Unsolved
This post is more than 5 years old
5 Posts
0
2612
Spyware Doctor 6 blocked A0001125.EXE from accessing a file
I am currently running Spyware Doctor 6, Sygate Personal Firewall and Spybot Search & Destroy on my Dell Latitude D800.
I Keep getting the "blocked threat" window and the above EXE file is the infected file... pointing to a directory on my computer that I cannot even find.
Here is my HJT log file... I'm new (just created my account a short while ago) and i've read the do's and don'ts but i've had a long day and I might do something wrong... so just bare with me... Thanks in advance for the help.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:58 AM, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.programchecker.com/selectFileToScan.aspx?installed=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O8 - Extra context menu item: &Search - ?p=ZKxdm102YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203448735820
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9857dace9a06a) (gupdate1c9857dace9a06a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7966 bytes
bamajim
10.4K Posts
0
February 4th, 2009 06:00
1. Go HERE and download File Lister.
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
FooFighterGuy
5 Posts
0
February 4th, 2009 08:00
Thanks again for your help....
here is the contents of the log file from Lister
+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.5
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++
Report ran on --->>> 2/4/2009 11:10:32 AM
====== Running Processes ======
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======
BHO: (NO NAME) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: (NO NAME) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: (NO NAME) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll
====== Values under HKLM\~\Run ======
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"ISTray"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
====== Values under HKCU\~\Run ======
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="\"C:\\Program Files\\TuneUp Utilities 2009\\MemOptimizer.exe\" autostart"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""
====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======
1/8/2009 12:21:25 AM 1387824 C:\Config.Msi
1/7/2009 11:47:12 AM 145422333 C:\dell
1/7/2009 11:47:12 AM 145422333 C:\dell\drivers
1/7/2009 8:11:05 PM 6603137 C:\dell\drivers\R107518
1/7/2009 8:11:05 PM 107828 C:\dell\drivers\R107518\DOS
1/7/2009 8:11:05 PM 50542 C:\dell\drivers\R107518\DOS\NDIS2
1/7/2009 8:11:05 PM 50542 C:\dell\drivers\R107518\DOS\NDIS2\v8.19
1/7/2009 8:11:05 PM 57286 C:\dell\drivers\R107518\DOS\ODI
1/7/2009 8:11:05 PM 57286 C:\dell\drivers\R107518\DOS\ODI\v8.17
1/7/2009 8:11:07 PM 448317 C:\dell\drivers\R107518\Win2K
1/7/2009 8:11:07 PM 448317 C:\dell\drivers\R107518\Win2K\v8.27.1
1/7/2009 8:11:07 PM 446210 C:\dell\drivers\R107518\WinXP
1/7/2009 8:11:07 PM 446210 C:\dell\drivers\R107518\WinXP\v8.27.1
1/7/2009 11:47:12 AM 6839446 C:\dell\drivers\R111550
1/7/2009 11:47:14 AM 379160 C:\dell\drivers\R111550\Windows
1/7/2009 11:47:14 AM 379160 C:\dell\drivers\R111550\Windows\tiinst1
1/7/2009 11:48:00 AM 3895625 C:\dell\drivers\R114079
1/7/2009 11:48:06 AM 2361236 C:\dell\drivers\R114079\Lang
1/7/2009 11:48:06 AM 89835 C:\dell\drivers\R114079\Lang\ARA
1/7/2009 11:48:07 AM 83761 C:\dell\drivers\R114079\Lang\CHS
1/7/2009 11:48:07 AM 84306 C:\dell\drivers\R114079\Lang\CHT
1/7/2009 11:48:08 AM 96916 C:\dell\drivers\R114079\Lang\CSY
1/7/2009 11:48:10 AM 97586 C:\dell\drivers\R114079\Lang\DAN
1/7/2009 11:48:10 AM 99077 C:\dell\drivers\R114079\Lang\DEU
1/7/2009 11:48:11 AM 99263 C:\dell\drivers\R114079\Lang\ELL
1/7/2009 11:48:11 AM 72761 C:\dell\drivers\R114079\Lang\ENU
1/7/2009 11:48:11 AM 97870 C:\dell\drivers\R114079\Lang\ESN
1/7/2009 11:48:11 AM 97162 C:\dell\drivers\R114079\Lang\FIN
1/7/2009 11:48:11 AM 98225 C:\dell\drivers\R114079\Lang\FRA
1/7/2009 11:48:11 AM 89469 C:\dell\drivers\R114079\Lang\HEB
1/7/2009 11:48:11 AM 98164 C:\dell\drivers\R114079\Lang\HUN
1/7/2009 11:48:11 AM 98380 C:\dell\drivers\R114079\Lang\ITA
1/7/2009 11:48:11 AM 91056 C:\dell\drivers\R114079\Lang\JPN
1/7/2009 11:48:11 AM 91334 C:\dell\drivers\R114079\Lang\KOR
1/7/2009 11:48:12 AM 98421 C:\dell\drivers\R114079\Lang\NLD
1/7/2009 11:48:12 AM 97037 C:\dell\drivers\R114079\Lang\NOR
1/7/2009 11:48:12 AM 99173 C:\dell\drivers\R114079\Lang\PLK
1/7/2009 11:48:12 AM 97215 C:\dell\drivers\R114079\Lang\PTB
1/7/2009 11:48:12 AM 97821 C:\dell\drivers\R114079\Lang\PTG
1/7/2009 11:48:12 AM 98737 C:\dell\drivers\R114079\Lang\RUS
1/7/2009 11:48:12 AM 97389 C:\dell\drivers\R114079\Lang\SVE
1/7/2009 11:48:12 AM 92543 C:\dell\drivers\R114079\Lang\THA
1/7/2009 11:48:13 AM 97735 C:\dell\drivers\R114079\Lang\TRK
1/7/2009 11:48:15 AM 402457 C:\dell\drivers\R114079\win2000
1/7/2009 11:48:17 AM 54064 C:\dell\drivers\R114079\win2000\SP
1/7/2009 11:48:17 AM 333654 C:\dell\drivers\R114079\win2003
1/7/2009 11:48:18 AM 42897 C:\dell\drivers\R114079\win2003\SP
1/7/2009 11:48:18 AM 408886 C:\dell\drivers\R114079\XP
1/7/2009 11:48:19 AM 57663 C:\dell\drivers\R114079\XP\SP
1/7/2009 12:43:39 PM 69849412 C:\dell\drivers\R140745
1/7/2009 12:43:59 PM 6902784 C:\dell\drivers\R140745\AMD64
1/7/2009 12:44:03 PM 2020934 C:\dell\drivers\R140745\DRIVER
1/7/2009 8:14:53 PM 11611195 C:\dell\drivers\R171887
1/7/2009 8:12:47 PM 7466189 C:\dell\drivers\R56673
1/7/2009 8:08:36 PM 10863711 C:\dell\drivers\R59662
1/8/2009 1:07:12 AM 983363 C:\dell\drivers\R71801
1/8/2009 1:04:02 AM 22365821 C:\dell\drivers\R88792
1/7/2009 8:02:46 PM 4944434 C:\dell\drivers\R90698
1/7/2009 8:02:46 PM 418520 C:\dell\drivers\R90698\WDM
2/4/2009 11:10:34 AM 6987 32 C:\Files.txt
1/10/2009 2:20:31 AM 24 32 C:\sierra.inf
12/12/2008 3:15:57 AM 0 C:\WINDOWS\$NtUninstallKB955839$
1/13/2009 10:51:56 PM 0 C:\WINDOWS\$NtUninstallKB958687$
1/23/2009 10:13:20 PM 379417 C:\WINDOWS\784E6B0F00EC495095A2BBA64F44EC48.TMP
12/22/2008 1:37:12 PM 0 C:\WINDOWS\Minidump
12/24/2008 11:12:44 AM 5478394 C:\WINDOWS\Prefetch
1/18/2009 8:54:35 PM 738 C:\WINDOWS\pss
1/7/2009 11:51:22 AM 379160 C:\WINDOWS\tiinst1
2/4/2009 12:22:27 AM 0 32 C:\WINDOWS\0.log
12/17/2008 9:52:48 PM 19569 32 C:\WINDOWS\003782_.tmp
1/7/2009 8:16:49 PM 3840 32 C:\WINDOWS\DellBIOS.Sys
2/4/2009 12:11:29 AM 286952 32 C:\WINDOWS\ntbtlog.txt
1/7/2009 8:15:32 PM 666 32 C:\WINDOWS\speed.reg
1/6/2009 1:25:32 AM 598 32 C:\WINDOWS\wininit.ini
12/26/2008 2:28:12 PM 36864 32 C:\WINDOWS\system32\ascbalon.dll
1/7/2009 12:49:18 PM 89088 32 C:\WINDOWS\system32\atl71.dll
12/17/2008 9:52:21 PM 233472 0 C:\WINDOWS\system32\azroles.dll
1/7/2009 12:49:11 PM 757760 32 C:\WINDOWS\system32\bcm1xsup.dll
1/7/2009 12:49:21 PM 770048 32 C:\WINDOWS\system32\BCMLogon.dll
1/7/2009 12:49:13 PM 3395584 32 C:\WINDOWS\system32\BCMWLCPL.CPL
1/7/2009 12:49:14 PM 69632 32 C:\WINDOWS\system32\bcmwlpkt.dll
1/7/2009 12:49:12 PM 1253376 32 C:\WINDOWS\system32\BCMWLTRY.EXE
1/7/2009 12:49:14 PM 253952 32 C:\WINDOWS\system32\bcmwlu00.exe
12/17/2008 9:52:21 PM 7168 0 C:\WINDOWS\system32\bitsprx4.dll
1/25/2009 12:56:13 AM 282624 32 C:\WINDOWS\system32\camcpl.cpl
12/26/2008 2:27:55 PM 208896 32 C:\WINDOWS\system32\ConTest.dll
12/26/2008 2:27:56 PM 45056 32 C:\WINDOWS\system32\CreateLog.dll
12/17/2008 9:52:31 PM 12800 0 C:\WINDOWS\system32\credssp.dll
1/7/2009 8:13:32 PM 53248 32 C:\WINDOWS\system32\DellSys.dll
12/17/2008 9:52:37 PM 48640 0 C:\WINDOWS\system32\dhcpqec.dll
12/17/2008 9:52:38 PM 19456 0 C:\WINDOWS\system32\dimsntfy.dll
12/17/2008 9:52:38 PM 39936 0 C:\WINDOWS\system32\dimsroam.dll
12/17/2008 9:52:40 PM 26112 0 C:\WINDOWS\system32\dot3api.dll
12/17/2008 9:52:40 PM 57856 0 C:\WINDOWS\system32\dot3cfg.dll
12/17/2008 9:52:40 PM 9216 0 C:\WINDOWS\system32\dot3dlg.dll
12/17/2008 9:52:40 PM 39936 0 C:\WINDOWS\system32\dot3gpclnt.dll
12/17/2008 9:52:40 PM 56320 0 C:\WINDOWS\system32\dot3msm.dll
12/17/2008 9:52:40 PM 132096 0 C:\WINDOWS\system32\dot3svc.dll
12/17/2008 9:52:41 PM 650752 0 C:\WINDOWS\system32\dot3ui.dll
1/6/2009 2:02:49 AM 26000 32 C:\WINDOWS\system32\E3TL.DLL
12/17/2008 9:52:45 PM 30720 0 C:\WINDOWS\system32\eapolqec.dll
12/17/2008 9:52:45 PM 184832 0 C:\WINDOWS\system32\eapp3hst.dll
12/17/2008 9:52:46 PM 126976 0 C:\WINDOWS\system32\eappcfg.dll
12/17/2008 9:52:46 PM 94208 0 C:\WINDOWS\system32\eappgnui.dll
12/17/2008 9:52:46 PM 180224 0 C:\WINDOWS\system32\eapphost.dll
12/17/2008 9:52:46 PM 40960 0 C:\WINDOWS\system32\eappprxy.dll
12/17/2008 9:52:46 PM 59392 0 C:\WINDOWS\system32\eapqec.dll
12/17/2008 9:52:46 PM 33792 0 C:\WINDOWS\system32\eapsvc.dll
1/25/2009 12:58:14 AM 491 32 C:\WINDOWS\system32\Installer.log
1/25/2009 12:56:36 AM 53248 33 C:\WINDOWS\system32\InstMed.exe
1/25/2009 12:56:12 AM 29795 32 C:\WINDOWS\system32\ITIG726.acm
12/17/2008 9:53:29 PM 6144 0 C:\WINDOWS\system32\kbdbhc.dll
12/17/2008 9:53:30 PM 6144 0 C:\WINDOWS\system32\kbdiultn.dll
12/17/2008 9:53:30 PM 6144 0 C:\WINDOWS\system32\kbdnepr.dll
12/17/2008 9:53:30 PM 6144 0 C:\WINDOWS\system32\kbdpash.dll
12/17/2008 9:53:31 PM 61440 0 C:\WINDOWS\system32\kmsvc.dll
12/17/2008 9:53:33 PM 37376 0 C:\WINDOWS\system32\l2gpstore.dll
1/25/2009 12:56:13 AM 462848 32 C:\WINDOWS\system32\LCamCpl.dll
1/25/2009 12:56:00 AM 30720 32 C:\WINDOWS\system32\lfbmp12n.dll
1/25/2009 12:56:00 AM 328704 32 C:\WINDOWS\system32\LFCMP12n.DLL
1/25/2009 12:56:01 AM 78336 32 C:\WINDOWS\system32\lffax12n.dll
1/25/2009 12:56:01 AM 141312 32 C:\WINDOWS\system32\lftif12n.dll
1/25/2009 12:55:58 AM 90112 32 C:\WINDOWS\system32\LQCUI2.dll
1/25/2009 12:56:01 AM 259072 32 C:\WINDOWS\system32\LTDIS12n.dll
1/25/2009 12:56:01 AM 207872 32 C:\WINDOWS\system32\ltefx12n.dll
1/25/2009 12:56:01 AM 131072 32 C:\WINDOWS\system32\ltfil12n.DLL
1/25/2009 12:56:01 AM 164864 32 C:\WINDOWS\system32\ltimg12n.dll
1/25/2009 12:56:01 AM 406016 32 C:\WINDOWS\system32\ltkrn12n.dll
1/25/2009 12:56:10 AM 628736 32 C:\WINDOWS\system32\ltocx12n.ocx
1/25/2009 12:56:10 AM 192512 32 C:\WINDOWS\system32\ltscr12n.ocx
1/25/2009 12:56:01 AM 856064 32 C:\WINDOWS\system32\Ltwvc12n.dll
1/25/2009 12:56:27 AM 416544 32 C:\WINDOWS\system32\lvcodec2.dll
1/25/2009 12:56:27 AM 106496 32 C:\WINDOWS\system32\lvcoinst.dll
1/25/2009 12:56:27 AM 57126 32 C:\WINDOWS\system32\lvcoinst.ini
1/25/2009 12:43:29 AM 3676 32 C:\WINDOWS\system32\lvcoinst.log
1/25/2009 12:56:13 AM 215552 32 C:\WINDOWS\system32\Lvkrn12n.dll
1/25/2009 12:56:27 AM 490272 32 C:\WINDOWS\system32\LVUI2.dll
1/25/2009 12:56:27 AM 465696 32 C:\WINDOWS\system32\LVUI2RC.dll
12/17/2008 9:53:49 PM 184320 0 C:\WINDOWS\system32\microsoft.managementconsole.dll
12/17/2008 9:53:49 PM 397312 0 C:\WINDOWS\system32\mmcex.dll
12/17/2008 9:53:49 PM 106496 0 C:\WINDOWS\system32\mmcfxcommon.dll
12/17/2008 9:53:50 PM 33792 0 C:\WINDOWS\system32\mmcperf.exe
1/13/2009 10:50:19 PM 118 32 C:\WINDOWS\system32\MRT.INI
12/26/2008 2:28:11 PM 1066176 32 C:\WINDOWS\system32\mscomctl.ocx
1/2/2009 1:33:12 AM 55296 32 C:\WINDOWS\system32\msqpdxoboeypdq.dll
12/17/2008 9:54:15 PM 155136 0 C:\WINDOWS\system32\mssha.dll
12/17/2008 9:54:15 PM 76800 0 C:\WINDOWS\system32\msshavmsg.dll
12/17/2008 9:54:19 PM 79872 32 C:\WINDOWS\system32\msxml6r.dll
12/17/2008 9:54:21 PM 30208 0 C:\WINDOWS\system32\napipsec.dll
12/17/2008 9:54:21 PM 193024 0 C:\WINDOWS\system32\napmontr.dll
12/17/2008 9:54:21 PM 176640 0 C:\WINDOWS\system32\napstat.exe
12/17/2008 9:54:37 PM 144384 0 C:\WINDOWS\system32\onex.dll
12/17/2008 9:53:12 PM 974 0 C:\WINDOWS\system32\pid.inf
1/7/2009 12:49:15 PM 86016 32 C:\WINDOWS\system32\preflib.dll
12/17/2008 9:54:43 PM 150528 0 C:\WINDOWS\system32\qagent.dll
12/17/2008 9:54:43 PM 291328 0 C:\WINDOWS\system32\qagentrt.dll
12/17/2008 9:54:43 PM 62464 0 C:\WINDOWS\system32\qcliprov.dll
1/25/2009 12:56:01 AM 466944 32 C:\WINDOWS\system32\QCUI2.dll
12/17/2008 9:54:45 PM 76800 0 C:\WINDOWS\system32\qutil.dll
12/17/2008 9:54:46 PM 61952 0 C:\WINDOWS\system32\rasqec.dll
1/15/2009 7:43:15 AM 927744 32 C:\WINDOWS\system32\rn.tmp
12/17/2008 9:53:12 PM 9728 0 C:\WINDOWS\system32\rwnh.dll
12/17/2008 9:54:53 PM 32768 0 C:\WINDOWS\system32\setupn.exe
12/17/2008 9:53:12 PM 10752 0 C:\WINDOWS\system32\smtpapi.dll
12/17/2008 8:49:08 PM 160 32 C:\WINDOWS\system32\spdwnwxp.log
1/25/2009 10:29:36 AM 83096 32 C:\WINDOWS\system32\SSSensor.dll
12/26/2008 2:28:06 PM 20480 32 C:\WINDOWS\system32\SysRestore.dll
12/17/2008 9:55:52 PM 50688 0 C:\WINDOWS\system32\tspkg.dll
1/29/2009 5:54:48 AM 360192 32 C:\WINDOWS\system32\TuneUpDefragService.exe
1/29/2009 5:54:54 AM 603904 32 C:\WINDOWS\system32\TUProgSt.exe
1/29/2009 5:54:50 AM 27904 32 C:\WINDOWS\system32\uxtuneup.dll
1/25/2009 12:56:02 AM 86016 32 C:\WINDOWS\system32\vatee.ax
12/17/2008 9:56:23 PM 69120 0 C:\WINDOWS\system32\wlanapi.dll
1/7/2009 12:49:11 PM 2129920 32 C:\WINDOWS\system32\WLBCGCBPRO731.DLL
1/7/2009 12:49:13 PM 1392640 32 C:\WINDOWS\system32\WLTRAY.EXE
1/7/2009 12:49:14 PM 44032 32 C:\WINDOWS\system32\wltrynt.dll
1/7/2009 12:49:12 PM 20480 32 C:\WINDOWS\system32\WLTRYSVC.EXE
====== Files under "\Administrator\Startup" Last 60 Days======
====== Files under "\All Users\Startup" Last 60 Days======
====== Folders under "\Program Files" Last 60 Days======
1/10/2009 1:31:21 AM 243858793 C:\Program Files\3DUCPool
1/10/2009 1:31:24 AM 368865 C:\Program Files\3DUCPool\gamelogic
1/10/2009 1:31:27 AM 242677351 C:\Program Files\3DUCPool\volumes
1/10/2009 1:31:27 AM 134919593 C:\Program Files\3DUCPool\volumes\games
12/22/2008 3:30:00 AM 323584 C:\Program Files\Bonjour
1/7/2009 12:49:10 PM 2933717 C:\Program Files\Dell
1/7/2009 12:49:10 PM 1922819 C:\Program Files\Dell\Dell Wireless WLAN Card
1/7/2009 12:49:10 PM 1266246 C:\Program Files\Dell\Dell Wireless WLAN Card\Driver
1/7/2009 8:15:32 PM 1010898 C:\Program Files\Dell\Notebook System Software
1/7/2009 8:15:33 PM 42136 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_ARA
1/7/2009 8:15:33 PM 39832 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_CHS
1/7/2009 8:15:32 PM 41362 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_CHT
1/7/2009 8:15:33 PM 42266 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_CSY
1/7/2009 8:15:33 PM 42272 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_DAN
1/7/2009 8:15:33 PM 42524 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_DEU
1/7/2009 8:15:33 PM 42798 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_ELL
1/7/2009 8:15:33 PM 39832 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_ENU
1/7/2009 8:15:34 PM 42541 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_ESN
1/7/2009 8:15:34 PM 42396 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_FIN
1/7/2009 8:15:34 PM 42654 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_FRA
1/7/2009 8:15:32 PM 42007 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_HEB
1/7/2009 8:15:32 PM 42664 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_HUN
1/7/2009 8:15:32 PM 42397 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_ITA
1/7/2009 8:15:33 PM 41755 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_JPN
1/7/2009 8:15:33 PM 42139 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_KOR
1/7/2009 8:15:33 PM 42530 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_NLD
1/7/2009 8:15:33 PM 42267 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_NOR
1/7/2009 8:15:33 PM 42396 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_PLK
1/7/2009 8:15:33 PM 42405 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_PTB
1/7/2009 8:15:33 PM 42410 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_PTG
1/7/2009 8:15:33 PM 42653 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_RUS
1/7/2009 8:15:33 PM 42398 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_SVE
1/7/2009 8:15:33 PM 42264 C:\Program Files\Dell\Notebook System Software\Q332179_WXP_SP2_x86_TRK
12/10/2008 2:16:00 AM 3280231 C:\Program Files\DivX
12/10/2008 7:37:17 AM 3048407 C:\Program Files\DivX\DivX Web Player
12/10/2008 7:37:20 AM 1656653 C:\Program Files\DivX\DivX Web Player\Microsoft.VC80.CRT
12/10/2008 7:37:22 AM 14393 C:\Program Files\DivX\DivX Web Player\Skins
2/2/2009 4:30:25 PM 93082779 C:\Program Files\Google
2/2/2009 4:32:14 PM 54750325 C:\Program Files\Google\Chrome
2/2/2009 4:32:14 PM 54750325 C:\Program Files\Google\Chrome\Application
2/2/2009 4:32:14 PM 53983513 C:\Program Files\Google\Chrome\Application\1.0.154.46
2/2/2009 4:32:22 PM 27846341 C:\Program Files\Google\Chrome\Application\1.0.154.46\Installer
2/2/2009 4:32:18 PM 4350976 C:\Program Files\Google\Chrome\Application\1.0.154.46\Locales
2/2/2009 4:32:15 PM 683124 C:\Program Files\Google\Chrome\Application\1.0.154.46\Resources
2/2/2009 4:32:16 PM 683124 C:\Program Files\Google\Chrome\Application\1.0.154.46\Resources\Inspector
2/2/2009 4:32:17 PM 285727 C:\Program Files\Google\Chrome\Application\1.0.154.46\Resources\Inspector\Images
2/2/2009 4:32:15 PM 338432 C:\Program Files\Google\Chrome\Application\1.0.154.46\Themes
2/2/2009 4:32:22 PM 0 C:\Program Files\Google\Chrome\Application\Dictionaries
2/2/2009 4:30:25 PM 182768 C:\Program Files\Google\Common
2/2/2009 4:30:25 PM 182768 C:\Program Files\Google\Common\Google Updater
2/2/2009 4:33:26 PM 31457654 C:\Program Files\Google\Google Earth
2/2/2009 4:33:27 PM 4266 C:\Program Files\Google\Google Earth\kvw
2/2/2009 4:33:27 PM 7784675 C:\Program Files\Google\Google Earth\lang
2/2/2009 4:33:27 PM 2754877 C:\Program Files\Google\Google Earth\res
2/2/2009 4:33:33 PM 1149 C:\Program Files\Google\Google Earth\res\ad.country
2/2/2009 4:33:33 PM 1130 C:\Program Files\Google\Google Earth\res\ae.country
2/2/2009 4:33:33 PM 1121 C:\Program Files\Google\Google Earth\res\af.country
2/2/2009 4:33:33 PM 1141 C:\Program Files\Google\Google Earth\res\ag.country
2/2/2009 4:33:34 PM 1156 C:\Program Files\Google\Google Earth\res\ai.country
2/2/2009 4:33:34 PM 1117 C:\Program Files\Google\Google Earth\res\al.country
2/2/2009 4:33:34 PM 1117 C:\Program Files\Google\Google Earth\res\am.country
2/2/2009 4:33:34 PM 1144 C:\Program Files\Google\Google Earth\res\an.country
2/2/2009 4:33:34 PM 1156 C:\Program Files\Google\Google Earth\res\ao.country
2/2/2009 4:33:34 PM 1150 C:\Program Files\Google\Google Earth\res\aq.country
2/2/2009 4:33:34 PM 1123 C:\Program Files\Google\Google Earth\res\ar.country
2/2/2009 4:33:34 PM 1001 C:\Program Files\Google\Google Earth\res\ar.locale
2/2/2009 4:33:34 PM 1160 C:\Program Files\Google\Google Earth\res\as.country
2/2/2009 4:33:34 PM 1177 C:\Program Files\Google\Google Earth\res\at.country
2/2/2009 4:33:34 PM 1123 C:\Program Files\Google\Google Earth\res\au.country
2/2/2009 4:33:34 PM 1151 C:\Program Files\Google\Google Earth\res\aw.country
2/2/2009 4:33:34 PM 1153 C:\Program Files\Google\Google Earth\res\ax.country
2/2/2009 4:33:34 PM 1128 C:\Program Files\Google\Google Earth\res\az.country
2/2/2009 4:33:34 PM 1132 C:\Program Files\Google\Google Earth\res\ba.country
2/2/2009 4:33:35 PM 1180 C:\Program Files\Google\Google Earth\res\bb.country
2/2/2009 4:33:35 PM 1120 C:\Program Files\Google\Google Earth\res\bd.country
2/2/2009 4:33:35 PM 1145 C:\Program Files\Google\Google Earth\res\be.country
2/2/2009 4:33:35 PM 1122 C:\Program Files\Google\Google Earth\res\bf.country
2/2/2009 4:33:35 PM 1118 C:\Program Files\Google\Google Earth\res\bg.country
2/2/2009 4:33:35 PM 1123 C:\Program Files\Google\Google Earth\res\bh.country
2/2/2009 4:33:35 PM 1121 C:\Program Files\Google\Google Earth\res\bi.country
2/2/2009 4:33:35 PM 1121 C:\Program Files\Google\Google Earth\res\bj.country
2/2/2009 4:33:35 PM 1155 C:\Program Files\Google\Google Earth\res\bm.country
2/2/2009 4:33:35 PM 1178 C:\Program Files\Google\Google Earth\res\bn.country
2/2/2009 4:33:35 PM 1121 C:\Program Files\Google\Google Earth\res\bo.country
2/2/2009 4:33:35 PM 1150 C:\Program Files\Google\Google Earth\res\br.country
2/2/2009 4:33:35 PM 1130 C:\Program Files\Google\Google Earth\res\bs.country
2/2/2009 4:33:35 PM 1124 C:\Program Files\Google\Google Earth\res\bt.country
2/2/2009 4:33:35 PM 1157 C:\Program Files\Google\Google Earth\res\bv.country
2/2/2009 4:33:35 PM 1120 C:\Program Files\Google\Google Earth\res\bw.country
2/2/2009 4:33:35 PM 1117 C:\Program Files\Google\Google Earth\res\by.country
2/2/2009 4:33:35 PM 1130 C:\Program Files\Google\Google Earth\res\bz.country
2/2/2009 4:33:35 PM 1148 C:\Program Files\Google\Google Earth\res\ca.country
2/2/2009 4:33:35 PM 1169 C:\Program Files\Google\Google Earth\res\cc.country
2/2/2009 4:33:35 PM 1141 C:\Program Files\Google\Google Earth\res\cd.country
2/2/2009 4:33:35 PM 1132 C:\Program Files\Google\Google Earth\res\cf.country
2/2/2009 4:33:35 PM 1157 C:\Program Files\Google\Google Earth\res\cg.country
2/2/2009 4:33:35 PM 1119 C:\Program Files\Google\Google Earth\res\ch.country
2/2/2009 4:33:35 PM 1126 C:\Program Files\Google\Google Earth\res\ci.country
2/2/2009 4:33:35 PM 1186 C:\Program Files\Google\Google Earth\res\ck.country
2/2/2009 4:33:35 PM 1149 C:\Program Files\Google\Google Earth\res\cl.country
2/2/2009 4:33:35 PM 1116 C:\Program Files\Google\Google Earth\res\cm.country
2/2/2009 4:33:36 PM 1117 C:\Program Files\Google\Google Earth\res\cn.country
2/2/2009 4:33:36 PM 1118 C:\Program Files\Google\Google Earth\res\co.country
2/2/2009 4:33:36 PM 1122 C:\Program Files\Google\Google Earth\res\cr.country
2/2/2009 4:33:36 PM 1120 C:\Program Files\Google\Google Earth\res\cu.country
2/2/2009 4:33:36 PM 1122 C:\Program Files\Google\Google Earth\res\cv.country
2/2/2009 4:33:36 PM 1162 C:\Program Files\Google\Google Earth\res\cx.country
2/2/2009 4:33:36 PM 1116 C:\Program Files\Google\Google Earth\res\cy.country
2/2/2009 4:33:36 PM 1134 C:\Program Files\Google\Google Earth\res\cz.country
2/2/2009 4:33:36 PM 1115 C:\Program Files\Google\Google Earth\res\de.country
2/2/2009 4:33:36 PM 12422 C:\Program Files\Google\Google Earth\res\de.locale
2/2/2009 4:33:36 PM 1122 C:\Program Files\Google\Google Earth\res\dj.country
2/2/2009 4:33:36 PM 1117 C:\Program Files\Google\Google Earth\res\dk.country
2/2/2009 4:33:36 PM 1180 C:\Program Files\Google\Google Earth\res\dm.country
2/2/2009 4:33:36 PM 1160 C:\Program Files\Google\Google Earth\res\do.country
2/2/2009 4:33:36 PM 1115 C:\Program Files\Google\Google Earth\res\dz.country
2/2/2009 4:33:36 PM 1123 C:\Program Files\Google\Google Earth\res\ec.country
2/2/2009 4:33:36 PM 1117 C:\Program Files\Google\Google Earth\res\ee.country
2/2/2009 4:33:36 PM 1115 C:\Program Files\Google\Google Earth\res\eg.country
2/2/2009 4:33:36 PM 1130 C:\Program Files\Google\Google Earth\res\eh.country
2/2/2009 4:33:36 PM 11305 C:\Program Files\Google\Google Earth\res\en.locale
2/2/2009 4:33:36 PM 12365 C:\Program Files\Google\Google Earth\res\en_AU.locale
2/2/2009 4:33:36 PM 11850 C:\Program Files\Google\Google Earth\res\en_CA.locale
2/2/2009 4:33:36 PM 12349 C:\Program Files\Google\Google Earth\res\en_GB.locale
2/2/2009 4:33:36 PM 12361 C:\Program Files\Google\Google Earth\res\en_NZ.locale
2/2/2009 4:33:37 PM 12388 C:\Program Files\Google\Google Earth\res\en_US.locale
2/2/2009 4:33:37 PM 1117 C:\Program Files\Google\Google Earth\res\er.country
2/2/2009 4:33:37 PM 1115 C:\Program Files\Google\Google Earth\res\es.country
2/2/2009 4:33:37 PM 12418 C:\Program Files\Google\Google Earth\res\es.locale
2/2/2009 4:33:37 PM 1116 C:\Program Files\Google\Google Earth\res\et.country
2/2/2009 4:33:37 PM 1117 C:\Program Files\Google\Google Earth\res\fi.country
2/2/2009 4:33:37 PM 1118 C:\Program Files\Google\Google Earth\res\fj.country
2/2/2009 4:33:37 PM 1177 C:\Program Files\Google\Google Earth\res\fk.country
2/2/2009 4:33:37 PM 32715 C:\Program Files\Google\Google Earth\res\flightsim
2/2/2009 4:33:37 PM 8401 C:\Program Files\Google\Google Earth\res\flightsim\aircraft
2/2/2009 4:33:37 PM 7453 C:\Program Files\Google\Google Earth\res\flightsim\controller
2/2/2009 4:33:37 PM 6507 C:\Program Files\Google\Google Earth\res\flightsim\hud
2/2/2009 4:33:38 PM 5890 C:\Program Files\Google\Google Earth\res\flightsim\keyboard
2/2/2009 4:33:38 PM 1213 C:\Program Files\Google\Google Earth\res\flightsim\planet
2/2/2009 4:33:38 PM 1179 C:\Program Files\Google\Google Earth\res\fm.country
2/2/2009 4:33:38 PM 1123 C:\Program Files\Google\Google Earth\res\fo.country
2/2/2009 4:33:38 PM 1142 C:\Program Files\Google\Google Earth\res\fr.country
2/2/2009 4:33:38 PM 12487 C:\Program Files\Google\Google Earth\res\fr.locale
2/2/2009 4:33:38 PM 1121 C:\Program Files\Google\Google Earth\res\ga.country
2/2/2009 4:33:38 PM 1124 C:\Program Files\Google\Google Earth\res\gb.country
2/2/2009 4:33:38 PM 1179 C:\Program Files\Google\Google Earth\res\gd.country
2/2/2009 4:33:38 PM 1121 C:\Program Files\Google\Google Earth\res\ge.country
2/2/2009 4:33:38 PM 1123 C:\Program Files\Google\Google Earth\res\gf.country
2/2/2009 4:33:38 PM 1180 C:\Program Files\Google\Google Earth\res\gg.country
2/2/2009 4:33:38 PM 1113 C:\Program Files\Google\Google Earth\res\gh.country
2/2/2009 4:33:38 PM 1181 C:\Program Files\Google\Google Earth\res\gi.country
2/2/2009 4:33:38 PM 1121 C:\Program Files\Google\Google Earth\res\gl.country
2/2/2009 4:33:38 PM 1226 C:\Program Files\Google\Google Earth\res\gm.country
2/2/2009 4:33:38 PM 1118 C:\Program Files\Google\Google Earth\res\gn.country
2/2/2009 4:33:38 PM 1158 C:\Program Files\Google\Google Earth\res\gp.country
2/2/2009 4:33:38 PM 1125 C:\Program Files\Google\Google Earth\res\gq.country
2/2/2009 4:33:38 PM 1116 C:\Program Files\Google\Google Earth\res\gr.country
2/2/2009 4:33:38 PM 1188 C:\Program Files\Google\Google Earth\res\gs.country
2/2/2009 4:33:38 PM 1131 C:\Program Files\Google\Google Earth\res\gt.country
2/2/2009 4:33:38 PM 1174 C:\Program Files\Google\Google Earth\res\gu.country
2/2/2009 4:33:38 PM 1125 C:\Program Files\Google\Google Earth\res\gw.country
2/2/2009 4:33:38 PM 1116 C:\Program Files\Google\Google Earth\res\gy.country
2/2/2009 4:33:39 PM 1001 C:\Program Files\Google\Google Earth\res\he.locale
2/2/2009 4:33:39 PM 1155 C:\Program Files\Google\Google Earth\res\hk.country
2/2/2009 4:33:39 PM 1205 C:\Program Files\Google\Google Earth\res\hm.country
2/2/2009 4:33:39 PM 1124 C:\Program Files\Google\Google Earth\res\hn.country
2/2/2009 4:33:39 PM 1151 C:\Program Files\Google\Google Earth\res\hr.country
2/2/2009 4:33:39 PM 1147 C:\Program Files\Google\Google Earth\res\ht.country
2/2/2009 4:33:39 PM 1117 C:\Program Files\Google\Google Earth\res\hu.country
2/2/2009 4:33:39 PM 1121 C:\Program Files\Google\Google Earth\res\id.country
2/2/2009 4:33:39 PM 1117 C:\Program Files\Google\Google Earth\res\ie.country
2/2/2009 4:33:39 PM 1126 C:\Program Files\Google\Google Earth\res\il.country
2/2/2009 4:33:39 PM 1173 C:\Program Files\Google\Google Earth\res\im.country
2/2/2009 4:33:39 PM 1135 C:\Program Files\Google\Google Earth\res\in.country
2/2/2009 4:33:39 PM 1144 C:\Program Files\Google\Google Earth\res\io.country
2/2/2009 4:33:39 PM 1114 C:\Program Files\Google\Google Earth\res\iq.country
2/2/2009 4:33:39 PM 1114 C:\Program Files\Google\Google Earth\res\ir.country
2/2/2009 4:33:39 PM 1119 C:\Program Files\Google\Google Earth\res\is.country
2/2/2009 4:33:39 PM 1175 C:\Program Files\Google\Google Earth\res\it.country
2/2/2009 4:33:39 PM 12443 C:\Program Files\Google\Google Earth\res\it.locale
2/2/2009 4:33:39 PM 12165 C:\Program Files\Google\Google Earth\res\ja.locale
2/2/2009 4:33:39 PM 1178 C:\Program Files\Google\Google Earth\res\je.country
2/2/2009 4:33:39 PM 1129 C:\Program Files\Google\Google Earth\res\jm.country
2/2/2009 4:33:39 PM 1116 C:\Program Files\Google\Google Earth\res\jo.country
2/2/2009 4:33:39 PM 1117 C:\Program Files\Google\Google Earth\res\jp.country
2/2/2009 4:33:39 PM 1113 C:\Program Files\Google\Google Earth\res\ke.country
2/2/2009 4:33:40 PM 1120 C:\Program Files\Google\Google Earth\res\kg.country
2/2/2009 4:33:40 PM 1120 C:\Program Files\Google\Google Earth\res\kh.country
2/2/2009 4:33:40 PM 1150 C:\Program Files\Google\Google Earth\res\ki.country
2/2/2009 4:33:40 PM 1155 C:\Program Files\Google\Google Earth\res\km.country
2/2/2009 4:33:40 PM 1193 C:\Program Files\Google\Google Earth\res\kn.country
2/2/2009 4:33:40 PM 125173 C:\Program Files\Google\Google Earth\res\ko.locale
2/2/2009 4:33:40 PM 1124 C:\Program Files\Google\Google Earth\res\kp.country
2/2/2009 4:33:40 PM 1128 C:\Program Files\Google\Google Earth\res\kr.country
2/2/2009 4:33:40 PM 1126 C:\Program Files\Google\Google Earth\res\kw.country
2/2/2009 4:33:40 PM 1134 C:\Program Files\Google\Google Earth\res\ky.country
2/2/2009 4:33:40 PM 1120 C:\Program Files\Google\Google Earth\res\kz.country
2/2/2009 4:33:40 PM 1116 C:\Program Files\Google\Google Earth\res\la.country
2/2/2009 4:33:40 PM 1177 C:\Program Files\Google\Google Earth\res\lb.country
2/2/2009 4:33:40 PM 1183 C:\Program Files\Google\Google Earth\res\lc.country
2/2/2009 4:33:40 PM 1183 C:\Program Files\Google\Google Earth\res\li.country
2/2/2009 4:33:40 PM 1117 C:\Program Files\Google\Google Earth\res\lk.country
2/2/2009 4:33:40 PM 1151 C:\Program Files\Google\Google Earth\res\lr.country
2/2/2009 4:33:40 PM 1127 C:\Program Files\Google\Google Earth\res\ls.country
2/2/2009 4:33:40 PM 1119 C:\Program Files\Google\Google Earth\res\lt.country
2/2/2009 4:33:40 PM 1156 C:\Program Files\Google\Google Earth\res\lu.country
2/2/2009 4:33:40 PM 1116 C:\Program Files\Google\Google Earth\res\lv.country
2/2/2009 4:33:41 PM 1223 C:\Program Files\Google\Google Earth\res\ly.country
2/2/2009 4:33:41 PM 1117 C:\Program Files\Google\Google Earth\res\ma.country
2/2/2009 4:33:41 PM 1148 C:\Program Files\Google\Google Earth\res\mc.country
2/2/2009 4:33:41 PM 1117 C:\Program Files\Google\Google Earth\res\md.country
2/2/2009 4:33:41 PM 1194 C:\Program Files\Google\Google Earth\res\me.country
2/2/2009 4:33:41 PM 1122 C:\Program Files\Google\Google Earth\res\mg.country
2/2/2009 4:33:41 PM 1200 C:\Program Files\Google\Google Earth\res\mh.country
2/2/2009 4:33:41 PM 1149 C:\Program Files\Google\Google Earth\res\mk.country
2/2/2009 4:33:41 PM 1114 C:\Program Files\Google\Google Earth\res\ml.country
2/2/2009 4:33:41 PM 1219 C:\Program Files\Google\Google Earth\res\mm.country
2/2/2009 4:33:41 PM 1150 C:\Program Files\Google\Google Earth\res\mn.country
2/2/2009 4:33:41 PM 1153 C:\Program Files\Google\Google Earth\res\mo.country
2/2/2009 4:33:41 PM 1146 C:\Program Files\Google\Google Earth\res\mp.country
2/2/2009 4:33:41 PM 1152 C:\Program Files\Google\Google Earth\res\mq.country
2/2/2009 4:33:41 PM 1122 C:\Program Files\Google\Google Earth\res\mr.country
2/2/2009 4:33:41 PM 1132 C:\Program Files\Google\Google Earth\res\ms.country
2/2/2009 4:33:41 PM 1175 C:\Program Files\Google\Google Earth\res\mt.country
2/2/2009 4:33:41 PM 1157 C:\Program Files\Google\Google Earth\res\mu.country
2/2/2009 4:33:41 PM 1122 C:\Program Files\Google\Google Earth\res\mv.country
2/2/2009 4:33:41 PM 1122 C:\Program Files\Google\Google Earth\res\mw.country
2/2/2009 4:33:41 PM 1120 C:\Program Files\Google\Google Earth\res\mx.country
2/2/2009 4:33:41 PM 1126 C:\Program Files\Google\Google Earth\res\my.country
2/2/2009 4:33:41 PM 1128 C:\Program Files\Google\Google Earth\res\mz.country
2/2/2009 4:33:41 PM 1119 C:\Program Files\Google\Google Earth\res\na.country
2/2/2009 4:33:41 PM 1135 C:\Program Files\Google\Google Earth\res\nc.country
2/2/2009 4:33:41 PM 1113 C:\Program Files\Google\Google Earth\res\ne.country
2/2/2009 4:33:41 PM 1164 C:\Program Files\Google\Google Earth\res\nf.country
2/2/2009 4:33:42 PM 1115 C:\Program Files\Google\Google Earth\res\ng.country
2/2/2009 4:33:42 PM 1151 C:\Program Files\Google\Google Earth\res\ni.country
2/2/2009 4:33:42 PM 1155 C:\Program Files\Google\Google Earth\res\nl.country
2/2/2009 4:33:42 PM 1116 C:\Program Files\Google\Google Earth\res\no.country
2/2/2009 4:33:42 PM 1115 C:\Program Files\Google\Google Earth\res\np.country
2/2/2009 4:33:42 PM 1179 C:\Program Files\Google\Google Earth\res\nr.country
2/2/2009 4:33:42 PM 1178 C:\Program Files\Google\Google Earth\res\nu.country
2/2/2009 4:33:42 PM 1125 C:\Program Files\Google\Google Earth\res\nz.country
2/2/2009 4:33:42 PM 1114 C:\Program Files\Google\Google Earth\res\om.country
2/2/2009 4:33:42 PM 1116 C:\Program Files\Google\Google Earth\res\pa.country
2/2/2009 4:33:42 PM 265134 C:\Program Files\Google\Google Earth\res\paddle
2/2/2009 4:33:45 PM 1118 C:\Program Files\Google\Google Earth\res\pe.country
2/2/2009 4:33:45 PM 1132 C:\Program Files\Google\Google Earth\res\pf.country
2/2/2009 4:33:45 PM 1128 C:\Program Files\Google\Google Earth\res\pg.country
2/2/2009 4:33:45 PM 1123 C:\Program Files\Google\Google Earth\res\ph.country
2/2/2009 4:33:45 PM 1118 C:\Program Files\Google\Google Earth\res\pk.country
2/2/2009 4:33:45 PM 1176 C:\Program Files\Google\Google Earth\res\pl.country
2/2/2009 4:33:45 PM 1197 C:\Program Files\Google\Google Earth\res\pm.country
2/2/2009 4:33:45 PM 1166 C:\Program Files\Google\Google Earth\res\pn.country
2/2/2009 4:33:45 PM 1133 C:\Program Files\Google\Google Earth\res\pr.country
2/2/2009 4:33:45 PM 1239 C:\Program Files\Google\Google Earth\res\ps.country
2/2/2009 4:33:45 PM 1122 C:\Program Files\Google\Google Earth\res\pt.country
2/2/2009 4:33:45 PM 22946 C:\Program Files\Google\Google Earth\res\pushpin
2/2/2009 4:33:45 PM 1151 C:\Program Files\Google\Google Earth\res\pw.country
2/2/2009 4:33:45 PM 1152 C:\Program Files\Google\Google Earth\res\py.country
2/2/2009 4:33:45 PM 1125 C:\Program Files\Google\Google Earth\res\qa.country
2/2/2009 4:33:45 PM 1179 C:\Program Files\Google\Google Earth\res\re.country
2/2/2009 4:33:45 PM 1147 C:\Program Files\Google\Google Earth\res\ro.country
2/2/2009 4:33:45 PM 1158 C:\Program Files\Google\Google Earth\res\rs.country
2/2/2009 4:33:45 PM 1148 C:\Program Files\Google\Google Earth\res\ru.country
2/2/2009 4:33:45 PM 126172 C:\Program Files\Google\Google Earth\res\ru.locale
2/2/2009 4:33:45 PM 1116 C:\Program Files\Google\Google Earth\res\rw.country
2/2/2009 4:33:45 PM 1122 C:\Program Files\Google\Google Earth\res\sa.country
2/2/2009 4:33:45 PM 1127 C:\Program Files\Google\Google Earth\res\sb.country
2/2/2009 4:33:45 PM 1182 C:\Program Files\Google\Google Earth\res\sc.country
2/2/2009 4:33:45 PM 1115 C:\Program Files\Google\Google Earth\res\sd.country
2/2/2009 4:33:45 PM 1116 C:\Program Files\Google\Google Earth\res\se.country
2/2/2009 4:33:45 PM 1155 C:\Program Files\Google\Google Earth\res\sg.country
2/2/2009 4:33:46 PM 1158 C:\Program Files\Google\Google Earth\res\sh.country
2/2/2009 4:33:46 PM 238488 C:\Program Files\Google\Google Earth\res\shapes
2/2/2009 4:33:47 PM 1178 C:\Program Files\Google\Google Earth\res\si.country
2/2/2009 4:33:47 PM 1118 C:\Program Files\Google\Google Earth\res\sj.country
2/2/2009 4:33:47 PM 1152 C:\Program Files\Google\Google Earth\res\sk.country
2/2/2009 4:33:47 PM 1130 C:\Program Files\Google\Google Earth\res\sl.country
2/2/2009 4:33:47 PM 1228 C:\Program Files\Google\Google Earth\res\sm.country
2/2/2009 4:33:47 PM 1119 C:\Program Files\Google\Google Earth\res\sn.country
2/2/2009 4:33:47 PM 1147 C:\Program Files\Google\Google Earth\res\so.country
2/2/2009 4:33:47 PM 1118 C:\Program Files\Google\Google Earth\res\sr.country
2/2/2009 4:33:47 PM 1127 C:\Program Files\Google\Google Earth\res\st.country
2/2/2009 4:33:47 PM 1183 C:\Program Files\Google\Google Earth\res\sv.country
2/2/2009 4:33:47 PM 1115 C:\Program Files\Google\Google Earth\res\sy.country
2/2/2009 4:33:47 PM 1129 C:\Program Files\Google\Google Earth\res\sz.country
2/2/2009 4:33:47 PM 1172 C:\Program Files\Google\Google Earth\res\tc.country
2/2/2009 4:33:47 PM 1114 C:\Program Files\Google\Google Earth\res\td.country
2/2/2009 4:33:47 PM 1147 C:\Program Files\Google\Google Earth\res\tf.country
2/2/2009 4:33:48 PM 1142 C:\Program Files\Google\Google Earth\res\tg.country
2/2/2009 4:33:48 PM 1120 C:\Program Files\Google\Google Earth\res\th.country
2/2/2009 4:33:48 PM 1150 C:\Program Files\Google\Google Earth\res\tj.country
2/2/2009 4:33:48 PM 1121 C:\Program Files\Google\Google Earth\res\tk.country
2/2/2009 4:33:48 PM 1225 C:\Program Files\Google\Google Earth\res\tl.country
2/2/2009 4:33:48 PM 1152 C:\Program Files\Google\Google Earth\res\tm.country
2/2/2009 4:33:48 PM 1115 C:\Program Files\Google\Google Earth\res\tn.country
2/2/2009 4:33:48 PM 1121 C:\Program Files\Google\Google Earth\res\to.country
2/2/2009 4:33:48 PM 1116 C:\Program Files\Google\Google Earth\res\tr.country
2/2/2009 4:33:48 PM 1131 C:\Program Files\Google\Google Earth\res\tt.country
2/2/2009 4:33:48 PM 1118 C:\Program Files\Google\Google Earth\res\tv.country
2/2/2009 4:33:48 PM 1122 C:\Program Files\Google\Google Earth\res\tw.country
2/2/2009 4:33:48 PM 1118 C:\Program Files\Google\Google Earth\res\tz.country
2/2/2009 4:33:48 PM 1147 C:\Program Files\Google\Google Earth\res\ua.country
2/2/2009 4:33:48 PM 1114 C:\Program Files\Google\Google Earth\res\ug.country
2/2/2009 4:33:48 PM 1208 C:\Program Files\Google\Google Earth\res\um.country
2/2/2009 4:33:48 PM 1185 C:\Program Files\Google\Google Earth\res\us.country
2/2/2009 4:33:48 PM 1121 C:\Program Files\Google\Google Earth\res\uy.country
2/2/2009 4:33:48 PM 1120 C:\Program Files\Google\Google Earth\res\uz.country
2/2/2009 4:33:48 PM 1143 C:\Program Files\Google\Google Earth\res\va.country
2/2/2009 4:33:48 PM 1154 C:\Program Files\Google\Google Earth\res\vc.country
2/2/2009 4:33:48 PM 1119 C:\Program Files\Google\Google Earth\res\ve.country
2/2/2009 4:33:48 PM 1239 C:\Program Files\Google\Google Earth\res\vg.country
2/2/2009 4:33:48 PM 1196 C:\Program Files\Google\Google Earth\res\vi.country
2/2/2009 4:33:48 PM 1177 C:\Program Files\Google\Google Earth\res\vn.country
2/2/2009 4:33:49 PM 1121 C:\Program Files\Google\Google Earth\res\vu.country
2/2/2009 4:33:49 PM 1141 C:\Program Files\Google\Google Earth\res\wf.country
2/2/2009 4:33:49 PM 1179 C:\Program Files\Google\Google Earth\res\ws.country
2/2/2009 4:33:49 PM 1115 C:\Program Files\Google\Google Earth\res\ye.country
2/2/2009 4:33:49 PM 1179 C:\Program Files\Google\Google Earth\res\yt.country
2/2/2009 4:33:49 PM 1124 C:\Program Files\Google\Google Earth\res\za.country
2/2/2009 4:33:49 PM 125435 C:\Program Files\Google\Google Earth\res\zh-Hans.locale
2/2/2009 4:33:49 PM 125893 C:\Program Files\Google\Google Earth\res\zh-Hant.locale
2/2/2009 4:33:49 PM 1226 C:\Program Files\Google\Google Earth\res\zm.country
2/2/2009 4:33:49 PM 1120 C:\Program Files\Google\Google Earth\res\zw.country
2/2/2009 4:33:49 PM 160175 C:\Program Files\Google\Google Earth\shaders
2/2/2009 4:33:50 PM 7454 C:\Program Files\Google\Google Earth\xml
2/2/2009 4:30:28 PM 3446445 C:\Program Files\Google\Google Updater
2/2/2009 4:30:28 PM 3284669 C:\Program Files\Google\Google Updater\2.4.1487.6512
2/2/2009 4:30:28 PM 51200 C:\Program Files\Google\Google Updater\2.4.1487.6512\cs
2/2/2009 4:30:29 PM 52224 C:\Program Files\Google\Google Updater\2.4.1487.6512\da
2/2/2009 4:30:29 PM 56832 C:\Program Files\Google\Google Updater\2.4.1487.6512\de
2/2/2009 4:30:29 PM 57856 C:\Program Files\Google\Google Updater\2.4.1487.6512\el
2/2/2009 4:30:29 PM 47616 C:\Program Files\Google\Google Updater\2.4.1487.6512\en
2/2/2009 4:30:29 PM 47616 C:\Program Files\Google\Google Updater\2.4.1487.6512\en-gb
2/2/2009 4:30:29 PM 54272 C:\Program Files\Google\Google Updater\2.4.1487.6512\es
2/2/2009 4:30:29 PM 48640 C:\Program Files\Google\Google Updater\2.4.1487.6512\fi
2/2/2009 4:30:29 PM 57856 C:\Program Files\Google\Google Updater\2.4.1487.6512\fr
2/2/2009 4:30:29 PM 126717 C:\Program Files\Google\Google Updater\2.4.1487.6512\HTML
2/2/2009 4:30:29 PM 53248 C:\Program Files\Google\Google Updater\2.4.1487.6512\it
2/2/2009 4:30:29 PM 31744 C:\Program Files\Google\Google Updater\2.4.1487.6512\ja
2/2/2009 4:30:29 PM 30208 C:\Program Files\Google\Google Updater\2.4.1487.6512\ko
2/2/2009 4:30:29 PM 54272 C:\Program Files\Google\Google Updater\2.4.1487.6512\nl
2/2/2009 4:30:29 PM 49664 C:\Program Files\Google\Google Updater\2.4.1487.6512\no
2/2/2009 4:30:29 PM 53760 C:\Program Files\Google\Google Updater\2.4.1487.6512\pl
2/2/2009 4:30:29 PM 49664 C:\Program Files\Google\Google Updater\2.4.1487.6512\pt-br
2/2/2009 4:30:29 PM 55808 C:\Program Files\Google\Google Updater\2.4.1487.6512\ru
2/2/2009 4:30:29 PM 49152 C:\Program Files\Google\Google Updater\2.4.1487.6512\sv
2/2/2009 4:30:29 PM 48128 C:\Program Files\Google\Google Updater\2.4.1487.6512\th
2/2/2009 4:30:29 PM 52736 C:\Program Files\Google\Google Updater\2.4.1487.6512\tr
2/2/2009 4:30:29 PM 24064 C:\Program Files\Google\Google Updater\2.4.1487.6512\zh-cn
2/2/2009 4:30:30 PM 24064 C:\Program Files\Google\Google Updater\2.4.1487.6512\zh-tw
2/2/2009 4:30:33 PM 824389 C:\Program Files\Google\GoogleToolbarNotifier
2/2/2009 4:30:33 PM 784981 C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450
2/2/2009 4:31:40 PM 2421198 C:\Program Files\Google\Update
2/2/2009 4:31:40 PM 2284320 C:\Program Files\Google\Update\1.2.133.37
2/2/2009 4:32:05 PM 0 C:\Program Files\Google\Update\CrashReports
2/2/2009 4:31:53 PM 3774 C:\Program Files\Google\Update\Offline
1/7/2009 11:49:36 AM 41139 C:\Program Files\Intel
1/7/2009 11:49:36 AM 41139 C:\Program Files\Intel\INFInst
1/25/2009 12:54:28 AM 102275566 C:\Program Files\Logitech
1/26/2009 8:08:18 PM 23603165 C:\Program Files\Logitech\QuickCam
1/26/2009 8:08:18 PM 23603165 C:\Program Files\Logitech\QuickCam\Fusion
1/26/2009 8:08:22 PM 0 C:\Program Files\Logitech\QuickCam\Fusion\Config
1/26/2009 8:08:18 PM 8488143 C:\Program Files\Logitech\QuickCam\Fusion\Help
1/26/2009 8:08:18 PM 517085 C:\Program Files\Logitech\QuickCam\Fusion\Help\CHS
1/26/2009 8:08:18 PM 516867 C:\Program Files\Logitech\QuickCam\Fusion\Help\CHT
1/26/2009 8:08:18 PM 504990 C:\Program Files\Logitech\QuickCam\Fusion\Help\DAN
1/26/2009 8:08:18 PM 508110 C:\Program Files\Logitech\QuickCam\Fusion\Help\DEU
1/26/2009 8:08:18 PM 398244 C:\Program Files\Logitech\QuickCam\Fusion\Help\ELL
1/26/2009 8:08:18 PM 394294 C:\Program Files\Logitech\QuickCam\Fusion\Help\ENU
1/26/2009 8:08:18 PM 508355 C:\Program Files\Logitech\QuickCam\Fusion\Help\ESP
1/26/2009 8:08:18 PM 510400 C:\Program Files\Logitech\QuickCam\Fusion\Help\FRA
1/26/2009 8:08:18 PM 508520 C:\Program Files\Logitech\QuickCam\Fusion\Help\ITA
1/26/2009 8:08:18 PM 459449 C:\Program Files\Logitech\QuickCam\Fusion\Help\JPN
1/26/2009 8:08:18 PM 508255 C:\Program Files\Logitech\QuickCam\Fusion\Help\KOR
1/26/2009 8:08:18 PM 506755 C:\Program Files\Logitech\QuickCam\Fusion\Help\NLD
1/26/2009 8:08:18 PM 503825 C:\Program Files\Logitech\QuickCam\Fusion\Help\NOR
1/26/2009 8:08:18 PM 399052 C:\Program Files\Logitech\QuickCam\Fusion\Help\PLK
1/26/2009 8:08:18 PM 507714 C:\Program Files\Logitech\QuickCam\Fusion\Help\PTB
1/26/2009 8:08:18 PM 399622 C:\Program Files\Logitech\QuickCam\Fusion\Help\RUS
1/26/2009 8:08:18 PM 444966 C:\Program Files\Logitech\QuickCam\Fusion\Help\SVE
1/26/2009 8:08:18 PM 391640 C:\Program Files\Logitech\QuickCam\Fusion\Help\TRK
1/26/2009 8:08:25 PM 1333504 C:\Program Files\Logitech\QuickCam\Fusion\LU
1/26/2009 8:08:25 PM 8095 C:\Program Files\Logitech\QuickCam\Fusion\LU\bgr
1/26/2009 8:08:25 PM 6236 C:\Program Files\Logitech\QuickCam\Fusion\LU\chs
1/26/2009 8:08:25 PM 6256 C:\Program Files\Logitech\QuickCam\Fusion\LU\cht
1/26/2009 8:08:25 PM 6733 C:\Program Files\Logitech\QuickCam\Fusion\LU\csy
1/26/2009 8:08:25 PM 6675 C:\Program Files\Logitech\QuickCam\Fusion\LU\dan
1/26/2009 8:08:25 PM 6736 C:\Program Files\Logitech\QuickCam\Fusion\LU\deu
1/26/2009 8:08:25 PM 8222 C:\Program Files\Logitech\QuickCam\Fusion\LU\ell
1/26/2009 8:08:25 PM 6274 C:\Program Files\Logitech\QuickCam\Fusion\LU\enu
1/26/2009 8:08:25 PM 6838 C:\Program Files\Logitech\QuickCam\Fusion\LU\esm
1/26/2009 8:08:25 PM 6793 C:\Program Files\Logitech\QuickCam\Fusion\LU\esp
1/26/2009 8:08:25 PM 6514 C:\Program Files\Logitech\QuickCam\Fusion\LU\eti
1/26/2009 8:08:25 PM 6662 C:\Program Files\Logitech\QuickCam\Fusion\LU\fin
1/26/2009 8:08:25 PM 6956 C:\Program Files\Logitech\QuickCam\Fusion\LU\fra
1/26/2009 8:08:25 PM 6608 C:\Program Files\Logitech\QuickCam\Fusion\LU\hrv
1/26/2009 8:08:25 PM 6828 C:\Program Files\Logitech\QuickCam\Fusion\LU\hun
1/26/2009 8:08:25 PM 6834 C:\Program Files\Logitech\QuickCam\Fusion\LU\ita
1/26/2009 8:08:26 PM 7798 C:\Program Files\Logitech\QuickCam\Fusion\LU\jpn
1/26/2009 8:08:26 PM 6981 C:\Program Files\Logitech\QuickCam\Fusion\LU\kor
1/26/2009 8:08:26 PM 6881 C:\Program Files\Logitech\QuickCam\Fusion\LU\lth
1/26/2009 8:08:26 PM 6847 C:\Program Files\Logitech\QuickCam\Fusion\LU\lvi
1/26/2009 8:08:26 PM 6747 C:\Program Files\Logitech\QuickCam\Fusion\LU\nld
1/26/2009 8:08:26 PM 6716 C:\Program Files\Logitech\QuickCam\Fusion\LU\nor
1/26/2009 8:08:26 PM 6881 C:\Program Files\Logitech\QuickCam\Fusion\LU\plk
1/26/2009 8:08:26 PM 6928 C:\Program Files\Logitech\QuickCam\Fusion\LU\ptb
1/26/2009 8:08:26 PM 6842 C:\Program Files\Logitech\QuickCam\Fusion\LU\ptg
1/26/2009 8:08:26 PM 6791 C:\Program Files\Logitech\QuickCam\Fusion\LU\rom
1/26/2009 8:08:26 PM 8824 C:\Program Files\Logitech\QuickCam\Fusion\LU\rus
1/26/2009 8:08:26 PM 6960 C:\Program Files\Logitech\QuickCam\Fusion\LU\sky
1/26/2009 8:08:26 PM 6873 C:\Program Files\Logitech\QuickCam\Fusion\LU\slv
1/26/2009 8:08:26 PM 6597 C:\Program Files\Logitech\QuickCam\Fusion\LU\srl
1/26/2009 8:08:26 PM 6890 C:\Program Files\Logitech\QuickCam\Fusion\LU\sve
1/26/2009 8:08:26 PM 6722 C:\Program Files\Logitech\QuickCam\Fusion\LU\trk
1/26/2009 8:08:26 PM 8669 C:\Program Files\Logitech\QuickCam\Fusion\LU\ukr
1/26/2009 8:08:20 PM 5195075 C:\Program Files\Logitech\QuickCam\Fusion\ModelPackages
1/26/2009 8:08:19 PM 240997 C:\Program Files\Logitech\QuickCam\Fusion\Readme
1/25/2009 12:54:28 AM 49414984 C:\Program Files\Logitech\QuickCamWebInstall
1/25/2009 12:54:28 AM 15048944 C:\Program Files\Logitech\QuickCamWebInstall\AppInst
1/25/2009 12:54:28 AM 648 C:\Program Files\Logitech\QuickCamWebInstall\AppInst\Config
1/25/2009 12:54:28 AM 197 C:\Program Files\Logitech\QuickCamWebInstall\AppInst\Config\OEMDEF
1/25/2009 12:54:28 AM 197 C:\Program Files\Logitech\QuickCamWebInstall\AppInst\Config\OEMDEF\enu
1/25/2009 12:54:28 AM 45 C:\Program Files\Logitech\QuickCamWebInstall\AppInst\Config\OEMFILES
1/25/2009 12:54:28 AM 45 C:\Program Files\Logitech\QuickCamWebInstall\AppInst\Config\OEMFILES\enu
1/25/2009 12:54:30 AM 27738229 C:\Program Files\Logitech\QuickCamWebInstall\Drivers
1/25/2009 12:54:30 AM 10161495 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin
1/25/2009 12:54:31 AM 18610 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\CHS
1/25/2009 12:54:31 AM 18945 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\CHT
1/25/2009 12:54:31 AM 26869 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\DAN
1/25/2009 12:54:32 AM 28159 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\DEU
1/25/2009 12:54:32 AM 28198 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\ENU
1/25/2009 12:54:33 AM 29009 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\ESP
1/25/2009 12:54:33 AM 28882 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\FRA
1/25/2009 12:54:33 AM 29548 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\ITA
1/25/2009 12:54:33 AM 43366 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\JPN
1/25/2009 12:54:34 AM 21712 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\KOR
1/25/2009 12:54:34 AM 68462 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\List
1/25/2009 12:54:35 AM 28519 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\NLD
1/25/2009 12:54:35 AM 26892 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\NOR
1/25/2009 12:54:35 AM 28187 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\PTB
1/25/2009 12:54:36 AM 525824 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir
1/25/2009 12:54:36 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0006
1/25/2009 12:54:36 AM 35328 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0007
1/25/2009 12:54:36 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0009
1/25/2009 12:54:36 AM 35840 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\000a
1/25/2009 12:54:37 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\000b
1/25/2009 12:54:37 AM 35840 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0010
1/25/2009 12:54:37 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0011
1/25/2009 12:54:37 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0012
1/25/2009 12:54:37 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0013
1/25/2009 12:54:37 AM 35328 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0014
1/25/2009 12:54:37 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\001d
1/25/2009 12:54:37 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0404
1/25/2009 12:54:37 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\040c
1/25/2009 12:54:37 AM 35328 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0416
1/25/2009 12:54:38 AM 34816 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\setupdir\0804
1/25/2009 12:54:38 AM 25770 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\SVE
1/25/2009 12:54:39 AM 1576607 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\WinAll
1/25/2009 12:54:39 AM 1576607 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\WinAll\XPRS
1/25/2009 12:54:40 AM 16000127 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\WinNew
1/25/2009 12:54:40 AM 1495283 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\WinNew\ELCH
1/25/2009 12:54:41 AM 6448168 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\WinNew\IM
1/25/2009 12:54:43 AM 4634137 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\WinNew\MSGR
1/25/2009 12:54:45 AM 3422539 C:\Program Files\Logitech\QuickCamWebInstall\Drivers\WinNew\PRO2
1/25/2009 12:54:47 AM 2447000 C:\Program Files\Logitech\QuickCamWebInstall\WMF8
1/25/2009 12:54:48 AM 4085904 C:\Program Files\Logitech\QuickCamWebInstall\WMF9
1/25/2009 12:55:58 AM 29257417 C:\Program Files\Logitech\Video
1/25/2009 12:55:58 AM 349115 C:\Program Files\Logitech\Video\Help
1/25/2009 12:56:00 AM 38386 C:\Program Files\Logitech\Video\RES
1/8/2009 12:30:45 AM 2793952 C:\Program Files\My.Freeze.com Toolbar
12/21/2008 7:32:38 PM 101522439 C:\Program Files\Spyware Doctor
12/21/2008 7:32:38 PM 14629718 C:\Program Files\Spyware Doctor\avdb
12/21/2008 7:32:38 PM 0 C:\Program Files\Spyware Doctor\avdb\quarantine
12/21/2008 7:32:38 PM 0 C:\Program Files\Spyware Doctor\avdb\temp
12/21/2008 7:32:38 PM 1142544 C:\Program Files\Spyware Doctor\avengine
2/4/2009 12:22:22 AM 0 C:\Program Files\Spyware Doctor\Content
12/21/2008 8:03:32 PM 1050278 C:\Program Files\Spyware Doctor\history
12/21/2008 7:32:51 PM 55152 C:\Program Files\Spyware Doctor\html
12/21/2008 7:32:38 PM 0 C:\Program Files\Spyware Doctor\log
12/21/2008 7:32:48 PM 324122 C:\Program Files\Spyware Doctor\LuLng
12/21/2008 7:32:50 PM 2044864 C:\Program Files\Spyware Doctor\NetworkLayer
12/21/2008 7:32:49 PM 5929824 C:\Program Files\Spyware Doctor\plugins
12/21/2008 8:03:31 PM 0 C:\Program Files\Spyware Doctor\quarantine
12/21/2008 8:03:49 PM 0 C:\Program Files\Spyware Doctor\sdnet
12/21/2008 8:03:45 PM 0 C:\Program Files\Spyware Doctor\shbackup
12/21/2008 7:32:38 PM 0 C:\Program Files\Spyware Doctor\tools
12/21/2008 8:09:35 PM 0 C:\Program Files\Spyware Doctor\TransactionResults
12/21/2008 7:32:48 PM 78302 C:\Program Files\Spyware Doctor\ugLng
12/21/2008 8:08:45 PM 0 C:\Program Files\Spyware Doctor\~tmp
1/25/2009 10:29:29 AM 13216351 C:\Program Files\Sygate
1/25/2009 10:29:29 AM 13216351 C:\Program Files\Sygate\SPF
1/25/2009 10:29:30 AM 2176029 C:\Program Files\Sygate\SPF\Help
1/25/2009 10:29:30 AM 133544 C:\Program Files\Sygate\SPF\Install
1/25/2009 10:29:30 AM 58272 C:\Program Files\Sygate\SPF\Netport
1/8/2009 12:54:22 AM 768026 C:\Program Files\SystemRequirementsLab
2/4/2009 12:31:23 AM 404255 C:\Program Files\Trend Micro
2/4/2009 12:31:23 AM 404255 C:\Program Files\Trend Micro\HijackThis
1/15/2009 7:35:22 AM 55296 C:\Program Files\TuneUp Utilities
1/15/2009 7:35:22 AM 6144 C:\Program Files\TuneUp Utilities\Data
1/29/2009 5:50:58 AM 43214354 C:\Program Files\TuneUp Utilities 2009
1/29/2009 5:50:59 AM 9728159 C:\Program Files\TuneUp Utilities 2009\Data
1/29/2009 5:51:03 AM 150257 C:\Program Files\TuneUp Utilities 2009\Data\Framework
1/29/2009 5:51:17 AM 538664 C:\Program Files\TuneUp Utilities 2009\Data\Integrator
1/29/2009 5:51:17 AM 4121 C:\Program Files\TuneUp Utilities 2009\Data\Integrator\CommandLinks
1/29/2009 5:51:17 AM 83811 C:\Program Files\TuneUp Utilities 2009\Data\Integrator\DB
1/29/2009 5:51:17 AM 121476 C:\Program Files\TuneUp Utilities 2009\Data\Integrator\Modules
1/29/2009 5:51:18 AM 181359 C:\Program Files\TuneUp Utilities 2009\Data\PerformanceOptimizer
1/29/2009 5:51:18 AM 2677 C:\Program Files\TuneUp Utilities 2009\Data\PerformanceOptimizer\CommandLink
1/29/2009 5:51:18 AM 17945 C:\Program Files\TuneUp Utilities 2009\Data\Shortcutcleaner
1/29/2009 5:51:18 AM 51830 C:\Program Files\TuneUp Utilities 2009\Data\StartUpManager
1/29/2009 5:51:19 AM 66058 C:\Program Files\TuneUp Utilities 2009\Data\UninstallManager
1/2/2009 1:26:05 AM 875520 C:\Program Files\Uniblue
1/2/2009 1:26:05 AM 875520 C:\Program Files\Uniblue\RegistryBooster
1/2/2009 1:33:07 AM 42113 C:\Program Files\videosoft
12/21/2008 10:21:55 PM 33871717 C:\Program Files\Vuze
12/21/2008 10:22:18 PM 3100154 C:\Program Files\Vuze\.install4j
12/21/2008 10:22:12 PM 0 C:\Program Files\Vuze\custom
12/21/2008 10:22:12 PM 15183609 C:\Program Files\Vuze\plugins
12/21/2008 10:22:12 PM 14684396 C:\Program Files\Vuze\plugins\azemp
1/4/2009 1:52:24 AM 47 C:\Program Files\Vuze\plugins\azemp\mplayer
12/21/2008 10:22:15 PM 305689 C:\Program Files\Vuze\plugins\azplugins
12/21/2008 10:22:15 PM 37781 C:\Program Files\Vuze\plugins\azrating
12/21/2008 10:22:15 PM 25659 C:\Program Files\Vuze\plugins\azupdater
12/21/2008 10:22:15 PM 130084 C:\Program Files\Vuze\plugins\azupnpav
1/2/2009 9:01:29 AM 777914 C:\Program Files\Windows Resource Kits
1/2/2009 9:02:01 AM 777914 C:\Program Files\Windows Resource Kits\Tools
1/6/2009 1:59:49 AM 3480075 C:\Program Files\Zenturi
1/6/2009 1:59:49 AM 3480075 C:\Program Files\Zenturi\ProgramChecker
====== Files under "\System32\Drivers" Last 60 Days======
1/7/2009 8:15:58 PM 5 32 C:\WINDOWS\system32\drivers\1028_DELL_LAT_D800.MRK
1/7/2009 12:49:19 PM 33664 32 C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
1/25/2009 12:56:26 AM 326656 32 C:\WINDOWS\system32\drivers\Camdrl.sys
1/7/2009 8:15:58 PM 5 32 C:\WINDOWS\system32\drivers\DELL_LAT_D800.MRK
12/17/2008 9:52:54 PM 144384 0 C:\WINDOWS\system32\drivers\hdaudbus.sys
12/16/2008 9:50:56 PM 13584 32 C:\WINDOWS\system32\drivers\iKeyLgFT.dll
12/21/2008 7:32:49 PM 40840 32 C:\WINDOWS\system32\drivers\ikfilesec.sys
12/21/2008 7:32:49 PM 66952 32 C:\WINDOWS\system32\drivers\iksysflt.sys
12/21/2008 7:32:49 PM 81288 32 C:\WINDOWS\system32\drivers\iksyssec.sys
12/21/2008 7:32:49 PM 29576 32 C:\WINDOWS\system32\drivers\kcom.sys
12/16/2008 9:38:28 PM 69592 32 C:\WINDOWS\system32\drivers\LVFaL000.cfg
12/16/2008 9:38:28 PM 227172 32 C:\WINDOWS\system32\drivers\LVFeL000.cfg
12/16/2008 9:38:28 PM 146680 32 C:\WINDOWS\system32\drivers\LVFeL001.cfg
12/16/2008 9:38:28 PM 85302 32 C:\WINDOWS\system32\drivers\LVFeL002.cfg
12/16/2008 9:58:54 PM 25624 32 C:\WINDOWS\system32\drivers\LVPr2Mon.sys
1/25/2009 12:56:26 AM 2180096 32 C:\WINDOWS\system32\drivers\lvsvf2.sys
1/25/2009 12:56:27 AM 41888 32 C:\WINDOWS\system32\drivers\LVUSBSta.sys
1/7/2009 8:13:20 PM 17217 32 C:\WINDOWS\system32\drivers\omci.sys
12/21/2008 7:32:56 PM 160792 32 C:\WINDOWS\system32\drivers\pctfw2.sys
12/17/2008 9:54:54 PM 10240 0 C:\WINDOWS\system32\drivers\sffp_mmc.sys
1/25/2009 10:29:44 AM 60496 32 C:\WINDOWS\system32\drivers\Teefer.sys
1/25/2009 10:29:46 AM 14568 32 C:\WINDOWS\system32\drivers\wg3n.sys
1/25/2009 10:29:47 AM 14568 32 C:\WINDOWS\system32\drivers\wg4n.sys
1/25/2009 10:29:48 AM 14568 32 C:\WINDOWS\system32\drivers\wg5n.sys
1/25/2009 10:29:49 AM 14568 32 C:\WINDOWS\system32\drivers\wg6n.sys
1/25/2009 10:29:43 AM 21075 32 C:\WINDOWS\system32\drivers\wpsdrvnt.sys
====== Files Deleted under "%Temp%" ======
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_aXAmUmHgpXyvdAGJpL0g
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LVCOMSX.LOG
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFE645.tmp
3 Files deleted
====== Files and Folders under "All Users\Application Data" Last 60 Days======
12/26/2008 2:34:12 PM 2 C:\Documents and Settings\All Users\Application Data\Ascentive
12/26/2008 2:34:12 PM 2 C:\Documents and Settings\All Users\Application Data\Ascentive\PC SpeedScan Pro
12/21/2008 10:23:10 PM 20 C:\Documents and Settings\All Users\Application Data\Azureus
12/22/2008 7:30:36 AM 670 C:\Documents and Settings\All Users\Application Data\FLEXnet
2/2/2009 4:30:30 PM 13562 C:\Documents and Settings\All Users\Application Data\Google Updater
2/2/2009 4:30:47 PM 0 C:\Documents and Settings\All Users\Application Data\Google Updater\cache
2/2/2009 4:30:47 PM 185 C:\Documents and Settings\All Users\Application Data\Google Updater\history
2/2/2009 4:30:30 PM 13377 C:\Documents and Settings\All Users\Application Data\Google Updater\icons
1/7/2009 11:53:08 PM 107 C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
1/7/2009 11:53:08 PM 107 C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective
1/7/2009 11:56:24 PM 0 C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads
1/29/2009 5:50:59 AM 103853 C:\Documents and Settings\All Users\Application Data\TuneUp Software
1/29/2009 5:50:59 AM 103853 C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities
1/29/2009 5:51:50 AM 95232 C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Program Statistics
1/29/2009 5:50:59 AM 8621 C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web
1/6/2009 1:59:49 AM 800 C:\Documents and Settings\All Users\Application Data\Zenturi
1/6/2009 1:59:49 AM 800 C:\Documents and Settings\All Users\Application Data\Zenturi\ProgramChecker
1/6/2009 1:59:49 AM 800 C:\Documents and Settings\All Users\Application Data\Zenturi\ProgramChecker\Data
1/6/2009 1:59:56 AM 0 C:\Documents and Settings\All Users\Application Data\Zenturi\ProgramChecker\Quarantine
1/6/2009 1:59:56 AM 0 C:\Documents and Settings\All Users\Application Data\Zenturi\ProgramChecker\Revs
1/6/2009 1:59:56 AM 0 C:\Documents and Settings\All Users\Application Data\Zenturi\ProgramChecker\Tmp
1/29/2009 5:49:47 AM 16584704 C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======
====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKLM\Software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKLM\Software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
====== Services ( Services that are Whitelisted are not shown) ======
Alerter (Alerter) C:\WINDOWS\system32\svchost.exe -k LocalService - Disabled
Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe - Manual
Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - Manual
Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Broadcom ASF IP monitoring service v6.0.1 (BAsfIpM) C:\WINDOWS\system32\basfipm.exe - Auto
Background Intelligent Transfer Service (BITS) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) "C:\Program Files\Bonjour\mDNSResponder.exe" - Auto
Computer Browser (Browser) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Indexing Service (CiSvc) C:\WINDOWS\system32\cisvc.exe - Manual
ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe - Disabled
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - Manual
COM+ System Application (COMSysApp) C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - Manual
Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch - Auto
DHCP Client (Dhcp) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com - Manual
Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
DNS Client (Dnscache) C:\WINDOWS\system32\svchost.exe -k NetworkService - Auto
Wired AutoConfig (Dot3svc) C:\WINDOWS\System32\svchost.exe -k dot3svc - Manual
Extensible Authentication Protocol Service (EapHost) C:\WINDOWS\System32\svchost.exe -k eapsvcs - Manual
Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Event Log (Eventlog) C:\WINDOWS\system32\services.exe - Auto
COM+ Event System (EventSystem) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
FLEXnet Licensing Service (FLEXnet Licensing Service) "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" - Manual
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - Manual
Google Update Service (gupdate1c9857dace9a06a) (gupdate1c9857dace9a06a) "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc - Auto
Google Software Updater (gusvc) "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - Auto
Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
HID Input Service (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Health Key and Certificate Management Service (hkmsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter - Manual
Windows CardSpace (idsvc) "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - Manual
IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\system32\imapi.exe - Manual
Server (lanmanserver) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Workstation (lanmanworkstation) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\system32\svchost.exe -k LocalService - Auto
Process Monitor (LVPrcSrv) "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" - Auto
Messenger (Messenger) C:\WINDOWS\system32\svchost.exe -k netsvcs - Disabled
NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\system32\mnmsrvc.exe - Manual
Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\system32\msdtc.exe - Manual
Windows Installer (MSIServer) C:\WINDOWS\system32\msiexec.exe /V - Manual
Network Access Protection Agent (napagent) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe - Disabled
Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe - Disabled
Net Logon (Netlogon) C:\WINDOWS\system32\lsass.exe - Manual
Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Net.Tcp Port Sharing Service (NetTcpPortSharing) "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" - Disabled
Network Location Awareness (NLA) (Nla) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\system32\lsass.exe - Manual
Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
NVIDIA Display Driver Service (NVSvc) C:\WINDOWS\system32\nvsvc32.exe - Auto
Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe - Auto
IPSEC Services (PolicyAgent) C:\WINDOWS\system32\lsass.exe - Manual
Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe - Auto
Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
Remote Access Connection Manager (RasMan) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\system32\sessmgr.exe - Manual
Routing and Remote Access (RemoteAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs - Disabled
Remote Registry (RemoteRegistry) C:\WINDOWS\system32\svchost.exe -k LocalService - Disabled
Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\system32\locator.exe - Manual
Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss - Auto
QoS RSVP (RSVP) C:\WINDOWS\system32\rsvp.exe - Manual
Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe - Auto
ProgramCheckerPro (sassvc) C:\Program Files\Zenturi\ProgramChecker\sassvc.exe - Manual
Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe - Auto
Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
PC Tools Auxiliary Service (sdAuxService) C:\Program Files\Spyware Doctor\pctsAuxs.exe - Auto
PC Tools Security Service (sdCoreService) C:\Program Files\Spyware Doctor\pctsSvc.exe - Auto
Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Sygate Personal Firewall (SmcService) C:\Program Files\Sygate\SPF\smc.exe - Auto
Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe - Auto
System Restore Service (srservice) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
SSDP Discovery Service (SSDPSRV) C:\WINDOWS\system32\svchost.exe -k LocalService - Disabled
Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\system32\svchost.exe -k imgsvc - Auto
MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\system32\dllhost.exe /Processid:{83FDA526-DC1F-4E10-8CC2-02835F5DA95E} - Manual
Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe - Manual
Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch - Manual
Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Telnet (TlntSvr) C:\WINDOWS\system32\tlntsvr.exe - Disabled
Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
TuneUp Drive Defrag Service (TuneUp.Defrag) C:\WINDOWS\System32\TuneUpDefragService.exe - Manual
TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) C:\WINDOWS\System32\TUProgSt.exe - Auto
Universal Plug and Play Device Host (upnphost) C:\WINDOWS\system32\svchost.exe -k LocalService - Disabled
Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe - Manual
Messenger Sharing Folders USN Journal Reader service (usnjsvc) "C:\Program Files\MSN Messenger\usnsvc.exe" - Manual
TuneUp Theme Extension (UxTuneUp) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe - Manual
Windows Time (W32Time) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
WebClient (WebClient) C:\WINDOWS\system32\svchost.exe -k LocalService - Manual
Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Dell Wireless WLAN Tray Service (wltrysvc) C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe - Auto
Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Windows Management Instrumentation Driver Extensions (Wmi) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
WMI Performance Adapter (WmiApSrv) C:\WINDOWS\system32\wbem\wmiapsrv.exe - Manual
Windows Media Player Network Sharing Service (WMPNetworkSvc) "C:\Program Files\Windows Media Player\WMPNetwk.exe" - Manual
Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Windows Driver Foundation - User-mode Driver Framework (WudfSvc) C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup - Auto
Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
====== Uninstall List From Registry ======
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Adobe Photoshop CS3
Aim Plugin for QQ Games
AIMTunes
AIM 6
Dell Wireless WLAN Card
CCleaner (remove only)
COMODO SafeSurf
Google Chrome
Google Updater
GrandBilliards 1.0
HijackThis 2.0.2
Broadcom ASF Management Applications
PCI 7510 CardBus Controller with SmartCard and Software
Driver Detective
iVisit 3.7.5
iVisit 4.0.b1
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB923789)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
K-Lite Codec Pack 4.2.5 (Full)
Logitech QuickCam Driver Package
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.5)
Myspace Enhanced 1.0
MySpaceIM
NVIDIA Drivers
PokerStars
QQ Games
RealPlayer
Spyware Doctor 6.0
System Requirements Lab
videosoft
VideoLAN VLC media player 0.8.6i
Vuze
Windows Media Format 11 runtime
Windows Media Player 11
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Install Manager
Adobe Photoshop CS3
Adobe Help Viewer CS3
Adobe Bridge Start Meeting
QuickTime
Security Update for CAPICOM (KB931906)
Adobe WinSoft Linguistics Plugin
MSXML 6 Service Pack 2 (KB954459)
ASF
Adobe Stock Photos CS3
Microsoft .NET Framework 3.0 Service Pack 1
Opera 9.63
Java(TM) 6 Update 7
WebFldrs XP
CardBus
Adobe Color EU Extra Settings
Adobe Linguistics CS3
Google Earth
TuneUp Utilities 2009
Windows Live Messenger
Free 3GP Video Converter by Topviewsoft 2.1.0.5
Windows Media Player Firefox Plugin
Adobe Fonts All
Adobe Asset Services CS3
Microsoft Visual C++ 2005 Redistributable
Camtasia Studio 5
Adobe XMP Panels CS3
MSXML 4.0 SP2 (KB954430)
Microsoft Silverlight
Rhapsody Player Engine
Adobe Device Central CS3
Adobe Type Support
Adobe Anchor Service CS3
Logitech QuickCam
Adobe Color NA Recommended Settings
Adobe Bridge CS3
Adobe CMaps
Adobe Color - Photoshop Specific
C-Major Audio
Google Update
PDF Settings
Adobe Reader 8.1.2
Adobe Camera Raw 4.0
Spybot - Search & Destroy
Microsoft .NET Framework 2.0 Service Pack 1
DivX Web Player
Broadcom Gigabit Integrated Controller
Adobe Default Language CS3
Windows Presentation Foundation
MSXML 4.0 SP2 (KB936181)
Adobe ExtendScript Toolkit 2
Logitech QuickCam Software
Microsoft .NET Framework 1.1
WinZip 11.2
Adobe Version Cue CS3 Client
Adobe Setup
Adobe PDF Library Files
Windows Resource Kit Tools - SubInAcl.exe
Adobe Color Common Settings
Adobe Color JA Extra Settings
Adobe Update Manager CS3
Sygate Personal Firewall
ProgramChecker
======== Other Info ========
TOTAL PHYSICAL RAM: 1341 MB
bamajim
10.4K Posts
0
February 5th, 2009 07:00
You are most welcome.
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
FooFighterGuy
5 Posts
0
February 6th, 2009 07:00
here is my report file from ComboFix... sorry it took so long... didn't get the automated email that you had replied
ComboFix 09-02-05.04 - Administrator 2009-02-06 10:28:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.847 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
FW: Sygate Personal Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Start Menu\Programs\videosoft
c:\windows\system32\drivers\fad.sys
c:\windows\system32\msqpdxoboeypdq.dll
.
((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.
2009-02-04 00:31 . 2009-02-04 00:31
2009-02-02 16:30 . 2009-02-02 16:33
2009-02-02 16:30 . 2009-02-05 20:34
2009-01-29 05:54 . 2009-01-29 05:54 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-01-29 05:54 . 2009-01-29 05:54 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-29 05:54 . 2008-12-11 07:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-01-29 05:50 . 2009-01-29 05:55
2009-01-29 05:50 . 2009-01-29 05:50
2009-01-29 05:49 . 2009-01-29 05:49
2009-01-26 15:19 . 2009-01-26 20:09
2009-01-25 10:45 . 2009-01-25 10:45
2009-01-25 10:29 . 2009-01-25 10:29
2009-01-25 10:29 . 2004-10-15 18:32 83,096 --a------ c:\windows\system32\SSSensor.dll
2009-01-25 10:29 . 2004-10-15 18:17 60,496 --a------ c:\windows\system32\drivers\Teefer.sys
2009-01-25 10:29 . 2004-10-15 18:18 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys
2009-01-25 10:29 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg6n.sys
2009-01-25 10:29 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg5n.sys
2009-01-25 10:29 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg4n.sys
2009-01-25 10:29 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg3n.sys
2009-01-25 00:56 . 2009-01-25 00:56
2009-01-25 00:55 . 2005-06-08 14:38 90,112 --a------ c:\windows\system32\LQCUI2.dll
2009-01-25 00:54 . 2009-01-26 20:08
2009-01-23 22:13 . 2009-01-23 22:13
2009-01-15 07:54 . 2009-01-15 07:54
2009-01-15 07:43 . 2009-01-24 20:15 927,744 --a------ c:\windows\system32\rn.tmp
2009-01-13 22:50 . 2009-01-13 22:50 118 --a------ c:\windows\system32\MRT.INI
2009-01-10 08:32 . 2009-01-29 13:33
2009-01-10 02:20 . 2009-01-10 02:20 24 --a------ C:\sierra.inf
2009-01-10 01:31 . 2009-01-10 02:20
2009-01-08 00:54 . 2009-01-08 00:54
2009-01-07 20:16 . 2009-01-07 20:16 3,840 --a------ c:\windows\DellBIOS.Sys
2009-01-07 20:15 . 2005-07-08 14:19 666 --a------ c:\windows\speed.reg
2009-01-07 20:15 . 2009-01-07 20:15 5 --a------ c:\windows\system32\drivers\DELL_LAT_D800.MRK
2009-01-07 20:15 . 2009-01-07 20:15 5 --a------ c:\windows\system32\drivers\1028_DELL_LAT_D800.MRK
2009-01-07 20:13 . 2003-01-23 16:37 53,248 --a------ c:\windows\system32\DellSys.dll
2009-01-07 20:13 . 2003-01-23 16:37 17,217 --a------ c:\windows\system32\drivers\omci.sys
2009-01-07 12:49 . 2009-01-07 20:13
2009-01-07 11:51 . 2009-01-07 11:51
2009-01-07 11:49 . 2009-01-07 11:49
2009-01-07 11:47 . 2009-01-07 11:47
2009-01-06 02:02 . 2009-01-06 02:02 26,000 --a------ c:\windows\system32\E3TL.DLL
2009-01-06 01:59 . 2009-01-06 01:59
2009-01-06 01:59 . 2009-01-06 01:59
2009-01-06 01:58 . 2009-01-29 05:48
2009-01-06 01:25 . 2009-01-06 01:25 598 --a------ c:\windows\wininit.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 15:32 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-06 15:25 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 15:25 --------- d-----w c:\program files\Spyware Doctor
2009-02-06 13:26 --------- d-----w c:\program files\DivX
2009-02-06 01:19 --------- d-----w c:\program files\PokerStars
2009-01-30 23:56 --------- d-----w c:\program files\WebcamMax
2009-01-29 10:47 --------- d-----w c:\program files\Vuze
2009-01-29 10:47 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-01-27 01:08 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-25 15:42 --------- d-----w c:\documents and settings\Administrator\Application Data\Comodo
2009-01-25 05:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 01:10 --------- d-----w c:\program files\Broadcom
2009-01-07 17:48 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 07:13 --------- d-----w c:\program files\Apple Software Update
2009-01-06 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 06:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-04 06:10 --------- d-----w c:\documents and settings\Administrator\Application Data\NCH Software
2009-01-02 14:02 --------- d-----w c:\program files\Windows Resource Kits
2009-01-02 14:01 --------- d-----w c:\program files\AIMTunes
2009-01-02 06:28 --------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2008-12-29 04:44 --------- d-----w c:\program files\CCleaner
2008-12-28 15:39 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-23 04:34 --------- d-----w c:\program files\Opera
2008-12-22 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-22 08:30 --------- d-----w c:\program files\Bonjour
2008-12-22 08:29 --------- d-----w c:\program files\Common Files\Adobe
2008-12-22 08:04 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-22 03:23 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-12-22 03:14 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2008-12-22 00:32 --------- d-----w c:\program files\Common Files\PC Tools
2008-12-22 00:32 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2008-12-20 03:23 --------- d-----w c:\program files\GrandBilliards
2008-12-19 17:55 --------- d-----w c:\program files\Free 3GP Video Converter by Topviewsoft
2008-12-18 03:23 --------- d-----w c:\documents and settings\Administrator\Application Data\Orbit
2008-12-17 02:58 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
2008-12-17 02:50 13,584 ----a-w c:\windows\system32\drivers\iKeyLgFT.dll
2008-12-17 02:38 85,302 ----a-w c:\windows\system32\drivers\LVFeL002.cfg
2008-12-17 02:38 69,592 ----a-w c:\windows\system32\drivers\LVFaL000.cfg
2008-12-17 02:38 227,172 ----a-w c:\windows\system32\drivers\LVFeL000.cfg
2008-12-17 02:38 146,680 ----a-w c:\windows\system32\drivers\LVFeL001.cfg
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo1"= CSvidcap.dll
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-08-25 12:36 1168264 c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-12-20 07:50 2656528 c:\program files\Logitech\QuickCam\Fusion\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-10-26 12:01 4632576 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iVisit\\iVisit.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\programs\\3DUCPool\\coolpool.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-12-21 160792]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-07-20 941784]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-29 603904]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]
S2 gupdate1c9857dace9a06a;Google Update Service (gupdate1c9857dace9a06a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
S3 sassvc;ProgramCheckerPro;c:\program files\Zenturi\ProgramChecker\sassvc.exe [2006-02-15 122880]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-21 356920]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\system32\drivers\USB100M.SYS [2008-02-19 27519]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-02-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 15:36]
2009-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-02 16:30]
2009-02-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 16:31]
2009-02-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 08:41]
2009-01-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]
2009-02-05 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-07 08:42]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
Toolbar-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - c:\program files\My.Freeze.com Toolbar\freeze_us.dll
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - c:\program files\My.Freeze.com Toolbar\freeze_us.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.programchecker.com/selectFileToScan.aspx?installed=true
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZKxdm102YYUS
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8psrfdq0.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8psrfdq0.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 10:33:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(980)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\Smc.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\windows\system32\BAsfIpM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-06 10:37:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-06 15:37:22
Pre-Run: 4,876,570,624 bytes free
Post-Run: 4,778,004,480 bytes free
240 --- E O F --- 2009-01-14 03:52:09
bamajim
10.4K Posts
0
February 6th, 2009 08:00
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
c:\windows\system32\rn.tmp
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. Rerun Hijackthis and post a fresh Hijackthis log as well
FooFighterGuy
5 Posts
0
February 6th, 2009 09:00
here is the new Combofix log
ComboFix 09-02-05.04 - Administrator 2009-02-06 12:25:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.817 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
FW: Sygate Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.
2009-02-04 00:31 . 2009-02-04 00:31
2009-02-02 16:30 . 2009-02-06 10:50
2009-02-02 16:30 . 2009-02-05 20:34
2009-01-29 05:54 . 2009-01-29 05:54 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-01-29 05:54 . 2009-01-29 05:54 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-29 05:54 . 2008-12-11 07:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-01-29 05:50 . 2009-01-29 05:55
2009-01-29 05:50 . 2009-01-29 05:50
2009-01-29 05:49 . 2009-01-29 05:49
2009-01-26 15:19 . 2009-01-26 20:09
2009-01-25 10:45 . 2009-01-25 10:45
2009-01-25 10:29 . 2009-01-25 10:29
2009-01-25 10:29 . 2004-10-15 18:32 83,096 --a------ c:\windows\system32\SSSensor.dll
2009-01-25 10:29 . 2004-10-15 18:17 60,496 --a------ c:\windows\system32\drivers\Teefer.sys
2009-01-25 10:29 . 2004-10-15 18:18 21,075 --a------ c:\windows\system32\drivers\wpsdrvnt.sys
2009-01-25 10:29 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg6n.sys
2009-01-25 10:29 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg5n.sys
2009-01-25 10:29 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg4n.sys
2009-01-25 10:29 . 2004-10-15 18:32 14,568 --a------ c:\windows\system32\drivers\wg3n.sys
2009-01-25 00:56 . 2009-01-25 00:56
2009-01-25 00:55 . 2005-06-08 14:38 90,112 --a------ c:\windows\system32\LQCUI2.dll
2009-01-25 00:54 . 2009-01-26 20:08
2009-01-23 22:13 . 2009-01-23 22:13
2009-01-15 07:54 . 2009-01-15 07:54
2009-01-15 07:43 . 2009-01-24 20:15 927,744 --a------ c:\windows\system32\rn.tmp
2009-01-13 22:50 . 2009-01-13 22:50 118 --a------ c:\windows\system32\MRT.INI
2009-01-10 08:32 . 2009-01-29 13:33
2009-01-10 02:20 . 2009-01-10 02:20 24 --a------ C:\sierra.inf
2009-01-10 01:31 . 2009-01-10 02:20
2009-01-08 00:54 . 2009-01-08 00:54
2009-01-07 20:16 . 2009-01-07 20:16 3,840 --a------ c:\windows\DellBIOS.Sys
2009-01-07 20:15 . 2005-07-08 14:19 666 --a------ c:\windows\speed.reg
2009-01-07 20:15 . 2009-01-07 20:15 5 --a------ c:\windows\system32\drivers\DELL_LAT_D800.MRK
2009-01-07 20:15 . 2009-01-07 20:15 5 --a------ c:\windows\system32\drivers\1028_DELL_LAT_D800.MRK
2009-01-07 20:13 . 2003-01-23 16:37 53,248 --a------ c:\windows\system32\DellSys.dll
2009-01-07 20:13 . 2003-01-23 16:37 17,217 --a------ c:\windows\system32\drivers\omci.sys
2009-01-07 12:49 . 2009-01-07 20:13
2009-01-07 11:51 . 2009-01-07 11:51
2009-01-07 11:49 . 2009-01-07 11:49
2009-01-07 11:47 . 2009-01-07 11:47
2009-01-06 02:02 . 2009-01-06 02:02 26,000 --a------ c:\windows\system32\E3TL.DLL
2009-01-06 01:59 . 2009-01-06 01:59
2009-01-06 01:59 . 2009-01-06 01:59
2009-01-06 01:58 . 2009-01-29 05:48
2009-01-06 01:25 . 2009-01-06 01:25 598 --a------ c:\windows\wininit.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 17:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 17:22 --------- d-----w c:\program files\Spyware Doctor
2009-02-06 15:43 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-06 13:26 --------- d-----w c:\program files\DivX
2009-02-06 01:19 --------- d-----w c:\program files\PokerStars
2009-01-30 23:56 --------- d-----w c:\program files\WebcamMax
2009-01-29 10:47 --------- d-----w c:\program files\Vuze
2009-01-29 10:47 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-01-27 01:08 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-25 15:42 --------- d-----w c:\documents and settings\Administrator\Application Data\Comodo
2009-01-25 05:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 01:10 --------- d-----w c:\program files\Broadcom
2009-01-07 17:48 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 07:13 --------- d-----w c:\program files\Apple Software Update
2009-01-06 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 06:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-04 06:10 --------- d-----w c:\documents and settings\Administrator\Application Data\NCH Software
2009-01-02 14:02 --------- d-----w c:\program files\Windows Resource Kits
2009-01-02 14:01 --------- d-----w c:\program files\AIMTunes
2009-01-02 06:28 --------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2008-12-29 04:44 --------- d-----w c:\program files\CCleaner
2008-12-28 15:39 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-23 04:34 --------- d-----w c:\program files\Opera
2008-12-22 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-22 08:30 --------- d-----w c:\program files\Bonjour
2008-12-22 08:29 --------- d-----w c:\program files\Common Files\Adobe
2008-12-22 08:04 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-22 03:23 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-12-22 03:14 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2008-12-22 00:32 --------- d-----w c:\program files\Common Files\PC Tools
2008-12-22 00:32 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2008-12-20 03:23 --------- d-----w c:\program files\GrandBilliards
2008-12-19 17:55 --------- d-----w c:\program files\Free 3GP Video Converter by Topviewsoft
2008-12-18 03:23 --------- d-----w c:\documents and settings\Administrator\Application Data\Orbit
2008-12-17 02:58 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
2008-12-17 02:50 13,584 ----a-w c:\windows\system32\drivers\iKeyLgFT.dll
2008-12-17 02:38 85,302 ----a-w c:\windows\system32\drivers\LVFeL002.cfg
2008-12-17 02:38 69,592 ----a-w c:\windows\system32\drivers\LVFaL000.cfg
2008-12-17 02:38 227,172 ----a-w c:\windows\system32\drivers\LVFeL000.cfg
2008-12-17 02:38 146,680 ----a-w c:\windows\system32\drivers\LVFeL001.cfg
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo1"= CSvidcap.dll
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-08-25 12:36 1168264 c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-12-20 07:50 2656528 c:\program files\Logitech\QuickCam\Fusion\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-10-26 12:01 4632576 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iVisit\\iVisit.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\programs\\3DUCPool\\coolpool.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-12-21 160792]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-07-20 941784]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-29 603904]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]
S2 gupdate1c9857dace9a06a;Google Update Service (gupdate1c9857dace9a06a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
S3 sassvc;ProgramCheckerPro;c:\program files\Zenturi\ProgramChecker\sassvc.exe [2006-02-15 122880]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-21 356920]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\system32\drivers\USB100M.SYS [2008-02-19 27519]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-02-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 15:36]
2009-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-02 16:30]
2009-02-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 16:31]
2009-02-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-03 08:41]
2009-01-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]
2009-02-05 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-07 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.programchecker.com/selectFileToScan.aspx?installed=true
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZKxdm102YYUS
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8psrfdq0.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8psrfdq0.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 12:26:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\cssdll32.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\cssdll32.dll
.
Completion time: 2009-02-06 12:28:56
ComboFix-quarantined-files.txt 2009-02-06 17:28:40
ComboFix2.txt 2009-02-06 15:37:28
Pre-Run: 4,735,635,456 bytes free
Post-Run: 4,717,260,800 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
231 --- E O F --- 2009-01-14 03:52:09
and the new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:36 PM, on 2/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.programchecker.com/selectFileToScan.aspx?installed=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O8 - Extra context menu item: &Search - ?p=ZKxdm102YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203448735820
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9857dace9a06a) (gupdate1c9857dace9a06a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7498 bytes
bamajim
10.4K Posts
0
February 6th, 2009 13:00
FooFighterGuy
How is your PC running at this point?
FooFighterGuy
5 Posts
0
February 6th, 2009 14:00
Actually it's running pretty good. The start up and shutdown process is faster and I have not gotten that message from Spyware Doctor about A0001125.EXE as of yet.
Unless you have anything else you want me to try, I'm thinking that your job is done :)
Thanks so much for all your help.
David