ComboFix Log:
ComboFix 08-09-05.12 - Nick Charman 2008-09-09 14:29:02.8 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.162 [GMT -4:00]
Running from: C:\Documents and Settings\Nick Charman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nick Charman\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\nickch~1\locals~1\temp\ntdll64.dll
C:\Documents and Settings\All Users\Application Data\dyzyvcdg
C:\Documents and Settings\All Users\Application Data\dyzyvcdg\jqbedsdg.exe
C:\FOUND.031
C:\FOUND.031\FILE0000.CHK
C:\FOUND.031\FILE0001.CHK
C:\FOUND.031\FILE0002.CHK
C:\FOUND.031\FILE0003.CHK
C:\FOUND.031\FILE0004.CHK
C:\FOUND.031\FILE0005.CHK
C:\FOUND.031\FILE0006.CHK
C:\FOUND.031\FILE0007.CHK
C:\FOUND.031\FILE0008.CHK
C:\FOUND.031\FILE0009.CHK
C:\FOUND.031\FILE0010.CHK
C:\FOUND.031\FILE0011.CHK
C:\FOUND.031\FILE0012.CHK
C:\FOUND.032
C:\FOUND.032\FILE0000.CHK
C:\FOUND.032\FILE0001.CHK
C:\FOUND.032\FILE0002.CHK
C:\FOUND.032\FILE0003.CHK
C:\FOUND.032\FILE0004.CHK
C:\FOUND.033
C:\FOUND.033\FILE0000.CHK
C:\FOUND.033\FILE0001.CHK
C:\FOUND.033\FILE0002.CHK
C:\FOUND.033\FILE0003.CHK
C:\FOUND.033\FILE0004.CHK
C:\FOUND.033\FILE0005.CHK
C:\FOUND.033\FILE0006.CHK
C:\FOUND.033\FILE0007.CHK
C:\FOUND.033\FILE0008.CHK
C:\FOUND.033\FILE0009.CHK
C:\FOUND.033\FILE0010.CHK
C:\FOUND.033\FILE0011.CHK
C:\FOUND.033\FILE0012.CHK
C:\FOUND.033\FILE0013.CHK
C:\FOUND.033\FILE0014.CHK
C:\FOUND.033\FILE0015.CHK
C:\FOUND.033\FILE0016.CHK
C:\FOUND.033\FILE0017.CHK
C:\FOUND.033\FILE0018.CHK
C:\FOUND.033\FILE0019.CHK
C:\FOUND.033\FILE0020.CHK
C:\FOUND.033\FILE0021.CHK
C:\FOUND.033\FILE0022.CHK
C:\FOUND.033\FILE0023.CHK
C:\FOUND.033\FILE0024.CHK
C:\FOUND.033\FILE0025.CHK
C:\FOUND.033\FILE0026.CHK
C:\FOUND.033\FILE0027.CHK
C:\FOUND.033\FILE0028.CHK
C:\FOUND.033\FILE0029.CHK
C:\FOUND.033\FILE0030.CHK
C:\FOUND.033\FILE0031.CHK
C:\FOUND.033\FILE0032.CHK
C:\FOUND.033\FILE0033.CHK
C:\FOUND.033\FILE0034.CHK
C:\FOUND.033\FILE0035.CHK
C:\FOUND.033\FILE0036.CHK
C:\FOUND.033\FILE0037.CHK
C:\FOUND.033\FILE0038.CHK
C:\FOUND.033\FILE0039.CHK
C:\FOUND.033\FILE0040.CHK
C:\FOUND.033\FILE0041.CHK
C:\FOUND.033\FILE0042.CHK
C:\FOUND.033\FILE0043.CHK
C:\FOUND.033\FILE0044.CHK
C:\FOUND.033\FILE0045.CHK
C:\FOUND.033\FILE0046.CHK
C:\FOUND.033\FILE0047.CHK
C:\FOUND.033\FILE0048.CHK
C:\FOUND.033\FILE0049.CHK
C:\FOUND.033\FILE0050.CHK
C:\FOUND.033\FILE0051.CHK
C:\FOUND.033\FILE0052.CHK
C:\FOUND.033\FILE0053.CHK
C:\FOUND.033\FILE0054.CHK
C:\FOUND.033\FILE0055.CHK
C:\FOUND.033\FILE0056.CHK
C:\FOUND.033\FILE0057.CHK
C:\FOUND.033\FILE0058.CHK
C:\FOUND.033\FILE0059.CHK
C:\FOUND.033\FILE0060.CHK
C:\FOUND.033\FILE0061.CHK
C:\FOUND.033\FILE0062.CHK
C:\FOUND.033\FILE0063.CHK
C:\FOUND.033\FILE0064.CHK
C:\FOUND.033\FILE0065.CHK
C:\FOUND.033\FILE0066.CHK
C:\FOUND.033\FILE0067.CHK
C:\FOUND.033\FILE0068.CHK
C:\FOUND.033\FILE0069.CHK
C:\FOUND.033\FILE0070.CHK
C:\FOUND.033\FILE0071.CHK
C:\FOUND.033\FILE0072.CHK
C:\FOUND.033\FILE0073.CHK
C:\FOUND.033\FILE0074.CHK
C:\FOUND.033\FILE0075.CHK
C:\FOUND.033\FILE0076.CHK
C:\FOUND.033\FILE0077.CHK
C:\FOUND.033\FILE0078.CHK
C:\FOUND.033\FILE0079.CHK
C:\FOUND.033\FILE0080.CHK
C:\FOUND.033\FILE0081.CHK
C:\FOUND.033\FILE0082.CHK
C:\FOUND.033\FILE0083.CHK
C:\FOUND.033\FILE0084.CHK
C:\FOUND.033\FILE0085.CHK
C:\FOUND.033\FILE0086.CHK
C:\FOUND.033\FILE0087.CHK
C:\FOUND.033\FILE0088.CHK
C:\FOUND.033\FILE0089.CHK
C:\FOUND.033\FILE0090.CHK
C:\FOUND.033\FILE0091.CHK
C:\FOUND.033\FILE0092.CHK
C:\FOUND.033\FILE0093.CHK
C:\FOUND.033\FILE0094.CHK
C:\FOUND.033\FILE0095.CHK
C:\FOUND.033\FILE0096.CHK
C:\FOUND.033\FILE0097.CHK
C:\FOUND.033\FILE0098.CHK
C:\FOUND.033\FILE0099.CHK
C:\FOUND.033\FILE0100.CHK
C:\FOUND.033\FILE0101.CHK
C:\FOUND.033\FILE0102.CHK
C:\FOUND.033\FILE0103.CHK
C:\FOUND.033\FILE0104.CHK
C:\FOUND.033\FILE0105.CHK
C:\FOUND.034
C:\FOUND.034\FILE0000.CHK
C:\FOUND.034\FILE0001.CHK
C:\FOUND.034\FILE0002.CHK
C:\FOUND.035
C:\FOUND.035\FILE0000.CHK
C:\FOUND.036
C:\FOUND.036\FILE0000.CHK
C:\Program Files\SAV
C:\WINDOWS\
003975_.tmp
C:\WINDOWS\SYSTEM32\rmpyxaxe.exe
C:\WINDOWS\SYSTEM32\uvetwtol.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.
2008-09-08 19:08 . 2008-09-08 19:10 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2008-09-08 17:39 . 2008-09-08 17:39 <DIR> d--hs---- C:\FOUND.037
2008-09-03 23:55 . 2008-09-03 23:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 23:35 . 2008-09-03 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-03 23:35 . 2008-09-03 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-03 23:04 . 2008-09-03 23:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-03 22:44 . 2008-09-03 22:44 <DIR> d-------- C:\!KillBox
2008-09-03 22:41 . 2008-09-03 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-03 22:40 . 2008-09-03 22:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-03 22:40 . 2008-09-03 22:40 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\SUPERAntiSpyware.com
2008-09-03 19:44 . 2008-09-03 19:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 19:44 . 2008-09-03 19:44 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Malwarebytes
2008-09-03 19:44 . 2008-09-03 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-03 19:44 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-09-03 19:44 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-03 19:39 . 2008-09-03 19:39 <DIR> d-------- C:\VundoFix Backups
2008-09-03 19:34 . 2008-09-03 19:34 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-03 17:59 . 2008-09-03 17:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-03 17:45 . 2008-09-03 17:45 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-09-02 18:40 . 2008-09-02 18:40 <DIR> d-------- C:\Program Files\PokerAce Hud
2008-09-02 18:17 . 2003-06-17 14:54 87,280 --a------ C:\WINDOWS\SYSTEM32\wsatrace.dll
2008-09-02 16:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-09-01 07:19 . 2008-09-01 07:19 <DIR> d-------- C:\Program Files\PokerStars
2008-08-31 22:13 . 2008-08-31 22:13 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-08-31 11:34 . 2008-08-31 11:34 <DIR> d-------- C:\Program Files\AskSBar
2008-08-31 10:12 . 2008-08-31 10:13 <DIR> d-------- C:\WINDOWS\Logs
2008-08-31 09:44 . 2008-06-23 12:57 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
2008-08-31 09:44 . 2008-06-23 12:57 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
2008-08-31 09:44 . 2008-06-23 12:57 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
2008-08-31 09:44 . 2008-06-23 12:57 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
2008-08-31 09:44 . 2008-06-23 05:20 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-31 09:43 . 2008-06-23 12:57 6,066,176 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-08-31 09:43 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat
2008-08-31 09:43 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll.mui
2008-08-31 09:43 . 2008-06-23 12:57 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
2008-08-31 09:32 . 2008-05-09 06:53 512,000 --------- C:\WINDOWS\SYSTEM32\dllcache\jscript.dll
2008-08-31 09:32 . 2008-05-09 06:53 430,080 --------- C:\WINDOWS\SYSTEM32\dllcache\vbscript.dll
2008-08-31 09:32 . 2008-05-09 06:53 180,224 --------- C:\WINDOWS\SYSTEM32\dllcache\scrobj.dll
2008-08-31 09:32 . 2008-05-09 06:53 172,032 --------- C:\WINDOWS\SYSTEM32\dllcache\scrrun.dll
2008-08-31 09:32 . 2008-05-08 07:24 155,648 --------- C:\WINDOWS\SYSTEM32\dllcache\wscript.exe
2008-08-31 09:32 . 2008-05-09 19:23 135,168 --------- C:\WINDOWS\SYSTEM32\dllcache\wshom.ocx
2008-08-31 09:32 . 2008-05-07 05:07 135,168 --------- C:\WINDOWS\SYSTEM32\dllcache\cscript.exe
2008-08-31 09:32 . 2008-05-09 06:53 90,112 --------- C:\WINDOWS\SYSTEM32\dllcache\wshext.dll
2008-08-31 00:55 . 2008-08-31 00:55 <DIR> d-------- C:\ebd1031f2faefc18e7947a3f
2008-08-30 23:03 . 2008-08-30 23:03 <DIR> d-------- C:\Documents and Settings\Nick Charman\Contacts
2008-08-30 23:00 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\SYSTEM32\dllcache\inetcomm.dll
2008-08-30 23:00 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\SYSTEM32\dllcache\msadce.dll
2008-08-30 23:00 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-08-30 23:00 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
2008-08-30 15:50 . 2008-04-13 20:12 1,306,624 --------- C:\WINDOWS\SYSTEM32\dllcache\msxml6.dll
2008-08-30 15:50 . 2008-04-13 12:36 144,384 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys
2008-08-30 15:50 . 2008-04-13 13:27 79,872 --------- C:\WINDOWS\SYSTEM32\dllcache\msxml6r.dll
2008-08-30 15:50 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-08-30 15:49 . 2008-04-13 20:12 10,752 --------- C:\WINDOWS\SYSTEM32\smtpapi.dll
2008-08-30 15:49 . 2008-04-13 20:12 9,728 --------- C:\WINDOWS\SYSTEM32\rwnh.dll
2008-08-30 11:44 . 2008-08-30 11:44 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-08-30 11:17 . 2004-08-04 01:29 1,897,408 --------- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
2008-08-30 11:03 . 2008-04-13 20:11 1,082,368 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2008-08-30 10:40 . 2008-04-13 20:12 354,304 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2008-08-30 10:40 . 2008-04-13 20:12 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-08-30 00:44 . 2008-08-30 00:44 <DIR> d--hs---- C:\Documents and Settings\Nick Charman\UserData
2008-08-29 23:34 . 2008-08-29 23:34 13,646 --a------ C:\WINDOWS\SYSTEM32\wpa.bak
2008-08-29 23:26 . 2008-07-18 22:09 215,752 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-08-29 23:18 . 2004-08-03 21:08 105,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\atinrvxx.sys
2008-08-29 23:11 . 2003-07-16 22:22 147,328 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\EL2K_XP.sys
2008-08-29 23:11 . 2003-04-23 02:16 61,440 -ra------ C:\WINDOWS\SYSTEM32\EL2K_CPP.dll
2008-08-29 22:21 . 2008-08-29 22:21 <DIR> d-------- C:\Program Files\Webroot
2008-08-29 22:21 . 2008-08-29 22:21 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Webroot
2008-08-29 22:21 . 2008-08-29 22:21 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-08-29 22:21 . 2008-08-29 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-29 22:21 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-08-29 22:21 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-08-29 22:21 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-08-29 22:21 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-08-29 22:21 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-08-29 16:28 . 2000-03-29 02:17 5,824 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ASUSHWIO.SYS
2008-08-29 16:28 . 2008-08-29 23:13 3,366 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-08-28 23:46 . 2008-08-28 23:46 <DIR> d---s---- C:\WINDOWS\SYSTEM32\Microsoft
2008-08-28 23:45 . 2008-08-28 23:45 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-08-28 23:45 . 2008-08-28 23:45 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-08-28 23:45 . 2008-08-28 23:45 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-08-28 23:39 . 2008-08-28 23:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\xircom
2008-08-28 23:39 . 2008-08-28 23:39 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Ventrilo
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\TVU Networks
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Talkback
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\SopCast
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\paradisepoker
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\NickTheNutz
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\MSN6
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Move Networks
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Microsoft Web Folders
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Microgaming
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Lycos
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Lavasoft
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Kontiki
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\InterTrust
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\InstallShield
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Gearbox Software
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\funkitron
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\DivX
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\ATI
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\Apple Computer
2008-08-28 20:52 . 2008-08-28 20:52 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\ACCCORE
2008-08-28 20:51 . 2008-08-28 20:51 <DIR> d-------- C:\Documents and Settings\Nick Charman\Application Data\InterVideo
2008-08-28 20:48 . 2008-08-28 20:48 <DIR> d-------- C:\Documents and Settings\Nick Charman
2008-08-28 20:45 . 2008-04-13 20:12 294,912 --a------ C:\WINDOWS\SYSTEM32\msh263.drv
2008-08-28 20:41 . 2008-04-13 15:19 146,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys
2008-08-28 20:41 . 2008-04-13 15:16 141,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys
2008-08-28 20:41 . 2008-04-13 20:12 129,536 --a------ C:\WINDOWS\SYSTEM32\ksproxy.ax
2008-08-28 20:41 . 2008-04-13 14:45 60,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys
2008-08-28 20:41 . 2008-04-13 14:45 49,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\stream.sys
2008-08-28 20:41 . 2008-04-13 20:12 23,552 --a------ C:\WINDOWS\SYSTEM32\wdmaud.drv
2008-08-28 20:41 . 2008-04-13 20:11 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2008-08-28 20:39 . 2008-08-28 20:39 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-08-28 20:39 . 2008-08-28 20:39 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-08-28 20:39 . 2008-08-28 20:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-08-28 20:39 . 2003-03-31 12:00 1,086,182 -ra------ C:\WINDOWS\SET3E.tmp
2008-08-28 20:39 . 2003-03-31 12:00 13,608 -ra------ C:\WINDOWS\SET4B.tmp
2008-08-28 20:24 . 2008-08-28 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-28 20:24 . 2008-08-28 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-28 20:24 . 2008-08-28 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-28 20:24 . 2008-08-28 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-28 20:24 . 2008-08-28 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-28 20:24 . 2008-08-28 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 22:02 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-05 22:02 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-08-05 22:02 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-08-05 22:02 129,784 ------w C:\WINDOWS\SYSTEM32\pxafs.dll
2008-08-05 22:02 120,056 ------w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2008-08-05 22:02 118,520 ------w C:\WINDOWS\SYSTEM32\pxinsi64.exe
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2008-08-01 18:45 --------- d-----w C:\Program Files\iTunes
2008-08-01 18:45 --------- d-----w C:\Program Files\iPod
2008-07-31 14:41 68,616 ----a-w C:\WINDOWS\SYSTEM32\XAPOFX1_1.dll
2008-07-31 14:41 238,088 ----a-w C:\WINDOWS\SYSTEM32\xactengine3_2.dll
2008-07-31 14:40 509,448 ----a-w C:\WINDOWS\SYSTEM32\XAudio2_2.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-19 02:08 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-12 12:18 467,984 ----a-w C:\WINDOWS\SYSTEM32\d3dx10_39.dll
2008-07-12 12:18 3,851,784 ----a-w C:\WINDOWS\SYSTEM32\D3DX9_39.dll
2008-07-12 12:18 1,493,528 ----a-w C:\WINDOWS\SYSTEM32\D3DCompiler_39.dll
2008-07-11 19:16 --------- d-----w C:\Program Files\Bonjour
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\SYSTEM32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\SYSTEM32\dllcache\tcpip6.sys
2004-02-07 23:23 266 --sh--w C:\Program Files\desktop.ini
2004-02-07 23:23 11,079 ----a-w C:\Program Files\folder.htt
2003-03-21 17:37 16,056 ----a-w C:\Program Files\owcstp16.dll
2004-12-29 15:32 57,344 --sha-w C:\WINDOWS\lbbho.dll
2008-01-21 20:49 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2005-02-24 10:28 56 --sh--r C:\WINDOWS\SYSTEM32\C6CBD6B8E7.sys
2007-12-09 23:47 8 --sh--r C:\WINDOWS\SYSTEM32\E7B8D6CBC6.sys
.
------- Sigcheck -------
2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SYSTEM32\svchost.exe
2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SYSTEM32\user32.dll
2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
2005-03-02 14:20 561152 74202eb1bd67e8be9509e38c8d2234b0 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp1qfe\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
2004-08-04 03:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
2005-03-02 14:20 561152 74202eb1bd67e8be9509e38c8d2234b0 C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp1qfe\user32.dll
2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 03:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SYSTEM32\ws2_32.dll
2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 03:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
2004-08-04 03:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2003-03-31 12:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
2006-05-19 08:15 70656 3748e0fc8c1b6ada49f98c8e69a4228c C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SYSTEM32\winlogon.exe
2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 03:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2004-08-04 03:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 02:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
2004-08-04 02:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys
2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 14:31 2023936 7f653a89f6e89e3ae0d49830eece35d4 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-04-13 14:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2005-03-01 20:36 1955840 62c353c0449fd961ef7814973fc2fd30 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp1qfe\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\ntkrnlpa.exe
2004-08-04 01:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
2008-04-13 14:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
2005-03-01 20:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-13 14:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 12:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-03-31 12:00 1920512 71ff7ec0eeea4896dd219c661c90db29 C:\WINDOWS\$NtUninstallKB885835_0$\ntkrnlpa.exe
2004-08-04 01:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2008-04-13 15:24 2145280 40f8880122a030a7e9e1fedea833b33d C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
2005-03-01 21:33 2040832 a15a2ee0be2f71fc1752a05660b8ebdc C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp1qfe\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\ntoskrnl.exe
2004-08-04 02:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
2005-03-01 20:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-03-31 12:00 1891840 25a90eb7d1eee12ab198dc9421bfa353 C:\WINDOWS\$NtUninstallKB885835_0$\ntoskrnl.exe
2004-08-04 02:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\explorer.exe
2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2004-08-04 03:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2004-08-04 03:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SYSTEM32\services.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 03:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2004-08-04 03:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SYSTEM32\lsass.exe
2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 03:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
2004-08-04 03:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 03:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
2004-08-04 03:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 20:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SYSTEM32\spoolsv.exe
2008-04-13 20:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2004-08-04 03:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe
2005-06-10 19:55 53248 6b4bf97957a0b8795811975d4bf1acfe C:\WINDOWS\SoftwareDistribution\Download\
0fd33c77398fa2b50df56456525ef5c3\sp1qfe\spoolsv.exe
2005-06-10 19:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\SoftwareDistribution\Download\
0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
2008-04-13 20:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2005-06-10 19:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 20:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 03:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SYSTEM32\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-03_23.17.07.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-30 20:36:14 4,048 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2008-09-08 20:44:50 4,048 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2008-04-14 00:12:38 26,112 ----a-w C:\WINDOWS\SYSTEM32\init32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="C:\Documents and Settings\Nick Charman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-04 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2003-03-31 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
"SoundMax"="C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE" /tray
"POINTER"=point32.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-09-09 14:34:05
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2008-09-09 14:35:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-09 18:35:46
ComboFix4.txt 2008-09-09 16:29:50
ComboFix5.txt 2008-09-09 18:28:30
ComboFix3.txt 2008-09-09 16:38:42
ComboFix2.txt 2008-09-09 16:41:32
Pre-Run: 16,080,240,640 bytes free
Post-Run: 16,063,692,800 bytes free
537 --- E O F --- 2008-08-31 13:46:47
Kaspersky Report:
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 09, 2008 19:08:09
Records in database: 1203872
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 100744
Threat name 30
Infected objects 45
Suspicious objects 1
Duration of the scan 08:01:06
File name Threat name Threats count
C:\WINDOWS\SYSTEM32\f8sk32ia.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao 1
C:\WINDOWS\lbbho.dll Infected: not-a-virus:AdWare.Win32.Neon.a 1
C:\Program Files\iMesh\iMeshV4.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.d 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\a.exe.vir Infected: Trojan-Downloader.Win32.Small.ackc 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\userinit.exe.vir Infected: not-a-virus:FraudTool.Win32.Agent.bw 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rmpyxaxe.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uvetwtol.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\dyzyvcdg\jqbedsdg.exe.vir Infected: Trojan-Downloader.Win32.Obfuscated.dpe 1
C:\QooBox\Quarantine\C\FOUND.033\FILE0078.CHK.vir Infected: Backdoor.Win32.Frauder.bu 1
C:\QooBox\Quarantine\C\FOUND.033\FILE0086.CHK.vir Infected: Trojan.Win32.Obfuscated.gx 1
C:\Documents and Settings\Nick Charman\My Documents\Georges St. Pierre vs Sean Sherk\LcodecPlus.v.1.0 (1).exe Infected: Trojan-Downloader.Win32.Agent.afgi 1
C:\Documents and Settings\Nick Charman\Application Data\Identities\{1DADCB60-59A3-11D8-9184-D724EC94A947}\Microsoft\Outlook Expre\Hotmail - Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Nick Charman\Application Data\Sun\Java\Deployment\CACHE\6.0\24\350740d8-5178b108 Infected: Trojan.Java.ClassLoader.ae 1
C:\Documents and Settings\Nick Charman\Application Data\Sun\Java\Deployment\CACHE\6.0\24\3e021ed8-7f958b33 Infected: Trojan.Java.ClassLoader.i 1
C:\Documents and Settings\Nick Charman\Application Data\Sun\Java\Deployment\CACHE\6.0\24\3e021ed8-7f958b33 Infected: Trojan.Java.ClassLoader.k 2
C:\Documents and Settings\Nick Charman\Application Data\Sun\Java\Deployment\CACHE\6.0\34\4e708fe2-33e5c15d Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\Documents and Settings\Nick Charman\Application Data\Sun\Java\Deployment\CACHE\6.0\34\4e708fe2-33e5c15d Infected: Trojan.Java.ClassLoader.h 1
C:\Documents and Settings\Nick Charman\Application Data\Sun\Java\Deployment\CACHE\6.0\34\4e708fe2-33e5c15d Infected: Trojan.Java.ClassLoader.d 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP1\A0000097.EXE Infected: Trojan.Win32.Obfuscated.gx 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP1\A0000122.EXE Infected: Trojan.Win32.Obfuscated.gx 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP1\A0000123.EXE Infected: Trojan.Win32.Obfuscated.gx 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP2\A0001134.EXE Infected: Trojan.Win32.Obfuscated.gx 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0004250.EXE Infected: not-a-virus:FraudTool.Win32.Agent.bw 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006447.exe Infected: Trojan-Downloader.Win32.Keenval.e 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 3
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.h 2
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.e 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.Exact.a 2
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP3\A0006448.exe Infected: not-a-virus:AdWare.Win32.MyWay.ac 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP5\A0006620.EXE Infected: Trojan-Downloader.Win32.Obfuscated.dpe 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP5\A0006621.exe Infected: Trojan.Win32.Obfuscated.gx 1
C:\System Volume Information\_restore{98F15788-102B-462C-BC3B-3919FB701FBB}\RP5\A0006622.EXE Infected: Trojan.Win32.Obfuscated.gx 1
C:\winhelp.chm Infected: Trojan.Win32.Dialer.ce 1
The selected area was scanned.
New HJT Report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:09 PM, on 09/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nick Charman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Nick Charman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nick Charman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nick Charman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nick Charman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220107065218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1220106936265
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5131 bytes
