Computer's slowed down, some problems here and there

al3xchung · June 2009

So... My computer has had problems since a friend of mine reformatted it, but they were minor so I learned how to avoid most situations:

I am on a Dell XPS laptop (running Vista ultimate edition):

1. My network icon and network functions are extremely weird, it always says it is not connected even when it is connected. But everything still works...
2. My AIM doesn't work anymore, i'm using the 5.9 classic version, but it seems to only run once in a while.
3. My computer has slowed down considerably, and I have occasional problems with certain programs.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:30 PM, on 6/17/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\algssl.exe
C:\Windows\winsvc32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/a/usc.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [winsvc32] winsvc32.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\system32\aestsrv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 4640 bytes

Thank you so much, you're all such great help.

Katana · June 2009

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

No Antivirus

I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.

Paid AV list
kaspersky
ESET NOD32

Free AV list ( Home users only)
Avira AntiVir
Avast

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

al3xchung · June 2009

Thank you so much for your help. I have installed Avira Antivirus, but did not run a complete scan yet. Would you like me to do that before the RSIT?

Here are the RSIT logs without the complete scan:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Roston at 2009-06-22 11:29:58
MicrosoftÂ® Windows Vistaâ„¢ Ultimate
System drive C: has 54 GB (51%) free of 105 GB
Total RAM: 3581 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:04 AM, on 6/22/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\winsvc32.exe
C:\Windows\system32\algssl.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Roston\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Roston.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/a/usc.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [winsvc32] winsvc32.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2485682051-882755671-330877422-501\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Guest')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\system32\aestsrv.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 5541 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-08 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-10-08 1006264]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-10 36864]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-03 13552160]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-03 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-08 148888]
"IMJPMIG8.2"=C:\Windows\system32\msime80.exe [2009-01-10 49152]
"winsvc32"=C:\Windows\winsvc32.exe [2009-05-10 72657]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"MsServer"=C:\Windows\system32\msfir80.exe [2009-01-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.2]
C:\Windows\system32\msime80.exe [2009-01-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsServer]
C:\Windows\system32\msfir80.exe [2009-01-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15b41cf8-b282-11dd-811e-001d095bdb4c}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d754354-4735-11de-ae3e-001d095bdb4c}]
shell\Auto\command - F:\sal.xls.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6671f159-3e31-11de-8486-001d095bdb4c}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ee2a7e-4e77-11de-a43b-001d095bdb4c}]
shell\Auto\command - F:\sal.xls.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94313cb8-cda3-11dd-b031-001d095bdb4c}]
shell\Auto\command - F:\sal.xls.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94313cbd-cda3-11dd-b031-001d095bdb4c}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ead2a1b2-a6a1-11dd-ad1d-001d095bdb4c}]
shell\Auto\command - F:\sal.xls.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sal.xls.exe

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-06-22 11:29:58 ----D---- C:\rsit
2009-06-22 11:26:03 ----D---- C:\Program Files\Avira
2009-06-08 15:23:45 ----A---- C:\fnjdb.exe
2009-06-07 15:45:26 ----D---- C:\Program Files\Adobe Media Player
2009-06-07 15:42:21 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-07 15:35:32 ----RSH---- C:\Windows\winsvc32.exe
2009-05-31 23:41:30 ----A---- C:\Windows\is-RJOQJ.exe
2009-05-31 23:41:29 ----D---- C:\Program Files\DotA Gaming Network
2009-05-31 23:41:29 ----A---- C:\Windows\system32\BNCSutil.dll

======List of files/folders modified in the last 1 months======

2009-06-22 11:30:04 ----D---- C:\Windows\Prefetch
2009-06-22 11:30:01 ----D---- C:\Windows\Temp
2009-06-22 11:26:23 ----D---- C:\Windows\system32\drivers
2009-06-22 11:26:04 ----HD---- C:\ProgramData
2009-06-22 11:26:03 ----RD---- C:\Program Files
2009-06-22 11:25:40 ----SHD---- C:\System Volume Information
2009-06-22 11:25:24 ----SHD---- C:\Windows\Installer
2009-06-22 11:25:23 ----D---- C:\Windows\winsxs
2009-06-22 11:21:43 ----D---- C:\Program Files\Mozilla Firefox
2009-06-22 11:17:12 ----D---- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2009-06-21 17:45:47 ----D---- C:\Program Files\Warcraft III
2009-06-19 18:48:53 ----D---- C:\Windows\System32
2009-06-19 18:48:52 ----D---- C:\Windows\inf
2009-06-19 18:48:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-18 23:18:21 ----RD---- C:\Users
2009-06-18 21:02:00 ----D---- C:\Program Files\Steam
2009-06-15 16:57:15 ----D---- C:\Program Files\Common Files\Steam
2009-06-07 15:45:37 ----D---- C:\Program Files\Adobe
2009-06-07 15:45:12 ----D---- C:\Program Files\Common Files\Adobe
2009-06-07 15:42:21 ----D---- C:\Program Files\Common Files
2009-06-07 15:35:32 ----D---- C:\Windows
2009-06-07 13:22:17 ----D---- C:\Windows\system32\catroot2
2009-05-29 19:24:12 ----D---- C:\Windows\system32\catroot
2009-05-27 02:18:38 ----D---- C:\Program Files\ooVoo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-10-08 320000]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-08 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-06-10 33352]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-10-08 82432]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-10-10 50704]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-10-08 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-07 655624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-06-15 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]

EOF

info.txt logfile of random's system information tool 1.06 2009-06-22 11:30:05

======Uninstall list======

7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Minitab 15 English-->MsiExec.exe /I{F617649B-2104-41C7-B15A-9F0DE2AF8F4E}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
ooVoo-->"C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x0009 -removeonly
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Tansee iPhone Transfer SMS v1.0.0.0-->"C:\Program Files\Tansee iPhone Transfer SMS\unins000.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warhammer 40,000: Dawn of War II - Beta-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15660
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe

=====HijackThis Backups=====

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe [2009-02-06]
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\system32\aestsrv.exe (file missing) [2009-03-01]
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe [2009-03-01]
O4 - HKCU\..\Run: [MsServer] msfir80.exe [2009-03-01]
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') [2009-05-22]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-05-22]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [2009-05-22]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-05-22]
O4 - HKCU\..\Run: [MsServer] msfir80.exe [2009-05-22]
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\system32\aestsrv.exe (file missing) [2009-05-22]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-05-22]
O1 - Hosts: ::1 localhost [2009-05-22]
O13 - Gopher Prefix: [2009-05-22]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-05-22]
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') [2009-05-22]
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') [2009-05-22]
O4 - HKCU\..\Run: [MsServer] msfir80.exe [2009-05-22]
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe [2009-05-22]
O4 - HKCU\..\Run: [MsServer] msfir80.exe [2009-06-17]

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)
AS: AntiVir Desktop (disabled) (outdated)
AS: Windows Defender

======System event log======

Computer Name: Roston-PC
Event Code: 10010
Message: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.
Record Number: 107687
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090622083909.000000-000
Event Type: Error
User:

Computer Name: Roston-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {261C9EF7-B788-4749-8593-77D21CA2C27C}
User: Roston-PC\Roston
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: service:AntiVirSchedulerService;file:C:\Program Files\Avira\AntiVir Desktop\sched.exe
Alert Type: Unclassified software
Detection Type:
Record Number: 107720
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090622182628.000000-000
Event Type: Warning
User:

Computer Name: Roston-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {B19F87A8-ADF1-4A04-B2A0-BC8DB023236E}
User: Roston-PC\Roston
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: service:AntiVirService;file:C:\Program Files\Avira\AntiVir Desktop\avguard.exe
Alert Type: Unclassified software
Detection Type:
Record Number: 107722
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090622182643.000000-000
Event Type: Warning
User:

Computer Name: Roston-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {85F76558-D024-465A-B7FF-F14FC0F08783}
User: Roston-PC\Roston
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt;file:C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
Alert Type: Unclassified software
Detection Type:
Record Number: 107724
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090622182648.000000-000
Event Type: Warning
User:

Computer Name: Roston-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {4A95F031-DC36-4CB9-BDB4-4FCAC440580D}
User: Roston-PC\Roston
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: clsid:HKLM\SOFTWARE\CLASSES\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A};regkey:HKLM\SOFTWARE\CLASSES\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A};regkey:HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning;contextmenu:HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning;file:C:\Program Files\Avira\AntiVir Desktop\shlext.dll
Alert Type: Unclassified software
Detection Type:
Record Number: 107728
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090622182700.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Roston-PC
Event Code: 1002
Message: The program firefox.exe version 1.9.0.3399 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: c74 Start Time: 01c9e93ef773b7d0 Termination Time: 19
Record Number: 20153
Source Name: Application Hang
Time Written: 20090609204657.000000-000
Event Type: Error
User:

Computer Name: Roston-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16830, time stamp 0x49ac913e, faulting module IEFRAME.dll, version 7.0.6000.16830, time stamp 0x49acaf3e, exception code 0xc0000005, fault offset 0x000d2aea, process id 0x950, application start time 0x01c9ea216ddcd860.
Record Number: 20422
Source Name: Application Error
Time Written: 20090610231608.000000-000
Event Type: Error
User:

Computer Name: Roston-PC
Event Code: 1002
Message: The program wmplayer.exe version 11.0.6000.6349 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2268 Start Time: 01c9f13690db29e0 Termination Time: 16
Record Number: 21319
Source Name: Application Hang
Time Written: 20090619233553.000000-000
Event Type: Error
User:

Computer Name: Roston-PC
Event Code: 1002
Message: The program iTunes.exe version 8.0.1.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 850 Start Time: 01c9f064b856f63c Termination Time: 23
Record Number: 21322
Source Name: Application Hang
Time Written: 20090620001430.000000-000
Event Type: Error
User:

Computer Name: Roston-PC
Event Code: 1000
Message: Faulting application bcmwltry.exe, version 4.170.25.12, time stamp 0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x046a8bb2, process id 0x684, application start time 0x01c9f14278d72f7e.
Record Number: 21339
Source Name: Application Error
Time Written: 20090620010030.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Roston-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\avipbb.sys
Record Number: 19265
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090622182643.803000-000
Event Type: Audit Failure
User:

Computer Name: Roston-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgio.sys
Record Number: 19266
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090622182647.303000-000
Event Type: Audit Failure
User:

Computer Name: Roston-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\avgntflt.sys
Record Number: 19267
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090622182648.924000-000
Event Type: Audit Failure
User:

Computer Name: Roston-PC
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: ROSTON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x100c
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x27e802c
Record Number: 19268
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090622182659.559000-000
Event Type: Audit Success
User:

Computer Name: Roston-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: ROSTON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x100c
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x27e802c
Record Number: 19269
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090622182659.560000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

EOF

I have recently tried to open a guest account, and my computer was not able to create a desktop for the guest account. Not sure if that helps, but I just wanted to give you as much information as I could. Thank you again!

al3xchung · June 2009

Woah, also, something crazy happened. As soon as I plugged in my iPod shuffle, Avira AV went crazy, without 40 windows popping up on what to do with winsvc32.exe, and would not stop creating new ones until i removed the iPod from my computer

Katana · June 2009

Information

As soon as I plugged in my iPod shuffle, Avira AV went crazy,

I'm not surprised, you have a flashdrive infection.

Step 1

Run Avira before you do anything else, there is no point me trying to remove infections that are already well detected

Step 2

USBNoRisk

Please download USBNoRisk to your Desktop and run it by double-clicking the program's icon
wait a couple of seconds for initial scan to be done
connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
if there are more USB storage devices to scan, please take a note about the order in which these were connected
after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Step 3

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 4

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

NoRisk Log
MalwareBytes Log
Combofix Log
How are things running now ?

al3xchung · June 2009

Okay, so there were a bunch of things that the Avira AV said it quarantined and removed after restart.

At the moment, I only have my iPod shuffle to scan with USBNoRisk, my Sony PSP, and flash usb drive are currently with a friend. Are these flashdrive infections contagious to other computers? Should I go about using the USB No Risk on all of my family computers?

Here is the No Risk Log:

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 6/22/2009 2:22:47 PM

Searching for connected USB Mass storage...

========================================

Searching for other storage...

C: {87251287-950a-11dd-b18f-806e6f6e6963}
D: {87251288-950a-11dd-b18f-806e6f6e6963}
========================================

Scanning fixed storage...

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 87251287-950a-11dd-b18f-806e6f6e6963
No Desktop.ini files found on C:

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 87251288-950a-11dd-b18f-806e6f6e6963
No Desktop.ini files found on D:

========================================
Initial scan finished!
========================================

New device connected at 6/22/2009 2:24:13 PM

Scanning for connected USB mass storage...

F: {94313d13-cda3-11dd-b031-001d095bdb4c}
Added F:
========================================

Scanning USB mass storage for files...

No blocked files found on F:

autorun.inf found on F:

File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked

[autorun]
open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe
shell\open\default=1

Files referenced from F:\autorun.inf.blocked

F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe -r-hs 72657

Sanitized mountpoint for 94313d13-cda3-11dd-b031-001d095bdb4c

No Desktop.ini files found on F:

No mimics found on drive F:
========================================

========================================
Removed F:
========================================

Malwarebytes' Anti-Malware 1.38
Database version: 2323
Windows 6.0.6000

6/22/2009 3:32:10 PM
mbam-log-2009-06-22 (15-32-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 277997
Time elapsed: 58 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsvc32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 09-06-22.04 - Roston 06/22/2009 15:51.1 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Ultimate 6.0.6000.0.1252.1.1033.18.3581.2760 [GMT -7:00]
Running from: c:\users\Roston\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500\desktop.ini
c:\windows\ufdata2000.log

.
((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 22:53 . 2009-06-22 22:53

d

w- c:\users\Roston\AppData\Local\temp
2009-06-22 22:53 . 2009-06-22 22:53

d

w- c:\users\Guest\AppData\Local\temp
2009-06-22 21:32 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 21:32 . 2009-06-22 21:32

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 21:32 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-22 21:26 . 2009-06-22 21:31

d

w- C:\USBNoRisk
2009-06-22 18:29 . 2009-06-22 18:30

d

w- C:\rsit
2009-06-22 18:26 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-22 18:26 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-22 18:26 . 2009-06-22 18:26

d

w- c:\program files\Avira
2009-06-08 22:23 . 2009-06-08 22:23 229544 ----a-w- C:\fnjdb.exe
2009-06-07 22:45 . 2009-06-07 22:45

d

w- c:\program files\Adobe Media Player
2009-06-07 22:42 . 2009-06-07 22:42

d

w- c:\program files\Common Files\Adobe AIR
2009-06-01 06:41 . 2009-06-01 06:41 685056 ----a-w- c:\windows\is-RJOQJ.exe
2009-06-01 06:41 . 2009-06-01 06:41

d

w- c:\program files\DotA Gaming Network
2009-06-01 06:41 . 2007-08-31 04:57 196608 ----a-w- c:\windows\system32\BNCSutil.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 22:40 . 2008-10-09 21:28 71460 ----a-w- c:\windows\system32\perfc012.dat
2009-06-22 22:40 . 2008-10-09 21:28 268898 ----a-w- c:\windows\system32\perfh012.dat
2009-06-22 18:17 . 2009-03-12 07:01

d

w- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2009-06-22 00:45 . 2008-10-10 08:23

d

w- c:\program files\Warcraft III
2009-06-19 04:02 . 2008-10-09 21:11

d

w- c:\program files\Steam
2009-06-15 23:57 . 2008-10-09 21:11

d

w- c:\program files\Common Files\Steam
2009-06-07 22:45 . 2008-10-08 08:59

d

w- c:\program files\Common Files\Adobe
2009-06-03 01:15 . 2008-10-08 07:35 680 ----a-w- c:\users\Roston\AppData\Local\d3d9caps.dat
2009-05-27 09:18 . 2008-12-02 09:12

d

w- c:\program files\ooVoo
2009-05-22 09:35 . 2009-05-12 11:30

d

w- c:\program files\Full Tilt Poker
2009-05-22 09:35 . 2008-10-08 07:45

d--h--w- c:\program files\InstallShield Installation Information
2009-05-13 10:00 . 2006-11-02 11:18

d

w- c:\program files\Windows Mail
2009-05-09 23:49 . 2009-05-09 23:49

d

w- c:\program files\FileZilla FTP Client
2009-05-02 10:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-08 18:53 . 2009-04-08 18:53 410984 ----a-w- c:\windows\system32\deploytk.dll
.

Sigcheck

[7] 2008-01-19 07:33 21504 3794B461C45882E06856F282EEF025AF c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[7] 2006-11-02 09:45 22016 10DA15933D582D2FEDCF705EFE394B09 c:\windows\System32\svchost.exe
[7] 2006-11-02 09:45 22016 10DA15933D582D2FEDCF705EFE394B09 c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

[7] 2008-01-19 07:36 627200 B974D9F06DC7D1908E825DC201681269 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[7] 2008-10-09 06:24 633856 63B4F59D7C89B1BF5277F1FFEFD491CD c:\windows\System32\user32.dll
[7] 2006-11-02 09:46 633856 E698A5437B89A285ACA3FF022356810A c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[7] 2008-10-09 06:24 633856 63B4F59D7C89B1BF5277F1FFEFD491CD c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[7] 2008-10-09 06:24 633856 9D9F061EDA75425FC67F0365E3467C86 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[7] 2008-01-19 07:37 179200 B304D47D5744BA20FCB99FB8B2C07B0B c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[7] 2006-11-02 09:46 178688 D99A071C1018BB3D4ABAAD4B62048AC2 c:\windows\System32\ws2_32.dll
[7] 2006-11-02 09:46 178688 D99A071C1018BB3D4ABAAD4B62048AC2 c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

[7] 2008-01-19 07:36 825856 455D715A840579BDC1CF8E5C1DA76849 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
[7] 2009-03-03 04:20 826368 BA68744F8FE1BAAC35362F18774972A3 c:\windows\System32\wininet.dll
[7] 2006-11-02 09:46 822272 214A456AADCC7DD1B36E2287BA71A9CA c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16386_none_ffb23181a4e80112\wininet.dll
[7] 2008-10-09 06:31 826368 E74D932CA7B3DA8CDB7A5F11F5A03ABC c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
[7] 2008-10-02 03:49 826368 8BF7D225505A4ADA25D9444E91811CEA c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll
[7] 2008-10-16 04:40 826368 F18C1B151A0B18C35BF0919A9BA0FA0F c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
[7] 2009-01-15 04:16 826368 FF35D495AC08549154D1D96990513CD9 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
[7] 2009-03-03 04:20 826368 BA68744F8FE1BAAC35362F18774972A3 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\wininet.dll
[7] 2008-10-09 06:31 827904 AE7150C0696C656D02FDD48259F4EFF5 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
[7] 2008-10-02 03:30 827904 C85EF7DE97ABBF00B16AD11EDFEAC637 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll
[7] 2008-10-16 04:24 827904 622FE627D15DD920238A993021F0A4D1 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
[7] 2009-01-15 04:19 827904 65647F41CEC0C8EEC9DF5BC1168EC76C c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
[7] 2009-03-03 04:18 828416 88B57405AC5B2BF513069086F8963635 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\wininet.dll
[7] 2008-10-09 06:31 827392 618A51B5FB9DD5810960F6044C0E9289 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
[7] 2008-10-02 03:49 827392 C373C19F10601C1AFE7E40907AE48694 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll
[7] 2008-10-16 04:47 827392 8F89FFECF6989DD7D9ECCEC6D95D7419 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
[7] 2009-01-15 06:11 827392 FB79A2AA5E92653B9A394FE26D799BF8 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
[7] 2009-03-03 04:40 827392 6E115E2D3FAE5077A361A5BCE78FF170 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\wininet.dll
[7] 2008-10-09 06:31 827904 EDF59D63DDBC8BE0BB4836EFFFC04BDC c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
[7] 2008-10-02 03:34 827904 6B2591CDCEFEB8451594288426677CBB c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll
[7] 2008-10-16 04:38 827904 4944C9FFE8903A276590D4215F74B937 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
[7] 2009-01-16 05:00 827904 6A986C2CD30633447DAB21A4852E40D6 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
[7] 2009-03-03 04:32 827904 3ED9859939928CA568F487AB42175A33 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\wininet.dll

[7] 2008-01-19 07:43 891448 FC6E2835D667774D409C7C7021EAF9C4 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[7] 2008-10-09 06:34 803328 5DF77458AA92FDB36FCE79C60F74AB5D c:\windows\System32\drivers\tcpip.sys
[7] 2006-11-02 08:58 802816 D944522B048A5FEB7700B5170D3D9423 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[7] 2008-10-09 06:34 803328 5DF77458AA92FDB36FCE79C60F74AB5D c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[7] 2008-10-09 06:34 806400 52A8BD6294F7D1443C6184C67AE13AF4 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys

[7] 2008-01-19 07:33 314880 C2610B6BDBEFC053BBDAB4F1B965CB24 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[7] 2006-11-02 09:45 308224 9F75392B9128A91ABAFB044EA350BAAD c:\windows\System32\winlogon.exe
[7] 2006-11-02 09:45 308224 9F75392B9128A91ABAFB044EA350BAAD c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[7] 2008-01-19 07:43 529464 9BDC71790FA08F0A0B5F10462B1BD0B1 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[7] 2006-11-02 09:51 500840 227C11E1E7CF6EF8AFB2A238D209760C c:\windows\System32\drivers\ndis.sys
[7] 2006-11-02 09:51 500840 227C11E1E7CF6EF8AFB2A238D209760C c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys

[7] 2008-01-19 07:43 3600440 FE51E8DBBEF2D01EF886499FECBF2D78 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntkrnlpa.exe
[7] 2009-03-03 04:24 3503584 06BCF21AAA1890328D1F58F0ACBE668D c:\windows\System32\ntkrnlpa.exe
[7] 2006-11-02 09:51 3502184 CADAA2FCB7F3D18BE056A34D84EE2CA1 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntkrnlpa.exe
[7] 2008-10-09 06:29 3504824 B0315AAB99CA2CF6576E68465B3AC554 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntkrnlpa.exe
[7] 2008-10-09 06:42 3504824 A676D072FF3967821EC292F5C885A32D c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe
[7] 2008-10-09 06:24 3504824 7B3DE8F172BD5BA3842237088595E0DD c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntkrnlpa.exe
[7] 2008-10-09 06:36 3504696 0BE027340C32D14ABECDA068E45E532A c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe
[7] 2008-09-18 04:35 3505208 E67F6247029F6311E643532D2CFFE667 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntkrnlpa.exe
[7] 2009-03-03 04:24 3503584 06BCF21AAA1890328D1F58F0ACBE668D c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntkrnlpa.exe
[7] 2008-10-09 06:29 3504824 A59C7EA8F866BA9EBE06CB57F01FA5E1 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntkrnlpa.exe
[7] 2008-10-09 06:42 3504824 99AC9F5573F9376970A82D77731BE62A c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntkrnlpa.exe
[7] 2008-10-09 06:24 3505848 0BDCA5C80ED74AD207EEC0535D2AF508 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntkrnlpa.exe
[7] 2008-10-09 06:36 3505720 4821AB9F49B32CC17887AE861895826E c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe
[7] 2008-09-18 04:27 3506744 084A3A26A3D1A75D0705D963C0289DD5 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntkrnlpa.exe
[7] 2009-03-03 04:22 3505120 191C702B48681FB2BA5A96F416207ACF c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntkrnlpa.exe
[7] 2008-09-18 05:09 3601464 3EB08788832D9048C617559CEFD208CF c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntkrnlpa.exe
[7] 2009-03-03 04:46 3599328 FEB3FB3309EBA85917BDE7F4FD019C9D c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntkrnlpa.exe
[7] 2008-09-18 04:54 3601976 DC870DCAA25E5CC1C8A50FAC19CCED45 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntkrnlpa.exe
[7] 2009-03-03 04:37 3600880 641C0F376136E5B6F389016EC48374D2 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntkrnlpa.exe

[7] 2008-01-19 07:43 3548728 6700F35EBA206E5C89AC27C9A124DC01 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntoskrnl.exe
[7] 2009-03-03 04:24 3469280 3910FE042C707E6BACD0FEC5AB9ECDE6 c:\windows\System32\ntoskrnl.exe
[7] 2006-11-02 09:51 3467880 883D5B644BFA3DC7298D4731B13AF499 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe
[7] 2008-10-09 06:29 3470008 4F2488EC5D0EBFE868F47681BCF315D3 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntoskrnl.exe
[7] 2008-10-09 06:42 3471032 0E8F7801D17C7437CEE216099B975163 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe
[7] 2008-10-09 06:24 3470520 2D202D94C6D0EC6B1483D2D47016FA0A c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntoskrnl.exe
[7] 2008-10-09 06:36 3470392 A0BF353A68B434F2BBFF238FEEB51486 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntoskrnl.exe
[7] 2008-09-18 04:35 3470904 03279407E78F76BA1131DAB35A5E55C0 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntoskrnl.exe
[7] 2009-03-03 04:24 3469280 3910FE042C707E6BACD0FEC5AB9ECDE6 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntoskrnl.exe
[7] 2008-10-09 06:29 3470520 99B743BE7149970EB8D9C48FB0A41BF7 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntoskrnl.exe
[7] 2008-10-09 06:42 3471544 9E6991F557248A5E6E742D1081583969 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntoskrnl.exe
[7] 2008-10-09 06:24 3472056 2DF67260DD3167402ABC14DC11112686 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntoskrnl.exe
[7] 2008-10-09 06:36 3471928 B23072AE0FD60A2BE57FD48F81DDB5BB c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntoskrnl.exe
[7] 2008-09-18 04:27 3472952 1E09CE4D9BB7B6521FB023CAE2E55F63 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntoskrnl.exe
[7] 2009-03-03 04:22 3471328 808C86316AED98716C5F305A6265F393 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntoskrnl.exe
[7] 2008-09-18 05:09 3549240 1FD3E8BFFD38F9B145E4B2B238B692F7 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntoskrnl.exe
[7] 2009-03-03 04:46 3547632 393BB8FE05D66ABA7B091E6032179272 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntoskrnl.exe
[7] 2008-09-18 04:54 3549752 DEA801F2D9FD1DB35ED6B9BC4A6657F1 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntoskrnl.exe
[7] 2009-03-03 04:37 3548656 DFF34C5D66AB4BF1EED47BF19D1267BB c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntoskrnl.exe

[7] 2008-10-29 06:20 2923520 37440D09DEAE0B672A04DCCF7ABF06BE c:\windows\explorer.exe
[7] 2008-01-19 07:33 2927104 FFA764631CB70A30065C12EF8E174F9F c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[7] 2006-11-02 09:45 2923520 FD8C53FB002217F6F888BCF6F5D7084D c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[7] 2008-10-09 06:42 2923520 6D06CD98D954FE87FB2DB8108793B399 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[7] 2008-10-29 06:20 2923520 37440D09DEAE0B672A04DCCF7ABF06BE c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2008-10-09 06:42 2923520 BD06F0BF753BC704B653C3A50F89D362 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[7] 2008-10-28 02:15 2923520 E7156B0B74762D9DE0E66BDCDE06E5FB c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2008-10-29 06:29 2927104 4F554999D7D5F05DAAEBBA7B5BA1089D c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2008-10-30 03:59 2927616 50BA5850147410CDE89C523AD3BC606E c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[7] 2008-01-19 07:33 279040 2B336AB6286D6C81FA02CBAB914E3C6C c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[7] 2006-11-02 09:45 279552 329CF3C97CE4C19375C8ABCABAE258B0 c:\windows\System32\services.exe
[7] 2006-11-02 09:45 279552 329CF3C97CE4C19375C8ABCABAE258B0 c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe

[7] 2009-02-13 07:26 7680 59DE082968FDD257FFF0D209B9A5B460 c:\windows\System32\lsass.exe
[7] 2006-11-02 09:45 7680 6A0E382E74280E4CC0DF17FE2661D003 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[7] 2009-02-13 07:26 7680 59DE082968FDD257FFF0D209B9A5B460 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[7] 2009-02-13 04:58 7680 AFF8A58280863629CA4FFA9E0B259F1E c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[7] 2008-01-19 07:33 9728 DCF733788C7D088D814E5F80EB4B3E0F c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[7] 2008-01-19 07:33 9728 DCF733788C7D088D814E5F80EB4B3E0F c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[7] 2009-02-13 08:20 9728 F4C62B07E5BF96F1FDCA9DB393ECED22 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

[7] 2006-11-02 09:45 8704 22BFD03DF51065A9ED8D17F8FB72296B c:\windows\System32\ctfmon.exe
[7] 2006-11-02 09:45 8704 22BFD03DF51065A9ED8D17F8FB72296B c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

[7] 2008-01-19 07:33 125952 846CDF9A3CF4DA9B306ADFB7D55EE4C2 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[7] 2006-11-02 09:45 124928 DA612EF2556776DF2630B68BF2D48935 c:\windows\System32\spoolsv.exe
[7] 2006-11-02 09:45 124928 DA612EF2556776DF2630B68BF2D48935 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe

[7] 2008-01-19 07:33 43008 8E93CDF0EA8EDBA63F07E2898A9B2147 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe
[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\System32\wuauclt.exe
[7] 2006-11-02 09:46 41472 FF81090B6EF1A42A19DF226632711D25 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe
[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe

[7] 2008-01-19 07:33 25088 0E135526E9785D085BCD9AEDE6FBCBF9 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[7] 2006-11-02 09:45 24576 22027835939F86C3E47AD8E3FBDE3D11 c:\windows\System32\userinit.exe
[7] 2006-11-02 09:45 24576 22027835939F86C3E47AD8E3FBDE3D11 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

[7] 2008-01-19 07:36 448512 D605031E225AACCBCEB5B76A4F1603A6 c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[7] 2006-11-02 09:46 427520 FAD71C1E8E4047B154E899AE31EB8CAA c:\windows\System32\termsrv.dll
[7] 2006-11-02 09:46 427520 FAD71C1E8E4047B154E899AE31EB8CAA c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll

[7] 2008-01-19 07:34 888320 DC2338093F91BA4E0512208E60206DDD c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[7] 2009-02-13 07:26 875520 B82C7AC1D559F0FD088792171D64C7F3 c:\windows\System32\kernel32.dll
[7] 2006-11-02 09:46 874496 1E36AE445E4DA83B82D51FEB2D4F8772 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[7] 2009-02-13 07:26 875520 B82C7AC1D559F0FD088792171D64C7F3 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[7] 2009-02-13 07:13 875520 BB792054BD990EC05D9E260D50FEAD39 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[7] 2009-02-13 08:49 888832 DB6E3731E6F5C8AE2843F80B5787F7C6 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[7] 2009-02-13 08:21 890880 1987D817D08F5EAF0B7F334026FDDB79 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll

[7] 2008-01-19 07:36 97280 51832219A52C3535BF4771C375E63F9B c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll
[7] 2006-11-02 09:46 96768 3CDEC51291F735C5C276B957239017A3 c:\windows\System32\powrprof.dll
[7] 2006-11-02 09:46 96768 3CDEC51291F735C5C276B957239017A3 c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6000.16386_none_a0e2dc64ffed4e9d\powrprof.dll

[7] 2008-01-19 07:34 114688 EC17194A193CD8E90D27CFB93DFA9A2E c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
[7] 2006-11-02 09:46 115200 EE12864398F1C3BF5BEE91F6AF9842E1 c:\windows\System32\imm32.dll
[7] 2006-11-02 09:46 115200 EE12864398F1C3BF5BEE91F6AF9842E1 c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\imm32.dll

[7] 2008-01-19 07:33 148992 C56DED3FE618C8BAE1AAAF4E801CCB3E c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.0.6001.18000_none_81cee8645c09a139\appmgmts.dll
[7] 2006-11-02 12:34 148480 051E86735B71E8402AEBC1D662F26BA2 c:\windows\System32\appmgmts.dll
[7] 2006-11-02 12:34 148480 051E86735B71E8402AEBC1D662F26BA2 c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.0.6000.16386_none_7f9826685f1e9065\appmgmts.dll

[7] 2008-01-19 07:41 35384 37605E0A8CF00CBBA538E753E4344C6E c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys
[7] 2008-10-09 10:01 35384 B076B2AB806B3F696DAB21375389101C c:\windows\System32\drivers\kbdclass.sys
[7] 2006-11-02 09:49 32872 1A48765F92BA1A88445FC25C9C9D94FC c:\windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys
[7] 2008-10-09 10:01 35384 B076B2AB806B3F696DAB21375389101C c:\windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys
[7] 2008-10-09 10:01 35384 B076B2AB806B3F696DAB21375389101C c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys
[7] 2008-10-09 10:01 35384 C9B0CF786D5F151A43C7BE8E243F2819 c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6A3E9978-15A9-4789-942B-300B094E628A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EF72632E-8049-4CD0-8A9C-B9E782C3E3A1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B729A190-FA7A-4B64-ACA4-F2DA61CE619E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0BE67C46-52A9-4510-90D7-0DF49FF27202}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{40F99537-380B-43A8-A68E-244EBF3584A7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A52AD778-3643-4718-BD32-419BBFD43D5D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{35EF347B-FEFE-4635-8D28-8094E322D867}c:\\program files\\steam\\steamapps\\killedchaos\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\killedchaos\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{8857856C-1FE5-4A87-8886-ADFD13EF561D}c:\\program files\\steam\\steamapps\\killedchaos\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\killedchaos\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{27CEE4B1-D3E9-4356-AFF6-952206B9040B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E7BE40C7-A131-4EC9-8CCA-E6F427D17ACB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{00C1C74A-159E-4219-8F75-EE295C4A2AC9}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{15C6C91D-D5C8-472A-A03E-F57280EC17CC}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{52143DC0-9160-4010-AECC-DDA68CB4C586}c:\\program files\\warcraft iii\\lc\\pickup.listchecker.exe"= UDP:c:\program files\warcraft iii\lc\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{E1735B74-DC0D-451D-9149-BAFD71F3569E}c:\\program files\\warcraft iii\\lc\\pickup.listchecker.exe"= TCP:c:\program files\warcraft iii\lc\pickup.listchecker.exe:pickup.listchecker
"TCP Query User{5216C62B-032E-4101-AFA0-ED27147B48FA}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{C0C1E3C0-0BB7-4455-9796-2226B796F438}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"{DBD5687C-B709-4D28-846A-CA77215060CF}"= UDP:c:\program files\uTorrent\uTorrent.exe:ÂµTorrent (TCP-In)
"{D9509106-A53A-4E7A-B820-01B5E9EB5A5C}"= TCP:c:\program files\uTorrent\uTorrent.exe:ÂµTorrent (UDP-In)
"TCP Query User{0B2535FF-D90B-4E34-B0A9-8CB92175DD22}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{2B4659E6-E250-4EEB-988A-799EE613F41B}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{F378189F-954D-43DF-9559-F7D9AF2BD6E4}"= Disabled:UDP:443:ooVoo TCP port 443
"{3EB496D3-84CB-40A7-9EF9-31CC5EF3102C}"= Disabled:TCP:443:ooVoo UDP port 443
"{4D4B8B7D-BE38-4BB6-BA81-0714BB882BC4}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{C12CCCA7-525E-4135-97E2-B73D8943D16E}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{E4B57893-FA64-4D1B-9653-5633ED3789D0}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{229C41C3-84F9-4FC6-A956-DC7D3D176386}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{002E4D3D-B285-4A33-B084-E0C8F50C08AD}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{EAF22F02-42AF-4855-A03A-9A3A90F9FE11}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"UDP Query User{B290DB43-6822-4EB5-A51B-59309494BCA7}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"TCP Query User{4B0C5E14-5D7B-4439-93AD-77C293829481}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{EFE0A262-0F41-4394-9973-3AF9766C1D71}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{59464C3A-5E5A-46EF-B07A-7C2D887736BC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7733FC09-0731-4BD3-ACA3-DE4010C98C5E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DAEF5F1C-C89D-4142-9787-10F4677A3D31}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{289F7B32-413B-41CD-B499-F7AAE2F775B6}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DE07675E-28BB-4D7F-9CD2-2FE1C0CADB67}"= UDP:5353:Adobe CSI CS4
"{637E0024-9C38-4866-B3F7-92880DE04B7F}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{85F9F14B-84A6-45FB-9779-4294C9D15663}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/22/2009 11:26 AM 108289]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/8/2008 12:50 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [10/8/2008 12:50 AM 7424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe --> c:\windows\system32\aestsrv.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
.
.

Supplementary Scan

.
uStart Page = hxxp://mail.google.com/a/usc.edu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 15:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32D8DBD4-B955-25F6-FF2FD67811A2C9DA}\{94CF5F21-4368-969C-99FE195940743E13}\{15E9DC49-AD27-6FBF-ADF6ADCA641CD874}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{484F515E-F5F4-CAE2-00797FFBC1B1DB0A}\{B5BB857C-6143-5E3C-4B14653578135B7A}\{14E971F7-0C0F-F2F4-35B0BAA5D2098273}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B0B6C35-3AEA-9EAE-179EBB09B20EA2F1}\{75565C86-DCE5-4077-B0F3502E93E7104E}\{6B409343-0D15-4A1C-46DBD99A1375331F}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,b2,8d,46,
0b,33,b1,1c,3d,7a,d0,a7,5b,47,e8,3d,d7,45,36,0a,16,69,03,c9,8b,c1,d7,e4,2d,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99B3C19D-1110-E642-964288AEAF2709C8}\{40C615DA-7F31-9B5B-0DDF6E89F316E212}\{17EBF9A6-E64A-9733-B8ACE6C016E89E7C}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,b2,8d,46,
0b,33,b1,1c,3d,7a,d0,a7,5b,47,e8,3d,d7,45,36,0a,16,69,03,c9,8b,c1,d7,e4,2d,\
.
Completion time: 2009-06-22 15:55
ComboFix-quarantined-files.txt 2009-06-22 22:55

Pre-Run: 54,678,278,144 bytes free
Post-Run: 55,428,071,424 bytes free

299 --- E O F --- 2009-06-08 20:38

Hmm.. AIM has been fixed completely. Things actually seem to be better already, however, the problem with my network is still there. I don't know if that's a driver/hardware problem or virus or whatever, but internet works, it just shows a red X on the connection. "connection status: unknown Server execution failed"

Again, I have to thank you so much for your help this far.

al3xchung · June 2009

Hmm the guest account still doesn't work. It loads the blank background, but explorer never runs, so it's just stuck like that, there is full functionality of the computer though (switching, logging off, via ctrl+alt+del; Task manager via ctrl+shift+esc)

Katana · June 2009

Information

1) my Sony PSP, and flash usb drive are currently with a friend.
2) Are these flashdrive infections contagious to other computers?
3) Should I go about using the USB No Risk on all of my family computers?

1) Tell your friend they are probably infected.
2) Infecting other computers is their very reason for existing, so YES !!
3) Yes

Hmm the guest account still doesn't work.

We will sort that shortly.

IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Step 1

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Link to topic
Comment:: Katana
Suspect::[4]
C:\fnjdb.exe
c:\windows\is-RJOQJ.exe
File::
C:\fnjdb.exe
c:\windows\is-RJOQJ.exe

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32D8DBD4-B955-25F6-FF2FD67811A2C9DA}\{94CF5F21-4368-969C-99FE195940743E13}\{15E9DC49-AD27-6FBF-ADF6ADCA641CD874}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{484F515E-F5F4-CAE2-00797FFBC1B1DB0A}\{B5BB857C-6143-5E3C-4B14653578135B7A}\{14E971F7-0C0F-F2F4-35B0BAA5D2098273}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B0B6C35-3AEA-9EAE-179EBB09B20EA2F1}\{75565C86-DCE5-4077-B0F3502E93E7104E}\{6B409343-0D15-4A1C-46DBD99A1375331F}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99B3C19D-1110-E642-964288AEAF2709C8}\{40C615DA-7F31-9B5B-0DDF6E89F316E212}\{17EBF9A6-E64A-9733-B8ACE6C016E89E7C}*]

ADS::

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
- Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Combofix Log
Kaspersky Log
How are things running now ?

al3xchung · June 2009

So... I think somehow things are now getting worse? Windows all of a sudden has new updates available, and it keeps attempting to install them and once it crashed, and another time it just encountered an unknown error.

The updates are "Internet Explorer 8" and "Microsoft.NET Framework 3.5 Service Pack 1 and.NET Framework 3.5 Family Update (KB951847) x86"

I've uninstalled uTorrent, and before I run ComboFix, I noticed I installed an update, and "The system cannot find message text for message number 0x8 in the message file for System."

Hmm.. did I do something wrong somewhere? I pressed select all for the CFScript.txt, so it's exactly a copy.

Thank again Katana.

Katana · June 2009

Disable Windows updates for the moment.

Do you have the new combofix log ?
C:\Combofix.txt

al3xchung · June 2009

So.. the Combofix log is too long to post? eh...

KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 23, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 24, 2009 03:17:51
Records in database: 2385176

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 201419
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:16:10

File name / Threat name / Threats count
C:\Windows\System32\CTF\ctfs.dll Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.280 1

The selected area was scanned.

al3xchung · June 2009

ComboFix 09-06-22.0E - Roston 06/23/2009 16:48.2 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Ultimate 6.0.6000.0.1252.1.1033.18.3581.2755 [GMT -7:00]
Running from: c:\users\Roston\Desktop\ComboFix.exe
Command switches used :: c:\users\Roston\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\fnjdb.exe"
"c:\windows\is-RJOQJ.exe"

file zipped: C:\Suspect_fnjdb.exe.vir
file zipped: c:\windows\Suspect_is-RJOQJ.exe.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fnjdb.exe
c:\windows\is-RJOQJ.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 23:50 . 2009-06-23 23:51

d

w- c:\users\Roston\AppData\Local\temp
2009-06-23 23:50 . 2009-06-23 23:50

d

w- c:\users\Guest\AppData\Local\temp
2009-06-22 23:24 . 2009-04-30 12:42 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-06-22 23:24 . 2009-04-30 12:52 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-22 23:24 . 2009-04-30 12:44 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-06-22 23:15 . 2009-04-21 12:04 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-22 23:15 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll
2009-06-22 23:15 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-22 21:32 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 21:32 . 2009-06-22 21:32

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 21:32 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-22 21:26 . 2009-06-22 21:31

d

w- C:\USBNoRisk
2009-06-22 18:29 . 2009-06-22 18:30

d

w- C:\rsit
2009-06-22 18:26 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-22 18:26 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-22 18:26 . 2009-06-22 18:26

d

w- c:\program files\Avira
2009-06-07 22:45 . 2009-06-07 22:45

d

w- c:\program files\Adobe Media Player
2009-06-07 22:42 . 2009-06-07 22:42

d

w- c:\program files\Common Files\Adobe AIR
2009-06-01 06:41 . 2009-06-01 06:41

d

w- c:\program files\DotA Gaming Network
2009-06-01 06:41 . 2007-08-31 04:57 196608 ----a-w- c:\windows\system32\BNCSutil.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 21:49 . 2008-10-09 21:28 71460 ----a-w- c:\windows\system32\perfc012.dat
2009-06-23 21:49 . 2008-10-09 21:28 268898 ----a-w- c:\windows\system32\perfh012.dat
2009-06-23 21:28 . 2008-10-09 21:11

d

w- c:\program files\Common Files\Steam
2009-06-23 21:28 . 2008-10-09 21:11

d

w- c:\program files\Steam
2009-06-22 18:17 . 2009-03-12 07:01

d

w- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2009-06-22 00:45 . 2008-10-10 08:23

d

w- c:\program files\Warcraft III
2009-06-07 22:45 . 2008-10-08 08:59

d

w- c:\program files\Common Files\Adobe
2009-06-03 01:15 . 2008-10-08 07:35 680 ----a-w- c:\users\Roston\AppData\Local\d3d9caps.dat
2009-05-27 09:18 . 2008-12-02 09:12

d

w- c:\program files\ooVoo
2009-05-22 09:35 . 2009-05-12 11:30

d

w- c:\program files\Full Tilt Poker
2009-05-22 09:35 . 2008-10-08 07:45

d--h--w- c:\program files\InstallShield Installation Information
2009-05-13 10:00 . 2006-11-02 11:18

d

w- c:\program files\Windows Mail
2009-05-09 23:49 . 2009-05-09 23:49

d

w- c:\program files\FileZilla FTP Client
2009-05-02 10:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-24 16:22 . 2009-06-22 23:14 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:14 . 2009-06-22 23:14 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-04-24 16:14 . 2009-06-22 23:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 16:11 . 2009-06-22 23:14 72704 ----a-w- c:\windows\system32\admparse.dll
2009-04-24 13:53 . 2009-06-22 23:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-24 12:25 . 2009-06-22 23:14 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-04-08 18:53 . 2009-04-08 18:53 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-22_22.53.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-22 23:14 . 2009-04-24 15:54 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21046_none_2a73c7b3813b6302\iebrshim.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16851_none_29da8168682a2d34\iebrshim.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21046_none_c44eb1437a8b8da5\iesetup.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21046_none_c44eb1437a8b8da5\iernonce.dll
+ 2009-06-22 23:14 . 2009-04-24 13:42 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21046_none_c44eb1437a8b8da5\ie4uinit.exe
+ 2009-06-22 23:14 . 2009-04-24 16:14 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16851_none_c3b56af8617a57d7\iesetup.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16851_none_c3b56af8617a57d7\iernonce.dll
+ 2009-06-22 23:14 . 2009-04-24 13:53 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16851_none_c3b56af8617a57d7\ie4uinit.exe
+ 2009-06-22 23:14 . 2009-04-24 13:46 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\ieUnatt.exe
+ 2009-06-22 23:14 . 2009-04-24 13:44 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\ieUnatt.exe
+ 2009-06-22 23:14 . 2009-04-24 13:42 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\ieUnatt.exe
+ 2009-06-22 23:14 . 2009-04-24 13:53 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\ieUnatt.exe
+ 2009-06-22 23:14 . 2009-04-24 15:54 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21046_none_59197b8580504b5c\icardie.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16851_none_5880353a673f158e\icardie.dll
+ 2009-06-22 23:14 . 2009-04-24 13:45 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22418_none_f3f45b61d3451a29\mshtmler.dll
+ 2009-06-22 23:14 . 2009-04-24 15:57 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22418_none_f3f45b61d3451a29\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18248_none_f34a4cecba3fd10b\mshtmler.dll
+ 2009-06-22 23:14 . 2009-04-24 16:02 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18248_none_f34a4cecba3fd10b\ieencode.dll
+ 2009-06-22 23:14 . 2009-04-24 12:20 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21046_none_f1eb829fd638e078\mshtmler.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21046_none_f1eb829fd638e078\ieencode.dll
+ 2009-06-22 23:14 . 2009-04-24 12:25 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16851_none_f1523c54bd27aaaa\mshtmler.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16851_none_f1523c54bd27aaaa\ieencode.dll
+ 2009-06-22 23:14 . 2009-04-24 15:55 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22418_none_aeb8f6ae1fe46774\admparse.dll
+ 2009-04-17 00:47 . 2008-01-19 07:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18248_none_ae0ee83906df1e56\admparse.dll
+ 2009-06-22 23:14 . 2009-04-24 15:52 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21046_none_acb01dec22d82dc3\admparse.dll
+ 2009-06-22 23:14 . 2009-04-24 16:11 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16851_none_ac16d7a109c6f7f5\admparse.dll
+ 2009-06-22 23:14 . 2009-04-24 13:33 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22121_none_04446854b8264f82\WininetPlugin.dll
+ 2009-06-22 23:14 . 2009-04-24 15:40 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22121_none_04446854b8264f82\jsproxy.dll
+ 2009-06-22 23:14 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18024_none_03bdcc679f05fbbd\WininetPlugin.dll
+ 2009-06-22 23:14 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18024_none_03bdcc679f05fbbd\jsproxy.dll
+ 2009-06-22 23:14 . 2009-04-24 16:00 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22418_none_026fc85ebaf18fce\WininetPlugin.dll
+ 2009-06-22 23:14 . 2009-04-24 15:58 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22418_none_026fc85ebaf18fce\jsproxy.dll
+ 2008-10-14 17:50 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\WininetPlugin.dll
+ 2009-06-22 23:14 . 2009-04-24 16:02 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\jsproxy.dll
+ 2009-06-22 23:14 . 2009-04-24 16:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21046_none_0066ef9cbde5561d\WininetPlugin.dll
+ 2009-06-22 23:14 . 2009-04-24 15:55 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21046_none_0066ef9cbde5561d\jsproxy.dll
+ 2009-06-22 23:14 . 2009-04-24 16:22 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16851_none_ffcda951a4d4204f\WininetPlugin.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16851_none_ffcda951a4d4204f\jsproxy.dll
+ 2009-06-22 23:14 . 2009-04-24 16:00 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21046_none_ec446b482f7bb826\pngfilt.dll
+ 2009-06-22 23:14 . 2009-04-24 16:21 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16851_none_ebab24fd166a8258\pngfilt.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 18944 c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.21051_none_372af3e22ffed0a6\ehtrace.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 18944 c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16856_none_36a6806716dc7c4d\ehtrace.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 21504 c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.21051_none_2e4be1e29e60eb10\ehdebug.dll
+ 2009-06-22 23:24 . 2009-04-30 12:41 21504 c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16856_none_2dc76e67853e96b7\ehdebug.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 77824 c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.21051_none_fc39e70a22fc10d2\ehiExtens.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 77824 c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16856_none_fbb5738f09d9bc79\ehiExtens.dll
+ 2008-10-08 08:13 . 2009-06-23 21:47 29690 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-06-23 21:47 62152 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-08 07:37 . 2009-06-23 21:47 10064 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2485682051-882755671-330877422-1000_UserData.bin
+ 2009-06-22 23:14 . 2009-04-24 16:21 44544 c:\windows\System32\pngfilt.dll
- 2009-04-17 00:47 . 2009-03-03 04:19 44544 c:\windows\System32\pngfilt.dll
+ 2009-06-22 23:14 . 2009-04-24 16:22 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-04-17 00:47 . 2009-03-03 04:20 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 27648 c:\windows\System32\jsproxy.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 27648 c:\windows\System32\jsproxy.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 44544 c:\windows\System32\iernonce.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 44544 c:\windows\System32\iernonce.dll
- 2009-04-17 00:47 . 2009-03-03 02:08 70656 c:\windows\System32\ie4uinit.exe
+ 2009-06-22 23:14 . 2009-04-24 13:53 70656 c:\windows\System32\ie4uinit.exe
- 2009-04-17 00:47 . 2009-03-03 04:16 63488 c:\windows\System32\icardie.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 63488 c:\windows\System32\icardie.dll
- 2006-11-02 13:00 . 2009-06-22 22:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-06-23 21:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-06-22 22:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-06-23 21:25 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-06-22 22:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-06-23 21:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-14 23:48 . 2008-12-05 04:29 18944 c:\windows\ehome\ehtrace.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 18944 c:\windows\ehome\ehtrace.dll
- 2009-02-14 23:48 . 2008-12-05 04:30 77824 c:\windows\ehome\ehiExtens.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 77824 c:\windows\ehome\ehiExtens.dll
- 2009-02-14 23:48 . 2008-12-05 04:29 21504 c:\windows\ehome\ehdebug.dll
+ 2009-06-22 23:24 . 2009-04-30 12:41 21504 c:\windows\ehome\ehdebug.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 77824 c:\windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
- 2009-02-14 23:48 . 2008-12-05 04:30 77824 c:\windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 52736 c:\windows\AppPatch\iebrshim.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 52736 c:\windows\AppPatch\iebrshim.dll
+ 2009-06-22 23:24 . 2009-04-30 12:17 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22423_none_34a0ebecf3254d51\McrMgr.dll
+ 2008-10-30 21:07 . 2008-01-19 07:34 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18254_none_33f7ddc1da1f1d8a\McrMgr.dll
+ 2009-06-22 23:24 . 2009-04-30 12:02 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.21051_none_3298132af61913a0\McrMgr.dll
+ 2009-06-22 23:24 . 2009-04-30 12:44 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16856_none_32139fafdcf6bf47\McrMgr.dll
+ 2009-06-23 21:43 . 2009-06-23 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-22 22:34 . 2009-06-22 22:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-23 21:43 . 2009-06-23 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-22 22:34 . 2009-06-22 22:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-14 23:48 . 2008-12-05 04:29 6656 c:\windows\ehome\McrMgr.dll
+ 2009-06-22 23:24 . 2009-04-30 12:44 6656 c:\windows\ehome\McrMgr.dll
+ 2009-06-22 23:24 . 2009-04-30 12:19 293376 c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22423_none_dc743bad703abfa3\psisdecd.dll
+ 2009-06-22 23:24 . 2009-04-30 12:37 293376 c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18254_none_dbcb2d8257348fdc\psisdecd.dll
+ 2009-06-22 23:24 . 2009-04-30 12:06 292352 c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.21051_none_da6b62eb732e85f2\psisdecd.dll
+ 2009-06-22 23:24 . 2009-04-30 12:52 292352 c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16856_none_d9e6ef705a0c3199\psisdecd.dll
+ 2009-06-22 23:24 . 2009-04-30 12:19 428544 c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22423_none_e0ef19f3a791bbf8\EncDec.dll
+ 2009-06-22 23:24 . 2009-04-30 12:37 428544 c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18254_none_e0460bc88e8b8c31\EncDec.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 428032 c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.21051_none_dee64131aa858247\EncDec.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 428032 c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16856_none_de61cdb691632dee\EncDec.dll
+ 2009-06-22 23:15 . 2009-04-23 12:24 784896 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.22120_none_b65513a45b6873a4\rpcrt4.dll
+ 2009-06-22 23:15 . 2009-04-23 12:15 784896 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.18024_none_b5cf780142473936\rpcrt4.dll
+ 2009-06-22 23:15 . 2009-04-23 12:39 784896 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22417_none_b48073ae5e33b3f0\rpcrt4.dll
+ 2009-06-22 23:15 . 2009-04-23 12:43 784896 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18247_none_b3d66539452e6ad2\rpcrt4.dll
+ 2009-06-22 23:15 . 2009-04-23 12:33 788992 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.21045_none_b2779aec61277a3f\rpcrt4.dll
+ 2009-06-22 23:15 . 2009-04-23 13:01 788992 c:\windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471\rpcrt4.dll
+ 2009-06-22 23:15 . 2009-04-23 12:22 623616 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.22120_none_3275d288a9023d20\localspl.dll
+ 2009-06-22 23:15 . 2009-04-23 12:14 623616 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.18024_none_31f036e58fe102b2\localspl.dll
+ 2009-06-22 23:15 . 2009-04-23 12:39 636928 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.22417_none_30a13292abcd7d6c\localspl.dll
+ 2009-06-22 23:15 . 2009-04-23 12:42 636928 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18247_none_2ff7241d92c8344e\localspl.dll
+ 2009-06-22 23:15 . 2009-04-23 12:29 697856 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.21045_none_2e9859d0aec143bb\localspl.dll
+ 2009-06-22 23:15 . 2009-04-23 12:56 696832 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6000.16850_none_2dff138595b00ded\localspl.dll
+ 2009-06-22 23:14 . 2009-04-24 13:42 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21046_none_0bc20a59f02f616a\ieuser.exe
+ 2009-06-22 23:14 . 2009-04-24 13:53 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16851_none_0b28c40ed71e2b9c\ieuser.exe
+ 2009-06-22 23:14 . 2009-04-24 13:42 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21046_none_e719d53dadb4a1b8\ieinstal.exe
+ 2009-06-22 23:14 . 2009-04-24 13:53 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16851_none_e6808ef294a36bea\ieinstal.exe
+ 2009-06-22 23:14 . 2009-04-24 15:57 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22418_none_65294180c73d8731\ieui.dll
+ 2008-10-09 06:31 . 2008-10-09 06:31 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18248_none_647f330bae383e13\ieui.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21046_none_632068beca314d80\ieui.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16851_none_62872273b12017b2\ieui.dll
+ 2009-06-22 23:14 . 2009-04-24 16:00 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22418_none_482a7f3aa5a2ae2b\sqmapi.dll
+ 2009-06-22 23:14 . 2009-04-24 15:57 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22418_none_482a7f3aa5a2ae2b\iertutil.dll
+ 2008-10-14 17:50 . 2008-01-19 07:36 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\sqmapi.dll
+ 2009-06-22 23:14 . 2009-04-24 16:02 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\iertutil.dll
+ 2009-06-22 23:14 . 2009-04-24 16:00 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21046_none_4621a678a896747a\sqmapi.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21046_none_4621a678a896747a\iertutil.dll
+ 2009-06-22 23:14 . 2009-04-24 16:21 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16851_none_4588602d8f853eac\sqmapi.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16851_none_4588602d8f853eac\iertutil.dll
+ 2009-06-22 23:14 . 2009-04-24 15:59 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22418_none_37ad3d0d2d419399\occache.dll
+ 2009-06-22 23:14 . 2009-04-24 16:04 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18248_none_37032e98143c4a7b\occache.dll
+ 2009-06-22 23:14 . 2009-04-24 16:00 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21046_none_35a4644b303559e8\occache.dll
+ 2009-06-22 23:14 . 2009-04-24 16:20 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16851_none_350b1e001724241a\occache.dll
+ 2009-06-22 23:14 . 2009-04-24 16:01 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
+ 2009-06-22 23:14 . 2009-04-24 16:08 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
+ 2009-06-22 23:14 . 2009-04-24 16:03 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
+ 2009-06-22 23:14 . 2009-04-24 16:25 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
+ 2009-06-22 23:14 . 2009-04-24 15:57 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21046_none_46a6e5865f77092b\mshtmled.dll
+ 2009-06-22 23:14 . 2009-04-24 16:17 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16851_none_460d9f3b4665d35d\mshtmled.dll
+ 2009-06-22 23:14 . 2009-04-24 15:58 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22418_none_606d5f2d5394e286\msfeeds.dll
+ 2009-06-22 23:14 . 2009-04-24 16:03 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18248_none_5fc350b83a8f9968\msfeeds.dll
+ 2009-06-22 23:14 . 2009-04-24 15:57 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21046_none_5e64866b5688a8d5\msfeeds.dll
+ 2009-06-22 23:14 . 2009-04-24 16:16 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16851_none_5dcb40203d777307\msfeeds.dll
+ 2009-06-22 23:14 . 2009-04-24 15:53 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21046_none_96444b2e9db6569e\dxtrans.dll
+ 2009-06-22 23:14 . 2009-04-24 15:53 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21046_none_96444b2e9db6569e\dxtmsft.dll
+ 2009-06-22 23:14 . 2009-04-24 16:13 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16851_none_95ab04e384a520d0\dxtrans.dll
+ 2009-06-22 23:14 . 2009-04-24 16:13 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16851_none_95ab04e384a520d0\dxtmsft.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21046_none_fa10127687d0d070\ieapfltr.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 383488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16851_none_f976cc2b6ebf9aa2\ieapfltr.dll
+ 2009-06-22 23:14 . 2009-04-24 15:57 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22418_none_aeb8f6ae1fe46774\ieakui.dll
+ 2009-06-22 23:14 . 2009-04-24 15:57 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22418_none_aeb8f6ae1fe46774\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18248_none_ae0ee83906df1e56\ieakui.dll
+ 2009-06-22 23:14 . 2009-04-24 16:02 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18248_none_ae0ee83906df1e56\ieaksie.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21046_none_acb01dec22d82dc3\ieakui.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21046_none_acb01dec22d82dc3\ieaksie.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16851_none_ac16d7a109c6f7f5\ieakui.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16851_none_ac16d7a109c6f7f5\ieaksie.dll
+ 2009-06-22 23:14 . 2009-04-24 15:57 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22418_none_74d7415a709bb095\iedkcs32.dll
+ 2009-06-22 23:14 . 2009-04-24 16:02 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18248_none_742d32e557966777\iedkcs32.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21046_none_72ce6898738f76e4\iedkcs32.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16851_none_7235224d5a7e4116\iedkcs32.dll
+ 2009-06-22 23:14 . 2009-04-24 15:43 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22121_none_04446854b8264f82\wininet.dll
+ 2009-06-22 23:14 . 2009-04-23 12:15 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18024_none_03bdcc679f05fbbd\wininet.dll
+ 2009-06-22 23:14 . 2009-04-24 16:00 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22418_none_026fc85ebaf18fce\wininet.dll
+ 2009-06-22 23:14 . 2009-04-24 16:05 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\wininet.dll
+ 2009-06-22 23:14 . 2009-04-24 16:01 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21046_none_0066ef9cbde5561d\wininet.dll
+ 2009-06-22 23:14 . 2009-04-24 16:22 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16851_none_ffcda951a4d4204f\wininet.dll
+ 2009-06-22 23:14 . 2009-04-24 15:58 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22418_none_e14c7b85959128aa\mstime.dll
+ 2009-06-22 23:14 . 2009-04-24 16:03 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18248_none_e0a26d107c8bdf8c\mstime.dll
+ 2009-06-22 23:14 . 2009-04-24 15:58 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21046_none_df43a2c39884eef9\mstime.dll
+ 2009-06-22 23:14 . 2009-04-24 16:18 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16851_none_deaa5c787f73b92b\mstime.dll
+ 2009-06-22 23:24 . 2009-04-30 10:34 253952 c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22423_none_4bdfc1ce6de6cf39\ehvid.exe
+ 2009-06-22 23:24 . 2009-04-30 10:28 253952 c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.18254_none_4b36b3a354e09f72\ehvid.exe
+ 2009-06-22 23:24 . 2009-04-30 10:19 253952 c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.21051_none_49d6e90c70da9588\ehvid.exe
+ 2009-06-22 23:24 . 2009-04-30 10:42 253952 c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16856_none_4952759157b8412f\ehvid.exe
+ 2009-06-22 23:24 . 2009-04-30 12:16 522240 c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22423_none_cf3b1fcee292dd5c\ehui.dll
+ 2009-06-22 23:24 . 2009-04-30 12:33 522240 c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18254_none_ce9211a3c98cad95\ehui.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 521728 c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.21051_none_cd32470ce586a3ab\ehui.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 517632 c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16856_none_ccadd391cc644f52\ehui.dll
+ 2009-06-22 23:24 . 2009-04-30 12:16 105472 c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22423_none_273f9b1b7b253f90\ehPresenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:33 105472 c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18254_none_26968cf0621f0fc9\ehPresenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 105472 c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.21051_none_2536c2597e1905df\ehPresenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:41 105472 c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16856_none_24b24ede64f6b186\ehPresenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:01 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.22126_none_3019d864cf578034\ehPlayer.dll
+ 2009-06-22 23:24 . 2009-04-30 11:47 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.18030_none_2f7f69f1b6476451\ehPlayer.dll
+ 2009-06-22 23:24 . 2009-04-30 12:16 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.22423_none_2e30659ed233df0b\ehPlayer.dll
+ 2009-06-22 23:24 . 2009-04-30 12:33 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.18254_none_2d875773b92daf44\ehPlayer.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 278528 c:\windows\winsxs\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.21051_none_2c278cdcd527a55a\ehPlayer.dll
+ 2009-06-22 23:24 . 2009-04-30 12:16 373248 c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22423_none_2fb2ddfc834d299c\ehglid.dll
+ 2009-06-22 23:24 . 2009-04-30 12:33 373248 c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18254_none_2f09cfd16a46f9d5\ehglid.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 372736 c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.21051_none_2daa053a8640efeb\ehglid.dll
+ 2009-06-22 23:24 . 2009-04-30 12:41 372224 c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16856_none_2d2591bf6d1e9b92\ehglid.dll
+ 2009-06-22 23:24 . 2009-04-30 11:47 173056 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22423_none_34a0ebecf3254d51\McrMgr.exe
+ 2009-06-22 23:24 . 2009-04-30 12:00 173056 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18254_none_33f7ddc1da1f1d8a\McrMgr.exe
+ 2009-06-22 23:24 . 2009-04-30 11:31 173056 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.21051_none_3298132af61913a0\McrMgr.exe
+ 2009-06-22 23:24 . 2009-04-30 12:09 173056 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16856_none_32139fafdcf6bf47\McrMgr.exe
+ 2009-06-22 23:24 . 2009-04-30 12:16 254464 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22423_none_152e7b96b8dde8f3\ehReplay.dll
+ 2009-06-22 23:24 . 2009-04-30 12:33 254464 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18254_none_14856d6b9fd7b92c\ehReplay.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 254464 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.21051_none_1325a2d4bbd1af42\ehReplay.dll
+ 2009-06-22 23:24 . 2009-04-30 12:41 252416 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16856_none_12a12f59a2af5ae9\ehReplay.dll
+ 2009-06-22 23:24 . 2009-04-30 12:19 180224 c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22423_none_ce9aa784e2f278f7\cbva.dll
+ 2009-06-22 23:24 . 2009-04-30 12:37 180224 c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18254_none_cdf19959c9ec4930\cbva.dll
+ 2009-06-22 23:24 . 2009-04-30 11:59 180224 c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.21051_none_cc91cec2e5e63f46\cbva.dll
+ 2009-06-22 23:24 . 2009-04-30 12:40 180224 c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16856_none_cc0d5b47ccc3eaed\cbva.dll
+ 2009-06-22 23:14 . 2009-04-24 15:52 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21046_none_aa4961990ee2d227\advpack.dll
+ 2009-06-22 23:14 . 2009-04-24 16:11 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16851_none_a9b01b4df5d19c59\advpack.dll
+ 2009-06-22 23:24 . 2009-04-30 12:06 212992 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.22126_none_27de1592e29b9884\Microsoft.MediaCenter.dll
+ 2009-06-22 23:24 . 2009-04-30 11:54 212992 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.18030_none_2743a71fc98b7ca1\Microsoft.MediaCenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:21 212992 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.22423_none_25f4a2cce577f75b\Microsoft.MediaCenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 212992 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.18254_none_254b94a1cc71c794\Microsoft.MediaCenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 225280 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.21051_none_23ebca0ae86bbdaa\Microsoft.MediaCenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:56 225280 c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16856_none_2367568fcf496951\Microsoft.MediaCenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:06 188416 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6002.22126_none_c7f9169954229812\mcstore.dll
+ 2009-06-22 23:24 . 2009-04-30 11:54 188416 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6002.18030_none_c75ea8263b127c2f\mcstore.dll
+ 2009-06-22 23:24 . 2009-04-30 12:21 188416 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6001.22423_none_c60fa3d356fef6e9\mcstore.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 188416 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6001.18254_none_c56695a83df8c722\mcstore.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 212992 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6000.21051_none_c406cb1159f2bd38\mcstore.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 212992 c:\windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6000.16856_none_c382579640d068df\mcstore.dll
+ 2009-06-22 23:24 . 2009-04-30 12:06 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6002.22126_none_8d41cc615e8201b1\ehRecObj.dll
+ 2009-06-22 23:24 . 2009-04-30 11:54 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6002.18030_none_8ca75dee4571e5ce\ehRecObj.dll
+ 2009-06-22 23:24 . 2009-04-30 12:21 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6001.22423_none_8b58599b615e6088\ehRecObj.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6001.18254_none_8aaf4b70485830c1\ehRecObj.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6000.21051_none_894f80d9645226d7\ehRecObj.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 532480 c:\windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6000.16856_none_88cb0d5e4b2fd27e\ehRecObj.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 135168 c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.21051_none_bd56e025daf6b2dd\ehexthost.exe
+ 2009-06-22 23:24 . 2009-04-30 12:55 135168 c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16856_none_bcd26caac1d45e84\ehexthost.exe
+ 2009-06-22 23:24 . 2009-04-30 12:06 839680 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6002.22126_none_de03aef7e5372a6c\ehepg.dll
+ 2009-06-22 23:24 . 2009-04-30 11:54 839680 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6002.18030_none_dd694084cc270e89\ehepg.dll
+ 2009-06-22 23:24 . 2009-04-30 12:21 839680 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6001.22423_none_dc1a3c31e8138943\ehepg.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 839680 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6001.18254_none_db712e06cf0d597c\ehepg.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 876544 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.21051_none_da11636feb074f92\ehepg.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 876544 c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16856_none_d98ceff4d1e4fb39\ehepg.dll
+ 2008-10-09 15:29 . 2009-06-23 10:00 277526 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-06-22 22:40 621552 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-23 21:49 621552 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-23 21:49 104868 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-22 22:40 104868 c:\windows\System32\perfc009.dat
+ 2009-06-22 23:14 . 2009-04-24 16:20 102912 c:\windows\System32\occache.dll
- 2009-04-17 00:47 . 2009-03-03 04:19 102912 c:\windows\System32\occache.dll
- 2009-04-17 00:47 . 2009-03-03 04:18 671232 c:\windows\System32\mstime.dll
+ 2009-06-22 23:14 . 2009-04-24 16:18 671232 c:\windows\System32\mstime.dll
- 2009-04-17 00:47 . 2009-03-03 04:17 477696 c:\windows\System32\mshtmled.dll
+ 2009-06-22 23:14 . 2009-04-24 16:17 477696 c:\windows\System32\mshtmled.dll
- 2009-04-17 00:47 . 2009-03-03 04:17 459264 c:\windows\System32\msfeeds.dll
+ 2009-06-22 23:14 . 2009-04-24 16:16 459264 c:\windows\System32\msfeeds.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 180736 c:\windows\System32\ieui.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 180736 c:\windows\System32\ieui.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 268288 c:\windows\System32\iertutil.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 268288 c:\windows\System32\iertutil.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 385024 c:\windows\System32\iedkcs32.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 385024 c:\windows\System32\iedkcs32.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 383488 c:\windows\System32\ieapfltr.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 383488 c:\windows\System32\ieapfltr.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 161792 c:\windows\System32\ieakui.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 161792 c:\windows\System32\ieakui.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 230400 c:\windows\System32\ieaksie.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 230400 c:\windows\System32\ieaksie.dll
+ 2009-06-22 23:14 . 2009-04-24 16:13 214528 c:\windows\System32\dxtrans.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 214528 c:\windows\System32\dxtrans.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 347136 c:\windows\System32\dxtmsft.dll
+ 2009-06-22 23:14 . 2009-04-24 16:13 347136 c:\windows\System32\dxtmsft.dll
- 2009-04-17 00:47 . 2009-03-03 04:15 124928 c:\windows\System32\advpack.dll
+ 2009-06-22 23:14 . 2009-04-24 16:11 124928 c:\windows\System32\advpack.dll

al3xchung · June 2009

+ 2009-06-22 23:24 . 2009-04-30 12:56 225280 c:\windows\ehome\Microsoft.MediaCenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 212992 c:\windows\ehome\mcstore.dll
- 2009-02-14 23:48 . 2008-12-05 04:29 173056 c:\windows\ehome\McrMgr.exe
+ 2009-06-22 23:24 . 2009-04-30 12:09 173056 c:\windows\ehome\McrMgr.exe
+ 2009-06-22 23:24 . 2009-04-30 10:42 253952 c:\windows\ehome\ehvid.exe
- 2009-02-14 23:48 . 2008-12-05 04:29 253952 c:\windows\ehome\ehvid.exe
+ 2009-06-22 23:24 . 2009-04-30 12:42 517632 c:\windows\ehome\ehui.dll
+ 2009-06-22 23:24 . 2009-04-30 12:41 252416 c:\windows\ehome\ehReplay.dll
- 2009-02-14 23:48 . 2008-12-05 04:29 252416 c:\windows\ehome\ehReplay.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 532480 c:\windows\ehome\ehRecObj.dll
- 2009-02-14 23:48 . 2008-12-05 04:29 105472 c:\windows\ehome\ehPresenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:41 105472 c:\windows\ehome\ehPresenter.dll
- 2009-02-14 23:48 . 2008-12-05 04:29 372224 c:\windows\ehome\ehglid.dll
+ 2009-06-22 23:24 . 2009-04-30 12:41 372224 c:\windows\ehome\ehglid.dll
- 2009-02-14 23:48 . 2008-12-05 04:30 135168 c:\windows\ehome\ehexthost.exe
+ 2009-06-22 23:24 . 2009-04-30 12:55 135168 c:\windows\ehome\ehexthost.exe
+ 2009-06-22 23:24 . 2009-04-30 12:55 876544 c:\windows\ehome\ehepg.dll
- 2009-02-14 23:48 . 2008-12-05 04:29 180224 c:\windows\ehome\cbva.dll
+ 2009-06-22 23:24 . 2009-04-30 12:40 180224 c:\windows\ehome\cbva.dll
+ 2009-06-22 23:24 . 2009-04-30 12:56 225280 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 212992 c:\windows\assembly\GAC_MSIL\mcstore\6.0.6000.0__31bf3856ad364e35\mcstore.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 532480 c:\windows\assembly\GAC_MSIL\ehRecObj\6.0.6000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 135168 c:\windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
- 2009-02-14 23:48 . 2008-12-05 04:30 135168 c:\windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
+ 2009-06-22 23:24 . 2009-04-30 12:55 876544 c:\windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
+ 2009-06-22 23:15 . 2009-04-21 11:42 2034688 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623\win32k.sys
+ 2009-06-22 23:15 . 2009-04-21 11:39 2034688 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40\win32k.sys
+ 2009-06-22 23:15 . 2009-04-21 13:26 2034176 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa\win32k.sys
+ 2009-06-22 23:15 . 2009-04-21 11:55 2033152 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc\win32k.sys
+ 2009-06-22 23:15 . 2009-04-21 11:55 2030080 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\win32k.sys
+ 2009-06-22 23:15 . 2009-04-21 12:04 2028032 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0\win32k.sys
+ 2009-05-13 09:28 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22435_none_f2f64e4f84abbcec\OESpamFilter.dat
+ 2009-05-13 09:28 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18259_none_f25b10ee6b9abd39\OESpamFilter.dat
+ 2009-05-13 09:28 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21056_none_f0fb46578794b34f\OESpamFilter.dat
+ 2009-05-13 09:28 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16860_none_f060ffc26e84642a\OESpamFilter.dat
+ 2009-06-22 23:24 . 2009-04-30 12:02 1244672 c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.21051_none_3d9893fe7ba30b35\mcmde.dll
+ 2009-06-22 23:24 . 2009-04-30 12:44 1244672 c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16856_none_3d1420836280b6dc\mcmde.dll
+ 2009-06-22 23:14 . 2009-04-24 15:57 6071296 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22418_none_65294180c73d8731\ieframe.dll
+ 2009-06-22 23:14 . 2009-04-24 16:02 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18248_none_647f330bae383e13\ieframe.dll
+ 2009-06-22 23:14 . 2009-04-24 15:54 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21046_none_632068beca314d80\ieframe.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 6066176 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16851_none_62872273b12017b2\ieframe.dll
+ 2009-06-22 23:14 . 2009-04-24 15:41 3598336 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22121_none_159e8773387cb8b8\mshtml.dll
+ 2009-06-22 23:14 . 2009-04-23 12:14 3597824 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18024_none_1517eb861f5c64f3\mshtml.dll
+ 2009-06-22 23:14 . 2009-04-24 15:58 3582976 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22418_none_13c9e77d3b47f904\mshtml.dll
+ 2009-06-22 23:14 . 2009-04-24 16:03 3581952 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18248_none_131fd9082242afe6\mshtml.dll
+ 2009-06-22 23:14 . 2009-04-24 15:57 3598336 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21046_none_11c10ebb3e3bbf53\mshtml.dll
+ 2009-06-22 23:14 . 2009-04-24 16:17 3596288 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16851_none_1127c870252a8985\mshtml.dll
+ 2008-10-09 06:31 . 2008-10-09 06:31 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21046_none_fa10127687d0d070\ieapfltr.dat
+ 2008-10-09 06:31 . 2008-10-09 06:31 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16851_none_f976cc2b6ebf9aa2\ieapfltr.dat
+ 2009-06-22 23:14 . 2009-04-24 15:43 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22121_none_b73e8cb2ed1d28ef\urlmon.dll
+ 2009-06-22 23:14 . 2009-04-23 12:15 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18024_none_b6b7f0c5d3fcd52a\urlmon.dll
+ 2009-06-22 23:14 . 2009-04-24 16:00 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22418_none_b569ecbcefe8693b\urlmon.dll
+ 2009-06-22 23:14 . 2009-04-24 16:05 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\urlmon.dll
+ 2009-06-22 23:14 . 2009-04-24 16:01 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21046_none_b36113faf2dc2f8a\urlmon.dll
+ 2009-06-22 23:14 . 2009-04-24 16:22 1159680 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16851_none_b2c7cdafd9caf9bc\urlmon.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 1498112 c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.21051_none_3a793943475c584d\ehuihlp.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 1497088 c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16856_none_39f4c5c82e3a03f4\ehuihlp.dll
+ 2009-06-22 23:24 . 2009-04-30 12:17 1384960 c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.22423_none_3685ee5032972d7f\Mcx2Filter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:34 1384960 c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18254_none_35dce0251990fdb8\Mcx2Filter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:03 1384960 c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.21051_none_347d158e358af3ce\Mcx2Filter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:44 1384960 c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16856_none_33f8a2131c689f75\Mcx2Filter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:06 1970176 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.22126_none_3582bc9f6d832c6e\Microsoft.MediaCenter.UI.dll
+ 2009-06-22 23:24 . 2009-04-30 11:54 1970176 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.18030_none_34e84e2c5473108b\Microsoft.MediaCenter.UI.dll
+ 2009-06-22 23:24 . 2009-04-30 12:21 1970176 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22423_none_339949d9705f8b45\Microsoft.MediaCenter.UI.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 1970176 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18254_none_32f03bae57595b7e\Microsoft.MediaCenter.UI.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 2363392 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.21051_none_3190711773535194\Microsoft.MediaCenter.UI.dll
+ 2009-06-22 23:24 . 2009-04-30 12:56 2355200 c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16856_none_310bfd9c5a30fd3b\Microsoft.MediaCenter.UI.dll
+ 2009-06-22 23:24 . 2009-04-30 12:06 1249280 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.22126_none_52f46defac2f2f54\Microsoft.MediaCenter.Shell.dll
+ 2009-06-22 23:24 . 2009-04-30 11:54 1249280 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.18030_none_5259ff7c931f1371\Microsoft.MediaCenter.Shell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:21 1249280 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.22423_none_510afb29af0b8e2b\Microsoft.MediaCenter.Shell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 1253376 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.18254_none_5061ecfe96055e64\Microsoft.MediaCenter.Shell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 1282048 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.21051_none_4f022267b1ff547a\Microsoft.MediaCenter.Shell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:56 1208320 c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16856_none_4e7daeec98dd0021\Microsoft.MediaCenter.Shell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:06 4059136 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6002.22126_none_8df6ca3857eab8be\ehshell.dll
+ 2009-06-22 23:24 . 2009-04-30 11:54 4059136 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6002.18030_none_8d5c5bc53eda9cdb\ehshell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:21 4059136 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22423_none_8c0d57725ac71795\ehshell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 4059136 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18254_none_8b64494741c0e7ce\ehshell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:09 4395008 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.21051_none_8a047eb05dbadde4\ehshell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 4382720 c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16856_none_89800b354498898b\ehshell.dll
+ 2009-06-22 23:14 . 2009-04-24 16:22 1159680 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-06-23 21:42 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-06-22 21:14 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-06-22 23:14 . 2009-04-24 16:17 3596288 c:\windows\System32\mshtml.dll
+ 2009-06-22 23:14 . 2009-04-24 16:14 6066176 c:\windows\System32\ieframe.dll
- 2009-04-17 00:47 . 2009-03-03 04:16 6066176 c:\windows\System32\ieframe.dll
- 2006-11-02 12:46 . 2009-05-22 09:33 1643792 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:46 . 2009-06-23 21:23 1643792 c:\windows\System32\FNTCACHE.DAT
+ 2009-06-22 23:24 . 2009-04-30 12:56 2355200 c:\windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2009-06-22 23:24 . 2009-04-30 12:56 1208320 c:\windows\ehome\Microsoft.MediaCenter.Shell.dll
- 2009-02-14 23:48 . 2008-12-05 04:29 1384960 c:\windows\ehome\Mcx2Filter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:44 1384960 c:\windows\ehome\Mcx2Filter.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 1497088 c:\windows\ehome\ehuihlp.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 4382720 c:\windows\ehome\ehshell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:56 2355200 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2009-06-22 23:24 . 2009-04-30 12:56 1208320 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:55 4382720 c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
+ 2009-06-22 23:24 . 2009-04-30 12:02 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.22126_none_546c7a3e66c6e86b\ehres.dll
+ 2009-06-22 23:24 . 2009-04-30 11:47 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.18030_none_53d20bcb4db6cc88\ehres.dll
+ 2009-06-22 23:24 . 2009-04-30 12:16 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.22423_none_5283077869a34742\ehres.dll
+ 2009-06-22 23:24 . 2009-04-30 12:33 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.18254_none_51d9f94d509d177b\ehres.dll
+ 2009-06-22 23:24 . 2009-04-30 12:00 10111488 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.21051_none_507a2eb66c970d91\ehres.dll
+ 2009-06-22 23:24 . 2009-04-30 12:42 10101760 c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16856_none_4ff5bb3b5374b938\ehres.dll
+ 2009-06-05 10:00 . 2009-06-23 21:34 61535421 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2006-11-02 10:24 . 2009-06-01 16:51 23635392 c:\windows\System32\mrt.exe
+ 2009-06-22 23:24 . 2009-04-30 12:42 10101760 c:\windows\ehome\ehres.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6A3E9978-15A9-4789-942B-300B094E628A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EF72632E-8049-4CD0-8A9C-B9E782C3E3A1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B729A190-FA7A-4B64-ACA4-F2DA61CE619E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0BE67C46-52A9-4510-90D7-0DF49FF27202}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{40F99537-380B-43A8-A68E-244EBF3584A7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A52AD778-3643-4718-BD32-419BBFD43D5D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{35EF347B-FEFE-4635-8D28-8094E322D867}c:\\program files\\steam\\steamapps\\killedchaos\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\killedchaos\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{8857856C-1FE5-4A87-8886-ADFD13EF561D}c:\\program files\\steam\\steamapps\\killedchaos\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\killedchaos\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{27CEE4B1-D3E9-4356-AFF6-952206B9040B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E7BE40C7-A131-4EC9-8CCA-E6F427D17ACB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{00C1C74A-159E-4219-8F75-EE295C4A2AC9}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{15C6C91D-D5C8-472A-A03E-F57280EC17CC}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{52143DC0-9160-4010-AECC-DDA68CB4C586}c:\\program files\\warcraft iii\\lc\\pickup.listchecker.exe"= UDP:c:\program files\warcraft iii\lc\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{E1735B74-DC0D-451D-9149-BAFD71F3569E}c:\\program files\\warcraft iii\\lc\\pickup.listchecker.exe"= TCP:c:\program files\warcraft iii\lc\pickup.listchecker.exe:pickup.listchecker
"TCP Query User{5216C62B-032E-4101-AFA0-ED27147B48FA}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{C0C1E3C0-0BB7-4455-9796-2226B796F438}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{0B2535FF-D90B-4E34-B0A9-8CB92175DD22}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{2B4659E6-E250-4EEB-988A-799EE613F41B}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{F378189F-954D-43DF-9559-F7D9AF2BD6E4}"= Disabled:UDP:443:ooVoo TCP port 443
"{3EB496D3-84CB-40A7-9EF9-31CC5EF3102C}"= Disabled:TCP:443:ooVoo UDP port 443
"{4D4B8B7D-BE38-4BB6-BA81-0714BB882BC4}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{C12CCCA7-525E-4135-97E2-B73D8943D16E}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{E4B57893-FA64-4D1B-9653-5633ED3789D0}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{229C41C3-84F9-4FC6-A956-DC7D3D176386}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{002E4D3D-B285-4A33-B084-E0C8F50C08AD}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{EAF22F02-42AF-4855-A03A-9A3A90F9FE11}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"UDP Query User{B290DB43-6822-4EB5-A51B-59309494BCA7}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"TCP Query User{4B0C5E14-5D7B-4439-93AD-77C293829481}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{EFE0A262-0F41-4394-9973-3AF9766C1D71}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{59464C3A-5E5A-46EF-B07A-7C2D887736BC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7733FC09-0731-4BD3-ACA3-DE4010C98C5E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DAEF5F1C-C89D-4142-9787-10F4677A3D31}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{289F7B32-413B-41CD-B499-F7AAE2F775B6}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DE07675E-28BB-4D7F-9CD2-2FE1C0CADB67}"= UDP:5353:Adobe CSI CS4
"{637E0024-9C38-4866-B3F7-92880DE04B7F}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{85F9F14B-84A6-45FB-9779-4294C9D15663}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/22/2009 11:26 AM 108289]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/8/2008 12:50 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [10/8/2008 12:50 AM 7424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe --> c:\windows\system32\aestsrv.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
.
.

Supplementary Scan

.
uStart Page = hxxp://mail.google.com/a/usc.edu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 16:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-23 16:52
ComboFix-quarantined-files.txt 2009-06-23 23:52
ComboFix2.txt 2009-06-23 23:46
ComboFix3.txt 2009-06-22 22:55

Pre-Run: 57,573,163,008 bytes free
Post-Run: 57,336,393,728 bytes free

526 --- E O F --- 2009-06-23 21:34
Upload was successful

al3xchung · June 2009

I just got the other USB flash drive, here is the USBNoRisk log.

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 6/24/2009 6:20:15 PM

Searching for connected USB Mass storage...

========================================

Searching for other storage...

C: {87251287-950a-11dd-b18f-806e6f6e6963}
D: {87251288-950a-11dd-b18f-806e6f6e6963}
========================================

Scanning fixed storage...

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 87251287-950a-11dd-b18f-806e6f6e6963
No Desktop.ini files found on C:

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 87251288-950a-11dd-b18f-806e6f6e6963
No Desktop.ini files found on D:

========================================
Initial scan finished!
========================================

New device connected at 6/24/2009 6:20:26 PM

Scanning for connected USB mass storage...

F: {1d754354-4735-11de-ae3e-001d095bdb4c}
Added F:
========================================

Scanning USB mass storage for files...

No blocked files found on F:

autorun.inf found on F:

File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked

[autorun]
open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe
shell\open\default=1

Files referenced from F:\autorun.inf.blocked

F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe -r-hs 72657

No mountpoint found for 1d754354-4735-11de-ae3e-001d095bdb4c

No Desktop.ini files found on F:

No mimics found on drive F:
========================================

al3xchung · June 2009

After connecting it to another family computer, the changelog changed a bit. Thank you so much for your help. I'm not sure if this extra information is helping, but I'm just trying my best to give you as much information as possible.

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 6/24/2009 6:30:01 PM

Searching for connected USB Mass storage...

========================================

Searching for other storage...

C: {87251287-950a-11dd-b18f-806e6f6e6963}
D: {87251288-950a-11dd-b18f-806e6f6e6963}
========================================

Scanning fixed storage...

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 87251287-950a-11dd-b18f-806e6f6e6963
No Desktop.ini files found on C:

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 87251288-950a-11dd-b18f-806e6f6e6963
No Desktop.ini files found on D:

========================================
Initial scan finished!
========================================

New device connected at 6/24/2009 6:30:07 PM

Scanning for connected USB mass storage...

F: {1d754354-4735-11de-ae3e-001d095bdb4c}
Added F:
========================================

Scanning USB mass storage for files...

Blocked file found: F:\autorun.inf.blocked

Content of F:\autorun.inf.blocked

[autorun]
open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe
shell\open\default=1

Files referenced from F:\autorun.inf.blocked

F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe -r-hs 72657

Blocked file found: F:\autorun(1).inf.blocked

Content of F:\autorun(1).inf.blocked

[AutoRun]
open=sal.xls.exe
shellexecute=sal.xls.exe
shell\Auto\command=sal.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk11

Files referenced from F:\autorun(1).inf.blocked

F:\sal.xls.exe ---hs 49152

Blocked file found: F:\autorun(2).inf.blocked

Content of F:\autorun(2).inf.blocked

[AutoRun]
open=sal.xls.exe
shellexecute=sal.xls.exe
shell\Auto\command=sal.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk11

Files referenced from F:\autorun(2).inf.blocked

F:\sal.xls.exe ---hs 49152

Blocked file found: F:\autorun(3).inf.blocked

Content of F:\autorun(3).inf.blocked

[AutoRun]
open=sal.xls.exe
shellexecute=sal.xls.exe
shell\Auto\command=sal.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk11

Files referenced from F:\autorun(3).inf.blocked

F:\sal.xls.exe ---hs 49152

No Autorun.inf files found on F:
No mountpoint found for 1d754354-4735-11de-ae3e-001d095bdb4c

No Desktop.ini files found on F:

No mimics found on drive F:
========================================

Katana · June 2009

It's possible that the other computer is also infected, you will need to start a thread for it once this machine is finished.

Do you know anything about Family Keylogger ?

Plug the USB drive back in the machine we are cleaning and then do the following

OTMoveIt
Please download OTM by OldTimer and save it to your desktop

Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )

:Processes
:Files
F:\autorun.inf.blocked
F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe
F:\autorun(1).inf.blocked
F:\sal.xls.exe
F:\autorun(2).inf.blocked
F:\autorun(3).inf.blocked
:Commands

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

How are things running now ?

al3xchung · June 2009

Here is the Log:

========== PROCESSES ==========
========== FILES ==========
F:\autorun.inf.blocked moved successfully.
File move failed. F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe scheduled to be moved on reboot.
F:\autorun(1).inf.blocked moved successfully.
File move failed. F:\sal.xls.exe scheduled to be moved on reboot.
F:\autorun(2).inf.blocked moved successfully.
F:\autorun(3).inf.blocked moved successfully.
F:\autorun(4).inf.blocked moved successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 3.0.0.2 log created on 06252009_142837

Files moved on Reboot...
F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\winsvc32.exe moved successfully.
File move failed. F:\sal.xls.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

So... there are lots of things that have improved already, but some of the problems are still present. I'm wondering if I should throw away this USB drive, and reformat my computer. Will the problems still exist? (I have most my documents on a partitioned drive). I'm really sorry if my computer is just not doing good... Thank you so much for your help though.

al3xchung · June 2009

Oh yeah, and about Family keylogger, a couple months ago, my ex-girlfriend decided to key log my computer and record everything I was typing. I found it and removed it and ended the relationship, are there any problems with the keylogger that can still be present?

Katana · June 2009

There is still a file left from the keylogger, but it doesn't appear to be active.
We can remove that in a moment.

You can just reformat the USB rather than throw it away.
In any case, it is clean now.

There is no sign of infection now, what problems are you still having ?

Please post a fresh RSIT log

al3xchung · June 2009

Logfile of random's system information tool 1.06 (written by random/random)
Run by Roston at 2009-06-26 22:22:49
MicrosoftÂ® Windows Vistaâ„¢ Ultimate
System drive C: has 56 GB (54%) free of 105 GB
Total RAM: 3581 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:54 PM, on 6/26/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Roston\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Roston.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/a/usc.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\system32\aestsrv.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 4491 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-08 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-10 36864]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-03 13552160]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-03 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-08 148888]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.2]
msime80.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsServer]
msfir80.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-06-25 16:48:23 ----A---- C:\sched.txt
2009-06-25 14:28:37 ----D---- C:\_OTM
2009-06-23 17:19:16 ----A---- C:\log.txt
2009-06-23 17:18:14 ----D---- C:\Windows\temp
2009-06-23 16:52:17 ----SHD---- C:\$RECYCLE.BIN
2009-06-23 16:52:16 ----A---- C:\ComboFix.txt
2009-06-23 16:47:19 ----A---- C:\Windows\zip.exe
2009-06-23 16:47:19 ----A---- C:\Windows\SWXCACLS.exe
2009-06-23 16:47:19 ----A---- C:\Windows\SWSC.exe
2009-06-23 16:47:19 ----A---- C:\Windows\SWREG.exe
2009-06-23 16:47:19 ----A---- C:\Windows\sed.exe
2009-06-23 16:47:19 ----A---- C:\Windows\PEV.exe
2009-06-23 16:47:19 ----A---- C:\Windows\NIRCMD.exe
2009-06-23 16:47:19 ----A---- C:\Windows\grep.exe
2009-06-22 16:24:06 ----A---- C:\Windows\system32\EncDec.dll
2009-06-22 16:24:05 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-22 16:24:03 ----A---- C:\Windows\system32\mcmde.dll
2009-06-22 16:15:08 ----A---- C:\Windows\system32\localspl.dll
2009-06-22 16:15:04 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-22 16:14:29 ----A---- C:\Windows\system32\mstime.dll
2009-06-22 16:14:29 ----A---- C:\Windows\system32\mshtml.dll
2009-06-22 16:14:28 ----A---- C:\Windows\system32\ieframe.dll
2009-06-22 16:14:27 ----A---- C:\Windows\system32\urlmon.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\wininet.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\occache.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\ieui.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\iertutil.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\iernonce.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\ieencode.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\icardie.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\advpack.dll
2009-06-22 16:14:26 ----A---- C:\Windows\system32\admparse.dll
2009-06-22 16:14:25 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-22 16:14:25 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-22 16:14:25 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-22 16:14:25 ----A---- C:\Windows\system32\iesetup.dll
2009-06-22 16:14:25 ----A---- C:\Windows\system32\ieakui.dll
2009-06-22 16:14:25 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-22 16:14:24 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-22 15:50:10 ----D---- C:\Windows\ERDNT
2009-06-22 15:49:58 ----D---- C:\Qoobox
2009-06-22 14:32:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-22 14:26:33 ----D---- C:\USBNoRisk
2009-06-22 11:29:58 ----D---- C:\rsit
2009-06-22 11:26:03 ----D---- C:\Program Files\Avira
2009-06-07 15:45:26 ----D---- C:\Program Files\Adobe Media Player
2009-06-07 15:42:21 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-05-31 23:41:29 ----D---- C:\Program Files\DotA Gaming Network
2009-05-31 23:41:29 ----A---- C:\Windows\system32\BNCSutil.dll

======List of files/folders modified in the last 1 months======

2009-06-26 22:22:54 ----D---- C:\Windows\Prefetch
2009-06-26 22:06:23 ----D---- C:\Program Files\Mozilla Firefox
2009-06-26 17:42:32 ----SHD---- C:\System Volume Information
2009-06-26 17:27:22 ----D---- C:\Windows\system32\catroot2
2009-06-25 16:09:49 ----D---- C:\Program Files\Warcraft III
2009-06-25 14:37:35 ----D---- C:\Windows\System32
2009-06-25 14:37:35 ----D---- C:\Windows\inf
2009-06-25 14:37:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-23 17:18:14 ----D---- C:\Windows
2009-06-23 16:51:12 ----A---- C:\Windows\system.ini
2009-06-23 16:49:38 ----D---- C:\Windows\system32\drivers
2009-06-23 16:49:38 ----D---- C:\Windows\AppPatch
2009-06-23 16:49:38 ----D---- C:\Program Files\Common Files
2009-06-23 14:34:06 ----D---- C:\Windows\winsxs
2009-06-23 14:28:25 ----D---- C:\Program Files\Common Files\Steam
2009-06-23 14:28:23 ----D---- C:\Program Files\Steam
2009-06-23 14:28:01 ----RD---- C:\Program Files
2009-06-23 14:24:15 ----D---- C:\Windows\Microsoft.NET
2009-06-23 14:23:48 ----D---- C:\Windows\system32\catroot
2009-06-23 03:08:49 ----D---- C:\Windows\ehome
2009-06-23 03:08:47 ----D---- C:\Windows\system32\migration
2009-06-23 03:08:47 ----D---- C:\Program Files\Internet Explorer
2009-06-22 14:32:39 ----HD---- C:\ProgramData
2009-06-22 11:25:24 ----SHD---- C:\Windows\Installer
2009-06-22 11:17:12 ----D---- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2009-06-18 23:18:21 ----RD---- C:\Users
2009-06-07 15:45:37 ----D---- C:\Program Files\Adobe
2009-06-07 15:45:12 ----D---- C:\Program Files\Common Files\Adobe
2009-06-01 09:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-05-27 02:18:38 ----D---- C:\Program Files\ooVoo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-10-08 320000]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-08 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-06-10 33352]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-10-08 82432]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-10-10 50704]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-10-08 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 catchme;catchme; \??\C:\Users\Roston\AppData\Local\Temp\catchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-07 655624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-06-15 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]

EOF

Katana · June 2009

Katana wrote:

There is no sign of infection now, what problems are you still having ?

OTMoveIt

Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )

:Processes
:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsServer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
:Files
:Commands
[Purity]
[EmptyTemp]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

al3xchung · July 2009

I'm really sorry I forgot to mention that I was going out of town for a few days to go camping. I just got back late tonight. It's 5:11AM where I live, I'm going to go to sleep and follow your instructions tomorrow. Thank you so much for your help. This has probably been moved to unactive or resolved or whatever.. Hmm.

Katana · July 2009

al3xchung wrote:

This has probably been moved to unactive or resolved or whatever.

Nope, I'm still here

al3xchung · July 2009

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsServer\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

User: Default User

User: Guest

User: Public

User: ReleaseEngineer.MACROVISION

User: Roston
->Java cache emptied: 10433364 bytes
->FireFox cache emptied: 113595191 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2319872 bytes
Windows Temp folder emptied: 21022 bytes

RecycleBin emptied: 9289 bytes

Total Files Cleaned = 120.52 mb

OTM by OldTimer - Version 3.0.0.2 log created on 07012009_154447

Files moved on Reboot...

Registry entries deleted on Reboot...

Things seem to be running a lot smoother as of late. Is most of my system clean now?

Katana · July 2009

al3xchung wrote:

Is most of my system clean now?

As far as I could see, your machine was clean on the 25th

It was you that said there were problems still

al3xchung wrote:

but some of the problems are still present.

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.

Uninstall Combofix

This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

Uninstall OTMoveIt (OTM.exe)

Open OTMoveIt Click Cleanup,
When a box pops up click YES.

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware isnot the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program

It includes host protection and registry protection
A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialise and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

FireFox
- With many addons available that make customization easy this is a very popular choice
- NoScript and AdBlockPlus addons are essential
Opera
- Another popular alternative
Netscape
- Another popular alternative
- Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

al3xchung · July 2009

hahahah i think everything is good! i can still keep this page bookmarked to look at this page after it's closed right?

thank you so much Katana!

Katana · July 2009

al3xchung wrote:

i can still keep this page bookmarked to look at this page after it's closed right?

Certainly

Computer's slowed down, some problems here and there

Comments