c----w c:\windows\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c----w c:\windows\ie7\jscript.dll
+ 2007-01-04 14:05:29 16,384 -c----w c:\windows\ie7\jsproxy.dll
+ 2004-08-04 06:56:44 22,016 -c----w c:\windows\ie7\licmgr10.dll
+ 2004-08-04 06:56:54 29,184 -c----w c:\windows\ie7\mshta.exe
+ 2007-01-04 14:05:30 3,062,272 -c----w c:\windows\ie7\mshtml.dll
+ 2007-01-04 14:05:29 449,024 -c----w c:\windows\ie7\mshtmled.dll
+ 2004-08-04 06:56:16 56,832 -c----w c:\windows\ie7\mshtmler.dll
+ 2003-07-07 12:00:00 146,432 -c----w c:\windows\ie7\msls31.dll
+ 2007-01-04 14:05:29 146,432 -c----w c:\windows\ie7\msrating.dll
+ 2007-01-04 14:05:30 532,480 -c----w c:\windows\ie7\mstime.dll
+ 2004-08-04 06:56:46 96,256 -c----w c:\windows\ie7\occache.dll
+ 2007-01-04 14:05:30 39,424 -c----w c:\windows\ie7\pngfilt.dll
+ 2008-12-25 21:39:45 238,400 -c----w c:\windows\ie7\spuninst\iecustom.dll
+ 2006-09-06 23:43:16 213,216 -c----w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 23:43:18 371,424 -c----w c:\windows\ie7\spuninst\updspapi.dll
+ 2004-08-04 06:56:48 37,888 -c----w c:\windows\ie7\url.dll
+ 2007-01-25 12:24:58 616,960 -c----w c:\windows\ie7\urlmon.dll
+ 2004-08-10 03:27:06 438,272 -c----w c:\windows\ie7\vbscript.dll
+ 2006-12-19 18:08:07 852,480 -c----w c:\windows\ie7\vgx.dll
+ 2004-08-04 06:56:48 276,480 -c----w c:\windows\ie7\webcheck.dll
+ 2007-01-04 14:05:30 665,088 -c----w c:\windows\ie7\wininet.dll
- 2005-01-28 19:44:28 192,512 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-11-02 00:31:34 315,904 ----a-w c:\windows\inf\unregmp2.exe
+ 2008-12-22 02:17:34 62,288 ----a-r c:\windows\Installer\{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}\IconWlc.exe
+ 2008-12-22 02:19:43 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2008-12-23 23:35:24 38,400 ----a-r c:\windows\Installer\{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}\RoxioCentral.exe
+ 2008-12-23 23:35:07 38,400 ----a-r c:\windows\Installer\{267D350E-51AB-40B8-AF9F-DA7ED5687044}\RoxioCentral.exe
+ 2008-12-23 23:35:03 25,214 ----a-r c:\windows\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}\ARPPRODUCTICON.exe
+ 2008-12-23 23:35:03 25,214 ----a-r c:\windows\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}\EmailWizardShortcut_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-12-23 23:35:03 25,214 ----a-r c:\windows\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}\MediaManager8.exe_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-12-23 23:35:03 25,214 ----a-r c:\windows\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}\NewShortcut24_8E832933A07340209FB8DBADC480B69B_1.exe
+ 2008-12-23 23:35:03 25,214 ----a-r c:\windows\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}\NewShortcut33_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-12-23 23:35:03 3,638 ----a-r c:\windows\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-12-23 23:35:03 25,214 ----a-r c:\windows\Installer\{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}\NewShortcut4_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-12-22 02:20:52 58,945 ----a-r c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
+ 2008-12-23 23:35:33 38,400 ----a-r c:\windows\Installer\{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}\RoxioCentral.exe
+ 2008-12-23 23:35:18 38,400 ----a-r c:\windows\Installer\{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}\RoxioCentral.exe
- 2007-05-10 23:57:52 22,486 ----a-r c:\windows\Installer\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}\Icon_SFTPBackup.exe
+ 2008-12-21 18:44:23 22,486 ----a-r c:\windows\Installer\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}\Icon_SFTPBackup.exe
- 2007-05-10 23:57:52 157,733 ----a-r c:\windows\Installer\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}\Icon_SmartFTP.exe
+ 2008-12-21 18:44:23 157,733 ----a-r c:\windows\Installer\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}\Icon_SmartFTP.exe
+ 2008-12-23 23:25:42 69,632 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\DesktopMgr.exe
+ 2008-12-23 23:25:42 26,694 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-12-23 23:25:42 26,694 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-12-23 23:25:42 26,694 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-12-23 23:25:42 26,694 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-12-23 23:25:42 26,694 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-12-23 23:25:42 26,694 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-12-23 23:25:42 26,694 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-12-23 23:25:42 6,502 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2008-12-23 23:25:42 6,502 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2008-12-23 23:25:42 6,502 ----a-r c:\windows\Installer\{C178B38F-613A-4EFE-B718-A675BD27A1E1}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
+ 2008-12-23 23:35:06 38,400 ----a-r c:\windows\Installer\{C628EC93-8E17-4114-BCE7-2D181B93FA0F}\RoxioCentral.exe
+ 2008-12-23 23:35:20 38,400 ----a-r c:\windows\Installer\{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}\RoxioCentral.exe
+ 2008-12-22 02:22:20 132,096 ----a-r c:\windows\Installer\{F73A5B18-EB75-4B2C-B32D-9457576E2417}\WLXPhotoGalleryIcon.exe
- 2004-08-04 06:56:42 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-14 00:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2004-08-04 06:56:42 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2007-08-14 00:39:00 123,904 ----a-w c:\windows\system32\advpack.dll
- 2005-01-28 19:44:28 8,192 ----a-w c:\windows\system32\asferror.dll
+ 2006-10-19 03:47:08 7,168 ----a-w c:\windows\system32\asferror.dll
- 2005-01-28 19:44:28 484,352 ----a-w c:\windows\system32\Audiodev.dll
+ 2006-10-19 03:47:08 276,992 ----a-w c:\windows\system32\audiodev.dll
- 2005-01-28 19:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll
+ 2006-10-19 03:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2005-01-28 19:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll
+ 2006-10-19 03:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2006-09-10 05:07:58 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-27 00:36:34 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-10 05:07:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-27 00:36:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-10 05:07:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-27 00:36:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-04 06:56:42 35,328 ----a-w c:\windows\system32\corpol.dll
+ 2007-08-14 00:42:54 17,408 ----a-w c:\windows\system32\corpol.dll
+ 2007-08-14 00:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-14 00:39:00 123,904 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2006-09-23 19:12:50 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2007-08-14 00:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll
+ 2007-08-14 00:54:10 33,792 -c----w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-14 00:35:46 346,624 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-14 00:35:38 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 00:54:10 131,584 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-14 00:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-14 00:39:06 54,784 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-14 00:39:26 152,064 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 00:39:54 229,376 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 23:56:54 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 00:39:50 382,976 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:44:02 69,120 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-14 00:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 00:54:10 191,488 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 00:39:10 43,008 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 00:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-14 00:43:56 622,080 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-14 00:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-14 00:39:02 92,672 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-14 00:38:04 491,520 -c----w c:\windows\system32\dllcache\jscript.dll
+ 2007-08-14 00:54:10 27,136 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 00:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 00:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-14 00:54:12 3,578,368 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2007-08-14 00:54:10 475,648 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-14 00:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-14 00:54:10 156,160 -c----w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-14 00:44:26 192,000 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 00:54:10 670,720 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 00:44:06 101,376 -c----w c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 00:36:12 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2006-09-23 19:12:50 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2006-09-23 19:12:50 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2007-08-14 00:44:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2007-08-14 00:54:10 1,162,240 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-14 00:54:10 413,696 -c----w c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-14 00:54:10 765,952 -c----w c:\windows\system32\dllcache\VGX.dll
+ 2007-08-14 00:54:10 231,424 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-14 00:54:10 818,688 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2006-10-19 03:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
- 2006-10-05 02:42:42 2,432 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-02-02 10:00:00 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys
- 2006-10-05 02:42:42 2,560 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2007-02-02 10:00:00 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys
- 2006-09-27 21:53:22 36,560 ------w c:\windows\system32\drivers\pxhelp20.sys
+ 2008-04-07 23:16:45 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
- 2006-06-30 21:10:56 26,752 ----a-r c:\windows\system32\drivers\RimSerial.sys
+ 2007-01-18 16:24:58 26,496 ----a-r c:\windows\system32\drivers\RimSerial.sys
- 2006-07-13 15:17:24 22,528 ----a-w c:\windows\system32\drivers\RimUsb.sys
+ 2007-05-31 19:39:50 22,656 ----a-w c:\windows\system32\drivers\RimUsb.sys
+ 2006-10-19 03:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 19:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-19 02:00:00 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-29 00:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-29 01:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-10-19 02:00:46 249,856 ----a-w c:\windows\system32\drmupgds.exe
- 2005-01-28 19:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-19 03:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
+ 2007-05-01 22:48:34 68,344 ----a-w c:\windows\system32\drvins64.exe
- 2007-01-04 14:05:28 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2007-08-14 00:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll
- 2007-01-04 14:05:28 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2007-08-14 00:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2007-01-04 14:05:28 55,808 ------w c:\windows\system32\extmgr.dll
+ 2007-08-14 00:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll
- 2008-12-05 08:12:56 887,088 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-24 00:39:47 933,256 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2007-08-14 00:36:26 61,952 ----a-w c:\windows\system32\icardie.dll
- 2004-08-04 06:56:52 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2007-08-14 00:39:06 54,784 ----a-w c:\windows\system32\ie4uinit.exe
- 2004-08-04 06:56:44 139,264 ----a-w c:\windows\system32\ieakeng.dll
+ 2007-08-14 00:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll
- 2004-08-04 06:56:44 216,576 ----a-w c:\windows\system32\ieaksie.dll
+ 2007-08-14 00:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll
- 2003-07-07 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2007-08-13 23:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2007-02-12 22:10:12 2,451,312 ----a-w c:\windows\system32\ieapfltr.dat
+ 2007-07-11 18:27:48 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2004-08-04 06:56:44 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2007-08-14 00:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll
- 2004-08-04 06:56:44 81,920 ------w c:\windows\system32\ieencode.dll
+ 2007-08-14 00:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll
+ 2007-08-14 00:54:10 6,049,280 ----a-w c:\windows\system32\ieframe.dll
- 2007-01-04 14:05:28 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-14 00:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-04 06:56:44 48,640 ----a-w c:\windows\system32\iernonce.dll
+ 2007-08-14 00:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll
+ 2007-08-14 00:34:04 266,752 ----a-w c:\windows\system32\iertutil.dll
- 2004-08-04 06:56:44 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-14 00:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-14 00:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-14 00:54:10 180,736 ----a-w c:\windows\system32\ieui.dll
- 2004-08-04 06:56:44 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-14 00:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2007-01-04 14:05:29 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-14 00:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2008-06-10 07:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-17 23:52:31 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 07:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-17 23:52:31 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 08:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-17 23:52:31 148,888 ----a-w c:\windows\system32\javaws.exe
- 2006-05-18 05:24:25 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-08-14 00:38:04 491,520 ----a-w c:\windows\system32\jscript.dll
- 2007-01-04 14:05:29 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2007-08-14 00:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll
+ 2007-01-04 14:05:30 5,120 ----a-w c:\windows\system32\klomp.exe
- 2005-01-28 19:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2006-10-19 03:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2004-08-04 06:56:44 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-14 00:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
- 2005-01-28 19:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-19 02:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-19 03:47:14 212,992 ----a-w c:\windows\system32\MFPLAT.dll
+ 2006-10-19 03:47:14 259,072 ----a-w c:\windows\system32\MP43DECD.dll
- 2004-08-04 06:56:44 310,272 ------w c:\windows\system32\mp43dmod.dll
+ 2006-10-19 03:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-19 03:47:14 317,440 ----a-w c:\windows\system32\MP4SDECD.dll
- 2005-03-23 12:21:06 391,928 ------w c:\windows\system32\MP4SDMOD.DLL
+ 2006-10-19 03:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-19 03:47:14 259,072 ----a-w c:\windows\system32\MPG4DECD.dll
- 2004-08-04 06:56:44 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-19 03:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 21:28:42 312,128 ----a-w c:\windows\system32\msdelta.dll
+ 2007-08-14 00:54:10 458,752 ----a-w c:\windows\system32\msfeeds.dll
+ 2007-08-14 00:54:10 50,688 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 00:36:40 12,288 ----a-w c:\windows\system32\msfeedssync.exe
- 2004-08-04 06:56:54 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2007-01-04 14:05:30 3,062,272 ----a-w c:\windows\system32\mshtml.dll
+ 2007-08-14 00:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll
- 2007-01-04 14:05:29 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2007-08-14 00:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-04 06:56:16 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-14 00:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2003-07-07 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-14 00:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2005-01-28 19:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-19 03:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2005-01-28 19:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
+ 2006-10-19 03:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2005-01-28 19:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll
+ 2006-10-19 03:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2007-01-04 14:05:29 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2007-08-14 00:44:26 192,000 ----a-w c:\windows\system32\msrating.dll
- 2005-06-26 18:13:36 366,832 ----a-w c:\windows\system32\msscp.dll
+ 2006-10-19 03:47:16 414,208 ----a-w c:\windows\system32\msscp.dll
- 2007-01-04 14:05:30 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2007-08-14 00:54:10 670,720 ----a-w c:\windows\system32\mstime.dll
- 2005-01-28 19:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll
+ 2006-10-19 03:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2005-09-08 07:03:50 1,330,888 ----a-w c:\windows\system32\msxml6.dll
+ 2005-09-08 07:03:50 86,728 ----a-w c:\windows\system32\msxml6r.dll
- 2004-08-04 06:56:46 96,256 ----a-w c:\windows\system32\occache.dll
+ 2007-08-14 00:44:06 101,376 ----a-w c:\windows\system32\occache.dll
- 2007-01-04 14:05:30 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2007-08-14 00:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2006-10-19 03:47:18 284,160 ----a-w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-19 03:47:18 101,888 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 03:47:18 166,912 ----a-w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 03:47:18 132,096 ----a-w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 03:47:18 199,168 ----a-w c:\windows\system32\PortableDeviceWMDRM.dll
- 2006-09-27 21:53:22 514,808 ------w c:\windows\system32\Px.dll
+ 2007-05-09 15:15:18 555,768 ----a-w c:\windows\system32\Px.dll
+ 2007-05-09 15:15:18 129,784 ----a-w c:\windows\system32\PxAFS.DLL
+ 2007-05-01 22:48:40 66,296 ----a-w c:\windows\system32\pxcpya64.exe
+ 2007-05-01 22:48:40 120,056 ----a-w c:\windows\system32\pxcpyi64.exe
- 2006-09-27 21:53:22 477,944 ------w c:\windows\system32\pxdrv.dll
+ 2007-06-07 07:02:00 535,288 ----a-w c:\windows\system32\pxdrv.dll
+ 2007-05-01 22:48:36 64,760 ----a-w c:\windows\system32\pxinsa64.exe
+ 2007-05-01 22:48:38 118,520 ----a-w c:\windows\system32\pxinsi64.exe
- 2006-09-27 21:53:22 183,032 ------w c:\windows\system32\PxMas.dll
+ 2007-05-09 15:15:18 187,128 ----a-w c:\windows\system32\PxMas.dll
+ 2007-05-09 15:15:20 1,628,920 ----a-w c:\windows\system32\PxSFS.DLL
- 2006-09-27 21:53:23 379,640 ------w c:\windows\system32\PxWave.dll
+ 2007-05-09 15:15:22 379,640 ----a-w c:\windows\system32\PxWave.dll
- 2004-06-10 16:20:30 86,016 ------w c:\windows\system32\PXWMA.dll
+ 2007-05-09 15:15:24 158,456 ----a-w c:\windows\system32\pxwma.dll
- 2005-01-28 19:44:28 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-19 03:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
+ 2007-01-04 14:05:30 172,032 ----a-w c:\windows\system32\qdbon.dll
+ 2006-06-30 21:10:56 26,752 ----a-r c:\windows\system32\ReinstallBackups\0025\DriverFiles\RimSerial.sys
- 2006-06-26 08:22:46 783,120 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-12-27 00:33:25 604,612 ----a-w c:\windows\system32\Restore\rstrlog.dat
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2006-09-25 23:58:48 14,640 ----a-w c:\windows\system32\spmsg.dll
- 2004-08-04 06:56:48 37,888 ----a-w c:\windows\system32\url.dll
+ 2007-08-14 00:44:30 105,984 ----a-w c:\windows\system32\url.dll
- 2007-01-25 12:24:58 616,960 ----a-w c:\windows\system32\urlmon.dll
+ 2007-08-14 00:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll
- 2005-01-28 19:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2006-10-19 03:58:00 8,704 ----a-w c:\windows\system32\uwdf.exe
- 2004-08-10 03:27:06 438,272 ----a-w c:\windows\system32\vbscript.dll
+ 2007-08-14 00:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll
- 2006-09-27 21:53:23 39,672 ------w c:\windows\system32\VXBLOCK.dll
+ 2007-03-26 07:00:00 88,824 ----a-w c:\windows\system32\vxblock.dll
- 2005-01-28 19:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2006-10-19 03:47:18 4,096 ----a-w c:\windows\system32\wdfapi.dll
- 2005-01-28 19:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2006-10-19 03:58:00 8,704 ----a-w c:\windows\system32\wdfmgr.exe
- 2004-08-04 06:56:48 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-14 00:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-14 00:45:16 206,336 ----a-w c:\windows\system32\WinFXDocObj.exe
- 2007-01-04 14:05:30 665,088 ----a-w c:\windows\system32\wininet.dll
+ 2007-08-14 00:54:10 818,688 ----a-w c:\windows\system32\wininet.dll
- 2005-01-28 19:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-19 03:47:18 757,248 ----a-w c:\windows\system32\WMADMOD.dll
- 2005-01-28 19:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-19 03:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2005-01-28 19:44:28 224,768 ----a-w c:\windows\system32\wmasf.dll
+ 2006-10-19 03:47:18 222,208 ----a-w c:\windows\system32\wmasf.dll
- 2005-01-28 19:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll
+ 2006-10-19 03:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2005-01-28 19:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll
+ 2006-10-19 03:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
- 2005-01-28 19:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2006-10-19 03:47:18 429,056 ----a-w c:\windows\system32\wmdrmdev.dll
- 2005-01-28 19:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
+ 2006-10-19 03:47:20 348,672 ----a-w c:\windows\system32\wmdrmnet.dll
+ 2006-10-19 03:47:20 535,040 ----a-w c:\windows\system32\wmdrmsdk.dll
- 2005-01-28 19:44:28 189,440 ----a-w c:\windows\system32\wmerror.dll
+ 2006-10-19 03:47:20 227,328 ----a-w c:\windows\system32\wmerror.dll
- 2005-01-28 19:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll
+ 2006-10-19 03:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2005-01-28 19:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2006-10-19 03:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
- 2006-04-29 11:07:48 5,533,696 ----a-w c:\windows\system32\wmp.dll
+ 2006-10-19 03:47:20 10,834,432 ----a-w c:\windows\system32\wmp.dll
- 2005-01-28 19:44:28 135,168 ----a-w c:\windows\system32\wmpasf.dll
+ 2006-10-19 03:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2005-01-28 19:44:28 282,624 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-19 03:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-19 03:47:20 295,936 ----a-w c:\windows\system32\wmpeffects.dll
- 2005-01-28 19:44:28 1,594,880 ----a-w c:\windows\system32\wmpencen.dll
+ 2006-10-19 03:47:20 1,661,440 ----a-w c:\windows\system32\wmpencen.dll
- 2005-01-28 19:44:28 3,371,008 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-19 03:47:20 8,231,936 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-19 03:47:20 613,376 ----a-w c:\windows\system32\wmpmde.dll
+ 2006-10-19 03:47:20 130,048 ----a-w c:\windows\system32\wmpps.dll
- 2005-01-28 19:44:28 86,016 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-19 03:47:20 99,840 ----a-w c:\windows\system32\wmpshell.dll
- 2005-01-28 19:44:28 175,104 ----a-w c:\windows\system32\wmpsrcwp.dll
+ 2006-10-19 03:47:20 204,288 ----a-w c:\windows\system32\wmpsrcwp.dll
- 2005-01-28 19:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-19 03:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2005-01-28 19:44:28 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-19 03:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2006-04-07 13:02:18 414,024 ----a-w c:\windows\system32\WMSPDMOD.DLL
+ 2006-10-19 03:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2006-04-07 11:04:18 940,544 ----a-w c:\windows\system32\WMSPDMOE.DLL
+ 2006-10-19 03:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
- 2005-01-28 19:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll
+ 2006-10-19 03:47:22 4,096 ----a-w c:\windows\system32\WMVADVD.dll
- 2005-01-28 19:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
+ 2006-10-19 03:47:22 4,096 ----a-w c:\windows\system32\WMVADVE.DLL
- 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\system32\wmvcore.dll
+ 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2006-10-19 03:47:22 1,543,680 ----a-w c:\windows\system32\WMVDECOD.dll
- 2005-04-30 23:23:50 900,856 ----a-w c:\windows\system32\WMVDMOD.DLL
+ 2006-10-19 03:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2005-01-28 19:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-19 03:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-19 03:47:22 1,574,912 ----a-w c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 03:47:22 1,382,912 ----a-w c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 03:47:22 767,488 ----a-w c:\windows\system32\WMVSENCD.dll
+ 2006-10-19 03:47:22 656,896 ----a-w c:\windows\system32\WMVXENCD.dll
- 2005-01-28 19:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2006-10-19 03:47:22 629,760 ----a-w c:\windows\system32\wpd_ci.dll
- 2005-01-28 19:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2006-10-19 03:47:22 35,840 ----a-w c:\windows\system32\wpdconns.dll
- 2005-01-28 19:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2006-10-19 03:47:22 154,624 ----a-w c:\windows\system32\wpdmtp.dll
- 2005-01-28 19:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-19 03:47:22 63,488 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-19 03:47:22 2,603,008 ----a-w c:\windows\system32\WpdShext.dll
+ 2006-10-19 02:00:14 17,408 ----a-w c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-19 03:47:22 38,400 ----a-w c:\windows\system32\wpdshextres.dll
+ 2006-10-19 03:47:22 133,632 ----a-w c:\windows\system32\WPDShServiceObj.dll
- 2005-01-28 19:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-10-19 03:47:22 356,352 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-09-29 02:13:26 95,344 ----a-w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-29 00:56:38 146,432 ----a-w c:\windows\system32\WudfHost.exe
+ 2006-09-29 00:56:16 165,376 ----a-w c:\windows\system32\WudfPlatform.dll
+ 2006-09-29 00:56:14 55,808 ----a-w c:\windows\system32\WudfSvc.dll
+ 2006-09-29 00:56:38 316,416 ----a-w c:\windows\system32\WUDFx.dll
+ 2008-12-27 00:34:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7ac.dat
- 2006-12-02 03:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 04:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-12-02 03:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 04:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 03:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 04:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 03:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 05:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 06:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-02 05:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 06:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 05:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 06:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-02 05:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 06:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 05:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 06:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-02 05:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 06:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 05:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 06:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 05:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 06:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 06:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 06:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 06:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07D84A71-05C2-3F28-879C-1B304E890B77}]
2008-12-17 18:38 172032 --a------ c:\windows\system32\xwr86866.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66A7F312-F5ED-4327-BC9B-89493A50ECAF}]
2008-12-26 18:41 236032 --a------ c:\windows\system32\jkkICsTJ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 68856]
"Google Update"="c:\documents and settings\BLACKBART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MS AntiSpyware 2009"="c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" [2008-12-26 1118208]
"jsf8j34rgfght"="c:\docume~1\BLACKB~1\LOCALS~1\Temp\winloggn.exe" [2008-12-26 15000]
"Jnskdfmf9eldfd"="c:\docume~1\BLACKB~1\LOCALS~1\Temp\csrssc.exe" [2008-12-26 22017]
"Sonic RecordNow! Deluxe"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2005-06-27 589824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-07-28 106496]
"Auto EPSON Stylus Photo R200 Series (Copy 1) on Sniper-moms-pc"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"\\SNIPER-MOMS-PC\EPSON Stylus Photo R200 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Auto EPSON Stylus Photo R200 Series on SNIPERMO-OAMGPX"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"Auto EPSON Stylus Photo R200 Series on SNIPERMOM-PC"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"SmartGuardian"="c:\program files\ITE\Smart Guardian\ITESmart.exe" [2003-09-30 180224]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2003-07-07 77891]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-05 949376]
"NOD-UE"="c:\program files\Eset\NOD-UE.exe" [2007-10-03 216104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-15 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Auto EPSON Stylus Photo R200 Series on HOME-BDW60E38EW"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Eqagevoyoxajijo"="c:\windows\Vrojirak.dll" [2008-12-26 44032]
"jsf8j34rgfght"="c:\docume~1\BLACKB~1\LOCALS~1\Temp\winloggn.exe" [2008-12-26 15000]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-11 c:\windows\MIDIDEF.EXE]

c:\documents and settings\BLACKBART\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-07 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2007-03-17 77824]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\khfEXolK.dll" [2008-12-26 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ieModule"= {68D36013-4440-4D3C-B65C-6AB12F80F04B} - c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll [2008-12-26 2687488]
"InternetConnection"= {80AB76D6-DFDA-4BFB-B58C-A6B4A345C6FD} - c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\fvfugpdzuf.dll [2008-12-26 766976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-06-07 15:08 294912 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfEXolK]
2008-12-26 18:36 36864 c:\windows\system32\khfEXolK.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.UV12"= aoxdxipl.ax
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\klomp.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\jkkICsTJ

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HughesNet Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HughesNet Tools.lnk
backup=c:\windows\pss\HughesNet Tools.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-10-07 19:16 1477568 c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 04:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartGuardian]
--a------ 2003-09-30 17:01 180224 c:\program files\ITE\Smart Guardian\ITESmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]
--------- 2002-05-30 17:46 167936 c:\windows\essspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WinVNC4"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"StarWindService"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Trillian Pro\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"=
"c:\\Program Files\\SideWinder Game Voice Share\\GVShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DFPinger\\DFBHDPinger\\DFBHDPinger.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\bicboomtown\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\RealVNC\\VNC42\\winvnc4.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Teamspeak2_RC2svr\\server_windows.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\City Interactive\\Wings of Honour - Battles of the Red Baron\\game.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"856:TCP"= 856:TCP:bit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-10-05 15424]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-02-16 5632]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2006-06-09 51440]
R3 iteio;iteio;\??\c:\windows\System32\drivers\iteio.sys [2006-03-25 3680]
S3 Aox401Camera;Kensington VideoCAM BETA;c:\windows\system32\DRIVERS\aox401vc.sys [2006-05-13 121460]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\BLACKB~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\DRIVERS\sccmusbm.sys [2007-05-01 23936]
S3 PciCon;PciCon;\??\F:\PciCon.sys []
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2006-09-01 19677]
S4 I2olosekainp;I2olosekainp; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - e:\data\StubStub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{604b8b68-10d5-11dd-a27b-000129d49453}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7893a21-b615-11dc-a225-000129d49453}]
\Shell\AutoRun\command - H:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - TDSSSERV.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11FC12D0-1A72-12D2-992D-5BC14F992BC7}]
c:\windows\system32\javan.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-26 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\BLACKBART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 14:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Motive SmartBridge - c:\progra~1\HUGHES~1\SMARTB~1\MotiveSB.exe
HKLM-Run-Bart Station - c:\program files\PeoplePC\ISP6200\BIN\PPCOLink.exe
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = ;*.local;<local>
uInternet Settings,ProxyServer = http=localhost:8081
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Refresh Pa&ge with Full Quality - c:\program files\PeoplePC Accelerated\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\PeoplePC Accelerated\pac-image.html
LSP: c:\windows\system32\imon.dll

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\BLACKBART\Application Data\Mozilla\Firefox\Profiles\c37570oj.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\documents and settings\BLACKBART\Application Data\Mozilla\Firefox\Profiles\c37570oj.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF -: plugin - c:\documents and settings\BLACKBART\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Opera\program\plugins\npiftw32.dll
FF -: plugin - c:\program files\Opera\program\plugins\nppl3260.dll
FF -: plugin - c:\program files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 18:46:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???6????>2????w???w6???????\???\???????????U??w???w\???\????????'b??????C@?\???\??????s6???\??????s\????>2?A??s?>2??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpaxt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\khfEXolK.dll

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-26 18:46:49
ComboFix-quarantined-files.txt 2008-12-27 00:46:47
ComboFix2.txt 2008-12-08 02:34:47
ComboFix3.txt 2007-09-21 21:37:30

Pre-Run: 20,056,211,456 bytes free
Post-Run: 19,961,012,224 bytes free

820
boomtown
Dec 27 2008, 05:23 AM
eh its getting worse, ive lost all ability to go to bitdefender or kapersky for online scans, i cant come to piriform and it wont let me open super anti spyware.
boomtown
Dec 28 2008, 05:18 AM
Yea so ive got the icons to stay now, but im stuck with spyware 2008 and then a windows security center icon... please please i need help, ive ran everything from fixware out to CCleaner, super anti spyware, cure it, and more i cant remeber, have removed a total of about 100 items in all of said programs. sad.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.