View Full Version : I've been bit by Virtuamonde!
Hi ... I've been getting annoying pop-ups!! Spybot confirms the presence of Virtumonde. Here are the deets:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 20, 2008 11:34:50 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/05/2008
Kaspersky Anti-Virus database records: 788663
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 112082
Number of viruses found: 7
Number of infected objects: 33
Number of suspicious objects: 0
Duration of the scan process: 00:56:50
Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU930B.txt Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b516fd97fefcd71c044a85c265e66d73_be0ddc18-ec8a-4f85-b471-cd8303065de1 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_be0ddc18-ec8a-4f85-b471-cd8303065de1 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_be0ddc18-ec8a-4f85-b471-cd8303065de1 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fa8bd506e8fa23f72b24a87231231c7b_be0ddc18-ec8a-4f85-b471-cd8303065de1 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_be0ddc18-ec8a-4f85-b471-cd8303065de1 Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog01.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog10.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog12.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Aquino Kids.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Guest.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Michele.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-20_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\Users\Rudy\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Users\Rudy\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Messenger\rudeeee@gmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Messenger\rudeeee@gmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Messenger\rudeeee@gmail.com\SharingMetadata\Working\database_346A_D338_6AD2_F618\dfsr.db Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Messenger\rudeeee@gmail.com\SharingMetadata\Working\database_346A_D338_6AD2_F618\fsr.log Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Messenger\rudeeee@gmail.com\SharingMetadata\Working\database_346A_D338_6AD2_F618\fsrtmp.log Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Messenger\rudeeee@gmail.com\SharingMetadata\Working\database_346A_D338_6AD2_F618\tmp.edb Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRQS3VCB\kb516107[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B8LYFCUM\p_842215322=0&[2].htm Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HL962AXE\598199_1562717421_3f2be6955498c04a4581a8375ea53db9213498bb[1].flv Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Rudy\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\UsrClass.dat{794abdd0-67e6-11dc-8b54-001c26f0ed81}.TM.blf Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\UsrClass.dat{794abdd0-67e6-11dc-8b54-001c26f0ed81}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows\UsrClass.dat{794abdd0-67e6-11dc-8b54-001c26f0ed81}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows Live Contacts\rudeeee@gmail.com\real\members.stg Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows Live Contacts\rudeeee@gmail.com\shadow\members.stg Object is locked skipped
C:\Users\Rudy\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Rudy\AppData\Local\SupportSoft\DellSupportCenter\Rudy\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Rudy\AppData\Local\Temp\aWOIXOHA.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\bmvroarv.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Rudy\AppData\Local\Temp\ddcCuvuT.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\deuskrav.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sca skipped
C:\Users\Rudy\AppData\Local\Temp\fflavsly.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sbz skipped
C:\Users\Rudy\AppData\Local\Temp\geBqNfFU.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\geBrspoP.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\hojykway.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sca skipped
C:\Users\Rudy\AppData\Local\Temp\iiffEtsQ.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\opnliihf.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\qoMCTnlL.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\qoMdBRji.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\symlcsv1.exe Infected: IM-Worm.Win32.Pykse.l skipped
C:\Users\Rudy\AppData\Local\Temp\tmp0000c6b7 Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp0000c725 Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp0000e5ac Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp0000f102 Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp00011ea6 Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp00016eb9 Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp00019397 Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp0002475b Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp000278a8 Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\tmp002d9260 Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\urqNFYom.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\urqrpoME.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\xxyyaYrR.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\yayvtuvS.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Users\Rudy\AppData\Local\Temp\yqhrbcfp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sby skipped
C:\Users\Rudy\AppData\Local\Temp\~DF39E1.tmp Object is locked skipped
C:\Users\Rudy\AppData\Local\Temp\~DF3A26.tmp Object is locked skipped
C:\Users\Rudy\AppData\Local\Temp\~DF7869.tmp Object is locked skipped
C:\Users\Rudy\AppData\Local\Temp\~DF79DD.tmp Object is locked skipped
C:\Users\Rudy\Downloads\DivX Pro 6.5\keygen.exe Infected: not-a-virus:PSWTool.Win32.GetPass.h skipped
C:\Users\Rudy\ntuser.dat Object is locked skipped
C:\Users\Rudy\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Rudy\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Rudy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Rudy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Rudy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\awtrPGAQ.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\ssqqnkLd.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Broadcom Wireless LAN.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\System32\xxyvwWnk.dll Infected: Trojan-Downloader.Win32.Agent.pgt skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:53 PM, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070914
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.86.179 owoxkpgsm.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqqnkLd.dll,#1
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Rudy\AppData\Local\Temp\mLEWOEvV.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rudy\AppData\Local\Temp\geBrspoP.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [6ad2f6b7] rundll32.exe "C:\Users\Rudy\AppData\Local\Temp\rewwpttg.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM69e1c52b] Rundll32.exe "C:\Users\Rudy\AppData\Local\Temp\bmvroarv.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: offline-8876480 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 25645 bytes
Rorschach112
2008-05-21, 15:53
Hello
You got infected cause you downloaded keygens
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
[kill explorer]
C:\Users\Rudy\Downloads\DivX Pro 6.5\keygen.exe
C:\Windows\System32\awtrPGAQ.dll
C:\Windows\System32\ssqqnkLd.dll
C:\Windows\System32\xxyvwWnk.dll
purity
[start explorer]
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
Is it ok to run ATF Cleaner under Vista? Noticed that it said for XP and Windows 2000 only.
Rorschach112
2008-05-21, 16:21
Yes that is fine, go ahead with it
OK...I followed your instructions. I am still getting annoying popups. Here are the logs.
Explorer killed successfully
C:\Users\Rudy\Downloads\DivX Pro 6.5\keygen.exe moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\awtrPGAQ.dll
C:\Windows\System32\awtrPGAQ.dll NOT unregistered.
File move failed. C:\Windows\System32\awtrPGAQ.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\ssqqnkLd.dll
C:\Windows\System32\ssqqnkLd.dll NOT unregistered.
File move failed. C:\Windows\System32\ssqqnkLd.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\xxyvwWnk.dll
C:\Windows\System32\xxyvwWnk.dll NOT unregistered.
File move failed. C:\Windows\System32\xxyvwWnk.dll scheduled to be moved on reboot.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05212008_183255
ComboFix 08-05-21.2 - Rudy 2008-05-21 19:44:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2329 [GMT -4:00]
Running from: C:\Users\Rudy\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Rudy\AppData\Roaming\macromedia\Flash Player\#SharedObjects\8FQV5ABD\iforex.com
C:\Users\Rudy\AppData\Roaming\macromedia\Flash Player\#SharedObjects\8FQV5ABD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Users\Rudy\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Users\Rudy\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Windows\system32\comsa32.sys
C:\Windows\system32\drmgs.sys
C:\Windows\system32\tmp0_434557516144.bk
C:\Windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.
2008-05-21 18:32 . 2008-05-21 18:32 <DIR> d-------- C:\_OTMoveIt
2008-05-20 21:42 . 2008-05-20 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 21:38 . 2008-05-20 21:38 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-20 21:21 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-20 21:21 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-20 21:21 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-19 22:05 . 2008-05-19 22:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-16 22:35 . 2008-05-16 22:35 <DIR> d-------- C:\Users\Rudy\AppData\Roaming\Yahoo!
2008-05-16 22:20 . 2008-05-16 22:37 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-16 22:19 . 2008-05-20 21:21 <DIR> d-------- C:\Program Files\Symantec
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:18 <DIR> d-------- C:\graphics
2008-05-16 21:11 . 2008-05-16 21:11 56,320 --a------ C:\Windows\System32\awtrPGAQ.dll
2008-05-16 21:02 . 2008-05-16 21:02 56,320 --a------ C:\Windows\System32\xxyvwWnk.dll
2008-05-16 20:50 . 2008-05-16 22:36 <DIR> d-------- C:\Program Files\BitDefender
2008-05-16 20:49 . 2008-05-16 20:50 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-16 20:36 . 2008-05-16 20:36 56,320 --a------ C:\Windows\System32\ssqqnkLd.dll
2008-05-13 06:57 . 2008-05-13 06:57 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-13 06:56 . 2008-05-13 06:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-22 06:40 . 2008-04-22 06:40 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 01:21 --------- d-----w C:\ProgramData\Symantec
2008-05-20 12:16 --------- d-----w C:\Users\Rudy\AppData\Roaming\uTorrent
2008-05-19 20:27 130,224 ----a-w C:\Users\Rudy\AppData\Roaming\nvModes.dat
2008-05-17 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 02:37 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-17 02:37 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-17 02:18 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 03:23 --------- d-----w C:\Program Files\World of Warcraft
2008-05-14 07:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 07:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-25 03:45 --------- d-----w C:\ProgramData\Dell
2008-04-20 01:04 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-19 02:54 --------- d-----w C:\Program Files\CCleaner
2008-04-19 02:35 --------- d-----w C:\Program Files\VS Revo Group
2008-04-17 02:38 --------- d-----w C:\ProgramData\NVIDIA
2008-04-17 02:35 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 02:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 02:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-04 00:09 --------- d-----w C:\Program Files\WiFiConnector
2008-04-03 22:46 --------- d-----w C:\Program Files\Java
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 02:35 27,335 ----a-w C:\Users\Guest\AppData\Roaming\nvModes.dat
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-09-13 19:18 76 --sh--r C:\Windows\CT4CET.bin
2008-01-12 13:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007123120080107\index.dat
2008-01-15 05:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080114\index.dat
2008-01-16 01:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011520080116\index.dat
2008-01-19 00:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011820080119\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-21 15:01 32768]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 05:01 36864]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 15:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-08-20 11:58 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57 16384]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 11:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 05:13 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 05:13 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 05:13 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 05:13 67584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSServer"="C:\Windows\system32\ssqqnkLd.dll" [2008-05-16 20:36 56320]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 6:55:50 PM 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/13/2007 3:10:04 PM 50688]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [9/21/2007 3:01:47 PM 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/30/2008 10:56:46 PM 784912]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/6/2008 9:12:44 PM 651264]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 7:13:26 PM 1180952]
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [4/3/2008 8:09:01 PM 1175552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"= C:\Windows\system32\ssqqnkLd.dll [2008-05-16 20:36 56320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C59FC2C9-945F-487F-8C93-5C41F8AEF13F}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{EA993A06-FF5D-4599-858A-74EF0CF6375B}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{7AF05598-3AD1-4ABD-94F4-CC3369E237F0}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{56DAC718-FA0C-4C18-AE7F-CEAB9CFD2430}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{72C3ACF6-8BA8-4BFF-8D29-0255EA49F0D6}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{45CBFE24-D7E1-4F68-BFA2-BB644C5C940E}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B64DD128-32ED-4A64-89D0-533EA9FE8C2F}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{7D40CAE4-C949-4CCB-A11D-7270FDADDC03}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{D6801EC2-6020-45B4-B3BD-EF98FE96805D}"= UDP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{9C0CA38F-6255-4E7B-83AB-1A3429858F0C}"= TCP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{39173418-8BE7-4247-B8C0-2F78B0E95B2A}"= UDP:3724:Blizzard Downloader: 3724
"{FA58C5F5-6F91-44FE-AEB1-55485153AD65}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{19260066-09E7-42E1-A22D-335D88AECC84}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0333EE69-E7F5-4E86-AF20-8CBACFB6ADAE}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{185E056C-B2B1-46AE-8016-65BFACBB154D}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{51741967-7417-47C1-A320-40161A00E836}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{90887B48-32E4-439F-B08F-1697EE7BB7C8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{2A231BDB-C3C8-489C-8DF4-E1985F1A35A0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9F3A0059-F840-49FF-8301-6DBC02E88F35}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5AC1B096-CF08-4F85-94B2-B62AED850CC1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{600E9620-0AEB-47D7-810D-F7F7AC77801E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C2E413D-7637-4DCD-A368-A55FB3D6B7A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24AD8D6E-0EE9-4713-BAC7-81828AF00D77}"= UDP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{81CDC756-2BCC-4794-9ACA-5933C770FA4C}"= TCP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{60900342-150E-4046-B371-2BE7EED5DCB0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6B505736-9C4B-467C-993D-1A78D6678BEA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{210E6262-48DC-4D5E-B604-4F0083CD5E82}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E245C723-2488-4D79-9BD8-C13DFC08D075}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7583FF21-B35E-4D14-86C5-F6FE1FAE6E45}"= C:\Program Files\WiFiConnector\NintendoWFCReg.exe:Nintendo Wi-Fi USB Connector
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080513.001\IDSvix86.sys [2008-05-13 00:27]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 14:25]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 19:56]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-12 04:50]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-12 04:50]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-12 04:53]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 22:45]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 18:32]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 01:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b32cc2f-6879-11dc-a33d-001c26f0ed81}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 00:34:28 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-06 00:52:02 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Rudy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-17 02:42:56 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Rudy.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-21 01:17:35 C:\Windows\Tasks\User_Feed_Synchronization-{26C58A8D-F288-4307-8414-24EEDEFC553E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 19:46:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Rudy\AppData\Roaming\Microsoft\Windows\Cookies\rudy@msn[1].txt 336 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-05-21 19:47:41
ComboFix-quarantined-files.txt 2008-05-21 23:47:18
Pre-Run: 26,312,232,960 bytes free
Post-Run: 26,302,865,408 bytes free
244 --- E O F --- 2008-05-17 00:09:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:53 PM, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070914
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.86.179 owoxkpgsm.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqqnkLd.dll,#1
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Rudy\AppData\Local\Temp\mLEWOEvV.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rudy\AppData\Local\Temp\geBrspoP.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [6ad2f6b7] rundll32.exe "C:\Users\Rudy\AppData\Local\Temp\rewwpttg.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM69e1c52b] Rundll32.exe "C:\Users\Rudy\AppData\Local\Temp\bmvroarv.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: offline-8876480 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 25645 bytes
Rorschach112
2008-05-22, 15:14
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\Windows\System32\awtrPGAQ.dll
C:\Windows\System32\xxyvwWnk.dll
C:\Windows\System32\ssqqnkLd.dll
F:\LaunchU3.exe
Folder::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b32cc2f-6879-11dc-a33d-001c26f0ed81}]
DirLook::
C:\Users\Rudy\Downloads
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Also post a new HijackThis log
ComboFix 08-05-21.2 - Rudy 2008-05-22 19:54:12.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2189 [GMT -4:00]
Running from: C:\Users\Rudy\Desktop\ComboFix.exe
Command switches used :: C:\Users\Rudy\Desktop\CFScript.txt
FILE ::
C:\Windows\System32\awtrPGAQ.dll
C:\Windows\System32\ssqqnkLd.dll
C:\Windows\System32\xxyvwWnk.dll
F:\LaunchU3.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\awtrPGAQ.dll
C:\Windows\System32\ssqqnkLd.dll
C:\Windows\System32\xxyvwWnk.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.
2008-05-21 18:32 . 2008-05-21 18:32 <DIR> d-------- C:\_OTMoveIt
2008-05-20 21:42 . 2008-05-20 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 21:38 . 2008-05-20 21:38 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-20 21:21 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-20 21:21 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-20 21:21 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-19 22:05 . 2008-05-19 22:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-16 22:35 . 2008-05-16 22:35 <DIR> d-------- C:\Users\Rudy\AppData\Roaming\Yahoo!
2008-05-16 22:20 . 2008-05-16 22:37 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-16 22:19 . 2008-05-20 21:21 <DIR> d-------- C:\Program Files\Symantec
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:18 <DIR> d-------- C:\graphics
2008-05-16 20:50 . 2008-05-16 22:36 <DIR> d-------- C:\Program Files\BitDefender
2008-05-16 20:49 . 2008-05-16 20:50 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-13 06:57 . 2008-05-13 06:57 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-13 06:56 . 2008-05-13 06:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-22 06:40 . 2008-04-22 06:40 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 01:21 --------- d-----w C:\ProgramData\Symantec
2008-05-20 12:16 --------- d-----w C:\Users\Rudy\AppData\Roaming\uTorrent
2008-05-19 20:27 130,224 ----a-w C:\Users\Rudy\AppData\Roaming\nvModes.dat
2008-05-17 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 02:37 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-17 02:37 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-17 02:18 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 03:23 --------- d-----w C:\Program Files\World of Warcraft
2008-05-14 07:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 07:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-25 03:45 --------- d-----w C:\ProgramData\Dell
2008-04-20 01:04 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-19 02:54 --------- d-----w C:\Program Files\CCleaner
2008-04-19 02:35 --------- d-----w C:\Program Files\VS Revo Group
2008-04-17 02:38 --------- d-----w C:\ProgramData\NVIDIA
2008-04-17 02:35 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 02:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 02:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-04 00:09 --------- d-----w C:\Program Files\WiFiConnector
2008-04-03 22:46 --------- d-----w C:\Program Files\Java
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 02:35 27,335 ----a-w C:\Users\Guest\AppData\Roaming\nvModes.dat
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-09-13 19:18 76 --sh--r C:\Windows\CT4CET.bin
2008-01-12 13:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007123120080107\index.dat
2008-01-15 05:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080114\index.dat
2008-01-16 01:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011520080116\index.dat
2008-01-19 00:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011820080119\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Users\Rudy\Downloads ----
2008-05-20 21:42 812344 --a------ C:\Users\Rudy\Downloads\HJTInstall.exe
2008-05-20 21:31 9722720 --a------ C:\Users\Rudy\Downloads\spybotsd152.exe
2008-05-18 00:56 4275 --a------ C:\Users\Rudy\Downloads\rapget140\lang\english.lng
2008-05-18 00:56 3008 --a------ C:\Users\Rudy\Downloads\rapget140\rapget.ini
2008-05-18 00:56 17 --a------ C:\Users\Rudy\Downloads\rapget140\links.dat
2008-05-16 20:40 667648 --a------ C:\Users\Rudy\Downloads\Norton_Removal_Tool.exe
2008-05-16 20:27 49495384 --a------ C:\Users\Rudy\Downloads\bitdefender_totalsecurity_2008_32b.exe
2008-05-11 20:01 38866019 --a------ C:\Users\Rudy\Downloads\DS ROMS\2275_-_Iron_Man__U__SQUiRE_.rar
2008-04-25 21:11 9335468 --a------ C:\Users\Rudy\Downloads\Cosmos_Complete.zip
2008-04-24 23:35 31542424 --a------ C:\Users\Rudy\Downloads\R180808-3.exe
2008-04-18 22:53 2733520 --a------ C:\Users\Rudy\Downloads\ccsetup205.exe
2008-04-18 22:35 1567713 --a------ C:\Users\Rudy\Downloads\revosetup.exe
2008-04-16 20:43 59782440 --a------ C:\Users\Rudy\Downloads\iTunesSetup.exe
2008-04-03 18:38 1784670 --a------ C:\Users\Rudy\Downloads\Nintendo_WFC_USB.zip
2008-03-25 23:17 195953 --a------ C:\Users\Rudy\Downloads\BOLA_DISH_AR.rar
2008-03-15 20:58 335650 --a------ C:\Users\Rudy\Downloads\BOLA DISH AR\BOLA DISH AR.pfg
2008-03-15 20:42 139 --a------ C:\Users\Rudy\Downloads\BOLA DISH AR\READ ME.txt
2008-03-14 23:49 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\2132 - Chicken Hunter (U)(JunkRat).nds
2008-03-05 23:43 16777216 --a------ C:\Users\Rudy\Downloads\DS ROMS\2082 - Mystery Dungeon Shiren The Wanderer (U)(Xenophobia).nds
2008-03-04 15:31 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\2073 - Naruto Ninja Destiny (U)(SQUiRE).nds
2008-02-23 00:19 4253 --a------ C:\Users\Rudy\Downloads\links.dat
2008-02-23 00:19 2943 --a------ C:\Users\Rudy\Downloads\rapget.ini
2008-02-23 00:18 270736 --a------ C:\Users\Rudy\Downloads\rapget140.rar
2008-02-23 00:16 4275 --a------ C:\Users\Rudy\Downloads\lang\english.lng
2008-02-17 00:39 305172 --a------ C:\Users\Rudy\Downloads\HJSplit_2.3.rar
2008-02-15 16:35 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\2024 - Dungeon Explorer Warrior of Ancient Arts (U)(SQUiRE).nds
2008-02-07 00:02 138 --a------ C:\Users\Rudy\Downloads\DS ROMS\Spiderwick Chronicles.sfv
2008-02-06 13:38 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1992 - Assassins Creed Altairs Chronicles (U)(Micronauts).nds
2008-02-06 02:20 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\Spiderwick Chronicles.nds
2008-02-03 10:55 859465744 --a------ C:\Users\Rudy\Downloads\MSSetup.exe
2008-01-23 04:59 134217728 --a------ C:\Users\Rudy\Downloads\DS ROMS\1969 - Mario & Sonic at the Olympic Games (U).nds
2008-01-21 11:27 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\Advance Wars Days of Ruin (U)(iND).nds
2008-01-18 23:47 9912 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Filter-Outlier\OutlierFilter.lua
2008-01-18 23:47 98 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Babylonian\Load.xml
2008-01-18 23:47 98 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Babylonian\Load.xml
2008-01-18 23:47 98 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\Libs\Babylonian\Load.xml
2008-01-18 23:47 98 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Babylonian\Load.xml
2008-01-18 23:47 98 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Babylonian\Load.xml
2008-01-18 23:47 9726 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\SelectBox.lua
2008-01-18 23:47 9726 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\SelectBox.lua
2008-01-18 23:47 9726 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\SelectBox.lua
2008-01-18 23:47 9726 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\SelectBox.lua
2008-01-18 23:47 9726 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\SelectBox.lua
2008-01-18 23:47 97 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\SlideBar\Load.xml
2008-01-18 23:47 97 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\SlideBar\Load.xml
2008-01-18 23:47 97 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\SlideBar\Load.xml
2008-01-18 23:47 97 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\SlideBar\Load.xml
2008-01-18 23:47 97 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\Libs\SlideBar\Load.xml
2008-01-18 23:47 9671 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalProspect.lua
2008-01-18 23:47 931 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Enchantrix.toc
2008-01-18 23:47 9274 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Stat-Classic\StatClassic.lua
2008-01-18 23:47 8823 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeanCounterUpdate.lua
2008-01-18 23:47 8753 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalDisenchant.lua
2008-01-18 23:47 86 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\README.txt
2008-01-18 23:47 8526 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalResale.lua
2008-01-18 23:47 8321 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\InfTooltip.lua
2008-01-18 23:47 830 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Auc-Advanced.toc
2008-01-18 23:47 82376 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Appraiser\AprFrame.lua
2008-01-18 23:47 8116 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\PanelScroller.lua
2008-01-18 23:47 8116 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\PanelScroller.lua
2008-01-18 23:47 8116 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\PanelScroller.lua
2008-01-18 23:47 8116 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\PanelScroller.lua
2008-01-18 23:47 8116 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\PanelScroller.lua
2008-01-18 23:47 8042 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanButton\ScanButton.lua
2008-01-18 23:47 7720 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CoreUtil.lua
2008-01-18 23:47 7672 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\PanelScroller.xml
2008-01-18 23:47 7672 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\PanelScroller.xml
2008-01-18 23:47 7672 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\PanelScroller.xml
2008-01-18 23:47 7672 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\PanelScroller.xml
2008-01-18 23:47 7672 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\PanelScroller.xml
2008-01-18 23:47 754 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Informant.toc
2008-01-18 23:47 745086 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\InfData.lua
2008-01-18 23:47 7217 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\LibRecycle.lua
2008-01-18 23:47 7217 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\LibRecycle.lua
2008-01-18 23:47 7217 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\LibRecycle.lua
2008-01-18 23:47 7217 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\LibRecycle.lua
2008-01-18 23:47 7217 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\LibRecycle.lua
2008-01-18 23:47 7142 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanProgress\ScanProgress.lua
2008-01-18 23:47 69990 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\btmMain.lua
2008-01-18 23:47 673 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Readme.txt
2008-01-18 23:47 6681 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\FilterItemType.lua
2008-01-18 23:47 6632 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Match-Undercut\Undercut.lua
2008-01-18 23:47 6554 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Example\Example.lua
2008-01-18 23:47 655 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\enchantrix-barker.toc
2008-01-18 23:47 6500 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\BarkerUtil.lua
2008-01-18 23:47 6399 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalSnatch.lua
2008-01-18 23:47 6315 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BidMonitor.lua
2008-01-18 23:47 624 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Embed.xml
2008-01-18 23:47 60217 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\BarkerStrings.lua
2008-01-18 23:47 601 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\EnhTooltip.toc
2008-01-18 23:47 5899 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\PostMonitor.lua
2008-01-18 23:47 585 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Stat-Purchased\Auc-Stat-Purchased.toc
2008-01-18 23:47 5818 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CoreConfig.lua
2008-01-18 23:47 57817 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\Tooltip.lua
2008-01-18 23:47 5516 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\FilterItemQuality.lua
2008-01-18 23:47 5359 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxMiniIcon.lua
2008-01-18 23:47 532 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-ScanData\Auc-ScanData.toc
2008-01-18 23:47 52508 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Data\EnxNonDisenchant.lua
2008-01-18 23:47 5245 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalVendor.lua
2008-01-18 23:47 5203 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\TinyMoneyFrame.xml
2008-01-18 23:47 5201 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxLocale.lua
2008-01-18 23:47 5166 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\BarkerTooltip.lua
2008-01-18 23:47 513 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Filter-Basic\Auc-Filter-Basic.toc
2008-01-18 23:47 5001 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Babylonian\Babylonian.lua
2008-01-18 23:47 5001 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Babylonian\Babylonian.lua
2008-01-18 23:47 5001 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\Libs\Babylonian\Babylonian.lua
2008-01-18 23:47 5001 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Babylonian\Babylonian.lua
2008-01-18 23:47 5001 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Babylonian\Babylonian.lua
2008-01-18 23:47 499 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Appraiser\Embed.xml
2008-01-18 23:47 4946 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\BarkerLocale.lua
2008-01-18 23:47 4900 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxConfig.lua
2008-01-18 23:47 48060 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\Configator.lua
2008-01-18 23:47 48060 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\Configator.lua
2008-01-18 23:47 48060 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\Configator.lua
2008-01-18 23:47 48060 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\Configator.lua
2008-01-18 23:47 48060 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\Configator.lua
2008-01-18 23:47 475 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Stubby\Stubby.toc
2008-01-18 23:47 470 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Stat-Simple\Auc-Stat-Simple.toc
2008-01-18 23:47 466 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-VendMarkup\Auc-Util-VendMarkup.toc
2008-01-18 23:47 4620 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\FilterItemPrice.lua
2008-01-18 23:47 45846 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CoreScan.lua
2008-01-18 23:47 458 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Example\Readme.txt
2008-01-18 23:47 45166 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\EnchantrixBarker.lua
2008-01-18 23:47 451 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Example\Embed.xml
2008-01-18 23:47 450723 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Data\InfPrices.lua
2008-01-18 23:47 4483 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\TinyMoneyFrame.lua
2008-01-18 23:47 4392 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\SelectBox.xml
2008-01-18 23:47 4392 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\SelectBox.xml
2008-01-18 23:47 4392 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\SelectBox.xml
2008-01-18 23:47 4392 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\SelectBox.xml
2008-01-18 23:47 4392 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\SelectBox.xml
2008-01-18 23:47 438 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Filter-Outlier\Embed.xml
2008-01-18 23:47 437291 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Data\InfQuests.lua
2008-01-18 23:47 4362 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\InfManifest.lua
2008-01-18 23:47 436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-VendMarkup\Embed.xml
2008-01-18 23:47 436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-PriceLevel\Embed.xml
2008-01-18 23:47 434 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-CompactUI\Embed.xml
2008-01-18 23:47 4331925 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\BtmPrices.lua
2008-01-18 23:47 433 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Match-Undercut\Embed.xml
2008-01-18 23:47 432 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-AskPrice\Embed.xml
2008-01-18 23:47 43148 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Stubby\Libs\DebugLib\DebugLib.lua
2008-01-18 23:47 43148 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\DebugLib\DebugLib.lua
2008-01-18 23:47 43148 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\Libs\DebugLib\DebugLib.lua
2008-01-18 23:47 43148 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\DebugLib\DebugLib.lua
2008-01-18 23:47 43148 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\Libs\DebugLib\DebugLib.lua
2008-01-18 23:47 43148 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\DebugLib\DebugLib.lua
2008-01-18 23:47 43148 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\DebugLib\DebugLib.lua
2008-01-18 23:47 430 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Stat-WOWEcon\Embed.xml
2008-01-18 23:47 4298 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-ScanData\StringRope.lua
2008-01-18 23:47 4282 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\BarkerManifest.lua
2008-01-18 23:47 4266 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxManifest.lua
2008-01-18 23:47 426 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Stat-StdDev\Auc-Stat-StdDev.toc
2008-01-18 23:47 4174 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Appraiser\Appraiser.lua
2008-01-18 23:47 40935 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeanCounterFrames.lua
2008-01-18 23:47 40825 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Stubby\Stubby.lua
2008-01-18 23:47 4046 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\FilterTimeLeft.lua
2008-01-18 23:47 4030 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalTemplate.lua
2008-01-18 23:47 3972 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-VendMarkup\vendMarkup.lua
2008-01-18 23:47 392 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Filter-Outlier\Auc-Filter-Outlier.toc
2008-01-18 23:47 378 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeanCounter.toc
2008-01-18 23:47 375 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\!Swatter.toc
2008-01-18 23:47 364 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanProgress\Embed.xml
2008-01-18 23:47 360 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanFinish\Embed.xml
2008-01-18 23:47 360 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanButton\Embed.xml
2008-01-18 23:47 340 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\SlideBar\SlideBar.toc
2008-01-18 23:47 340 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\SlideBar\SlideBar.toc
2008-01-18 23:47 340 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\SlideBar\SlideBar.toc
2008-01-18 23:47 340 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\SlideBar\SlideBar.toc
2008-01-18 23:47 340 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\Libs\SlideBar\SlideBar.toc
2008-01-18 23:47 3356 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\Tooltip.xml
2008-01-18 23:47 33046 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxCommand.lua
2008-01-18 23:47 319 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Stubby\Libs\DebugLib\DebugLib.toc
2008-01-18 23:47 319 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\DebugLib\DebugLib.toc
2008-01-18 23:47 319 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\Libs\DebugLib\DebugLib.toc
2008-01-18 23:47 319 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\DebugLib\DebugLib.toc
2008-01-18 23:47 319 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\Libs\DebugLib\DebugLib.toc
2008-01-18 23:47 319 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\DebugLib\DebugLib.toc
2008-01-18 23:47 319 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\DebugLib\DebugLib.toc
2008-01-18 23:47 3076 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CoreConst.lua
2008-01-18 23:47 30301 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxConstants.lua
2008-01-18 23:47 303 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Babylonian\Babylonian.toc
2008-01-18 23:47 303 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Babylonian\Babylonian.toc
2008-01-18 23:47 303 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\Libs\Babylonian\Babylonian.toc
2008-01-18 23:47 303 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Babylonian\Babylonian.toc
2008-01-18 23:47 303 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Babylonian\Babylonian.toc
2008-01-18 23:47 29868 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxUtil.lua
2008-01-18 23:47 29129 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-CompactUI\CompactUI.lua
2008-01-18 23:47 288 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\Configator.toc
2008-01-18 23:47 288 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\Configator.toc
2008-01-18 23:47 288 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\Configator.toc
2008-01-18 23:47 288 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\Configator.toc
2008-01-18 23:47 288 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\Configator.toc
2008-01-18 23:47 2840 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeancounterVendor.lua
2008-01-18 23:47 2724 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxAucUtil.lua
2008-01-18 23:47 2685 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Stat-WOWEcon\WOWEcon.lua
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\SlideBar\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\SlideBar\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\SlideBar\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\SlideBar\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\Libs\SlideBar\lgpl.txt
2008-01-18 23:47 26436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\lgpl.txt
2008-01-18 23:47 25794 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\InfCommand.lua
2008-01-18 23:47 25646 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\InfMain.lua
2008-01-18 23:47 256 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Stat-Classic\Auc-Stat-Classic.toc
2008-01-18 23:47 256 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanProgress\Auc-Util-ScanProgress.toc
2008-01-18 23:47 2534 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CoreManifest.lua
2008-01-18 23:47 252 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanFinish\Auc-Util-ScanFinish.toc
2008-01-18 23:47 252 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanButton\Auc-Util-ScanButton.toc
2008-01-18 23:47 252 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-PriceLevel\Auc-Util-PriceLevel.toc
2008-01-18 23:47 252 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Example\Auc-Util-Example.toc
2008-01-18 23:47 252 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Stat-WOWEcon\Auc-Stat-WOWEcon.toc
2008-01-18 23:47 250 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-CompactUI\Auc-Util-CompactUI.toc
2008-01-18 23:47 249 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Appraiser\Auc-Util-Appraiser.toc
2008-01-18 23:47 249 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Match-Undercut\Auc-Match-Undercut.toc
2008-01-18 23:47 248 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-AskPrice\Auc-Util-AskPrice.toc
2008-01-18 23:47 24617 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeanCounterStrings.lua
2008-01-18 23:47 2434 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeanCounterLocale.lua
2008-01-18 23:47 235 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\Load.xml
2008-01-18 23:47 235 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\Load.xml
2008-01-18 23:47 235 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\Load.xml
2008-01-18 23:47 235 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\Load.xml
2008-01-18 23:47 235 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\Load.xml
2008-01-18 23:47 22857 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-Appraiser\AprSettings.lua
2008-01-18 23:47 216 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Load.xml
2008-01-18 23:47 216 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Load.xml
2008-01-18 23:47 216 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Load.xml
2008-01-18 23:47 21317 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\SlideBar\SlideMain.lua
2008-01-18 23:47 21317 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\SlideBar\SlideMain.lua
2008-01-18 23:47 21317 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\SlideBar\SlideMain.lua
2008-01-18 23:47 21317 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\SlideBar\SlideMain.lua
2008-01-18 23:47 21317 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\Libs\SlideBar\SlideMain.lua
2008-01-18 23:47 21009 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxTooltip.lua
2008-01-18 23:47 20493 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-AskPrice\AskPrice.lua
2008-01-18 23:47 2049 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\InfLocale.lua
2008-01-18 23:47 2045 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\btmLocales.lua
2008-01-18 23:47 20230 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxSettings.lua
2008-01-18 23:47 19848 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Stat-Simple\StatSimple.lua
2008-01-18 23:47 1948 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\autorun.lua
2008-01-18 23:47 19284 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalMatConvert.lua
2008-01-18 23:47 18943 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CorePost.lua
2008-01-18 23:47 18638 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeanCounterMail.lua
2008-01-18 23:47 18351 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\GPL.txt
2008-01-18 23:47 18248 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CoreAPI.lua
2008-01-18 23:47 18011 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Stubby\GPL.txt
2008-01-18 23:47 18011 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\GPL.txt
2008-01-18 23:47 18011 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\GPL.txt
2008-01-18 23:47 18011 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\GPL.txt
2008-01-18 23:47 177 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Load.xml
2008-01-18 23:47 17643 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\Swatter.lua
2008-01-18 23:47 17424 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxStorage.lua
2008-01-18 23:47 17340 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxAutoDisenchant.lua
2008-01-18 23:47 16424 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanFinish\ScanFinish.lua
2008-01-18 23:47 16325 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Stat-Purchased\StatPurchased.lua
2008-01-18 23:47 16265 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\BarkerSettings.lua
2008-01-18 23:47 1622 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Stubby\Stubby.xml
2008-01-18 23:47 15921 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CoreSettings.lua
2008-01-18 23:47 1548 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxObjects.lua
2008-01-18 23:47 15355 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeanCounter.lua
2008-01-18 23:47 1525 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Bindings.xml
2008-01-18 23:47 1439 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\BarkerObjects.lua
2008-01-18 23:47 14351 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalEnchantMats.lua
2008-01-18 23:47 14300 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxMain.lua
2008-01-18 23:47 14247 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-PriceLevel\PriceLevel.lua
2008-01-18 23:47 14208 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\BeanCounterConfig.lua
2008-01-18 23:47 142 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Load.xml
2008-01-18 23:47 140 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\Libs\Load.xml
2008-01-18 23:47 13967 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\Configator\ScrollSheet.lua
2008-01-18 23:47 13967 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\Configator\ScrollSheet.lua
2008-01-18 23:47 13967 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\Configator\ScrollSheet.lua
2008-01-18 23:47 13967 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Libs\Configator\ScrollSheet.lua
2008-01-18 23:47 13967 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\Configator\ScrollSheet.lua
2008-01-18 23:47 1354 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\btmObject.lua
2008-01-18 23:47 13397 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Stat-StdDev\StatStdDev.lua
2008-01-18 23:47 12895 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\EnchantrixBarker.xml
2008-01-18 23:47 127427 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\EnxStrings.lua
2008-01-18 23:47 1247 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Active.xml
2008-01-18 23:47 11802 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Informant.xml
2008-01-18 23:47 11764 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalComparable.lua
2008-01-18 23:47 11230 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Sounds\CreativeCommons.txt
2008-01-18 23:47 11113 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\btmSettings.lua
2008-01-18 23:47 1098 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\btmScan.toc
2008-01-18 23:47 10871 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\License.txt
2008-01-18 23:47 10807 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\EvalAppraiser.lua
2008-01-18 23:47 10667 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-ScanData\ScanData.lua
2008-01-18 23:47 10566 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Filter-Basic\BasicFilter.lua
2008-01-18 23:47 10462 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\CoreMain.lua
2008-01-18 23:47 103595 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\InfStrings.lua
2008-01-18 23:47 10121 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Filter-Basic\BasicFilter.xml
2008-01-18 23:47 101 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Stubby\Libs\Load.xml
2008-01-18 23:47 101 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\Libs\Load.xml
2008-01-18 23:47 101 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\Libs\Load.xml
2008-01-18 23:47 100 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Stubby\Libs\DebugLib\Load.xml
2008-01-18 23:47 100 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Informant\Libs\DebugLib\Load.xml
2008-01-18 23:47 100 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\EnhTooltip\Libs\DebugLib\Load.xml
2008-01-18 23:47 100 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Libs\DebugLib\Load.xml
2008-01-18 23:47 100 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix-Barker\Libs\DebugLib\Load.xml
2008-01-18 23:47 100 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Libs\DebugLib\Load.xml
2008-01-18 23:47 100 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Libs\DebugLib\Load.xml
2008-01-01 21:48 269312 --a------ C:\Users\Rudy\Downloads\DAMN_NFO_Viewer_v2-10-0032-RC3.exe
2008-01-01 20:46 110627691 --a------ C:\Users\Rudy\Downloads\Sony Products\acidpro60d-trial_enu.exe
2008-01-01 20:45 113553560 --a------ C:\Users\Rudy\Downloads\Sony Products\cinescore10c-trial_enu.exe
2008-01-01 20:41 30167544 --a------ C:\Users\Rudy\Downloads\Sony Products\cdarchitect52c-trial_enu.exe
2008-01-01 20:41 12305648 --a------ C:\Users\Rudy\Downloads\Sony Products\noisereduction20h.exe
2008-01-01 20:27 80880248 --a------ C:\Users\Rudy\Downloads\Sony Products\dvdarchitectpro45a-trial_enu.exe
2008-01-01 19:59 119080896 --a------ C:\Users\Rudy\Downloads\Sony Products\vegaspro80a-trial_enu.exe
2007-12-30 02:06 2392722 --a------ C:\Users\Rudy\Downloads\ac3filter_1_46.exe
2007-12-30 01:01 4513920 --a------ C:\Users\Rudy\Downloads\realalt175lite.zip
2007-12-30 01:01 10824983 --a------ C:\Users\Rudy\Downloads\quicktimealt195lite.exe
2007-12-25 20:31 4862248 --a------ C:\Users\Rudy\Downloads\LimeWire_Pro_4.14.12_[limewirepro.at.tt]\LimeWire_Pro_4.14.12.exe
2007-12-08 19:30 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1799 - WWE Smackdown Vs Raw 2008 (U)(Xenophobia).nds
2007-12-03 01:30 303 --a------ C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\file_id.diz
2007-11-29 19:40 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\1759 - The Suite Life of Zack and Cody Circle of Spies (U)(Sir VG).nds
2007-11-18 18:41 88580 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Textures\BC-TopRight.blp
2007-11-18 18:41 88580 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Textures\BC-TopLeft.blp
2007-11-18 18:41 88580 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Textures\BC-Top.blp
2007-11-18 18:19 1436 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\rebuild.pl
2007-11-10 03:36 6660 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\!Swatter\Textures\SwatterIcon.blp
2007-11-09 22:50 6660 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BeanCounter\Textures\BeanCounterIcon.blp
2007-11-07 14:07 134217728 --a------ C:\Users\Rudy\Downloads\DS ROMS\1628 - Dragon Quest Monsters Joker (U).nds
2007-11-06 17:21 84 --ahs---- C:\Users\Rudy\Downloads\Favorites\desktop.ini
2007-11-05 19:57 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1612 - Lego Star Wars The Complete Saga (U)(Micronauts).nds
2007-11-05 19:57 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1612 - Lego Star Wars The Complete Saga (U)(Micronauts) - Copy.nds
2007-11-03 07:55 271 --a------ C:\Users\Rudy\Downloads\Favorites\BMO Bank of Montreal Online Banking.url
2007-11-02 20:45 342 --a------ C:\Users\Rudy\Downloads\Favorites\BMO InvestorLine - Canadian Leading Online Brokerage.url
2007-11-01 22:26 232 --a------ C:\Users\Rudy\Downloads\Favorites\Welcome to Markertek.com Call Us @ 800 522 2025.url
2007-10-31 22:32 341 --a------ C:\Users\Rudy\Downloads\Favorites\RBC Financial Group - Online Banking.url
2007-10-29 22:32 194 --a------ C:\Users\Rudy\Downloads\Favorites\The White House Home Theater.url
2007-10-29 21:46 235 --a------ C:\Users\Rudy\Downloads\Favorites\http--www.ramelectronics.net-.url
2007-10-29 21:46 217 --a------ C:\Users\Rudy\Downloads\Favorites\AVS Forum.url
2007-10-29 00:09 438 --a------ C:\Users\Rudy\Downloads\Favorites\http--www.new-world-odour.com-.url
2007-10-27 13:36 635 --a------ C:\Users\Rudy\Downloads\Favorites\habbo.url
2007-10-26 18:12 249 --a------ C:\Users\Rudy\Downloads\Favorites\President's Choice Financialonline banking.url
2007-10-26 00:16 258 --a------ C:\Users\Rudy\Downloads\Favorites\Welcome to HR Connect.url
2007-10-24 13:44 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1549 - MegaMan ZX Advent (U)(Xenophobia).nds
2007-10-23 16:06 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1543 - The Sims 2 Castaway (U)(Xenophobia).nds
2007-10-22 17:39 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\The Legend of Zelda - Phantom Hourglass.nds
2007-10-19 19:14 32986848 --a------ C:\Users\Rudy\Downloads\Sony Products\Sony PSP Media Manager Pro\pmmpro25a_enu.exe
2007-10-16 18:23 63569920 --a------ C:\Users\Rudy\Downloads\DS ROMS\Tony_Hawks_Proving_Ground.nds
2007-10-15 11:23 1950 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\SetupInstructions.txt
2007-10-10 14:43 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\Donkey Kong Jungle Climber.nds
2007-10-08 14:32 956 --a------ C:\Users\Rudy\Downloads\Favorites\RuneScape - the massive online adventure game by Jagex Ltd.url
2007-10-07 22:36 188 --a------ C:\Users\Rudy\Downloads\Favorites\Maze Game.url
2007-10-07 20:53 11408 --a------ C:\Users\Rudy\Downloads\rapget140\readme_rus.txt
2007-10-07 20:53 10098 --a------ C:\Users\Rudy\Downloads\rapget140\readme_en.txt
2007-10-07 20:51 171008 --a------ C:\Users\Rudy\Downloads\rapget140\rapget.exe
2007-10-07 20:03 87234 --a------ C:\Users\Rudy\Downloads\rapget140\base.rob
2007-10-07 14:17 3431 --a------ C:\Users\Rudy\Downloads\Favorites\yohi.url
2007-10-07 14:17 184 --a------ C:\Users\Rudy\Downloads\Favorites\DragonFable - Web RPG.url
2007-10-07 14:08 212 --a------ C:\Users\Rudy\Downloads\Favorites\Releaselog RLSLOG.net » Applications.url
2007-10-05 21:51 8192 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\Private_keys_files\eeprom.bin
2007-10-05 21:48 4194304 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\Private_keys_files\DP508-15BB-DCKA-10S-NP063-FLASH-2.bin
2007-10-05 21:48 1879 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\Private_keys_files\rsakeys.txt
2007-10-05 21:47 18432 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\Private_keys_files\Hack_kid's Rom102 3M V7.3 Without Blocker [No-RSA].bn102
2007-10-04 12:31 134217728 --a------ C:\Users\Rudy\Downloads\DS ROMS\1474 - Crash of the Titans (U)(Xenophobia).nds
2007-10-04 12:27 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1473 - The Legend of Spyro The Eternal Night (U)(Xenophobia).nds
2007-10-01 18:39 141988 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Modules\Auc-Util-ScanFinish\ScanComplete.mp3
2007-09-20 22:55 1000792 --a------ C:\Users\Rudy\Downloads\Norton Internet Security 2007\Norton_Removal_Tool.exe
2007-09-20 22:37 282 --ahs---- C:\Users\Rudy\Downloads\desktop.ini
2007-09-20 22:06 80 --ahs---- C:\Users\Rudy\Downloads\Favorites\Links\desktop.ini
2007-09-20 22:06 187 --a------ C:\Users\Rudy\Downloads\Favorites\Dell\Dell Internet Security.url
2007-09-20 22:06 149 --a------ C:\Users\Rudy\Downloads\Favorites\Dell\Dell.url
2007-09-20 22:06 147 --a------ C:\Users\Rudy\Downloads\Favorites\Dell\Support.Dell.Com.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Windows Live\Windows Live Spaces.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Windows Live\Windows Live Mail.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Windows Live\Windows Live Gallery.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Windows Live\Get Windows Live.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\MSN Websites\MSNBC News.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\MSN Websites\MSN.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\MSN Websites\MSN Sports.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\MSN Websites\MSN Money.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\MSN Websites\MSN Entertainment.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\MSN Websites\MSN Autos.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Microsoft Websites\Welcome to IE7.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Microsoft Websites\Microsoft At Work.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Microsoft Websites\Microsoft At Home.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Microsoft Websites\Marketplace.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Microsoft Websites\IE site on Microsoft.com.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Microsoft Websites\IE Add-on site.url
2007-09-20 22:06 133 --a------ C:\Users\Rudy\Downloads\Favorites\Links\Customize Links.url
2007-09-20 22:06 116 --a------ C:\Users\Rudy\Downloads\Favorites\Dell\Dell Auction.url
2007-09-19 11:16 6644 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Textures\NavButtons.blp
2007-09-10 09:41 327320 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\SoftAPUninst.exe
2007-09-10 09:40 380568 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe
2007-09-07 17:55 1175552 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\WinVista\NintendoWFCReg.exe
2007-09-07 13:27 946 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstDutch.msg
2007-09-07 09:36 990 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstJapanese.msg
2007-09-07 09:36 968 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstFrench.msg
2007-09-07 09:36 959 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstGerman.msg
2007-09-07 09:36 929 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstSwedish.msg
2007-09-07 09:36 925 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstNorwegian.msg
2007-09-07 09:36 897 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstDanish.msg
2007-09-07 09:36 872 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstFinnish.msg
2007-09-07 09:36 824 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstEnglish.msg
2007-09-07 09:36 764 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstKorean.msg
2007-09-07 09:36 1063 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstPortuguese.msg
2007-09-07 09:36 1052 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstItalian.msg
2007-09-07 09:36 1014 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\InstSpanish.msg
2007-09-06 17:18 90112 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\XpSp2Fw.dll
2007-09-06 17:18 90112 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\XpSp2Fw.dll
2007-09-06 16:48 8616 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Dutch.msg
2007-09-06 16:48 5160 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Dutch.msg
2007-09-06 16:47 6292 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Japanese.msg
2007-09-06 16:24 9412 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\German.msg
2007-09-06 16:24 8842 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\French.msg
2007-09-06 16:24 8822 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Portuguese.msg
2007-09-06 16:24 8790 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Spanish.msg
2007-09-06 16:24 8730 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Italian.msg
2007-09-06 16:24 8342 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Danish.msg
2007-09-06 16:24 8258 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Swedish.msg
2007-09-06 16:24 8194 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Norwegian.msg
2007-09-06 16:24 8104 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Finnish.msg
2007-09-06 16:24 7498 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\English.msg
2007-09-06 16:24 4936 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\Korean.msg
2007-09-06 15:57 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\1393 - Worms Open Warfare 2 (U)(MR0).nds
2007-09-04 14:05 4350 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\U2G54\WinVista\RT25USBAP.CAT
2007-08-28 09:28 237568 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAPInstDrv.bin
2007-08-24 15:38 2637 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\INST.INI
2007-08-24 14:19 77 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.ini
2007-08-12 23:49 24172845 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\Private_keys_for_atmega.rtf
2007-08-12 23:33 214196 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\MyPFG.pfg
2007-08-09 18:16 214192 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\Templates\WizMega DN AR Aug .pfg
2007-08-08 12:47 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\1292 - MegaMan Star Force Dragon (U)(Xenophobia).nds
2007-07-03 16:13 17108 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\U2G54\WinVista\rt25usbap.inf
2007-07-03 15:05 162944 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\U2G54\WinVista\rt25usbap.sys
2007-07-03 14:56 143360 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\ICSAPI.dll
2007-07-03 14:56 143360 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\ICSAPI.dll
2007-07-03 14:55 110592 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\WinVista\WIFICON.dll
2007-06-28 17:10 1175552 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\WinXp\NintendoWFCReg.exe
2007-06-20 12:41 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1161 - Transformers - Autobots (U)(xenophobia).nds
2007-06-20 12:38 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1162 - Transformers - Decepticons (U)(xenophobia).nds
2007-06-19 05:27 313344 --a------ C:\Users\Rudy\Downloads\HJSplit 2.3.exe
2007-05-31 10:04 6660 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Textures\BtmScanIcon.blp
2007-05-31 08:19 6660 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Auc-Advanced\Textures\AucAdvIcon.blp
2007-05-30 10:20 253952 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\DEVREMOVE.exe
2007-05-26 03:28 4526458 --a------ C:\Users\Rudy\Downloads\WinAVI_Video_Converter_8.0_Final\WinAVI Video Converter 8.0 Final\WinAVI_Video_Converter.exe
2007-05-15 21:34 4923 --a------ C:\Users\Rudy\Downloads\rapget140\lang\french.lng
2007-05-02 15:18 301 --a------ C:\Users\Rudy\Downloads\LimeWire_Pro_4.14.12_[limewirepro.at.tt]\limewirepro.at.tt.url
2007-05-01 21:15 14764808 --a------ C:\Users\Rudy\Downloads\DivX Pro 6.5\DivXInstaller.exe
2007-04-30 22:13 4509 --a------ C:\Users\Rudy\Downloads\rapget140\lang\russian.lng
2007-04-30 22:00 4438 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Swedish.lng
2007-04-30 00:16 4596 --a------ C:\Users\Rudy\Downloads\rapget140\lang\italian.lng
2007-04-24 14:06 4540 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Macedonian.lng
2007-04-24 09:37 5304 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Spanish.msg
2007-04-24 09:37 5060 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Portuguese.msg
2007-04-24 09:37 5018 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\French.msg
2007-04-24 09:37 4986 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\German.msg
2007-04-24 09:37 4972 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Danish.msg
2007-04-24 09:37 4930 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Italian.msg
2007-04-24 09:37 4830 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Swedish.msg
2007-04-24 09:37 4814 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Norwegian.msg
2007-04-24 09:37 4814 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Finnish.msg
2007-04-24 09:37 4738 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\English.msg
2007-04-24 09:37 3790 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Korean.msg
2007-04-24 09:37 3568 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\Japanese.msg
2007-04-22 22:44 9528 --a------ C:\Users\Rudy\Downloads\readme_en.txt
2007-04-22 22:43 10818 --a------ C:\Users\Rudy\Downloads\readme_rus.txt
2007-04-22 22:23 170496 --a------ C:\Users\Rudy\Downloads\rapget.exe
2007-04-21 22:59 4509 --a------ C:\Users\Rudy\Downloads\lang\russian.lng
2007-04-21 12:23 52922 --a------ C:\Users\Rudy\Downloads\base.rob
2007-04-20 22:02 4456 --a------ C:\Users\Rudy\Downloads\rapget140\lang\hungarian.lng
2007-04-20 22:02 4456 --a------ C:\Users\Rudy\Downloads\lang\hungarian.lng
2007-04-17 23:11 4700 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Albanian.lng
2007-04-17 23:11 4700 --a------ C:\Users\Rudy\Downloads\lang\Albanian.lng
2007-03-20 19:25 48004224 --a------ C:\Users\Rudy\Downloads\Norton Internet Security 2007\NIS07RT.exe
2007-03-14 13:20 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\0911 - Spectrobes (U)(Xenophobia).nds
2007-03-06 12:39 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\0876 - Wario Master of Disguise (U)(Xenophobia).nds
2007-03-06 10:13 110592 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\WinXp\WIFICON.dll
2007-02-04 07:10 6660 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\Enchantrix\Skin\EnxOrb.blp
2007-01-02 22:59 135168 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\ACUv1.0.12.exe
2006-12-26 15:38 111412 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Sounds\DoorBell.mp3
2006-12-25 10:24 134217728 --a------ C:\Users\Rudy\Downloads\DS ROMS\Dragon Quest Monsters - Joker (J).nds
2006-12-19 10:08 88564 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Textures\Back.blp
2006-12-19 10:08 2564 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Textures\Stop.blp
2006-12-19 10:08 2564 --a------ C:\Users\Rudy\Downloads\AuctioneerAdvancedSuite-5.0.PRE.2777\BtmScan\Textures\Play.blp
2006-11-19 18:06 9728 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\Drivers\nidea.dll
2006-11-19 18:06 95232 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\Drivers\mathlib.dll
2006-11-19 18:06 93696 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\Drivers\cyggmp-3.dll
2006-11-19 18:06 545792 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\Drivers\cygwin1.dll
2006-11-15 15:28 134217728 --a------ C:\Users\Rudy\Downloads\DS ROMS\681 - Final Fantasy III (U)(Psyfer).nds
2006-11-06 20:14 4640 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Chechen.lng
2006-11-06 20:14 4640 --a------ C:\Users\Rudy\Downloads\lang\Chechen.lng
2006-11-04 13:33 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\658 - The Sims 2 - Pets (U)(Sir VG).nds
2006-11-01 04:32 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\Pokémon Ranger (U).nds
2006-10-30 16:18 4534 --a------ C:\Users\Rudy\Downloads\rapget140\lang\spanish.lng
2006-10-30 16:18 4534 --a------ C:\Users\Rudy\Downloads\lang\spanish.lng
2006-10-28 00:49 4499 --a------ C:\Users\Rudy\Downloads\rapget140\lang\turkish.lng
2006-10-28 00:49 4499 --a------ C:\Users\Rudy\Downloads\lang\turkish.lng
2006-10-28 00:42 4469 --a------ C:\Users\Rudy\Downloads\rapget140\lang\polish.lng
2006-10-28 00:42 4469 --a------ C:\Users\Rudy\Downloads\lang\polish.lng
2006-10-27 22:14 4499 --a------ C:\Users\Rudy\Downloads\rapget140\lang\catalan.lng
2006-10-27 22:14 4499 --a------ C:\Users\Rudy\Downloads\lang\catalan.lng
2006-10-27 09:31 4078 --a------ C:\Users\Rudy\Downloads\rapget140\lang\arabic.lng
2006-10-27 09:31 4078 --a------ C:\Users\Rudy\Downloads\lang\arabic.lng
2006-10-26 01:55 3695 --a------ C:\Users\Rudy\Downloads\rapget140\lang\hebrew.lng
2006-10-26 01:55 3695 --a------ C:\Users\Rudy\Downloads\lang\hebrew.lng
2006-10-26 01:54 4296 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Danish.lng
2006-10-26 01:54 4296 --a------ C:\Users\Rudy\Downloads\lang\Danish.lng
2006-10-23 09:46 438 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\MDRIVER\Mdriver.ini
2006-10-19 16:32 17108 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\U2G54\Win2000\rt25usbap.inf
2006-10-10 17:54 4469 --a------ C:\Users\Rudy\Downloads\lang\italian.lng
2006-10-06 18:02 208896 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\MDRIVER\mdriver.exe
2006-09-22 11:06 18432 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\old_files\Hack_kid's Rom102 3M V7.3 Without Blocker [No-RSA].bn102
2006-09-19 16:41 3235 --a------ C:\Users\Rudy\Downloads\501SatViaFixDCEA-with instructions\HowtoFlash-PVR501Tsop.txt
2006-09-07 15:54 99896 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\INST.dll
2006-06-26 11:32 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1170 - Sim City DS (U)(iNSTEON).nds
2006-06-26 11:32 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\1015 - Pokemon Diamond (U)(Legacy).nds
2006-06-18 11:07 8544 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Vietnamese.lng
2006-06-18 11:07 8544 --a------ C:\Users\Rudy\Downloads\lang\Vietnamese.lng
2006-06-16 22:48 3496 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Chinese Traditional.lng
2006-06-16 22:48 3496 --a------ C:\Users\Rudy\Downloads\lang\Chinese Traditional.lng
2006-06-16 18:39 4609 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Dutch.lng
2006-06-16 18:39 4609 --a------ C:\Users\Rudy\Downloads\lang\Dutch.lng
2006-06-12 01:16 4440 --a------ C:\Users\Rudy\Downloads\rapget140\lang\greek.lng
2006-06-12 01:16 4440 --a------ C:\Users\Rudy\Downloads\lang\greek.lng
2006-06-11 13:48 4445 --a------ C:\Users\Rudy\Downloads\rapget140\lang\german.lng
2006-06-11 13:48 4445 --a------ C:\Users\Rudy\Downloads\lang\german.lng
2006-06-10 15:15 4544 --a------ C:\Users\Rudy\Downloads\rapget140\lang\romanian.lng
2006-06-10 15:15 4544 --a------ C:\Users\Rudy\Downloads\lang\romanian.lng
2006-06-10 00:12 4742 --a------ C:\Users\Rudy\Downloads\lang\french.lng
2006-06-09 19:07 4203 --a------ C:\Users\Rudy\Downloads\rapget140\lang\czech.lng
2006-06-09 19:07 4203 --a------ C:\Users\Rudy\Downloads\lang\czech.lng
2006-06-09 16:16 3215 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Farsi.lng
2006-06-09 16:16 3215 --a------ C:\Users\Rudy\Downloads\lang\Farsi.lng
2006-06-08 01:16 4129 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Serbian.lng
2006-06-08 01:16 4129 --a------ C:\Users\Rudy\Downloads\lang\Serbian.lng
2006-06-06 19:24 4034 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Norwegian.lng
2006-06-06 19:24 4034 --a------ C:\Users\Rudy\Downloads\lang\Norwegian.lng
2006-06-06 09:06 4307 --a------ C:\Users\Rudy\Downloads\rapget140\lang\portuguese.lng
2006-06-06 09:06 4307 --a------ C:\Users\Rudy\Downloads\lang\portuguese.lng
2006-06-05 21:57 3574 --a------ C:\Users\Rudy\Downloads\rapget140\lang\korean.lng
2006-06-05 21:57 3574 --a------ C:\Users\Rudy\Downloads\lang\korean.lng
2006-06-03 00:36 4007 --a------ C:\Users\Rudy\Downloads\rapget140\lang\slovak.lng
2006-06-03 00:36 4007 --a------ C:\Users\Rudy\Downloads\lang\slovak.lng
2006-06-02 05:42 8593 --a------ C:\Users\Rudy\Downloads\rapget140\lang\georgian.lng
2006-06-02 05:42 8593 --a------ C:\Users\Rudy\Downloads\lang\georgian.lng
2006-06-01 19:35 4118 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Brazilian.lng
2006-06-01 19:35 4118 --a------ C:\Users\Rudy\Downloads\lang\Brazilian.lng
2006-05-31 19:07 4370 --a------ C:\Users\Rudy\Downloads\rapget140\lang\lithuanian.lng
2006-05-31 19:07 4370 --a------ C:\Users\Rudy\Downloads\lang\lithuanian.lng
2006-05-31 19:03 3802 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Persian.lng
2006-05-31 19:03 3802 --a------ C:\Users\Rudy\Downloads\lang\Persian.lng
2006-05-31 15:34 4147 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Latvian.lng
2006-05-31 15:34 4147 --a------ C:\Users\Rudy\Downloads\lang\Latvian.lng
2006-05-28 18:52 4140 --a------ C:\Users\Rudy\Downloads\rapget140\lang\qvallidon.lng
2006-05-28 18:52 4140 --a------ C:\Users\Rudy\Downloads\lang\qvallidon.lng
2006-05-28 12:36 3406 --a------ C:\Users\Rudy\Downloads\rapget140\lang\icelandic.lng
2006-05-28 12:36 3406 --a------ C:\Users\Rudy\Downloads\lang\icelandic.lng
2006-05-27 10:43 4066 --a------ C:\Users\Rudy\Downloads\rapget140\lang\kazakh.lng
2006-05-27 10:43 4066 --a------ C:\Users\Rudy\Downloads\lang\kazakh.lng
2006-05-26 21:10 4228 --a------ C:\Users\Rudy\Downloads\rapget140\lang\indonesian.lng
2006-05-26 21:10 4228 --a------ C:\Users\Rudy\Downloads\lang\indonesian.lng
2006-05-22 23:57 4209 --a------ C:\Users\Rudy\Downloads\rapget140\lang\belorussian.lng
2006-05-22 23:57 4209 --a------ C:\Users\Rudy\Downloads\lang\belorussian.lng
2006-05-15 08:43 3730 --a------ C:\Users\Rudy\Downloads\rapget140\lang\ukrainian.lng
2006-05-15 08:43 3730 --a------ C:\Users\Rudy\Downloads\lang\ukrainian.lng
2006-05-07 22:19 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\0434 - New Super Mario Bros. (U).nds
2006-05-05 07:14 3502 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Estonian.lng
2006-05-05 07:14 3502 --a------ C:\Users\Rudy\Downloads\lang\Estonian.lng
2006-05-04 17:45 3607 --a------ C:\Users\Rudy\Downloads\rapget140\lang\uzbek.lng
2006-05-04 17:45 3607 --a------ C:\Users\Rudy\Downloads\lang\uzbek.lng
2006-05-04 17:44 3335 --a------ C:\Users\Rudy\Downloads\rapget140\lang\thai.lng
2006-05-04 17:44 3335 --a------ C:\Users\Rudy\Downloads\lang\thai.lng
2006-05-04 17:44 1946 --a------ C:\Users\Rudy\Downloads\rapget140\lang\slovenian.lng
2006-05-04 17:44 1946 --a------ C:\Users\Rudy\Downloads\lang\slovenian.lng
2006-05-04 17:41 3530 --a------ C:\Users\Rudy\Downloads\rapget140\lang\croatian.lng
2006-05-04 17:41 3530 --a------ C:\Users\Rudy\Downloads\lang\croatian.lng
2006-05-04 17:41 3140 --a------ C:\Users\Rudy\Downloads\rapget140\lang\Finnish.lng
2006-05-04 17:41 3140 --a------ C:\Users\Rudy\Downloads\lang\Finnish.lng
2006-05-04 17:40 2695 --a------ C:\Users\Rudy\Downloads\rapget140\lang\chinese_simplified.lng
2006-05-04 17:40 2695 --a------ C:\Users\Rudy\Downloads\lang\chinese_simplified.lng
2006-04-28 00:36 3548 --a------ C:\Users\Rudy\Downloads\rapget140\lang\bulgarian.lng
2006-04-28 00:36 3548 --a------ C:\Users\Rudy\Downloads\lang\bulgarian.lng
2006-04-15 00:43 3482 --a------ C:\Users\Rudy\Downloads\lang\macedonian.lng
2006-04-12 18:27 4194304 --a------ C:\Users\Rudy\Downloads\501SatViaFixDCEA-with instructions\2\R0018642028-PVR501-15BB-DCEA-10S-P308-U7.bin
2006-04-12 18:24 8192 --a------ C:\Users\Rudy\Downloads\501SatViaFixDCEA-with instructions\2\R0018642028-501-15BB-DCEA-10S-P308-EEPROM.bin
2006-04-10 14:02 162816 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\U2G54\Win2000\rt25usbap.sys
2006-03-28 22:42 16777216 --a------ C:\Users\Rudy\Downloads\DS ROMS\0371 - Worms - Open Warfare (U)(Trashman)(ECB40FD3).nds
2006-03-13 21:47 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\Advance Wars - Dual Strike.nds
2006-03-07 17:49 4194304 --a------ C:\Users\Rudy\Downloads\501SatViaFixDCEA-with instructions\1\SatViaVirgin-PVR501-15BB-DCEA-10S-P063-U7.bin
2006-03-06 15:32 2293 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\release3notes.txt
2006-03-06 14:58 21336 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\readme.html
2006-03-06 14:55 1239040 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\GenDT08_SK.exe
2006-02-28 15:06 3738 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\localremap.cfg
2006-02-28 14:25 972 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\patch102.cfg
2006-02-28 14:25 800 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\patch101.cfg
2006-02-28 14:22 30226 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\datatype.cfg
2006-02-28 10:12 895 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\patch.cfg
2006-02-16 19:12 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\Age of Empires - The Age of Kings.nds
2006-02-11 10:35 4350 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\GenDT08.cfg
2006-02-09 16:07 520 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\301.013 No_RSA_Mod SK Bypass.fs
2006-02-05 23:48 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\Dragon Ball Z - Supersonic Warriors 2.nds
2006-01-18 08:30 448 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\GenDT08_SK_V3_3\defaultkeys.cfg
2005-11-22 02:35 2048 --a------ C:\Users\Rudy\Downloads\501SatViaFixDCEA-with instructions\1\SatViaViriginEEPROM-PVR501-15BB-DCEA-EEPROM.bin
2005-11-21 21:47 136 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\virginize_eeprom.fs
2005-11-14 16:56 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\0168 - Mario Kart DS (U)(SCZ)(D47555BE).nds
2005-11-11 17:33 194 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\FlashEdit2.exe.asc
2005-11-11 17:07 289792 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\FlashEdit2.1beta4.exe
2005-11-11 17:06 4197 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\readme.txt
2005-11-11 17:06 2553 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\lang-en.ini
2005-11-02 12:31 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\Mega Man Battle Network 5 - Double Team.nds
2005-09-28 18:44 34 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\NintendoWFCReg.ini
2005-09-22 16:35 2 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\SoftAPUninst.ini
2005-09-22 16:34 2 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAPInstDrv.ini
2005-08-30 16:12 113 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\DEVREMOVE.ini
2005-08-23 11:24 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\0089 - Nintendogs Chihuahua and Friends (U)(Lube).nds
2005-07-22 18:12 33554432 --a------ C:\Users\Rudy\Downloads\DS ROMS\Naruto RPG 2 - Chidori vs. Rasengan (J) (Trashman)(73913B7B).nds
2005-06-17 16:26 67108864 --a------ C:\Users\Rudy\Downloads\DS ROMS\0028 - Kirby - Canvas Curse (U)(Trashman)(FE7DC5EE).nds
2004-10-15 00:38 18009 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\LICENSE
2004-10-15 00:20 1290 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\spec.txt
2004-05-18 08:16 6942 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\JKeys (Version 2.9.11 - Build 026)\jKeys_ReadMe.txt
2004-05-12 13:49 1 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\U2G54\Win2000\RT25USBAP.CAT
2004-05-11 22:55 306 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\save_virgin_eeprom.fs
2004-02-02 18:57 121856 --a------ C:\Users\Rudy\Downloads\BOLA DISH AR\JEEPERS.EXE
2004-02-02 16:57 121856 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\jEEPers.exe
2004-01-24 01:11 14344 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\JKeys (Version 2.9.11 - Build 026)\jKeys.def
2004-01-23 15:40 141312 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\JKeys (Version 2.9.11 - Build 026)\jKeys.exe
2004-01-19 22:31 7626 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\JKeys (Version 2.9.11 - Build 026)\FLASH and IRD Definitions.txt
2003-02-04 00:17 732 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\JKeys (Version 2.9.11 - Build 026)\CallSub.asm
2002-07-29 11:25 3939 --------- C:\Users\Rudy\Downloads\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\SoftAP\DelDev16.dll
2002-06-11 01:54 1320 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\FlashEdit-2.1beta4\blacks.gpg
2002-03-22 23:54 131 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\JKeys (Version 2.9.11 - Build 026)\skeleton.asm
1998-08-14 01:20 775 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\utility registration\ccrpRegUtil_DelReg.inf
1998-08-14 01:20 3159 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\utility registration\Readme.txt
1998-08-14 01:20 2830 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\utility registration\ccrpRegUtil_AddReg.inf
1998-08-14 01:20 20480 --a------ C:\Users\Rudy\Downloads\Pictoral_Guide_for_Atmega-PrivateInfo\ACU\utility registration\ccrpRegUtil.exe
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-21_19.47.01.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 23:26:38 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-22 23:40:58 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-21 23:26:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-22 23:40:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-21 23:26:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-22 23:40:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-21 23:28:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-22 23:42:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-22 23:42:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-21 23:46:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-22 23:56:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-22 23:56:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-21 23:31:46 360,448 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-22 23:56:07 360,448 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-21 23:31:46 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-22 23:56:07 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-21 23:31:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-22 23:56:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-21 23:32:19 106,696 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-22 23:47:27 106,164 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-21 23:32:19 603,282 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-22 23:47:27 602,750 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-21 23:29:00 12,846 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846427856-814530372-3796104221-1000_UserData.bin
+ 2008-05-22 23:43:11 12,854 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846427856-814530372-3796104221-1000_UserData.bin
- 2008-05-21 23:28:59 80,412 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 23:43:10 80,498 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-21 23:28:47 60,380 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 23:43:06 60,436 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-21 15:01 32768]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 05:01 36864]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 15:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-08-20 11:58 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57 16384]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 11:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 05:13 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 05:13 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 05:13 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 05:13 67584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSServer"="C:\Windows\system32\ssqqnkLd.dll" [ ]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 6:55:50 PM 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/13/2007 3:10:04 PM 50688]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [9/21/2007 3:01:47 PM 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/30/2008 10:56:46 PM 784912]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/6/2008 9:12:44 PM 651264]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 7:13:26 PM 1180952]
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [4/3/2008 8:09:01 PM 1175552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"= C:\Windows\system32\ssqqnkLd.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C59FC2C9-945F-487F-8C93-5C41F8AEF13F}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{EA993A06-FF5D-4599-858A-74EF0CF6375B}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{7AF05598-3AD1-4ABD-94F4-CC3369E237F0}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{56DAC718-FA0C-4C18-AE7F-CEAB9CFD2430}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{72C3ACF6-8BA8-4BFF-8D29-0255EA49F0D6}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{45CBFE24-D7E1-4F68-BFA2-BB644C5C940E}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B64DD128-32ED-4A64-89D0-533EA9FE8C2F}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{7D40CAE4-C949-4CCB-A11D-7270FDADDC03}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{D6801EC2-6020-45B4-B3BD-EF98FE96805D}"= UDP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{9C0CA38F-6255-4E7B-83AB-1A3429858F0C}"= TCP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{39173418-8BE7-4247-B8C0-2F78B0E95B2A}"= UDP:3724:Blizzard Downloader: 3724
"{FA58C5F5-6F91-44FE-AEB1-55485153AD65}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{19260066-09E7-42E1-A22D-335D88AECC84}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0333EE69-E7F5-4E86-AF20-8CBACFB6ADAE}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{185E056C-B2B1-46AE-8016-65BFACBB154D}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{51741967-7417-47C1-A320-40161A00E836}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{90887B48-32E4-439F-B08F-1697EE7BB7C8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{2A231BDB-C3C8-489C-8DF4-E1985F1A35A0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9F3A0059-F840-49FF-8301-6DBC02E88F35}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5AC1B096-CF08-4F85-94B2-B62AED850CC1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{600E9620-0AEB-47D7-810D-F7F7AC77801E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C2E413D-7637-4DCD-A368-A55FB3D6B7A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24AD8D6E-0EE9-4713-BAC7-81828AF00D77}"= UDP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{81CDC756-2BCC-4794-9ACA-5933C770FA4C}"= TCP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{60900342-150E-4046-B371-2BE7EED5DCB0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6B505736-9C4B-467C-993D-1A78D6678BEA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{210E6262-48DC-4D5E-B604-4F0083CD5E82}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E245C723-2488-4D79-9BD8-C13DFC08D075}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7583FF21-B35E-4D14-86C5-F6FE1FAE6E45}"= C:\Program Files\WiFiConnector\NintendoWFCReg.exe:Nintendo Wi-Fi USB Connector
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080521.001\IDSvix86.sys [2008-05-13 00:27]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 14:25]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 19:56]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-12 04:50]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-12 04:50]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-12 04:53]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 22:45]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 18:32]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 01:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 00:34:28 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-06 00:52:02 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Rudy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-17 02:42:56 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Rudy.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-22 02:09:57 C:\Windows\Tasks\User_Feed_Synchronization-{26C58A8D-F288-4307-8414-24EEDEFC553E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 19:57:11
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-22 19:58:31
ComboFix-quarantined-files.txt 2008-05-22 23:58:02
ComboFix2.txt 2008-05-21 23:47:42
Pre-Run: 25,966,403,584 bytes free
Post-Run: 25,968,836,608 bytes free
1151 --- E O F --- 2008-05-17 00:09:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:53 PM, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070914
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.86.179 owoxkpgsm.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqqnkLd.dll,#1
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Rudy\AppData\Local\Temp\mLEWOEvV.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rudy\AppData\Local\Temp\geBrspoP.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [6ad2f6b7] rundll32.exe "C:\Users\Rudy\AppData\Local\Temp\rewwpttg.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM69e1c52b] Rundll32.exe "C:\Users\Rudy\AppData\Local\Temp\bmvroarv.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: offline-8876480 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 25645 bytes
Rorschach112
2008-05-23, 13:54
Hello
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqqnkLd.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Rudy\AppData\Local\Temp\mLEWOEvV.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rudy\AppData\Local\Temp\geBrspoP.dll,#1
O4 - HKCU\..\Run: [6ad2f6b7] rundll32.exe "C:\Users\Rudy\AppData\Local\Temp\rewwpttg.dll",b
O4 - HKCU\..\Run: [BM69e1c52b] Rundll32.exe "C:\Users\Rudy\AppData\Local\Temp\bmvroarv.dll",s
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI
Folder::
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI
Registry::
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Also post a new HijackThis log
ComboFix 08-05-21.2 - Rudy 2008-05-24 0:47:06.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2404 [GMT -4:00]
Running from: C:\Users\Rudy\Desktop\ComboFix.exe
Command switches used :: C:\Users\Rudy\Desktop\CFScript.txt
FILE ::
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\diginsan.nfo
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\file_id.diz
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\Keygen.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-21 18:32 . 2008-05-21 18:32 <DIR> d-------- C:\_OTMoveIt
2008-05-20 21:42 . 2008-05-20 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 21:38 . 2008-05-20 21:38 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-20 21:21 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-20 21:21 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-20 21:21 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-19 22:05 . 2008-05-19 22:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-16 22:35 . 2008-05-16 22:35 <DIR> d-------- C:\Users\Rudy\AppData\Roaming\Yahoo!
2008-05-16 22:20 . 2008-05-16 22:37 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-16 22:19 . 2008-05-20 21:21 <DIR> d-------- C:\Program Files\Symantec
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:18 <DIR> d-------- C:\graphics
2008-05-16 20:50 . 2008-05-16 22:36 <DIR> d-------- C:\Program Files\BitDefender
2008-05-16 20:49 . 2008-05-16 20:50 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-13 06:57 . 2008-05-13 06:57 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-13 06:56 . 2008-05-13 06:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 17:00 --------- d-----w C:\Users\Rudy\AppData\Roaming\uTorrent
2008-05-23 16:54 130,224 ----a-w C:\Users\Rudy\AppData\Roaming\nvModes.dat
2008-05-21 01:21 --------- d-----w C:\ProgramData\Symantec
2008-05-17 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 02:37 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-17 02:37 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-17 02:18 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 03:23 --------- d-----w C:\Program Files\World of Warcraft
2008-05-14 07:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 07:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-25 03:45 --------- d-----w C:\ProgramData\Dell
2008-04-22 10:40 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-20 01:04 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-19 02:54 --------- d-----w C:\Program Files\CCleaner
2008-04-19 02:35 --------- d-----w C:\Program Files\VS Revo Group
2008-04-17 02:38 --------- d-----w C:\ProgramData\NVIDIA
2008-04-17 02:35 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 02:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 02:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-04 00:09 --------- d-----w C:\Program Files\WiFiConnector
2008-04-03 22:46 --------- d-----w C:\Program Files\Java
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 02:35 27,335 ----a-w C:\Users\Guest\AppData\Roaming\nvModes.dat
2007-09-13 19:18 76 --sh--r C:\Windows\CT4CET.bin
2008-01-12 13:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007123120080107\index.dat
2008-01-15 05:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080114\index.dat
2008-01-16 01:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011520080116\index.dat
2008-01-19 00:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011820080119\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot_2008-05-22_19.57.45.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 23:40:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-24 02:04:46 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-22 23:40:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-24 02:04:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-22 23:40:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-24 02:04:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-22 23:42:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-24 02:15:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-24 02:15:29 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-22 23:56:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-24 04:51:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-24 04:51:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-22 23:56:07 360,448 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-24 02:20:24 360,448 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 23:56:07 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-24 02:20:24 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 23:56:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-24 02:20:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-22 23:47:27 106,164 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-24 02:12:42 106,696 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-22 23:47:27 602,750 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-24 02:12:42 603,282 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-22 23:43:11 12,854 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846427856-814530372-3796104221-1000_UserData.bin
+ 2008-05-23 10:54:19 12,862 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846427856-814530372-3796104221-1000_UserData.bin
- 2008-05-22 23:43:10 80,498 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-23 10:54:18 80,498 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 23:43:06 60,436 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-23 10:54:14 60,608 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-21 15:01 32768]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 05:01 36864]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 15:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-08-20 11:58 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57 16384]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 11:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 05:13 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 05:13 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 05:13 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 05:13 67584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSServer"="C:\Windows\system32\ssqqnkLd.dll" [ ]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 6:55:50 PM 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/13/2007 3:10:04 PM 50688]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [9/21/2007 3:01:47 PM 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/30/2008 10:56:46 PM 784912]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/6/2008 9:12:44 PM 651264]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 7:13:26 PM 1180952]
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [4/3/2008 8:09:01 PM 1175552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"= C:\Windows\system32\ssqqnkLd.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C59FC2C9-945F-487F-8C93-5C41F8AEF13F}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{EA993A06-FF5D-4599-858A-74EF0CF6375B}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{7AF05598-3AD1-4ABD-94F4-CC3369E237F0}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{56DAC718-FA0C-4C18-AE7F-CEAB9CFD2430}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{72C3ACF6-8BA8-4BFF-8D29-0255EA49F0D6}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{45CBFE24-D7E1-4F68-BFA2-BB644C5C940E}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B64DD128-32ED-4A64-89D0-533EA9FE8C2F}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{7D40CAE4-C949-4CCB-A11D-7270FDADDC03}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{D6801EC2-6020-45B4-B3BD-EF98FE96805D}"= UDP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{9C0CA38F-6255-4E7B-83AB-1A3429858F0C}"= TCP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{39173418-8BE7-4247-B8C0-2F78B0E95B2A}"= UDP:3724:Blizzard Downloader: 3724
"{FA58C5F5-6F91-44FE-AEB1-55485153AD65}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{19260066-09E7-42E1-A22D-335D88AECC84}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0333EE69-E7F5-4E86-AF20-8CBACFB6ADAE}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{185E056C-B2B1-46AE-8016-65BFACBB154D}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{51741967-7417-47C1-A320-40161A00E836}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{90887B48-32E4-439F-B08F-1697EE7BB7C8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{2A231BDB-C3C8-489C-8DF4-E1985F1A35A0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9F3A0059-F840-49FF-8301-6DBC02E88F35}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5AC1B096-CF08-4F85-94B2-B62AED850CC1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{600E9620-0AEB-47D7-810D-F7F7AC77801E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C2E413D-7637-4DCD-A368-A55FB3D6B7A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24AD8D6E-0EE9-4713-BAC7-81828AF00D77}"= UDP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{81CDC756-2BCC-4794-9ACA-5933C770FA4C}"= TCP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{60900342-150E-4046-B371-2BE7EED5DCB0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6B505736-9C4B-467C-993D-1A78D6678BEA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{210E6262-48DC-4D5E-B604-4F0083CD5E82}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E245C723-2488-4D79-9BD8-C13DFC08D075}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7583FF21-B35E-4D14-86C5-F6FE1FAE6E45}"= C:\Program Files\WiFiConnector\NintendoWFCReg.exe:Nintendo Wi-Fi USB Connector
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080523.001\IDSvix86.sys [2008-05-13 00:27]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 14:25]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 19:56]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-12 04:50]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-12 04:50]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-12 04:53]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 22:45]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 18:32]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 01:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 00:34:28 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-06 00:52:02 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Rudy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-17 02:42:56 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Rudy.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-24 04:43:27 C:\Windows\Tasks\User_Feed_Synchronization-{26C58A8D-F288-4307-8414-24EEDEFC553E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 00:52:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Rudy\AppData\Local\Microsoft\Messenger\rudeeee@gmail.com\SharingMetadata\Working\database_346A_D338_6AD2_F618\$db_clean$ 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-05-24 0:54:05
ComboFix-quarantined-files.txt 2008-05-24 04:53:53
ComboFix2.txt 2008-05-22 23:58:32
ComboFix3.txt 2008-05-21 23:47:42
Pre-Run: 37,146,398,720 bytes free
Post-Run: 37,110,431,744 bytes free
264 --- E O F --- 2008-05-17 00:09:15
ComboFix 08-05-21.2 - Rudy 2008-05-24 0:47:06.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2404 [GMT -4:00]
Running from: C:\Users\Rudy\Desktop\ComboFix.exe
Command switches used :: C:\Users\Rudy\Desktop\CFScript.txt
FILE ::
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\diginsan.nfo
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\file_id.diz
C:\Users\Rudy\Downloads\Sony Products\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\Keygen.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-21 18:32 . 2008-05-21 18:32 <DIR> d-------- C:\_OTMoveIt
2008-05-20 21:42 . 2008-05-20 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 21:38 . 2008-05-20 21:38 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-20 21:21 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-20 21:21 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-20 21:21 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-19 22:05 . 2008-05-19 22:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-16 22:35 . 2008-05-16 22:35 <DIR> d-------- C:\Users\Rudy\AppData\Roaming\Yahoo!
2008-05-16 22:20 . 2008-05-16 22:37 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-16 22:19 . 2008-05-20 21:21 <DIR> d-------- C:\Program Files\Symantec
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:18 <DIR> d-------- C:\graphics
2008-05-16 20:50 . 2008-05-16 22:36 <DIR> d-------- C:\Program Files\BitDefender
2008-05-16 20:49 . 2008-05-16 20:50 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-13 06:57 . 2008-05-13 06:57 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-13 06:56 . 2008-05-13 06:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 17:00 --------- d-----w C:\Users\Rudy\AppData\Roaming\uTorrent
2008-05-23 16:54 130,224 ----a-w C:\Users\Rudy\AppData\Roaming\nvModes.dat
2008-05-21 01:21 --------- d-----w C:\ProgramData\Symantec
2008-05-17 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 02:37 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-17 02:37 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-17 02:18 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 03:23 --------- d-----w C:\Program Files\World of Warcraft
2008-05-14 07:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 07:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-25 03:45 --------- d-----w C:\ProgramData\Dell
2008-04-22 10:40 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-20 01:04 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-19 02:54 --------- d-----w C:\Program Files\CCleaner
2008-04-19 02:35 --------- d-----w C:\Program Files\VS Revo Group
2008-04-17 02:38 --------- d-----w C:\ProgramData\NVIDIA
2008-04-17 02:35 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 02:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 02:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-04 00:09 --------- d-----w C:\Program Files\WiFiConnector
2008-04-03 22:46 --------- d-----w C:\Program Files\Java
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 02:35 27,335 ----a-w C:\Users\Guest\AppData\Roaming\nvModes.dat
2007-09-13 19:18 76 --sh--r C:\Windows\CT4CET.bin
2008-01-12 13:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007123120080107\index.dat
2008-01-15 05:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080114\index.dat
2008-01-16 01:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011520080116\index.dat
2008-01-19 00:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011820080119\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot_2008-05-22_19.57.45.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 23:40:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-24 02:04:46 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-22 23:40:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-24 02:04:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-22 23:40:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-24 02:04:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-22 23:42:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-24 02:15:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-24 02:15:29 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-22 23:56:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-24 04:51:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-24 04:51:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-22 23:56:07 360,448 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-24 02:20:24 360,448 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 23:56:07 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-24 02:20:24 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 23:56:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-24 02:20:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-22 23:47:27 106,164 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-24 02:12:42 106,696 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-22 23:47:27 602,750 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-24 02:12:42 603,282 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-22 23:43:11 12,854 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846427856-814530372-3796104221-1000_UserData.bin
+ 2008-05-23 10:54:19 12,862 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846427856-814530372-3796104221-1000_UserData.bin
- 2008-05-22 23:43:10 80,498 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-23 10:54:18 80,498 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 23:43:06 60,436 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-23 10:54:14 60,608 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-21 15:01 32768]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 05:01 36864]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 15:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-08-20 11:58 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57 16384]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 11:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 05:13 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 05:13 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 05:13 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 05:13 67584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSServer"="C:\Windows\system32\ssqqnkLd.dll" [ ]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 6:55:50 PM 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/13/2007 3:10:04 PM 50688]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [9/21/2007 3:01:47 PM 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/30/2008 10:56:46 PM 784912]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/6/2008 9:12:44 PM 651264]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 7:13:26 PM 1180952]
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [4/3/2008 8:09:01 PM 1175552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"= C:\Windows\system32\ssqqnkLd.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C59FC2C9-945F-487F-8C93-5C41F8AEF13F}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{EA993A06-FF5D-4599-858A-74EF0CF6375B}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{7AF05598-3AD1-4ABD-94F4-CC3369E237F0}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{56DAC718-FA0C-4C18-AE7F-CEAB9CFD2430}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{72C3ACF6-8BA8-4BFF-8D29-0255EA49F0D6}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{45CBFE24-D7E1-4F68-BFA2-BB644C5C940E}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B64DD128-32ED-4A64-89D0-533EA9FE8C2F}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{7D40CAE4-C949-4CCB-A11D-7270FDADDC03}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{D6801EC2-6020-45B4-B3BD-EF98FE96805D}"= UDP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{9C0CA38F-6255-4E7B-83AB-1A3429858F0C}"= TCP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{39173418-8BE7-4247-B8C0-2F78B0E95B2A}"= UDP:3724:Blizzard Downloader: 3724
"{FA58C5F5-6F91-44FE-AEB1-55485153AD65}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{19260066-09E7-42E1-A22D-335D88AECC84}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0333EE69-E7F5-4E86-AF20-8CBACFB6ADAE}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{185E056C-B2B1-46AE-8016-65BFACBB154D}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{51741967-7417-47C1-A320-40161A00E836}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{90887B48-32E4-439F-B08F-1697EE7BB7C8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{2A231BDB-C3C8-489C-8DF4-E1985F1A35A0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9F3A0059-F840-49FF-8301-6DBC02E88F35}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5AC1B096-CF08-4F85-94B2-B62AED850CC1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{600E9620-0AEB-47D7-810D-F7F7AC77801E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C2E413D-7637-4DCD-A368-A55FB3D6B7A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24AD8D6E-0EE9-4713-BAC7-81828AF00D77}"= UDP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{81CDC756-2BCC-4794-9ACA-5933C770FA4C}"= TCP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{60900342-150E-4046-B371-2BE7EED5DCB0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6B505736-9C4B-467C-993D-1A78D6678BEA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{210E6262-48DC-4D5E-B604-4F0083CD5E82}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E245C723-2488-4D79-9BD8-C13DFC08D075}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7583FF21-B35E-4D14-86C5-F6FE1FAE6E45}"= C:\Program Files\WiFiConnector\NintendoWFCReg.exe:Nintendo Wi-Fi USB Connector
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080523.001\IDSvix86.sys [2008-05-13 00:27]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 14:25]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 19:56]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-12 04:50]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-12 04:50]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-12 04:53]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 22:45]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 18:32]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 01:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 00:34:28 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-06 00:52:02 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Rudy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-17 02:42:56 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Rudy.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-24 04:43:27 C:\Windows\Tasks\User_Feed_Synchronization-{26C58A8D-F288-4307-8414-24EEDEFC553E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 00:52:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Rudy\AppData\Local\Microsoft\Messenger\rudeeee@gmail.com\SharingMetadata\Working\database_346A_D338_6AD2_F618\$db_clean$ 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-05-24 0:54:05
ComboFix-quarantined-files.txt 2008-05-24 04:53:53
ComboFix2.txt 2008-05-22 23:58:32
ComboFix3.txt 2008-05-21 23:47:42
Pre-Run: 37,146,398,720 bytes free
Post-Run: 37,110,431,744 bytes free
264 --- E O F --- 2008-05-17 00:09:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:48 AM, on 24/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070914
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.86.179 owoxkpgsm.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: offline-8876480 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 25935 bytes
Rorschach112
2008-05-24, 14:03
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
Folder::
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"=-
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Also tell me how your PC is running
Computer appears to run fine ... no annoying popups ... no error messages!
Here are the logs you requested:
ComboFix 08-05-21.2 - Rudy 2008-05-24 10:07:55.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2352 [GMT -4:00]
Running from: C:\Users\Rudy\Desktop\ComboFix.exe
Command switches used :: C:\Users\Rudy\Desktop\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-24 10:05 . 2008-05-24 10:05 <DIR> d-------- C:\Users\Rudy\AppData\Roaming\Malwarebytes
2008-05-24 10:04 . 2008-05-24 10:04 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-24 10:04 . 2008-05-24 10:04 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-24 10:04 . 2008-05-24 10:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-24 10:04 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-24 10:04 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-21 18:32 . 2008-05-21 18:32 <DIR> d-------- C:\_OTMoveIt
2008-05-20 21:42 . 2008-05-20 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 21:38 . 2008-05-20 21:38 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-20 21:21 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-20 21:21 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-20 21:21 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-19 22:05 . 2008-05-19 22:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:41 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 21:44 . 2008-05-20 21:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-16 22:35 . 2008-05-16 22:35 <DIR> d-------- C:\Users\Rudy\AppData\Roaming\Yahoo!
2008-05-16 22:20 . 2008-05-16 22:37 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-16 22:19 . 2008-05-20 21:21 <DIR> d-------- C:\Program Files\Symantec
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:28 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-16 22:18 . 2008-05-16 22:18 <DIR> d-------- C:\graphics
2008-05-16 20:50 . 2008-05-16 22:36 <DIR> d-------- C:\Program Files\BitDefender
2008-05-16 20:49 . 2008-05-16 20:50 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-13 06:57 . 2008-05-13 06:57 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-13 06:56 . 2008-05-13 06:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 17:00 --------- d-----w C:\Users\Rudy\AppData\Roaming\uTorrent
2008-05-23 16:54 130,224 ----a-w C:\Users\Rudy\AppData\Roaming\nvModes.dat
2008-05-21 01:21 --------- d-----w C:\ProgramData\Symantec
2008-05-17 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 02:37 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-17 02:37 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-17 02:18 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 03:23 --------- d-----w C:\Program Files\World of Warcraft
2008-05-14 07:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 07:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-25 03:45 --------- d-----w C:\ProgramData\Dell
2008-04-22 10:40 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-20 01:04 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-19 02:54 --------- d-----w C:\Program Files\CCleaner
2008-04-19 02:35 --------- d-----w C:\Program Files\VS Revo Group
2008-04-17 02:38 --------- d-----w C:\ProgramData\NVIDIA
2008-04-17 02:35 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 02:25 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 02:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 02:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-04 00:09 --------- d-----w C:\Program Files\WiFiConnector
2008-04-03 22:46 --------- d-----w C:\Program Files\Java
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 02:35 27,335 ----a-w C:\Users\Guest\AppData\Roaming\nvModes.dat
2007-09-13 19:18 76 --sh--r C:\Windows\CT4CET.bin
2008-01-12 13:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007123120080107\index.dat
2008-01-15 05:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080114\index.dat
2008-01-16 01:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011520080116\index.dat
2008-01-19 00:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011820080119\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot_2008-05-22_19.57.45.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 23:40:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-24 13:49:18 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-22 23:40:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-24 13:49:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-22 23:40:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-24 13:49:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-22 23:42:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-24 13:59:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-24 13:59:28 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-22 23:56:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-24 14:13:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-24 14:13:05 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-22 23:56:07 360,448 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-24 13:54:42 360,448 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 23:56:07 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-24 13:54:42 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 23:56:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-24 13:54:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-22 23:47:27 106,164 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-24 13:56:57 106,696 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-22 23:47:27 602,750 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-24 13:56:57 603,282 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-22 23:43:11 12,854 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846427856-814530372-3796104221-1000_UserData.bin
+ 2008-05-24 14:01:52 12,886 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846427856-814530372-3796104221-1000_UserData.bin
- 2008-05-22 23:43:10 80,498 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 14:01:33 80,514 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 23:43:06 60,436 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 14:00:55 60,656 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-21 15:01 32768]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 05:01 36864]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 15:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-08-20 11:58 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57 16384]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 11:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 05:13 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 05:13 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 05:13 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 05:13 67584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 6:55:50 PM 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/13/2007 3:10:04 PM 50688]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [9/21/2007 3:01:47 PM 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/30/2008 10:56:46 PM 784912]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/6/2008 9:12:44 PM 651264]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/20/2007 7:13:26 PM 1180952]
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [4/3/2008 8:09:01 PM 1175552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C59FC2C9-945F-487F-8C93-5C41F8AEF13F}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{EA993A06-FF5D-4599-858A-74EF0CF6375B}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{7AF05598-3AD1-4ABD-94F4-CC3369E237F0}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{56DAC718-FA0C-4C18-AE7F-CEAB9CFD2430}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{72C3ACF6-8BA8-4BFF-8D29-0255EA49F0D6}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{45CBFE24-D7E1-4F68-BFA2-BB644C5C940E}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B64DD128-32ED-4A64-89D0-533EA9FE8C2F}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{7D40CAE4-C949-4CCB-A11D-7270FDADDC03}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{D6801EC2-6020-45B4-B3BD-EF98FE96805D}"= UDP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{9C0CA38F-6255-4E7B-83AB-1A3429858F0C}"= TCP:C:\Program Files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{39173418-8BE7-4247-B8C0-2F78B0E95B2A}"= UDP:3724:Blizzard Downloader: 3724
"{FA58C5F5-6F91-44FE-AEB1-55485153AD65}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{19260066-09E7-42E1-A22D-335D88AECC84}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{0333EE69-E7F5-4E86-AF20-8CBACFB6ADAE}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{185E056C-B2B1-46AE-8016-65BFACBB154D}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{51741967-7417-47C1-A320-40161A00E836}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{90887B48-32E4-439F-B08F-1697EE7BB7C8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{2A231BDB-C3C8-489C-8DF4-E1985F1A35A0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9F3A0059-F840-49FF-8301-6DBC02E88F35}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5AC1B096-CF08-4F85-94B2-B62AED850CC1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{600E9620-0AEB-47D7-810D-F7F7AC77801E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C2E413D-7637-4DCD-A368-A55FB3D6B7A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24AD8D6E-0EE9-4713-BAC7-81828AF00D77}"= UDP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{81CDC756-2BCC-4794-9ACA-5933C770FA4C}"= TCP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{60900342-150E-4046-B371-2BE7EED5DCB0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6B505736-9C4B-467C-993D-1A78D6678BEA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{210E6262-48DC-4D5E-B604-4F0083CD5E82}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E245C723-2488-4D79-9BD8-C13DFC08D075}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7583FF21-B35E-4D14-86C5-F6FE1FAE6E45}"= C:\Program Files\WiFiConnector\NintendoWFCReg.exe:Nintendo Wi-Fi USB Connector
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080523.001\IDSvix86.sys [2008-05-13 00:27]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 14:25]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 19:56]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-12 04:50]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-12 04:50]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-12 04:53]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 22:45]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 18:32]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 01:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 00:34:28 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-06 00:52:02 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Rudy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-17 02:42:56 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Rudy.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-24 04:58:32 C:\Windows\Tasks\User_Feed_Synchronization-{26C58A8D-F288-4307-8414-24EEDEFC553E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 10:13:16
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-24 10:15:43
ComboFix-quarantined-files.txt 2008-05-24 14:15:13
ComboFix2.txt 2008-05-24 04:54:06
ComboFix3.txt 2008-05-22 23:58:32
ComboFix4.txt 2008-05-21 23:47:42
Pre-Run: 39,821,869,056 bytes free
Post-Run: 39,790,759,936 bytes free
258 --- E O F --- 2008-05-17 00:09:15
Malwarebytes' Anti-Malware 1.12
Database version: 783
Scan type: Quick Scan
Objects scanned: 38961
Time elapsed: 7 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:48 AM, on 24/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4070914
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.86.179 owoxkpgsm.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: offline-8876480 - {36E0E971-4BA2-407A-99D4-94D344B25518} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 25935 bytes
Rorschach112
2008-05-24, 17:47
Your logs are clean
Follow these steps to uninstall Combofix and tools used in the removal of malware
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here (http://java.sun.com/javase/downloads/index.jsp)
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)
Thank you for your patience, and performing all of the procedures requested.
Rorschach112
2008-05-29, 02:15
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.