ComboFix 09-07-08.A0 - MaK 09/07/2009 19:38.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2401 [GMT 4:00]
Running from: c:\documents and settings\MaK\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MaK\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\version.txt
c:\windows\Installer\10b8385.msp
c:\windows\Installer\31c2bd4.msp
c:\windows\Installer\31c2bd5.msp
c:\windows\Installer\31c2bd6.msp
c:\windows\Installer\31c2bd7.msp
c:\windows\Installer\31c2bd8.msp
c:\windows\Installer\31c2bd9.msp
c:\windows\Installer\31c2bda.msp
c:\windows\Installer\31c2bdb.msp
c:\windows\Installer\31c2bdc.msp
c:\windows\Installer\73375d8.msp
c:\windows\Installer\73375d9.msp
c:\windows\Installer\73375da.msp
c:\windows\Installer\73375db.msp
c:\windows\Installer\73375dc.msp
c:\windows\Installer\73375dd.msp
c:\windows\Installer\73375de.msp
c:\windows\Installer\73375df.msp
c:\windows\Installer\73375e0.msp
c:\windows\Installer\7c6ea52.msp
c:\windows\Installer\7c6ea53.msp
c:\windows\Installer\7c6ea54.msp
c:\windows\Installer\7c6ea55.msp
c:\windows\Installer\7c6ea56.msp
c:\windows\Installer\7c6ea57.msp
c:\windows\Installer\7c6ea58.msp
c:\windows\Installer\7c6ea59.msp
c:\windows\Installer\7c6ea5a.msp
c:\windows\Installer\ac73f3.msp
c:\windows\Installer\d0698.msp
c:\windows\system32\Data
.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.
2009-06-26 07:16 . 2009-06-26 07:16 -------- d-----w- c:\program files\QuickTime
2009-06-23 00:10 . 2009-06-23 00:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2009-06-23 00:10 . 2009-05-21 21:29 2833072 -c--a-w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe
2009-06-23 00:07 . 2008-12-12 14:05 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-06-23 00:07 . 2008-12-12 14:05 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-06-23 00:06 . 2009-06-23 00:06 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-06-22 21:20 . 2009-06-22 21:20 -------- d-----w- c:\documents and settings\MaK\Local Settings\Application Data\Doom9
2009-06-22 21:17 . 2009-06-22 21:17 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-22 21:02 . 2009-06-23 15:26 -------- d-----w- c:\program files\megui
2009-06-22 19:24 . 2009-06-22 23:09 -------- d-----w- c:\program files\Yamb
2009-06-20 10:29 . 2009-06-20 11:06 245999472 ----a-w- c:\documents and settings\All Users\Application Data\Linksys\Linksys Updater\update\35A205B7-27AF-4DE7-98DC-156614EFC2DE\lela-3.11.9139.94.exe
2009-06-19 14:37 . 2009-06-19 14:37 -------- d-----w- c:\program files\LightScribe Template Labeler
2009-06-19 14:33 . 2009-06-19 14:33 -------- d-----w- c:\program files\LightScribe
2009-06-19 14:22 . 2009-06-19 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-06-19 13:59 . 2009-06-19 13:59 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-18 11:45 . 2009-06-18 11:45 152576 ----a-w- c:\documents and settings\MaK\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 23:16 . 2009-06-29 07:33 183984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-17 21:29 . 2009-06-17 21:29 -------- d-----w- c:\documents and settings\MaK\Local Settings\Application Data\Linksys_LLC_-_A_Division_
2009-06-17 21:28 . 2009-06-17 21:28 -------- d-----w- c:\program files\WebEx
2009-06-17 21:27 . 2009-06-17 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-06-17 21:26 . 2009-06-17 21:26 -------- d-----w- c:\program files\Common Files\Java
2009-06-17 21:24 . 2009-06-17 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-06-17 21:23 . 2009-06-23 00:08 -------- d-----w- c:\program files\Linksys
2009-06-16 17:50 . 2009-07-09 10:51 -------- d-----w- c:\documents and settings\MaK\Tracing
2009-06-16 17:44 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-16 17:44 . 2009-06-16 17:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-16 17:34 . 2009-06-16 17:34 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-16 16:55 . 2009-06-16 16:55 340500 ----a-w- c:\documents and settings\MaK\Application Data\Uniblue\DriverScanner\Download\pci_ven_10de_d ev_00355_10_2600_0521.exe
2009-06-16 16:46 . 2009-06-16 16:47 -------- d-----w- c:\program files\Intel
2009-06-16 16:46 . 2009-02-13 09:23 256640 ----a-w- c:\windows\system32\PROUnstl.exe
2009-06-16 15:51 . 2009-06-16 15:51 9896 ----a-w- c:\windows\system32\drivers\fiddrv.sys
2009-06-14 00:00 . 2009-06-14 00:01 -------- d-----w- c:\program files\Crawler
2009-06-12 19:55 . 2009-06-12 19:55 -------- d-----w- c:\documents and settings\MaK\Local Settings\Application Data\Yahoo
2009-06-12 19:54 . 2009-05-26 15:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-11 18:48 . 2009-06-11 18:48 -------- d-----w- c:\windows\ie8updates
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-09 15:44 . 2007-09-15 07:39 5489696 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-09 15:44 . 2007-09-15 07:39 104034592 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-09 14:55 . 2009-07-09 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-09 14:36 . 2007-08-15 14:32 -------- d-----w- c:\documents and settings\MaK\Application Data\Orbit
2009-07-09 14:35 . 2007-08-15 14:32 -------- d-----w- c:\program files\Orbitdownloader
2009-07-09 02:25 . 2007-08-15 14:33 -------- d-----w- c:\documents and settings\MaK\Application Data\uTorrent
2009-07-08 12:17 . 2007-09-15 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-29 07:34 . 2007-09-15 07:39 524912 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-29 07:34 . 2007-09-15 07:39 1402544 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-26 07:15 . 2006-03-11 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-23 00:02 . 2009-06-23 00:02 5 ----a-w- c:\program files\eula.txt
2009-06-22 23:21 . 2006-02-25 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-21 10:46 . 2006-07-01 18:18 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-18 11:48 . 2009-02-14 04:05 -------- d-----w- c:\program files\Java
2009-06-18 10:07 . 2006-02-25 20:31 82968 -c--a-w- c:\documents and settings\MaK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-17 21:24 . 2006-02-25 18:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 17:34 . 2009-04-11 13:39 -------- d-----w- c:\program files\Microsoft
2009-06-16 17:34 . 2007-10-06 11:39 -------- d-----w- c:\program files\Windows Live
2009-06-16 17:22 . 2009-06-07 23:11 -------- d-----w- c:\program files\RadarSync
2009-06-16 16:41 . 2008-12-30 20:52 -------- d-----w- c:\program files\Winamp
2009-06-15 12:03 . 2009-04-23 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 19:54 . 2007-03-25 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-12 11:08 . 2008-11-13 13:37 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-08 00:49 . 2009-01-23 21:09 -------- d-----w- c:\program files\Hotspot Shield
2009-06-07 22:22 . 2008-11-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-06-07 11:36 . 2009-04-17 05:15 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-06-07 11:36 . 2009-04-15 22:02 -------- d-----w- c:\program files\RegGenie
2009-06-01 18:13 . 2009-04-03 18:18 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-05-24 20:24 . 2008-05-26 18:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-20 21:17 . 2007-09-15 07:40 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 21:17 . 2007-09-15 07:40 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 18:58 . 2007-04-21 16:36 -------- d-----w- c:\program files\TVUPlayer
2009-05-19 23:39 . 2009-04-21 18:02 -------- d-----w- c:\program files\VS Revo Group
2009-05-17 20:41 . 2006-07-27 10:19 -------- d-----w- c:\program files\QuickSFV
2009-05-13 05:15 . 2007-07-22 11:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 19:19 . 2009-05-12 19:19 -------- d-----w- c:\documents and settings\MaK\Application Data\MXit
2009-05-12 19:19 . 2009-05-12 19:19 -------- d-----w- c:\program files\MXit
2009-05-12 17:08 . 2009-05-12 14:31 -------- d-----w- c:\documents and settings\MaK\Application Data\%#@_&^
2009-05-12 11:12 . 2006-02-28 03:59 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 22:14 . 2009-05-07 22:14 152576 ----a-w- c:\documents and settings\MaK\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2008-11-27 23:09 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 11:07 . 2009-06-07 22:25 2298680 ----a-w- c:\documents and settings\MaK\Application Data\Mozilla\Firefox\Profiles\hd5sp8kz.default\ext ensions\firefox@tvunetworks.com\plugins\npTVUAx.dl l
2009-04-23 16:22 . 2009-04-23 16:22 126 ----a-w- c:\documents and settings\MaK\Local Settings\Application Data\fusioncache.dat
2009-04-17 12:26 . 2008-11-27 23:09 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-11-27 23:09 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-25 01:41 . 2007-08-10 01:11 12592 ----a-w- c:\program files\mozilla firefox\plugins\libcomm.dll
2007-07-25 01:41 . 2007-08-10 01:11 37256 ----a-w- c:\program files\mozilla firefox\plugins\NanoInst.dll
2007-07-25 01:41 . 2007-08-10 01:11 43824 ----a-w- c:\program files\mozilla firefox\plugins\PSComm.dll
2007-07-25 01:41 . 2007-08-10 01:11 113456 ----a-w- c:\program files\mozilla firefox\plugins\PSNAdBrk.dll
.
------- Sigcheck -------
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\SDTemp\Download\146ae5e7b51a37f45e0e5cf 03d0d5e3c\SP2GDR\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\SDTemp\Download\146ae5e7b51a37f45e0e5cf 03d0d5e3c\SP2QFE\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2008-12-18 10:42 361600 A18B54F12E86B5F21266937E485E3DF5 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( SnapShot@2009-06-09_22.40.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-08 12:17 . 2009-07-08 12:17 16384 c:\windows\Temp\Perflib_Perfdata_374.dat
+ 2009-06-19 18:22 . 2007-01-29 15:13 27136 c:\windows\system32\spool\drivers\w32x86\3\atprint .dll
- 2007-09-10 10:02 . 2009-01-07 14:20 16928 c:\windows\system32\spmsg.dll
+ 2007-09-10 10:02 . 2009-05-12 11:12 16928 c:\windows\system32\spmsg.dll
+ 2009-02-06 14:52 . 2009-02-06 14:52 49504 c:\windows\system32\sirenacm.dll
+ 2009-06-10 05:53 . 2005-05-26 09:06 92800 c:\windows\system32\ReinstallBackups\0072\DriverFi les\nvata.sys
- 2009-06-07 23:39 . 2005-05-26 09:06 92800 c:\windows\system32\ReinstallBackups\0072\DriverFi les\nvata.sys
+ 2009-06-10 05:44 . 2005-05-26 09:06 92800 c:\windows\system32\ReinstallBackups\0061\DriverFi les\nvata.sys
+ 2009-06-10 05:53 . 2005-05-26 09:06 92800 c:\windows\system32\ReinstallBackups\0055\DriverFi les\nvata.sys
- 2009-06-07 23:39 . 2005-05-26 09:06 92800 c:\windows\system32\ReinstallBackups\0055\DriverFi les\nvata.sys
+ 2008-08-28 14:37 . 2008-08-28 14:37 41080 c:\windows\system32\NicInstG.dll
+ 2007-08-06 21:28 . 2007-08-06 21:28 28272 c:\windows\system32\NicCo2.dll
+ 2007-12-06 11:28 . 2009-06-23 00:02 88590 c:\windows\system32\Macromed\Flash\uninstall_activ eX.exe
+ 2007-07-22 11:14 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
- 2007-07-22 11:14 . 2009-03-08 00:33 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-23 00:07 . 2008-12-12 14:05 25264 c:\windows\system32\DRVSTORE\purendis_2BB5C0100CC7 696D211EF8B1803C647F3FC3AE04\purendis.sys
+ 2009-06-23 00:07 . 2008-12-12 14:05 23984 c:\windows\system32\DRVSTORE\pnarp_A922F7B3F866D33 4887D355D2A481D18B7F7B54E\pnarp.sys
+ 2009-01-22 13:06 . 2009-01-22 13:06 30816 c:\windows\system32\drivers\iqvw32.sys
+ 2008-05-02 06:58 . 2008-05-02 06:58 17536 c:\windows\system32\drivers\ccdcmb.sys
+ 2009-07-09 04:18 . 2008-05-02 06:58 17536 c:\windows\LastGood\System32\Drivers\ccdcmb.sys
+ 2008-07-29 17:07 . 2008-07-29 17:07 23040 c:\windows\Installer\232e50.msp
+ 2009-06-16 17:34 . 2009-06-16 17:34 62304 c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
+ 2009-06-16 16:46 . 2009-06-16 16:46 40960 c:\windows\Installer\{888019C0-54D4-40C2-9274-27B9DAB17017}\ARPPRODUCTICON.exe
+ 2009-06-16 17:36 . 2009-06-16 17:36 58945 c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
+ 2009-06-16 17:50 . 2009-06-16 17:50 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-06-11 18:48 . 2009-03-08 00:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-11 18:48 . 2009-03-08 00:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-06-19 18:22 . 2007-01-29 15:13 9440 c:\windows\system32\spool\drivers\w32x86\3\atpdrvn t.dll
+ 2009-06-17 21:24 . 2009-06-17 21:24 9662 c:\windows\Installer\{284BD984-6E5C-4586-80A8-14D85E233497}\ARPPRODUCTICON.exe
- 2009-06-07 23:39 . 2005-05-26 11:06 300032 c:\windows\system32\ReinstallBackups\0072\DriverFi les\idecoi.dll
+ 2009-06-10 05:53 . 2005-05-26 11:06 300032 c:\windows\system32\ReinstallBackups\0072\DriverFi les\idecoi.dll
+ 2009-06-10 05:44 . 2005-05-26 11:06 300032 c:\windows\system32\ReinstallBackups\0061\DriverFi les\idecoi.dll
+ 2009-06-10 05:53 . 2005-05-26 11:06 300032 c:\windows\system32\ReinstallBackups\0055\DriverFi les\idecoi.dll
- 2009-06-07 23:39 . 2005-05-26 11:06 300032 c:\windows\system32\ReinstallBackups\0055\DriverFi les\idecoi.dll
+ 2008-05-02 06:58 . 2008-05-02 06:58 148992 c:\windows\system32\nsesetup.dll
+ 2008-05-02 06:58 . 2008-05-02 06:58 733696 c:\windows\system32\nmwcdcocls.dll
+ 2006-04-07 07:07 . 2006-04-07 07:07 548864 c:\windows\system32\ncscrt8_p.dll
+ 2006-04-07 07:05 . 2006-04-07 07:05 622592 c:\windows\system32\ncscrt8.dll
+ 2009-03-06 09:54 . 2009-03-06 09:54 180224 c:\windows\system32\Ncs2Setp.dll
+ 2009-03-04 11:26 . 2009-03-04 11:26 141872 c:\windows\system32\ncs2instutility.dll
+ 2009-03-04 11:42 . 2009-03-04 11:42 760368 c:\windows\system32\ncs2dmix.dll
- 2009-05-07 22:15 . 2009-03-09 01:19 148888 c:\windows\system32\javaws.exe
+ 2009-03-09 01:19 . 2009-03-09 01:19 148888 c:\windows\system32\javaws.exe
+ 2009-03-09 01:19 . 2009-03-09 01:19 144792 c:\windows\system32\javaw.exe
- 2009-05-07 22:15 . 2009-03-09 01:19 144792 c:\windows\system32\javaw.exe
- 2009-05-07 22:15 . 2009-03-09 01:19 144792 c:\windows\system32\java.exe
+ 2009-06-18 11:46 . 2009-03-09 01:19 144792 c:\windows\system32\java.exe
+ 2007-07-22 11:18 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll
- 2007-07-22 11:18 . 2009-03-08 00:32 173056 c:\windows\system32\ie4uinit.exe
+ 2007-07-22 11:18 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-25 10:38 . 2009-06-18 10:06 324320 c:\windows\system32\FNTCACHE.DAT
+ 2007-12-14 09:06 . 2007-12-14 09:06 121440 c:\windows\system32\e1000msg.dll
+ 2008-08-20 11:18 . 2008-08-20 11:18 171152 c:\windows\system32\drivers\e1000325.sys
+ 2004-05-26 12:37 . 2004-05-26 12:37 719872 c:\windows\system32\devil.dll
+ 2007-10-06 11:41 . 2007-10-06 11:41 572928 c:\windows\system32\config\systemprofile\Local Settings\Application Data\WindowsLiveInstaller\MsiSources\Install_{CB5E A99C-8A5B-49F2-9A1A-2EF78BE4DB41}.msi
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\system32\avisynth.dll
+ 2009-03-04 11:41 . 2009-03-04 11:41 530992 c:\windows\system32\accesor.dll
+ 2008-11-28 18:57 . 2007-04-02 20:04 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-11-28 18:57 . 2007-04-02 20:04 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-04-17 07:23 . 2009-04-17 07:23 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-07-09 04:18 . 2008-05-02 06:58 148992 c:\windows\LastGood\System32\nsesetup.dll
+ 2009-07-09 04:18 . 2008-05-02 06:58 733696 c:\windows\LastGood\System32\nmwcdcocls.dll
+ 2009-06-17 20:34 . 2009-06-17 20:34 237568 c:\windows\j\183982208DeviceInfo.exe
+ 2008-06-11 10:02 . 2008-06-11 10:02 830464 c:\windows\Installer\e81e01a.msp
+ 2008-07-28 10:59 . 2008-07-28 10:59 180736 c:\windows\Installer\e81e006.msp
+ 2008-12-13 05:58 . 2008-12-13 05:58 754688 c:\windows\Installer\d9202.msp
+ 2007-02-16 07:42 . 2007-02-16 07:42 223232 c:\windows\Installer\bef48b.msp
+ 2006-06-13 06:12 . 2006-06-13 06:12 509440 c:\windows\Installer\94144e2.msp
+ 2009-06-23 00:10 . 2009-06-23 00:10 583680 c:\windows\Installer\8013be4.msi
+ 2008-07-29 17:23 . 2008-07-29 17:23 250880 c:\windows\Installer\232e59.msp
+ 2008-07-29 17:28 . 2008-07-29 17:28 278016 c:\windows\Installer\232e57.msp
+ 2008-07-29 15:40 . 2008-07-29 15:40 291840 c:\windows\Installer\232e55.msp
+ 2008-07-29 13:35 . 2008-07-29 13:35 553472 c:\windows\Installer\1c82e8.msp
+ 2008-07-29 13:33 . 2008-07-29 13:33 506368 c:\windows\Installer\1c82e6.msp
+ 2008-07-29 13:37 . 2008-07-29 13:37 911360 c:\windows\Installer\1c82e5.msp
+ 2009-06-19 13:59 . 2009-06-19 13:59 131072 c:\windows\Installer\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}\QuickDemoUrl_E9752251A5AD4678977047F D65566D18.exe
+ 2009-06-19 13:59 . 2009-06-19 13:59 323584 c:\windows\Installer\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}\NewShortcut2_C673DF680CDE41FC9DFBF63 D31DE4F28.exe
+ 2009-06-19 13:59 . 2009-06-19 13:59 339968 c:\windows\Installer\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}\NewShortcut1_FE82206EF6124B479F4EDD2 7A1E056A4.exe
+ 2009-06-19 13:59 . 2009-06-19 13:59 323584 c:\windows\Installer\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}\NewShortcut1_C673DF680CDE41FC9DFBF63 D31DE4F28.exe
+ 2009-06-19 13:59 . 2009-06-19 13:59 131072 c:\windows\Installer\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}\LightScribeWebsite_9607541794D946E89 D5752F753E35CC4.exe
+ 2009-06-19 13:59 . 2009-06-19 13:59 281894 c:\windows\Installer\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}\ARPPRODUCTICON.exe
+ 2009-06-19 14:33 . 2009-06-19 14:33 323584 c:\windows\Installer\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}\LS_SLW_SHORTCUT_F5B0142B17F14684B6AC 6E79EF0C9EFE.exe
+ 2009-06-19 14:33 . 2009-06-19 14:33 281894 c:\windows\Installer\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}\ARPPRODUCTICON.exe
+ 2009-06-19 14:37 . 2009-06-19 14:37 323584 c:\windows\Installer\{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}\NewShortcut1_3BC5BC30773746439FA3047 F389574CE.exe
+ 2009-06-19 14:37 . 2009-06-19 14:37 281894 c:\windows\Installer\{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}\ARPPRODUCTICON.exe
+ 2009-01-18 12:05 . 2009-01-18 12:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA 7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-06-11 18:48 . 2009-03-08 00:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-11 18:48 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-11 18:48 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-11 18:48 . 2009-03-08 00:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-11 18:48 . 2009-03-08 10:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-11 18:48 . 2009-03-08 00:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2008-05-02 06:59 . 2008-05-02 06:59 1419232 c:\windows\system32\wdfcoinstaller01005.dll
+ 2007-07-22 11:16 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll
+ 2009-03-04 11:17 . 2009-03-04 11:17 1522224 c:\windows\system32\ncscolib.dll
+ 2007-07-22 11:15 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll
- 2007-07-22 11:18 . 2009-03-08 00:32 1985024 c:\windows\system32\iertutil.dll
+ 2007-07-22 11:18 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll
+ 2008-11-28 18:58 . 2007-01-01 14:44 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-11-28 18:57 . 2007-04-02 20:12 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 08:08 . 2007-05-25 08:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\M928366\M928366Uninstall.msp
+ 2007-01-18 14:14 . 2007-01-18 14:14 3463680 c:\windows\Microsoft.NET\Framework\v1.0.3705\Updat es\M928367\M928367Uninstall.msp
+ 2009-07-09 04:18 . 2008-05-02 06:59 1419232 c:\windows\LastGood\System32\wdfcoinstaller01005.d ll
+ 2005-10-26 10:59 . 2005-10-26 10:59 2883072 c:\windows\Installer\e81e0d5.msp
+ 2008-10-22 18:43 . 2008-10-22 18:43 6820352 c:\windows\Installer\e81e0c0.msp
+ 2008-10-22 18:48 . 2008-10-22 18:48 7672832 c:\windows\Installer\e81e096.msp
+ 2008-01-14 12:53 . 2008-01-14 12:53 5213696 c:\windows\Installer\e81e06c.msp
+ 2008-10-25 05:15 . 2008-10-25 05:15 6227456 c:\windows\Installer\e81e058.msp
+ 2008-07-08 07:27 . 2008-07-08 07:27 8436736 c:\windows\Installer\e81e02f.msp
+ 2008-12-13 05:57 . 2008-12-13 05:57 8397824 c:\windows\Installer\d91ed.msp
+ 2009-06-17 21:07 . 2009-06-17 21:07 6653952 c:\windows\Installer\cdceea.msp
+ 2008-06-19 14:28 . 2008-06-19 14:28 1573376 c:\windows\Installer\cdcc533.msp
+ 2007-07-21 09:26 . 2007-07-21 09:26 7574016 c:\windows\Installer\cdcc507.msp
+ 2008-10-20 06:18 . 2008-10-20 06:18 6474240 c:\windows\Installer\cdcc500.msp
+ 2006-04-06 02:58 . 2006-04-06 02:58 5216768 c:\windows\Installer\985e768.msp
+ 2006-06-06 02:39 . 2006-06-06 02:39 5241344 c:\windows\Installer\97362.msp
+ 2009-04-21 17:33 . 2009-04-21 17:33 6743040 c:\windows\Installer\90110d.msp
+ 2009-06-23 00:07 . 2009-06-23 00:07 2747392 c:\windows\Installer\80136ab.msi
+ 2006-07-03 03:48 . 2006-07-03 03:48 5236224 c:\windows\Installer\74a0a86.msp
+ 2006-07-17 09:11 . 2006-07-17 09:11 4578816 c:\windows\Installer\74a0a71.msp
+ 2006-03-09 15:04 . 2006-03-09 15:04 5192192 c:\windows\Installer\6f50898.msp
+ 2007-04-25 07:14 . 2007-04-25 07:14 9828864 c:\windows\Installer\6be5faa.msp
+ 2007-04-25 07:09 . 2007-04-25 07:09 9944064 c:\windows\Installer\6be5f94.msp
+ 2007-04-25 07:10 . 2007-04-25 07:10 6835712 c:\windows\Installer\6be5f7e.msp
+ 2007-06-05 06:48 . 2007-06-05 06:48 9944064 c:\windows\Installer\6857ab15.msp
+ 2006-05-18 02:14 . 2006-05-18 02:14 8384512 c:\windows\Installer\534ace38.msp
+ 2006-05-08 04:11 . 2006-05-08 04:11 5230592 c:\windows\Installer\534ace22.msp
+ 2007-01-24 05:05 . 2007-01-24 05:05 5228544 c:\windows\Installer\53008.msp
+ 2006-12-19 07:42 . 2006-12-19 07:42 6649856 c:\windows\Installer\52fdd.msp
+ 2007-01-19 02:46 . 2007-01-19 02:46 6814208 c:\windows\Installer\52fc8.msp
+ 2006-12-18 03:48 . 2006-12-18 03:48 5444096 c:\windows\Installer\52fb2.msp
+ 2007-01-23 23:48 . 2007-01-23 23:48 9804800 c:\windows\Installer\52f9b.msp
+ 2007-01-10 02:05 . 2007-01-10 02:05 9921024 c:\windows\Installer\52f85.msp
+ 2006-11-20 08:37 . 2006-11-20 08:37 6553088 c:\windows\Installer\52f5b.msp
+ 2006-02-03 09:00 . 2006-02-03 09:00 9357824 c:\windows\Installer\4d798c0.msp
+ 2006-02-13 08:55 . 2006-02-13 08:55 5173248 c:\windows\Installer\4d798a6.msp
+ 2006-02-08 01:46 . 2006-02-08 01:46 8483328 c:\windows\Installer\4d79890.msp
+ 2009-01-14 23:35 . 2009-01-14 23:35 4830720 c:\windows\Installer\4d43f576.msp
+ 2006-10-12 02:50 . 2006-10-12 02:50 1091584 c:\windows\Installer\3fb9b0e.msp
+ 2006-10-06 07:15 . 2006-10-06 07:15 5185024 c:\windows\Installer\3fb9afe.msp
+ 2006-08-09 13:49 . 2006-08-09 13:49 5228544 c:\windows\Installer\2f15ddb8.msp
+ 2006-08-15 14:36 . 2006-08-15 14:36 5206528 c:\windows\Installer\2f15dda3.msp
+ 2007-07-23 08:40 . 2007-07-23 08:40 9945600 c:\windows\Installer\2baae9.msp
+ 2007-05-22 01:46 . 2007-05-22 01:46 6108672 c:\windows\Installer\2baabe.msp
+ 2006-01-10 06:46 . 2006-01-10 06:46 5260288 c:\windows\Installer\26cdb35.msp
+ 2006-01-04 09:18 . 2006-01-04 09:18 4008448 c:\windows\Installer\26cdb1e.msp
+ 2005-11-21 15:53 . 2005-11-21 15:53 9243648 c:\windows\Installer\26cdb1d.msp
+ 2008-07-29 15:26 . 2008-07-29 15:26 1043456 c:\windows\Installer\232e58.msp
+ 2008-07-29 16:37 . 2008-07-29 16:37 2679808 c:\windows\Installer\232e56.msp
+ 2008-07-29 17:15 . 2008-07-29 17:15 3697664 c:\windows\Installer\232e54.msp
+ 2008-07-29 15:34 . 2008-07-29 15:34 1448448 c:\windows\Installer\232e53.msp
+ 2008-07-29 16:22 . 2008-07-29 16:22 4137984 c:\windows\Installer\232e52.msp
+ 2008-07-29 15:18 . 2008-07-29 15:18 3376640 c:\windows\Installer\232e51.msp
+ 2008-10-05 00:12 . 2008-10-05 00:12 4784128 c:\windows\Installer\1d7c12.msp
+ 2008-07-29 13:45 . 2008-07-29 13:45 2543616 c:\windows\Installer\1c82ec.msp
+ 2008-07-29 13:29 . 2008-07-29 13:29 2926080 c:\windows\Installer\1c82eb.msp
+ 2008-07-29 13:41 . 2008-07-29 13:41 6487040 c:\windows\Installer\1c82ea.msp
+ 2008-07-29 13:39 . 2008-07-29 13:39 3403264 c:\windows\Installer\1c82e9.msp
+ 2008-07-29 13:43 . 2008-07-29 13:43 1013248 c:\windows\Installer\1c82e7.msp
+ 2008-07-29 13:31 . 2008-07-29 13:31 6083072 c:\windows\Installer\1c82e4.msp
+ 2006-09-19 08:13 . 2006-09-19 08:13 8272896 c:\windows\Installer\19303865.msp
+ 2006-09-06 07:53 . 2006-09-06 07:53 5175808 c:\windows\Installer\1930384f.msp
+ 2006-09-11 04:19 . 2006-09-11 04:19 6253056 c:\windows\Installer\19303806.msp
+ 2009-05-14 19:54 . 2009-05-14 19:54 2150400 c:\windows\Installer\13acc5e1.msp
+ 2009-06-26 07:16 . 2009-06-26 07:16 8992256 c:\windows\Installer\10df362c.msi
+ 2008-12-18 12:48 . 2008-12-18 12:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA 7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-06-11 18:48 . 2009-03-08 00:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-11 18:48 . 2009-03-08 00:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-11 18:48 . 2009-03-08 00:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2007-07-22 11:31 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
+ 2007-07-22 11:18 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll
+ 2007-10-06 11:43 . 2007-10-06 11:43 17160704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\WindowsLiveInstaller\MsiSources\Install_{508C E775-4BA4-4748-82DF-FE28DA9F03B0}.msi
+ 2006-10-30 00:05 . 2006-10-30 00:05 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.ms i
+ 2007-02-26 15:59 . 2007-01-19 05:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2006-11-08 19:14 . 2006-10-24 03:10 16509440 c:\windows\Installer\MSN Messenger 8.1.0106\MsnMsgs.Msi
+ 2006-09-02 19:02 . 2006-07-29 12:38 15524352 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2006-06-30 00:17 . 2006-06-16 07:01 15433728 c:\windows\Installer\MSN Messenger 8.0.0792\MsnMsgs.Msi
+ 2008-07-30 04:50 . 2008-07-30 04:50 12506112 c:\windows\Installer\e81e0ab.msp
+ 2008-06-04 09:29 . 2008-06-04 09:29 16905728 c:\windows\Installer\e81e081.msp
+ 2008-01-14 11:24 . 2008-01-14 11:24 10721280 c:\windows\Installer\e81e043.msp
+ 2008-12-13 06:21 . 2008-12-13 06:21 10473472 c:\windows\Installer\d91f7.msp
+ 2008-10-20 06:22 . 2008-10-20 06:22 11758592 c:\windows\Installer\cdcc543.msp
+ 2008-08-11 07:51 . 2008-08-11 07:51 15916544 c:\windows\Installer\cdcc53b.msp
+ 2008-08-11 07:49 . 2008-08-11 07:49 22457344 c:\windows\Installer\cdcc52a.msp
+ 2008-09-24 08:05 . 2008-09-24 08:05 16381440 c:\windows\Installer\cdcc522.msp
+ 2007-10-14 19:33 . 2007-10-14 19:33 26646016 c:\windows\Installer\cdcc51b.msp
+ 2006-06-28 01:48 . 2006-06-28 01:48 14463488 c:\windows\Installer\97378.msp
+ 2006-06-20 03:07 . 2006-06-20 03:07 12292096 c:\windows\Installer\94144cb.msp
+ 2007-05-01 01:29 . 2007-05-01 01:29 10994688 c:\windows\Installer\6be5fc5.msp
+ 2007-07-11 07:18 . 2007-07-11 07:18 15256576 c:\windows\Installer\6857ab00.msp
+ 2006-05-16 14:43 . 2006-05-16 14:43 13711872 c:\windows\Installer\534ace4e.msp
+ 2007-01-18 06:29 . 2007-01-18 06:29 10978816 c:\windows\Installer\52ff3.msp
+ 2006-07-18 07:02 . 2006-07-18 07:02 12290560 c:\windows\Installer\425cc15.msp
+ 2005-08-08 10:22 . 2005-08-08 10:22 48783360 c:\windows\Installer\41433f.msp
+ 2004-07-07 20:23 . 2004-07-07 20:23 18643968 c:\windows\Installer\41428b.msp
+ 2009-04-17 06:05 . 2009-04-17 06:05 10723328 c:\windows\Installer\25ec65.msp
+ 2006-09-27 06:28 . 2006-09-27 06:28 10256384 c:\windows\Installer\1930383a.msp
+ 2006-09-19 03:23 . 2006-09-19 03:23 12292096 c:\windows\Installer\19303824.msp
+ 2006-09-12 08:59 . 2006-09-12 08:59 14482944 c:\windows\Installer\193037f0.msp
+ 2006-09-12 14:44 . 2006-09-12 14:44 13737984 c:\windows\Installer\193037da.msp
+ 2007-03-01 20:37 . 2007-03-01 20:37 19210240 c:\windows\Installer\105ec2.msp
+ 2009-02-27 12:37 . 2009-02-27 12:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA 7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
+ 2009-06-11 18:48 . 2009-03-08 00:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
+ 2007-07-27 05:03 . 2007-07-27 05:03 119977472 c:\windows\Installer\4143cc.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-11 00:20 218160 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-08 288048]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2009-04-06 81920]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RegGenie v2.0"="c:\program files\RegGenie\RegGenieOnReboot.exe" [2009-04-06 374808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-04-06 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2009-04-06 479232]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-11-06 81920]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 437008]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"muBlinder"="c:\mublinder\muBlinder.exe" [2009-04-01 1464320]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.e xe" [2004-08-03 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" - c:\windows\system32\MIDIDEF.EXE [2008-06-27 28672]
"IE7-10"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Service for CDROM Access"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"54545:TCP"= 54545:TCP:Ar
"54545:UDP"= 54545:UDP:Ar2
"38010:TCP"= 38010:TCP:uT
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/04/2009 09:30 PM 64160]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [07/10/2008 08:31 PM 61424]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [01/06/2009 10:13 PM 331312]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [13/11/2008 11:43 PM 204800]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 10:58 AM 24344]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [28/12/2007 09:33 PM 12032]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUS HWIO.SYS [25/02/2006 09:37 PM 5824]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [22/12/2008 03:20 PM 446976]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [28/01/2008 04:16 PM 20608]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\driv ers\COMMONFX.sys [27/06/2008 07:21 PM 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMM ONFX.sys [27/06/2008 07:21 PM 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\driver s\CTAUDFX.sys [27/06/2008 07:21 PM 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDF X.sys [27/06/2008 07:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\driv ers\CTERFXFX.sys [27/06/2008 07:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTER FXFX.sys [27/06/2008 07:21 PM 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\driver s\CTSBLFX.sys [27/06/2008 07:21 PM 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLF X.sys [27/06/2008 07:21 PM 566296]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [21/03/2002 05:14 AM 21376]
S3 DVT_CSDriver;DVT_CSDriver;\??\c:\docume~1\MaK\LOCA LS~1\Temp\Dep1.tmp\DVT_CSDriver.sys --> c:\docume~1\MaK\LOCALS~1\Temp\Dep1.tmp\DVT_CSDrive r.sys [?]
S3 fiddrv;fiddrv;c:\windows\system32\drivers\fiddrv.s ys [16/06/2009 07:51 PM 9896]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [01/06/2009 10:58 PM 34352]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17fil t.sys [20/03/2006 06:34 PM 1452032]
S3 TUSB1150;WL635USB WLAN USB Adapter;c:\windows\system32\drivers\TUSB1150.sys [25/03/2006 12:45 PM 494848]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.s ys [24/08/2006 01:44 AM 477696]
S3 ZD1211BU(WIFI LINK);WIFI LINK IEEE 802.11 b+g Wireless LAN Driver (USB)(WIFI LINK);c:\windows\system32\drivers\ZD1211BU.sys [24/08/2006 01:44 AM 477696]
--- Other Services/Drivers In Memory ---
*Deregistered* - project
*Deregistered* - symlcbrd
*Deregistered* - uphcleanhlp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:34]
2009-07-09 c:\windows\Tasks\User_Feed_Synchronization-{FA8EE9B5-41C6-4D52-85BF-93EE9EF64EFB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\MaK\Application Data\Mozilla\Firefox\Profiles\hd5sp8kz.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\MaK\Application Data\Mozilla\Firefox\Profiles\hd5sp8kz.default\ext ensions\firefox@tvunetworks.com\plugins\npTVUAx.dl l
FF - plugin: c:\documents and settings\MaK\Application Data\Mozilla\Firefox\Profiles\hd5sp8kz.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbabelgum.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-09 19:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet016\Services\{ FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="DA31026FC7E5AA6E 612532BEA2B182C4A1AA5163E51EBBB609C163CCD892EDAA0D B714BD59FE1BFDC1C35DDE2588CA634DB6FE5F73B45BCB27BC 3B2A5C3C34E4AC2475A60F583F9BFC448A8ADE2FB9BF2BFEBC 9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E 127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC49 80AC7933A9C6AECB7A5D1407A2D97226D213B555A6A0AC4980 AC7933548770E2ABC46434A78E249A82CFE16E24CCA0823E9E C4BB2EDC4A42E3B3656EB6BE2B23615C0BA299BBC31A77FE82 F014976E1B30B7496F3717D3C966444700825669E7D8BE1EF2 796B06A755ABFB7754DB06BBEAD90DD844DBF9C53087F292B8 EE6D0DA1644DB1C43C3685FB5D598089D2D72A3BB7168AB723 F72322FD05EE9DD85CC1C83C6FF9C1FC8148CA0F479E186B3D 7E777A09AE3997ED1E1F9DBC71381FBE8AE5297F807AB37C59 27AE1BFA2AC67128F23EB380B395614A0F4F818CD57C843E0F 7F998A3B169A737CA04BCEAEB893688A910651D6313A8F5DEE 5BC4065FFB8863890172959338A9373BF16A58CCA6D51B7A14 8416B0C4A7794EF6B41DEBDBE902071A275ECC145FCAC94D30 1B3F925809701413270F3122D7332588B2F83E368F28F0A92E 134E4EA98A4219B203A2AF39DDE38785F994DFEF55DA022413 1F15B5133290E3F1EF8150B1D6301E3B856C1825820471D366 99BC63B0F491786102A0E22F079E2661DB3B6536131D44CFF4 9298143C6DB38359BDFC644C5D9F4A4C0024DE4B451DF211EC 422FF53829F7039C8160F8C064AC7E77375605B02C01988ADA DA2F807E55A9E955B3A038ADDAA3AC1B5315766486BAF11B8B 3079FB95DE76FAE018BC212084BB22DBEC2BC5B53A3D157C82 5DE41816B7A6AD72649EF86A82705203AA92CCCEF09F614C64 9A2D7ACB14904409CECF6AD84A870768D67FDA6E9736FA4213 3A901B3A2540790CC96FDD30667351BA7BE6E96A8B39BB9C63 A3FE44B5243916AA20CF4FA7E0C329F3F677757A3C5077520E 0061CFEADC1B418EFBB99E338F45442D2832125962387EC2A3 64EC5D6588E9B7B9FA0A910AB19BB433B464F484FC12B5422B 2DE837349AD772EE822EB3A3418C35F89AB548F4D78775E29A C59DCD028FBFF3E9E168C85F9174FEA014A133B78C969080F6 DE2BBDCA9664FB18A47CE662C5BB5AAD5F57C99B42F0D50DDC 56100B84E95F835A51FB94EF51E773A68077ADFE26B4C5CB76 B8797613CF29525F752E2CA203A20C94A352DD33DDF07408CC BF19C8D33A1FEF6F002EAA640C3554F271BBCBD6AC855A2BC4 C08606BF23F1E6BE44B1B72E0FC015D80D700AED7DEFF8A268 69EB1022BAE9FCFCBF29A00CD326A2B65C03D7969AB503B90E 5D1BE6A15CE4E7F6F64CFBFE9FE3FBC335EA4C7453392CBDFB 0572E2BF4FDEA59EF4EE8AD4AEF7DE51"
[HKEY_LOCAL_MACHINE\System\ControlSet016\Enum\HID\V id_1532&Pid_000c&MI_00\7&346f3358&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1532)
c:\windows\system32\klogon.dll
.
Completion time: 2009-07-09 19:46
ComboFix-quarantined-files.txt 2009-07-09 15:46
ComboFix2.txt 2009-06-09 22:50
Pre-Run: 3,539,062,784 bytes free
Post-Run: 4,102,737,920 bytes free
Current=16 Default=16 Failed=15 LastKnownGood=17 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
549 --- E O F --- 2009-06-17 10:33
at the right, and the scan will start.
Originally Posted by broni 
...Here are the logs