Inactive [InActive] I think it's fixed!

Thanks to y'all here, I found MalwareBytes. That program rocks!

Here's the log from it...

"Malwarebytes' Anti-Malware 1.30
Database version: 1316
Windows 5.1.2600 Service Pack 3

10/24/2008 7:11:57 PM
mbam-log-2008-10-24 (19-11-36).txt

Scan type: Quick Scan
Objects scanned: 59822
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qoMeDWon.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cbXQhFYp.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42ae1da1-ff60-4435-a81f-9b6538f865a6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxqhfyp (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{42ae1da1-ff60-4435-a81f-9b6538f865a6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6994d1c-034e-4d3d-b988-381e4e83716c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d6994d1c-034e-4d3d-b988-381e4e83716c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42ae1da1-ff60-4435-a81f-9b6538f865a6} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d6994d1c-034e-4d3d-b988-381e4e83716c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{42ae1da1-ff60-4435-a81f-9b6538f865a6} (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomedwon -> No action taken.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ( "%1" /S) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1 ") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomedwon -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cbXQhFYp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMeDWon.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\noWDeMoq.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\noWDeMoq.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\awtUNFYr.dll (Trojan.Vundo) -> No action taken.
C:\x.dat (Malware.Trace) -> No action taken.
C:\z.dat (Malware.Trace) -> No action taken. "

I obviously took action and allowed MalwareBytes to fix these. And now, everything seems to be OK, thanks to y'all.

Many thanks to everyone!

Tracy

 

Oh yeah! I forgot... on reboot after the scan, I got a message that said, "Error loading C:\Windows\System32\gzmrotate.dll module not found ". Doesn't that mean that I still have a startup prog seeking that .dll?

Should I be concerned?

Tracy

 

Welcome to WindowsBBS Tracy

Lets get a look at the system.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in your next reply.

 

Noah, here are the results; (I appreciate your help.)

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tracy and Cheri at 2008-10-26 20:50:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (30%) free of 76 GB
Total RAM: 1014 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:02 PM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Utilities\avast!\aswUpdSv.exe
C:\Utilities\avast!\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
C:\UTILIT~1\avast!\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\cisvc.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Utilities\avast!\ashMaiSv.exe
C:\Utilities\avast!\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\UTILIT~1\damnNFO\DAMNNF~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Tracy and Cheri\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Tracy and Cheri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program

Files\PicLensIE\PicLens.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program

Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program

Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\UTILIT~1\avast!\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common

Files\Logitech\khalshared\KHALMNPR.EXE "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ioloDelayModule] "C:\Program Files\iolo\System Mechanic 6\delay.exe "
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Tracy and Cheri\Local

Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe "
O4 - HKCU\..\Run: [FXUtility] C:\Program Files\FixYa\FixYaUtility.exe
O4 - HKLM\..\Policies\Explorer\Run: [C2fzQzXxfI] C:\Documents and Settings\All Users\Application

Data\fghwtyhm\hehipyfa.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe"

"RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe"

"RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tracy and

Cheri\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.samsungportal.com
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) -

http://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -

http://naskp.samsungportal.com/km/htdocs/include/cabfiles/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) -

http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://solutionguy.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1216808366046
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162466133281
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -

http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) -

http://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) -

http://service.samsungportal.com/EP/web/common/cabfiles/UniSSOCheck.cab
O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} -

http://naskp.samsungportal.com/km/htdocs/include/cabfiles/MultiDownload.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) -

http://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -

http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: mljgghg - mljgghg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Utilities\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Utilities\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Utilities\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Utilities\avast!\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic

6\IoloSGCtrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program

Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 16271 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-03

652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\PicLens.dll [2008-02-14 1236992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program

Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast! "=C:\UTILIT~1\avast!\ashDisp.exe [2008-07-19 78008]
"ZoneAlarm Client "=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"SystemGuardAlerter "=SystemGuardAlerter.exe []
"Logitech Hardware Abstraction Layer "=C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

[2006-07-19 94208]
"Kernel and Hardware Abstraction Layer "=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"ISTray "=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-07-16 1166216]
"SoundMAXPnP "=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"ioloDelayModule "=C:\Program Files\iolo\System Mechanic 6\delay.exe [2005-06-08 96256]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"hid_start "=C:\WINDOWS\system32\gzmrotate.dll DllVerify []
"googletalk "=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe [2007-08-30 61440]
"Acrobat Assistant 7.0 "=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"!AVG Anti-Spyware "=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"C2fzQzXxfI "=C:\Documents and Settings\All Users\Application Data\fghwtyhm\hehipyfa.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker "=C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe [2006-12-20 752128]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176]
"Windows Live FolderShare "=C:\Documents and Settings\Tracy and Cheri\Local Settings\Application

Data\FolderShare\FolderShare.exe [2008-04-15 925728]
"Veoh "=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
"SMSystemAnalyzer "=C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe [2006-12-20 557056]
"FXUtility "=C:\Program Files\FixYa\FixYaUtility.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpiralFrog]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All

Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2006-09-01 671744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All

Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
D:\WinZip\WZQKPICK.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\Tracy and Cheri\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-30 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljgghg]
mljgghg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\mcpcore.dll

[2005-05-10 86016]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18

133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

[2007-05-30 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\au

thorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\StubInstaller.exe "= "C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\WINDOWS\system32\dpnsvr.exe "= "C:\WINDOWS\system32\dpnsvr.exe:*isabled:Microsoft DirectPlay8 Server "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe "= "C:\Program Files\Microsoft Games\Combat

Flight Simulator 3\cfs3.exe:*:Enabled:Combat Flight Simulator 3 "
"C:\Program Files\Blubster\Blubster.exe "= "C:\Program Files\Blubster\Blubster.exe:*isabled:Blubster "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe "= "C:\Program Files\IVT

Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil "
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe "= "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:

Remote Assistance - Windows Messenger and Voice "
"C:\Program Files\ICQ6\ICQ.exe "= "C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"C:\Documents and Settings\Tracy and Cheri\Local Settings\Application

Data\FolderShare\FolderShare.exe "= "C:\Documents and Settings\Tracy and Cheri\Local Settings\Application

Data\FolderShare\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta "
"C:\Program Files\Google\Google Talk\googletalk.exe "= "C:\Program Files\Google\Google

Talk\googletalk.exe:*:Enabled:Google Talk "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows

Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE "= "C:\Program Files\Livestation\1.0.77.3\Livestation.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\auth

orizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Documents and Settings\Tracy and Cheri\Local Settings\Application

Data\FolderShare\FolderShare.exe "= "C:\Documents and Settings\Tracy and Cheri\Local Settings\Application

Data\FolderShare\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows

Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE "= "C:\Program Files\Livestation\1.0.77.3\Livestation.exe "

======File associations======

.js - edit - C:\WINDOWS\System32\WScript.exe "%1" %*
.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2008-10-26 20:50:33 ----D---- C:\Program Files\trend micro
2008-10-26 20:50:30 ----D---- C:\rsit
2008-10-24 19:53:37 ----D---- C:\Program Files\FileASSASSIN
2008-10-24 18:36:15 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Malwarebytes
2008-10-24 18:35:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 18:35:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 21:39:39 ----A---- C:\WINDOWS\system32\0372ec20-.txt
2008-10-22 21:26:50 ----D---- C:\Documents and Settings\All Users\Application Data\fghwtyhm
2008-10-22 21:25:30 ----A---- C:\WINDOWS\rminstall.exe
2008-10-22 21:25:24 ----A---- C:\WINDOWS\mssupdate.exe
2008-09-18 05:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-18 05:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-18 03:37:24 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-07 15:12:57 ----D---- C:\Program Files\TVAnts
2008-08-17 13:35:55 ----D---- C:\Program Files\Innovative Solutions
2008-08-14 10:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 10:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 10:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 10:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 10:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 10:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 10:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-14 00:38:59 ----D---- C:\Program Files\NCH Software
2008-08-14 00:37:25 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-14 00:36:03 ----D---- C:\Program Files\NCH Swift Sound
2008-08-14 00:03:52 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Free Audio Editor
2008-08-14 00:03:33 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2008-08-14 00:03:32 ----A---- C:\WINDOWS\system32\NCTTextToAudio2.dll
2008-08-14 00:03:32 ----A---- C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-08-14 00:03:32 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-08-14 00:03:32 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-08-14 00:03:31 ----A---- C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-08-14 00:03:31 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2008-08-14 00:03:29 ----D---- C:\Program Files\Free Audio Editor
2008-08-13 23:52:22 ----D---- C:\Program Files\Audacity
2008-08-13 23:30:11 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Audacity
2008-08-10 23:16:35 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-10 23:13:24 ----D---- C:\Program Files\Livestation
2008-08-08 16:58:14 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-04 05:49:00 ----D---- C:\Program Files\Virtual Earth 3D
2008-07-27 17:23:24 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Canneverbe_Limited
2008-07-27 17:22:53 ----D---- C:\Program Files\CDBurnerXP
2008-07-27 16:52:32 ----D---- C:\finalburner
2008-07-27 16:41:49 ----AC---- C:\WINDOWS\pcf.INI

======List of files/folders modified in the last 3 months======

2008-10-26 20:50:51 ----D---- C:\WINDOWS\Prefetch
2008-10-26 20:50:45 ----D---- C:\WINDOWS\Temp
2008-10-26 20:50:35 ----D---- C:\WINDOWS\Internet Logs
2008-10-26 20:50:33 ----D---- C:\Program Files
2008-10-26 20:49:30 ----D---- C:\temp
2008-10-26 20:24:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 20:03:27 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-26 19:55:47 ----D---- C:\Program Files\Mozilla Firefox
2008-10-26 15:13:39 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\uTorrent
2008-10-26 02:44:09 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-26 00:55:06 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-25 22:18:16 ----D---- C:\videooutput
2008-10-25 13:42:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-25 12:50:33 ----D---- C:\Program Files\Spyware Doctor
2008-10-24 19:17:26 ----D---- C:\WINDOWS\system32
2008-10-24 19:16:56 ----D---- C:\WINDOWS\system32\drivers
2008-10-24 19:15:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-23 22:40:55 ----SH---- C:\boot.ini
2008-10-23 22:40:55 ----A---- C:\WINDOWS\win.ini
2008-10-23 22:40:55 ----A---- C:\WINDOWS\system.ini
2008-10-23 22:38:41 ----D---- C:\WINDOWS\pss
2008-10-23 22:27:19 ----D---- C:\WINDOWS
2008-10-23 20:16:27 ----D---- C:\Program Files\Internet Explorer
2008-10-23 20:11:59 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-10-22 22:43:14 ----D---- C:\Documents and Settings
2008-10-22 22:20:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-22 22:19:39 ----D---- C:\WINDOWS\system32\config
2008-10-22 22:18:13 ----D---- C:\WINDOWS\system32\wbem
2008-10-22 22:18:11 ----D---- C:\WINDOWS\Registration
2008-10-22 21:25:00 ----D---- C:\Program Files\Registry Mechanic
2008-10-22 21:22:34 ----D---- C:\Utilities
2008-10-22 21:04:52 ----SD---- C:\WINDOWS\Tasks
2008-10-22 14:43:49 ----D---- C:\W2 M
2008-10-22 14:42:45 ----D---- C:\Program Files\LimeWire
2008-10-22 14:42:44 ----D---- C:\Program Files\Messenger
2008-10-22 14:42:43 ----D---- C:\Program Files\Movie Maker
2008-10-22 14:42:39 ----D---- C:\Program Files\e-Speaking
2008-10-22 14:42:36 ----D---- C:\Program Files\DivX
2008-10-22 14:42:35 ----D---- C:\Program Files\CinemaForge
2008-10-22 14:42:35 ----D---- C:\Program Files\Celestia
2008-10-22 14:42:33 ----D---- C:\Program Files\ActivIcons
2008-10-22 14:42:33 ----D---- C:\Program Files\321Studios
2008-10-22 14:42:19 ----D---- C:\CFusionMX7
2008-10-22 02:31:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-21 18:24:33 ----HD---- C:\WINDOWS\inf
2008-10-21 18:23:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 18:19:04 ----SHD---- C:\WINDOWS\Installer
2008-10-21 18:19:04 ----SHD---- C:\Config.Msi
2008-10-21 02:32:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-21 02:32:18 ----D---- C:\Program Files\Windows Media Player
2008-10-21 02:08:42 ----D---- C:\Gamez
2008-10-20 18:37:10 ----D---- C:\Program Files\PCCW
2008-10-20 15:44:21 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-15 09:34:19 ----D---- C:\Program Files\Google
2008-10-15 08:56:42 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-14 10:44:15 ----D---- C:\Program Files\Common Files\Real
2008-10-14 10:43:31 ----D---- C:\Program Files\Common Files
2008-10-14 10:42:55 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Real
2008-10-12 21:53:10 ----D---- C:\Tracy
2008-10-09 21:30:18 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-05 15:57:16 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-04 04:15:44 ----D---- C:\VideoOut
2008-10-01 15:31:34 ----D---- C:\Champion
2008-09-18 05:32:58 ----A---- C:\WINDOWS\wininit.ini
2008-09-18 05:18:28 ----D---- C:\WINDOWS\WinSxS
2008-09-18 04:53:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 20:28:22 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Adobe
2008-09-14 20:28:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-13 14:12:17 ----RSD---- C:\WINDOWS\assembly
2008-09-13 14:12:17 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-13 12:51:41 ----D---- C:\Program Files\Microsoft Small Business
2008-09-10 21:33:26 ----D---- C:\Program Files\PCFriendly
2008-09-06 07:31:39 ----AC---- C:\WINDOWS\SysMech6.INI
2008-09-05 17:58:17 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-03 20:59:29 ----D---- C:\WINDOWS\Help
2008-09-02 21:02:07 ----D---- C:\WINDOWS\ie7updates
2008-08-30 21:57:51 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-30 19:27:23 ----D---- C:\WINDOWS\Downloaded Installations
2008-08-26 15:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-21 13:02:34 ----RD---- C:\WINDOWS\Offline Web Pages
2008-08-20 11:00:17 ----D---- C:\WINDOWS\security
2008-08-20 09:45:06 ----D---- C:\Program Files\uTorrent
2008-08-20 08:18:41 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-18 16:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-18 08:55:52 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Mozilla
2008-08-17 18:21:58 ----D---- C:\Program Files\Opera
2008-08-17 18:02:10 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-17 18:02:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-17 18:02:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-17 18:01:12 ----D---- C:\WINDOWS\system
2008-08-14 09:04:09 ----D---- C:\Audio
2008-08-14 00:37:30 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\NCH Swift Sound
2008-07-30 20:49:34 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Google
2008-07-28 12:01:21 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Move Networks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

[]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

[]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;

C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-03-07 44384]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-01

132608]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LHidUsbK;SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-07-19 36736]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-05-18 47360]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-10-20 15616]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-10-20 26752]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys

[2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys

[2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-05-03 24528]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MagEpNt;MagEpNt; C:\WINDOWS\system32\drivers\MagEpNt.sys [1997-06-12 26304]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13

129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13

5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-08-14 27136]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-05-22 14604]
S3 PRISM_USB;IEEE 802.11 Wireless USB Driver; C:\WINDOWS\system32\DRIVERS\EXPSUSB.sys [2003-07-22 626688]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 SaiH0255;SaiH0255; C:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2004-10-22 121984]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\wg111nd5.sys

[2004-06-04 379488]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;

C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Utilities\avast!\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Utilities\avast!\ashServ.exe [2008-07-19 147640]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

[2007-05-30 312880]
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server; C:\CFusionMX7\runtime\bin\jrunsvc.exe

[2005-01-24 61440]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent; C:\CFusionMX7\db\slserver54\bin\swagent.exe

[2003-10-02 733253]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server; C:\CFusionMX7\db\slserver54\bin\swstrtr.exe

[2003-10-02 118853]
R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server; C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe

[2004-09-23 2711312]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[2008-10-03 168432]
R2 IOLO_SRV;iolo System Guard; C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe [2006-12-20 243712]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20

322120]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

[2008-02-26 29183504]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10

89968]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Utilities\avast!\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Utilities\avast!\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows

Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

[2006-02-21 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

[2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;

C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe [2007-10-11 864256]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe [2008-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28

89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25

93048]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25

266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media

Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13

14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL

Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10

242544]

-----------------EOF-----------------



Thanks,
Tracy

 

Still a number of things present, so lets run another tool. Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Please make very sure your avast! is disabled prior to running ComboFix. It is known to interfere with the tool more than many other antivirus applications.

 

Here's the ComboFix log... I'm working on Hijack. I'll post it when I get it. (It'll be my highest priority).

Thanks,
Tracy

ComboFix 08-10-25.01 - 2008-10-26 22:16:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.141 [GMT -5:00]
Running from: C:\Documents and Settings\Tracy and Cheri\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tracy and Cheri\Application Data\inst.exe
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\cusbsaew.ini
C:\WINDOWS\system32\dwvgxgae.ini
C:\WINDOWS\system32\eaktgdqq.ini
C:\WINDOWS\system32\ewmtyons.ini
C:\WINDOWS\system32\ksxovnqk.ini
C:\WINDOWS\system32\kyndbcem.ini
C:\WINDOWS\system32\ltvpykjl.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ounbhpoq.ini
C:\WINDOWS\system32\pwdsfbkl.ini
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\uysiewmk.ini
C:\WINDOWS\system32\ynmbtnas.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-26 20:50 . 2008-10-26 20:51 <DIR> d-------- C:\rsit
2008-10-26 20:50 . 2008-10-26 20:51 <DIR> d-------- C:\Program Files\trend micro
2008-10-26 02:47 . 2008-10-26 02:47 14,566,424 --a------ C:\temp\vlc-0.9.4-win32.exe
2008-10-24 18:36 . 2008-10-24 18:36 <DIR> d-------- C:\Documents and Settings\Tracy and Cheri\Application Data\Malwarebytes
2008-10-24 18:36 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 18:36 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 18:35 . 2008-10-24 18:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 18:35 . 2008-10-24 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 09:55 . 2008-10-23 22:35 <DIR> d-------- C:\Documents and Settings\Tracy and Cheri\.housecall6.6
2008-10-22 22:43 . 2008-10-22 22:43 <DIR> d-------- C:\Documents and Settings\Administrator.TRACY
2008-10-22 21:26 . 2008-10-23 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fghwtyhm
2008-10-22 21:25 . 2008-10-22 21:25 7,507,296 --a------ C:\WINDOWS\rminstall.exe
2008-10-22 21:25 . 2008-10-22 21:25 241,664 --a------ C:\WINDOWS\mssupdate.exe
2008-10-22 14:42 . 2008-10-22 14:42 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-17 07:58 . 2008-10-26 02:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-17 07:58 . 2008-10-17 07:58 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 04:57 22 ---ha-w C:\qpmd8378.bin
2008-10-27 04:21 78,827,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-27 02:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-27 01:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-26 20:13 --------- d-----w C:\Documents and Settings\Tracy and Cheri\Application Data\uTorrent
2008-10-26 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-25 17:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-10-25 00:15 919,052 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-23 03:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-22 19:42 --------- d-----w C:\Program Files\LimeWire
2008-10-22 19:42 --------- d-----w C:\Program Files\Free Audio Editor
2008-10-22 19:42 --------- d-----w C:\Program Files\e-Speaking
2008-10-22 19:42 --------- d-----w C:\Program Files\DivX
2008-10-22 19:42 --------- d-----w C:\Program Files\CinemaForge
2008-10-22 19:42 --------- d-----w C:\Program Files\Celestia
2008-10-22 19:42 --------- d-----w C:\Program Files\CDBurnerXP
2008-10-22 19:42 --------- d-----w C:\Program Files\ActivIcons
2008-10-22 19:42 --------- d-----w C:\Program Files\321Studios
2008-10-20 23:37 --------- d-----w C:\Program Files\PCCW
2008-10-15 14:34 --------- d-----w C:\Program Files\Google
2008-10-15 13:56 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-14 15:44 --------- d-----w C:\Program Files\Common Files\Real
2008-10-12 19:05 21,735,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-18 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 08:37 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-13 17:51 --------- d-----w C:\Program Files\Microsoft Small Business
2008-09-11 02:33 --------- d-----w C:\Program Files\PCFriendly
2008-09-07 20:39 --------- d-----w C:\Program Files\TVAnts
2008-09-05 22:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-19 04:24 59,424 -c--a-w C:\Documents and Settings\Tracy and Cheri\Application Data\GDIPFONTCACHEV1.DAT
2008-05-18 20:17 47,360 -c--a-w C:\Documents and Settings\Tracy and Cheri\Application Data\pcouffin.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SDOld\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2008-08-20 18:47 361600 7ee936a57b5901d6b1c4af9a9e6c500a C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-08-20 18:47 361600 7ee936a57b5901d6b1c4af9a9e6c500a C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker "= "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe" [2006-12-20 752128]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]
"Windows Live FolderShare "= "C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe" [2008-04-15 925728]
"Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"SMSystemAnalyzer "= "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"msnmsgr "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Logitech Hardware Abstraction Layer "= "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
"SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ioloDelayModule "= "C:\Program Files\iolo\System Mechanic 6\delay.exe" [2005-06-08 96256]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2006-07-19 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Tracy and Cheri\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-04-24 3446512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-02-21 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-30 19:43 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 09:13 49152 C:\Program Files\Common Files\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420 "= i420vfw.dll
"VIDC.VDOM "= vdowave.drv
"VIDC.TR20 "= tr2032.dll
"vidc.vivo "= ivvideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpiralFrog
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\StubInstaller.exe "=
"C:\\WINDOWS\\system32\\dpnsvr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"C:\\Program Files\\ICQ6\\ICQ.exe "=
"C:\\Program Files\\uTorrent\\uTorrent.exe "=
"C:\\Documents and Settings\\Tracy and Cheri\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe "=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE "= C:\Program Files\Livestation\1.0.77.3\Livestation.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [2005-01-24 61440]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;C:\CFusionMX7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [ ]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;C:\CFusionMX7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [ ]
R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe -cfg C:\CFusionMX7\verity\k2\common\verity.cfg [ ]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S3 MagEpNt;MagEpNt;C:\WINDOWS\system32\drivers\MagEpNt.sys [1997-06-12 26304]
S3 PRISM_USB;IEEE 802.11 Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\EXPSUSB.sys [2003-07-22 626688]
S3 SaiH0255;SaiH0255;C:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2004-10-22 121984]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-FXUtility - C:\Program Files\FixYa\FixYaUtility.exe
HKLM-Run-SystemGuardAlerter - SystemGuardAlerter.exe
HKU-Default-RunOnce-RealUpgradeHelper - C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe
HKLM-Explorer_Run-C2fzQzXxfI - C:\Documents and Settings\All Users\Application Data\fghwtyhm\hehipyfa.exe
Notify-mljgghg - mljgghg.dll
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tracy and Cheri\Application Data\Mozilla\Firefox\Profiles\0hd2uvnu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
FF -: plugin - C:\Program Files\Panda Security\NanoScan\Plugins\npnanoscan.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - C:\WINDOWS\system32\npmirage.dll
FF -: plugin - C:\WINDOWS\system32\npwmsdrm.dll
FF -: plugin - C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 23:57:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Utilities\avast!\aswUpdSv.exe
C:\Utilities\avast!\ashServ.exe
C:\Program Files\Common Files\stardock\sdmcp.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\locator.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
C:\Utilities\avast!\ashMaiSv.exe
C:\Utilities\avast!\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-27 0:11:19 - machine was rebooted [Tracy and Cheri]
ComboFix-quarantined-files.txt 2008-10-27 05:11:01

Pre-Run: 23,427,330,048 bytes free
Post-Run: 23,393,267,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

292 --- E O F --- 2008-10-21 23:19:06

 

I think I duplicated... sorry.

Here's the HiJack log;

Logfile of HijackThis v1.99.1
Scan saved at 00:56, on 2008-10-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Utilities\avast!\aswUpdSv.exe
C:\Utilities\avast!\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Utilities\avast!\ashMaiSv.exe
C:\Utilities\avast!\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Utilities\HiJack This\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ioloDelayModule] "C:\Program Files\iolo\System Mechanic 6\delay.exe "
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tracy and Cheri\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.samsungportal.com
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://naskp.samsungportal.com/km/htdocs/include/cabfiles/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://solutionguy.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1216808366046
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162466133281
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://service.samsungportal.com/EP/web/common/cabfiles/UniSSOCheck.cab
O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} - http://naskp.samsungportal.com/km/htdocs/include/cabfiles/MultiDownload.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Utilities\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Utilities\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Utilities\avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Utilities\avast!\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks again,
Tracy

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
 "avast! "= "C:\\UTILIT~1\\avast!\\ashDisp.exe "

Do not do anything else with it just yet.


Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

KillAll::
File::
C:\WINDOWS\rminstall.exe
C:\WINDOWS\mssupdate.exe
C:\qpmd8378.bin
Folder::
C:\Documents and Settings\All Users\Application Data\fghwtyhm

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


After posting the ComboFix log, double click fix.reg and allow it to merge with the registry, then delete fix.reg and reboot.
Then run RSIT again and post the new log.

 

New ComboFix log;

ComboFix 08-10-25.01 - 2008-10-29 8:45:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.396 [GMT -5:00]
Running from: C:\Documents and Settings\Tracy and Cheri\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tracy and Cheri\Desktop\CFScript.txt
* Created a new restore point
.
The following files were disabled during the run:
C:\Program Files\iolo\Common\Lib\sguard.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.

2008-10-28 19:40 . 2008-10-28 19:40 <DIR> d-------- C:\Program Files\FixYa
2008-10-26 20:50 . 2008-10-26 20:51 <DIR> d-------- C:\rsit
2008-10-26 20:50 . 2008-10-27 00:48 <DIR> d-------- C:\Program Files\trend micro
2008-10-26 02:47 . 2008-10-26 02:47 14,566,424 --a------ C:\temp\vlc-0.9.4-win32.exe
2008-10-24 18:36 . 2008-10-24 18:36 <DIR> d-------- C:\Documents and Settings\Tracy and Cheri\Application Data\Malwarebytes
2008-10-24 18:36 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 18:36 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 18:35 . 2008-10-24 18:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 18:35 . 2008-10-24 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 09:55 . 2008-10-23 22:35 <DIR> d-------- C:\Documents and Settings\Tracy and Cheri\.housecall6.6
2008-10-22 22:43 . 2008-10-28 15:12 <DIR> d-------- C:\Documents and Settings\Administrator.TRACY
2008-10-22 21:26 . 2008-10-23 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fghwtyhm
2008-10-22 21:25 . 2008-10-22 21:25 7,507,296 --a------ C:\WINDOWS\rminstall.exe
2008-10-22 21:25 . 2008-10-22 21:25 241,664 --a------ C:\WINDOWS\mssupdate.exe
2008-10-22 14:42 . 2008-10-22 14:42 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-21 18:23 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-21 18:22 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-21 18:22 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-21 18:22 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-21 18:22 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-21 18:22 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-17 07:58 . 2008-10-26 02:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-17 07:58 . 2008-10-17 07:58 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 13:55 78,923,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-29 13:55 22 ---ha-w C:\qpmd8378.bin
2008-10-29 13:50 925,820 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-28 21:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-28 21:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-28 20:27 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-10-27 02:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 20:13 --------- d-----w C:\Documents and Settings\Tracy and Cheri\Application Data\uTorrent
2008-10-25 17:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-10-23 03:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-22 19:42 --------- d-----w C:\Program Files\LimeWire
2008-10-22 19:42 --------- d-----w C:\Program Files\Free Audio Editor
2008-10-22 19:42 --------- d-----w C:\Program Files\e-Speaking

2008-10-22 19:42 --------- d-----w C:\Program Files\DivX
2008-10-22 19:42 --------- d-----w C:\Program Files\CinemaForge
2008-10-22 19:42 --------- d-----w C:\Program Files\Celestia
2008-10-22 19:42 --------- d-----w C:\Program Files\CDBurnerXP
2008-10-22 19:42 --------- d-----w C:\Program Files\ActivIcons
2008-10-22 19:42 --------- d-----w C:\Program Files\321Studios
2008-10-20 23:37 --------- d-----w C:\Program Files\PCCW
2008-10-15 14:34 --------- d-----w C:\Program Files\Google
2008-10-15 13:56 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-14 15:44 --------- d-----w C:\Program Files\Common Files\Real
2008-10-12 19:05 21,735,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-18 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 08:37 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-13 17:51 --------- d-----w C:\Program Files\Microsoft Small Business
2008-09-11 02:33 --------- d-----w C:\Program Files\PCFriendly
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 20:39 --------- d-----w C:\Program Files\TVAnts
2008-09-05 22:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-19 04:24 59,424 -c--a-w C:\Documents and Settings\Tracy and Cheri\Application Data\GDIPFONTCACHEV1.DAT
2008-05-18 20:17 47,360 -c--a-w C:\Documents and Settings\Tracy and Cheri\Application Data\pcouffin.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SDOld\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2008-08-20 18:47 361600 7ee936a57b5901d6b1c4af9a9e6c500a C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-08-20 18:47 361600 7ee936a57b5901d6b1c4af9a9e6c500a C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-10-27_ 0.09.21.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 09:08:35 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2008-10-28 20:27:30 880,640 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.MapPoint.GraphicsAPI\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.GraphicsAPI.dll
- 2008-08-04 10:49:35 33,808 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\GeoCommunityCommon\2.0.0.0__31bf3856ad364e35\GeoCommunityCommon.dll
+ 2008-10-28 20:27:30 33,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\GeoCommunityCommon\2.0.0.0__31bf3856ad364e35\GeoCommunityCommon.dll
+ 2008-10-28 20:27:26 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.CompactMapFile\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.CompactMapFile.dll
+ 2008-10-28 20:27:26 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.VirtualEarthTileDataSource\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.dll
+ 2008-10-28 20:27:26 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.dll
+ 2008-10-28 20:27:29 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.COM\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.COM.dll
- 2008-08-04 10:49:35 356,352 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\2.5.0.0_fr-CA_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-10-28 20:27:29 356,352 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\2.5.0.0_fr-CA_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-10-28 20:27:28 356,352 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\3.0.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-10-28 20:27:29 356,352 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-10-28 20:27:29 356,352 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\3.0.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-10-28 20:27:28 811,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.dll
+ 2008-10-28 20:27:26 245,760 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Geometry\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Geometry.dll
+ 2008-10-28 20:27:26 598,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Graphics3D\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Graphics3D.dll
+ 2008-10-28 20:27:25 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_de_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-28 20:27:25 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-28 20:27:25 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-28 20:27:26 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_it_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-28 20:27:26 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D.resources\3.0.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.Resources.dll
+ 2008-10-28 20:27:25 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.dll
+ 2008-10-28 20:27:29 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Modeling\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Modeling.dll
+ 2008-10-28 20:27:28 98,304 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Network\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Network.dll
- 2008-08-04 10:49:32 69,632 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_fr-CA_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-28 20:27:27 69,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_fr-CA_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-28 20:27:27 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_de_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-28 20:27:27 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-28 20:27:27 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-28 20:27:27 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_it_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-28 20:27:27 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\3.0.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-10-28 20:27:28 135,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.Utility\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Utility.dll
+ 2008-10-28 20:27:28 249,856 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.dll
+ 2008-10-28 20:27:27 1,212,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.dll
+ 2008-10-28 20:27:28 98,304 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Utility\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.Utility.dll
+ 2008-10-28 20:27:28 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.UtilityPartialTrust\3.0.0.0__31bf3856ad364e35\Microsoft.MapPoint.UtilityPartialTrust.dll
+ 2008-10-28 20:27:30 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client.resources\3.0.0.0_es_31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.resources.dll
+ 2008-10-28 20:27:30 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client.resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.resources.dll
+ 2008-10-28 20:27:30 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client.resources\3.0.0.0_ja_31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.resources.dll
+ 2008-10-28 20:27:30 200,704 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client\3.0.0.0__31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.dll
+ 2008-10-28 20:58:21 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\303ce88894d0d31eca28b610c3435d96\Microsoft.MapPoint.Geometry.ni.dll
+ 2008-10-28 20:58:25 1,314,816 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\57c7926e306a193ba81a2e54b7edf0d3\Microsoft.MapPoint.Data.ni.dll
+ 2008-10-28 20:58:52 1,708,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\63c6436bb01182505c89abd5b813ee68\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.ni.dll
+ 2008-10-28 20:58:44 901,120 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\7a3cdfb9b1e3f88c6a867f44fba6fbc7\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2008-10-28 20:58:18 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\8c08fa0a6f7eabe17c6f2a0ecc35ef03\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2008-10-28 20:58:05 593,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\95742bb9dd78672772b30439e49621a0\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2008-10-28 20:58:46 479,232 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\9797fc085fad981a2a318a407b8c502c\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
+ 2008-10-28 20:58:16 4,796,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\9cb777e97068b4eba942280586183be9\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2008-10-28 20:58:32 2,809,856 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\bcf918edf22b3f24a137c452ee51ca7f\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2008-10-28 20:58:41 2,011,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cc7f77a5d3b10d05fbe6d2b48b41502a\Microsoft.MapPoint.Modeling.ni.dll
+ 2008-10-28 20:58:47 458,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cf929c3b798e9d8aea6127896a7320d7\Microsoft.MapPoint.Network.ni.dll
+ 2008-10-28 20:58:35 1,613,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\d548f73802d988d5a92e9366b32bd347\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2008-10-28 20:58:22 307,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\d8c207341254c242db49dd7fb325ab9d\Microsoft.MapPoint.UtilityPartialTrust.ni.dll
+ 2008-10-28 20:58:37 385,024 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\f90c1ab53cb94cee7e1adfacb223c97d\Microsoft.MapPoint.Utility.ni.dll
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 15:57:40 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-09-18 10:21:57 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-10-28 20:22:18 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-09-18 10:19:10 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-10-28 20:29:21 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-09-18 10:19:12 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-10-28 20:29:21 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-09-18 10:19:12 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-10-28 20:29:22 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-09-18 10:19:10 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-10-28 20:29:21 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-09-18 10:19:12 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-10-28 20:29:22 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-09-18 10:19:13 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-10-28 20:29:22 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-09-18 10:19:13 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-10-28 20:29:22 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-09-18 10:19:10 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-10-28 20:29:21 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-09-18 10:19:10 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-10-28 20:29:21 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-09-18 10:19:13 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-10-28 20:29:22 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-09-18 10:19:10 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-10-28 20:29:21 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-09-18 10:19:09 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-10-28 20:29:21 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-04-08 22:16:41 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-10-28 20:01:57 14,848 ----a-w C:\WINDOWS\system32\BASSMOD.dll
- 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 15:57:40 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-07-23 11:46:07 212,880 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-28 21:07:45 212,880 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 15:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:57:40 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-04-13 18:31:21 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2008-04-13 19:24:37 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:57:40 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 1996-01-12 23:00:00 24,576 ----a-w C:\WINDOWS\system32\STKIT432.DLL
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-13 19:30:10 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
- 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-10-27 04:55:55 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-10-29 13:52:08 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-10-27 04:55:55 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-10-29 13:52:08 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-10-29 13:51:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_694.dat
- 2008-10-27 04:55:55 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-29 13:52:08 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker "= "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe" [2006-12-20 752128]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]
"Windows Live FolderShare "= "C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe" [2008-04-15 925728]
"Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"SMSystemAnalyzer "= "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"msnmsgr "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Logitech Hardware Abstraction Layer "= "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
"SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ioloDelayModule "= "C:\Program Files\iolo\System Mechanic 6\delay.exe" [2005-06-08 96256]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2006-07-19 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Tracy and Cheri\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-04-24 3446512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-02-21 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-30 19:43 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 09:13 49152 C:\Program Files\Common Files\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420 "= i420vfw.dll
"VIDC.VDOM "= vdowave.drv
"VIDC.TR20 "= tr2032.dll
"vidc.vivo "= ivvideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpiralFrog
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\StubInstaller.exe "=
"C:\\WINDOWS\\system32\\dpnsvr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"C:\\Program Files\\ICQ6\\ICQ.exe "=
"C:\\Program Files\\uTorrent\\uTorrent.exe "=
"C:\\Documents and Settings\\Tracy and Cheri\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe "=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE "= C:\Program Files\Livestation\1.0.77.3\Livestation.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;C:\CFusionMX7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [ ]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;C:\CFusionMX7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [ ]
R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe -cfg C:\CFusionMX7\verity\k2\common\verity.cfg [ ]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [2005-01-24 61440]
S3 MagEpNt;MagEpNt;C:\WINDOWS\system32\drivers\MagEpNt.sys [1997-06-12 26304]
S3 PRISM_USB;IEEE 802.11 Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\EXPSUSB.sys [2003-07-22 626688]
S3 SaiH0255;SaiH0255;C:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2004-10-22 121984]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 08:53:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Utilities\avast!\aswUpdSv.exe
C:\Utilities\avast!\ashServ.exe
C:\Program Files\Common Files\stardock\sdmcp.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
C:\WINDOWS\system32\locator.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Utilities\avast!\ashMaiSv.exe
C:\Utilities\avast!\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-29 9:07:14 - machine was rebooted [Tracy and Cheri]
ComboFix-quarantined-files.txt 2008-10-29 14:07:00
ComboFix2.txt 2008-10-27 05:11:23

Pre-Run: 22,649,401,344 bytes free
Post-Run: 22,833,913,856 bytes free

530 --- E O F --- 2008-10-28 20:29:39

 

New RSIT Log;

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tracy and Cheri at 2008-10-29 09:18:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (29%) free of 76 GB
Total RAM: 1014 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:33 AM, on 10/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Utilities\avast!\aswUpdSv.exe
C:\Utilities\avast!\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\locator.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Utilities\avast!\ashMaiSv.exe
C:\Utilities\avast!\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Tracy and Cheri\Desktop\RSIT.exe
C:\Program Files\trend micro\Tracy and Cheri.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ioloDelayModule] "C:\Program Files\iolo\System Mechanic 6\delay.exe "
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe "
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tracy and Cheri\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.samsungportal.com
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://naskp.samsungportal.com/km/htdocs/include/cabfiles/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://solutionguy.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1216808366046
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162466133281
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://service.samsungportal.com/EP/web/common/cabfiles/UniSSOCheck.cab
O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} - http://naskp.samsungportal.com/km/htdocs/include/cabfiles/MultiDownload.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Utilities\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Utilities\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Utilities\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Utilities\avast!\ashWebSv.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14794 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-03 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\PicLens.dll [2008-02-14 1236992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client "=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"Logitech Hardware Abstraction Layer "=C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer "=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"SoundMAXPnP "=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"ioloDelayModule "=C:\Program Files\iolo\System Mechanic 6\delay.exe [2005-06-08 96256]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"googletalk "=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe [2007-08-30 61440]
"Acrobat Assistant 7.0 "=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker "=C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe [2006-12-20 752128]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176]
"Windows Live FolderShare "=C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe [2008-04-15 925728]
"Veoh "=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
"SMSystemAnalyzer "=C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe [2006-12-20 557056]
"msnmsgr "=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpiralFrog]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2006-09-01 671744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
D:\WinZip\WZQKPICK.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\Tracy and Cheri\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-30 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\mcpcore.dll [2005-05-10 86016]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\StubInstaller.exe "= "C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\WINDOWS\system32\dpnsvr.exe "= "C:\WINDOWS\system32\dpnsvr.exe:*isabled:Microsoft DirectPlay8 Server "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe "= "C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe:*:Enabled:Combat Flight Simulator 3 "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe "= "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice "
"C:\Program Files\ICQ6\ICQ.exe "= "C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe "= "C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta "
"C:\Program Files\Google\Google Talk\googletalk.exe "= "C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE "= "C:\Program Files\Livestation\1.0.77.3\Livestation.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe "= "C:\Documents and Settings\Tracy and Cheri\Local Settings\Application Data\FolderShare\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\PROGRAM FILES\LIVESTATION\1.0.77.3\LIVESTATION.EXE "= "C:\Program Files\Livestation\1.0.77.3\Livestation.exe "

======File associations======

.js - edit - C:\WINDOWS\System32\WScript.exe "%1" %*
.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2008-10-29 09:17:00 ----SHD---- C:\RECYCLER
2008-10-29 09:07:19 ----A---- C:\ComboFix.txt
2008-10-28 19:40:38 ----D---- C:\Program Files\FixYa
2008-10-28 15:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-28 15:28:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-28 15:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-28 15:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-28 15:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-28 14:54:49 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-10-26 21:53:40 ----A---- C:\Boot.bak
2008-10-26 21:53:12 ----RASHD---- C:\cmdcons
2008-10-26 21:44:21 ----A---- C:\WINDOWS\zip.exe
2008-10-26 21:44:21 ----A---- C:\WINDOWS\VFIND.exe
2008-10-26 21:44:21 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-26 21:44:21 ----A---- C:\WINDOWS\SWSC.exe
2008-10-26 21:44:21 ----A---- C:\WINDOWS\SWREG.exe
2008-10-26 21:44:21 ----A---- C:\WINDOWS\sed.exe
2008-10-26 21:44:21 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-26 21:44:21 ----A---- C:\WINDOWS\grep.exe
2008-10-26 21:44:21 ----A---- C:\WINDOWS\fdsv.exe
2008-10-26 21:43:59 ----D---- C:\WINDOWS\ERDNT
2008-10-26 21:43:58 ----D---- C:\Qoobox
2008-10-26 20:50:33 ----D---- C:\Program Files\trend micro
2008-10-26 20:50:30 ----D---- C:\rsit
2008-10-24 18:36:15 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Malwarebytes
2008-10-24 18:35:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 18:35:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 21:39:39 ----A---- C:\WINDOWS\system32\0372ec20-.txt
2008-10-22 21:26:50 ----D---- C:\Documents and Settings\All Users\Application Data\fghwtyhm
2008-10-22 21:25:30 ----A---- C:\WINDOWS\rminstall.exe
2008-10-22 21:25:24 ----A---- C:\WINDOWS\mssupdate.exe
2008-09-18 05:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-18 05:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-18 03:37:24 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-07 15:12:57 ----D---- C:\Program Files\TVAnts
2008-08-17 13:35:55 ----D---- C:\Program Files\Innovative Solutions
2008-08-14 10:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 10:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 10:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 10:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 10:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 10:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 10:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-14 00:38:59 ----D---- C:\Program Files\NCH Software
2008-08-14 00:37:25 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-14 00:36:03 ----D---- C:\Program Files\NCH Swift Sound
2008-08-14 00:03:52 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Free Audio Editor
2008-08-14 00:03:33 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2008-08-14 00:03:32 ----A---- C:\WINDOWS\system32\NCTTextToAudio2.dll
2008-08-14 00:03:32 ----A---- C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-08-14 00:03:32 ----A---- C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-08-14 00:03:32 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-08-14 00:03:31 ----A---- C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-08-14 00:03:31 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2008-08-14 00:03:29 ----D---- C:\Program Files\Free Audio Editor
2008-08-13 23:52:22 ----D---- C:\Program Files\Audacity
2008-08-13 23:30:11 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Audacity
2008-08-10 23:16:35 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-10 23:13:24 ----D---- C:\Program Files\Livestation
2008-08-08 16:58:14 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-04 05:49:00 ----D---- C:\Program Files\Virtual Earth 3D

======List of files/folders modified in the last 3 months======

2008-10-29 09:19:14 ----D---- C:\WINDOWS\Temp
2008-10-29 09:19:12 ----D---- C:\WINDOWS\Internet Logs
2008-10-29 09:14:52 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 09:14:20 ----D---- C:\WINDOWS\Prefetch
2008-10-29 09:12:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 09:12:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 09:08:57 ----D---- C:\Program Files\Mozilla Firefox
2008-10-29 09:08:28 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-29 09:07:28 ----D---- C:\WINDOWS\system32
2008-10-29 09:07:23 ----D---- C:\WINDOWS
2008-10-29 08:53:14 ----N---- C:\WINDOWS\system.ini
2008-10-29 08:51:26 ----D---- C:\Program Files\GRISOFT
2008-10-29 08:50:18 ----D---- C:\WINDOWS\system32\config
2008-10-29 08:48:23 ----D---- C:\Program Files\Common Files
2008-10-29 08:48:22 ----D---- C:\WINDOWS\AppPatch
2008-10-29 03:55:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-28 19:40:38 ----D---- C:\Program Files
2008-10-28 16:07:39 ----D---- C:\Program Files\Internet Explorer
2008-10-28 15:58:53 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-28 15:58:52 ----RSD---- C:\WINDOWS\assembly
2008-10-28 15:29:38 ----SHD---- C:\WINDOWS\Installer
2008-10-28 15:29:38 ----SHD---- C:\Config.Msi
2008-10-28 15:28:57 ----HD---- C:\WINDOWS\inf
2008-10-28 15:28:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-28 15:28:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-28 15:28:44 ----A---- C:\WINDOWS\imsins.BAK
2008-10-28 15:27:50 ----D---- C:\WINDOWS\ie7updates
2008-10-28 15:09:53 ----D---- C:\Program Files\Registry Mechanic
2008-10-28 15:01:57 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-10-28 14:53:57 ----D---- C:\Utilities
2008-10-26 22:16:25 ----D---- C:\WINDOWS\system
2008-10-26 21:56:04 ----D---- C:\temp
2008-10-26 21:53:40 ----RASH---- C:\boot.ini
2008-10-26 21:46:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 15:13:39 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\uTorrent
2008-10-26 02:44:09 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-25 22:18:16 ----D---- C:\videooutput
2008-10-25 12:50:33 ----D---- C:\Program Files\Spyware Doctor
2008-10-23 22:40:55 ----A---- C:\WINDOWS\win.ini
2008-10-23 22:38:41 ----D---- C:\WINDOWS\pss
2008-10-23 20:11:59 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-10-22 22:43:14 ----D---- C:\Documents and Settings
2008-10-22 22:20:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-22 22:18:13 ----D---- C:\WINDOWS\system32\wbem
2008-10-22 22:18:11 ----D---- C:\WINDOWS\Registration
2008-10-22 21:04:52 ----SD---- C:\WINDOWS\Tasks
2008-10-22 14:43:49 ----D---- C:\W2 M
2008-10-22 14:42:45 ----D---- C:\Program Files\LimeWire
2008-10-22 14:42:44 ----D---- C:\Program Files\Messenger
2008-10-22 14:42:43 ----D---- C:\Program Files\Movie Maker
2008-10-22 14:42:39 ----D---- C:\Program Files\e-Speaking
2008-10-22 14:42:36 ----D---- C:\Program Files\DivX
2008-10-22 14:42:35 ----D---- C:\Program Files\CinemaForge
2008-10-22 14:42:35 ----D---- C:\Program Files\Celestia
2008-10-22 14:42:34 ----D---- C:\Program Files\CDBurnerXP
2008-10-22 14:42:33 ----D---- C:\Program Files\ActivIcons
2008-10-22 14:42:33 ----D---- C:\Program Files\321Studios
2008-10-22 14:42:19 ----D---- C:\CFusionMX7
2008-10-22 02:31:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-21 02:32:18 ----D---- C:\Program Files\Windows Media Player
2008-10-21 02:08:42 ----D---- C:\Gamez
2008-10-20 18:37:10 ----D---- C:\Program Files\PCCW
2008-10-20 15:44:21 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-15 09:34:19 ----D---- C:\Program Files\Google
2008-10-15 08:56:42 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-14 10:44:15 ----D---- C:\Program Files\Common Files\Real
2008-10-14 10:42:55 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Real
2008-10-12 21:53:10 ----D---- C:\Tracy
2008-10-09 21:30:18 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-05 15:57:16 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-04 04:15:44 ----D---- C:\VideoOut
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-01 15:31:34 ----D---- C:\Champion
2008-09-18 05:32:58 ----A---- C:\WINDOWS\wininit.ini
2008-09-18 05:18:28 ----D---- C:\WINDOWS\WinSxS
2008-09-18 04:53:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 20:28:22 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Adobe
2008-09-14 20:28:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-13 12:51:41 ----D---- C:\Program Files\Microsoft Small Business
2008-09-10 21:33:26 ----D---- C:\Program Files\PCFriendly
2008-09-06 07:31:39 ----AC---- C:\WINDOWS\SysMech6.INI
2008-09-05 17:58:17 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-03 20:59:29 ----D---- C:\WINDOWS\Help
2008-08-30 21:57:51 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-30 19:27:23 ----D---- C:\WINDOWS\Downloaded Installations
2008-08-27 03:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 02:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 02:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 03:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 03:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 00:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-08-21 13:02:34 ----RD---- C:\WINDOWS\Offline Web Pages
2008-08-20 11:00:17 ----D---- C:\WINDOWS\security
2008-08-20 09:45:06 ----D---- C:\Program Files\uTorrent
2008-08-20 08:18:41 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-18 16:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-18 08:55:52 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Mozilla
2008-08-17 18:21:58 ----D---- C:\Program Files\Opera
2008-08-17 18:02:10 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-17 18:02:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-17 18:02:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-14 09:04:09 ----D---- C:\Audio
2008-08-14 05:09:26 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 04:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 00:37:30 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\NCH Swift Sound
2008-07-30 20:49:34 ----D---- C:\Documents and Settings\Tracy and Cheri\Application Data\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-03-07 44384]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-01 132608]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LHidUsbK;SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-07-19 36736]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-05-18 47360]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-10-20 15616]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-10-20 26752]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-05-03 24528]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-06-02 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
S3 MagEpNt;MagEpNt; C:\WINDOWS\system32\drivers\MagEpNt.sys [1997-06-12 26304]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-08-14 27136]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-05-22 14604]
S3 PRISM_USB;IEEE 802.11 Wireless USB Driver; C:\WINDOWS\system32\DRIVERS\EXPSUSB.sys [2003-07-22 626688]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 SaiH0255;SaiH0255; C:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2004-10-22 121984]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\wg111nd5.sys [2004-06-04 379488]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Utilities\avast!\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Utilities\avast!\ashServ.exe [2008-07-19 147640]
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server; C:\CFusionMX7\runtime\bin\jrunsvc.exe [2005-01-24 61440]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent; C:\CFusionMX7\db\slserver54\bin\swagent.exe [2003-10-02 733253]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server; C:\CFusionMX7\db\slserver54\bin\swstrtr.exe [2003-10-02 118853]
R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server; C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe [2004-09-23 2711312]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 168432]
R2 IOLO_SRV;iolo System Guard; C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe [2006-12-20 243712]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Utilities\avast!\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Utilities\avast!\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-02-21 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

 

Something was not done correctly. There is no change in your logs. Please repeat my last set of instructions carefully, then post the new logs.