Forum Home
Press F1
Thread ID: 92701	2008-08-19 07:38:00	Browser Hijacked	Blam (54)	Press F1

Post ID	Timestamp	Content	User
698680	2008-08-24 21:19:00	BTW after runnign ComboFix explorer.exe sometimes randomly restarts, is that normal? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:34, on 2008-08-25 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\ThpSrv.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\Pixart\Pac7311\Monitor.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe C:\Program Files\full phat\Snarl\snarl.exe C:\Program Files\Executor\Executor.exe C:\Program Files\UnHackMe\hackmon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Users\12189\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\WordWeb.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\FirstClass\fcc32.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe D:\Documents\Home Folder\My Software\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = dotnetwizard.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = skcproxy R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 67.159.31.4:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000030.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [Snarl] "C:\Program Files\full phat\Snarl\snarl.exe" O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: iReboot 1.1.0.lnk = NeoSmart Technologies\iReboot\iReboot.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = student.sk.edu O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Update Service (gupdate1c88e2ea271caa6) (gupdate1c88e2ea271caa6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iReboot Background Service (iReboot) - Unknown owner - C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: PVM Service - Unknown owner - C:\Program Files\RingThree\bin\pvmservice.exe O23 - Service: roclient - Unknown owner - C:\Program Files\RemoteObserverClient\roclient.exe (file missing) O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\PMM\WDC.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 11952 bytes	Blam (54)
698681	2008-08-24 23:01:00	Just this driver to remove and your all done . Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: Driver:: npf Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall . Altering this script in any way could damage your computer*	Pancake (6359)
698682	2008-08-25 06:15:00	ComboFix 08-08-23 . 03 - 12189 2008-08-25 10:45:11 . 3 - NTFSx86 Microsoft® Windows Vista™ Business 6 . 0 . 6000 . 0 . 1252 . 1 . 1033 . 18 . 807 [GMT 12:00] Running from: D:\Settings\Desktop\ComboFix . exe Command switches used :: D:\Settings\Desktop\CFScript . txt . ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))) . 2008-08-24 20:11 . 2008-08-24 20:11 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-24 20:10 . 2008-08-24 20:10 <DIR> d-------- C:\Program Files\iTunes 2008-08-24 20:10 . 2008-08-24 20:10 <DIR> d-------- C:\Program Files\iPod 2008-08-23 22:57 . 2008-08-23 22:57 <DIR> dr-hs---- C:\desktop . ini 2008-08-23 22:57 . 2008-08-23 22:57 <DIR> dr-hs---- C:\comment . htt 2008-08-23 22:57 . 2008-08-23 22:57 <DIR> d-------- C:\AUTORUN . INF . del 2008-08-23 22:56 . 2008-08-23 22:56 28,672 --a------ C:\Windows\System32\Partizan . exe 2008-08-23 22:52 . 2008-08-23 22:52 <DIR> d-------- C:\Program Files\UnHackMe 2008-08-23 22:52 . 2005-04-03 15:02 8,944 --a------ C:\Windows\System32\drivers\UnHackMeDrv . sys 2008-08-22 08:30 . 2008-08-22 08:30 678,408 --a------ C:\Windows\System32\gpprefcl . dll 2008-08-22 08:29 . 2008-08-22 08:29 <DIR> d-------- C:\Program Files\WMV9_VCM 2008-08-22 08:27 . 2008-08-22 08:27 <DIR> d-------- C:\Program Files\Xara 2008-08-22 08:27 . 2008-08-22 08:27 <DIR> d-------- C:\Program Files\Common Files\Xara 2008-08-21 22:52 . 2008-08-22 08:42 <DIR> d-------- C:\Users\All Users\ESET 2008-08-21 22:52 . 2008-08-22 08:42 <DIR> d-------- C:\ProgramData\ESET 2008-08-21 19:28 . 2008-08-21 19:28 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-08-20 17:43 . 2008-08-20 17:44 <DIR> d-------- C:\Program Files\Edraw Max 2008-08-20 13:22 . 2008-08-20 13:22 1,743,704 --a------ C:\Windows\System32\wuaueng . dll 2008-08-20 13:22 . 2008-08-20 13:22 1,524,224 --a------ C:\Windows\System32\wucltux . dll 2008-08-20 13:22 . 2008-08-20 13:22 556,376 --a------ C:\Windows\System32\wuapi . dll 2008-08-20 13:22 . 2008-08-20 13:22 83,456 --a------ C:\Windows\System32\wudriver . dll 2008-08-20 13:22 . 2008-08-20 13:22 53,592 --a------ C:\Windows\System32\wuauclt . exe 2008-08-20 13:22 . 2008-08-20 13:22 44,888 --a------ C:\Windows\System32\wups2 . dll 2008-08-20 13:22 . 2008-08-20 13:22 36,184 --a------ C:\Windows\System32\wups . dll 2008-08-20 13:21 . 2008-08-20 13:21 163,392 --a------ C:\Windows\System32\wuwebv . dll 2008-08-20 13:21 . 2008-08-20 13:21 31,232 --a------ C:\Windows\System32\wuapp . exe 2008-08-19 13:37 . 2008-08-19 13:37 <DIR> d-------- C:\Program Files\Executor 2008-08-18 18:19 . 2008-08-18 18:19 <DIR> d-------- C:\Program Files\Blue Onion Software 2008-08-18 18:08 . 2008-08-18 18:08 19,326,464 --a------ C:\Windows\System32\imageres . dll 2008-08-18 18:07 . 2007-06-05 11:26 567,040 --a------ C:\Windows\System32\wbocx . ocx 2008-08-18 18:07 . 2007-06-05 11:26 56,496 --a------ C:\Windows\System32\wbhelp2 . dll 2008-08-18 12:59 . 2008-08-18 17:44 <DIR> d-------- C:\Program Files\MediaPortal 2008-08-18 10:03 . 2008-08-18 10:07 <DIR> d-------- C:\Program Files\Circle Dock 0 . 9 . 1 2008-08-17 22:24 . 2008-08-17 22:25 <DIR> d-------- C:\Program Files\Rock Legend 2008-08-16 22:25 . 2008-08-16 22:25 75 -r-hs---- C:\Windows\CT4MET . BIN 2008-08-16 22:24 . 2008-08-16 22:24 <DIR> d-------- C:\Program Files\Reallusion 2008-08-16 22:24 . 2008-08-16 22:24 <DIR> d-------- C:\Program Files\Common Files\Reallusion 2008-08-15 21:14 . 2008-08-22 11:36 327,680 --a------ C:\Windows\SPInstall . etl 2008-08-13 22:10 . 2008-08-13 22:10 <DIR> d-------- C:\Program Files\Microsoft Virtual PC 2008-08-13 20:48 . 2008-08-13 20:48 <DIR> d-------- C:\Program Files\Runtime Software 2008-08-13 20:30 . 2008-08-13 20:30 <DIR> d-------- C:\Program Files\EyeDefender 2008-08-13 20:23 . 2008-08-13 20:23 720,896 --a------ C:\Windows\iun6002 . exe 2008-08-13 20:12 . 2008-08-13 20:12 <DIR> d-------- C:\Program Files\Transcend Utility 2008-08-12 10:16 . 2008-08-12 10:16 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_0 1005 . Wdf 2008-08-10 16:44 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy . sys 2008-08-10 10:24 . 2008-08-10 10:24 <DIR> d-------- C:\Program Files\Realore 2008-08-09 14:46 . 2008-08-09 14:46 <DIR> dr------- C:\Users\12189\Documents 2008-08-09 14:42 . 2008-08-09 14:42 <DIR> d-------- C:\Users\All Users\Adobe 2008-08-09 14:39 . 2007-12-11 01:05 554,240 --a------ C:\Windows\System32\drivers\mod7700 . sys 2008-08-09 14:39 . 2006-06-29 16:49 53,248 --a------ C:\Windows\System32\ModrcCoInstall . dll 2008-08-09 14:39 . 2007-10-19 14:32 13,824 --a------ C:\Windows\System32\drivers\modrc . sys 2008-08-09 14:32 . 2008-08-09 14:32 <DIR> d-------- C:\Program Files\MSXML 4 . 0 2008-08-09 14:30 . 2003-03-19 05:28 2,179,072 --------- C:\Windows\System32\mfc71d . dll 2008-08-09 14:30 . 2003-03-19 04:04 765,952 --------- C:\Windows\System32\msvcp71d . dll 2008-08-09 14:30 . 2002-01-05 20:16 737,280 --------- C:\Windows\System32\msvcp70d . dll 2008-08-09 14:30 . 2003-03-19 04:03 544,768 --------- C:\Windows\System32\msvcr71d . dll 2008-08-09 14:30 . 2002-01-05 20:16 536,576 --------- C:\Windows\System32\msvcr70d . dll 2008-08-09 14:30 . 2004-07-23 08:00 446,464 --------- C:\Windows\System32\HHActiveX . dll 2008-08-09 14:30 . 2004-06-03 11:47 385,100 --------- C:\Windows\System32\MSVCRTD . DLL 2008-08-08 17:48 . 2008-08-14 19:56 <DIR> d-------- C:\Lyrics 2008-08-08 17:47 . 2008-08-08 17:47 <DIR> d-------- C:\Program Files\Minilyrics 2008-08-07 23:17 . 2008-08-07 23:17 <DIR> d-------- C:\Program Files\RealVNC 2008-08-07 10:49 . 2008-08-07 10:49 4,096,054 --a------ C:\Windows\BGInfo . bmp 2008-08-06 21:58 . 2008-08-06 21:58 <DIR> d-------- C:\Program Files\Syncplicity 2008-08-06 21:31 . 2008-08-06 21:31 <DIR> d-------- C:\Users\image\AppData\Roaming\Desktop3D 2008-08-06 19:58 . 2008-08-09 12:57 <DIR> d-------- C:\Program Files\Magicboss 2008-08-06 19:58 . 2008-08-06 21:30 120 --a------ C:\Windows\mgboss_reg . ini 2008-08-06 18:01 . 2008-08-06 18:01 <DIR> d-------- C:\Program Files\RingThree 2008-08-06 12:01 . 2008-08-06 12:01 <DIR> d-------- C:\Program Files\vLite 2008-08-05 22:52 . 2008-08-05 22:52 717,296 --a------ C:\Windows\System32\drivers\sptd . sys 2008-08-05 22:50 . 2008-08-05 22:50 <DIR> d-------- C:\Program Files\Give Away Of The Day 2008-08-05 22:50 . 2008-06-27 12:31 93,544 --a------ C:\Windows\System32\drivers\StarPortLite . sys 2008-08-05 19:23 . 2008-08-05 19:23 <DIR> dr------- C:\Program Files\Aston2 Menu 2008-08-04 21:13 . 2008-08-04 21:13 <DIR> d-------- C:\Program Files\Your Freedom 2008-08-03 20:23 . 2008-08-03 20:23 <DIR> d-------- C:\Program Files\Gambana 2008-08-03 18:33 . 2008-08-03 18:33 <DIR> d-------- C:\Program Files\StickMen Screen Saver 2008-08-02 23:35 . 2008-08-02 23:35 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services 2008-08-02 23:35 . 2008-08-02 23:35 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-08-02 23:34 . 2008-08-02 23:34 <DIR> d-------- C:\Windows\System32\Visual Studio 2008Templates 2008-08-02 23:34 . 2008-08-02 23:34 <DIR> d-------- C:\Windows\System32\Visual Studio 2008 2008-08-02 23:32 . 2008-08-02 23:35 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9 . 0 2008-08-02 23:31 . 2008-08-02 23:31 <DIR> d-------- C:\Program Files\Microsoft SDKs 2008-08-02 19:35 . 2008-08-02 19:35 779,800 --a------ C:\Windows\System32\PresentationNative_v0300 . dll 2008-08-02 19:35 . 2008-08-02 19:35 579,584 --a------ C:\Windows\System32\icardagt . exe 2008-08-02 19:35 . 2008-08-02 19:35 350,744 --a------ C:\Windows\System32\PresentationHost . exe 2008-08-02 19:35 . 2008-08-02 19:35 106,520 --a------ C:\Windows\System32\PresentationCFFRasterizerNativ e_v0300 . dll 2008-08-02 19:35 . 2008-08-02 19:35 88,576 --a------ C:\Windows\System32\infocardapi . dll 2008-08-02 19:35 . 2008-08-02 19:35 33,304 --a------ C:\Windows\System32\PresentationHostProxy . dll 2008-08-02 19:35 . 2008-08-02 19:35 28,160 --a------ C:\Windows\System32\infocardcpl . cpl 2008-08-02 19:35 . 2008-08-02 19:35 11,776 --a------ C:\Windows\System32\icardres . dll 2008-08-02 19:27 . 2008-08-02 19:27 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-08-02 19:25 . 2008-08-02 19:25 <DIR> d-------- C:\Program Files\ArcaMania 2 2008-08-01 17:16 . 2008-08-01 17:16 <DIR> d-------- C:\Program Files\Common Files\Pointstone 2008-08-01 15:14 . 2008-08-01 15:14 <DIR> d-------- C:\Windows\System32\Nexus Radio 2008-08-01 15:14 . 2008-08-01 15:14 <DIR> d-------- C:\Program Files\SideSlide 2008-08-01 15:14 . 2008-08-11 08:33 <DIR> d-------- C:\Program Files\Nexus Radio 2008-08-01 15:14 . 2008-08-01 15:14 <DIR> d-------- C:\My Recorded Files 2008-07-30 20:07 . 2008-07-30 20:07 <DIR> d-------- C:\Program Files\filehippo . com 2008-07-30 14:38 . 2008-07-30 22:29 123,939 --a------ C:\Windows\System32\drivers\kqemu . sys 2008-07-29 21:21 . 2008-07-29 21:21 <DIR> d-------- C:\Program Files\zabkat 2008-07-29 19:30 . 2008-08-01 17:16 <DIR> d-------- C:\Program Files\Pointstone 2008-07-29 19:19 . 2008-07-29 19:19 <DIR> d-------- C:\Program Files\full phat 2008-07-29 19:19 . 2008-07-29 19:19 <DIR> d-------- C:\Program Files\Common Files\k23 productions 2008-07-29 12:19 . 2008-07-29 12:19 <DIR> d--h----- C:\Windows\PIF 2008-07-28 20:48 . 2003-06-25 16:05 266,360 --a------ C:\Windows\System32\TweakUI . exe 2008-07-28 20:48 . 2002-06-21 15:09 160,217 --a------ C:\Windows\System32\PowerToysLicense . rtf 2008-07-28 19:43 . 2008-07-28 19:43 <DIR> d-------- C:\Windows\System32\dsl-embedded 2008-07-28 16:38 . 2008-07-28 16:38 <DIR> d-------- C:\Program Files\AnVir Task Manager 2008-07-27 18:28 . 2008-07-27 18:28 <DIR> d-------- C:\Users\12189\ . idlerc 2008-07-27 18:27 . 2008-07-27 18:27 <DIR> d-------- C:\Program Files\Python 2008-07-27 18:01 . 2008-08-11 21:19 <DIR> d-------- C:\Program Files\Eraser 2008-07-27 18:01 . 2008-07-27 18:01 155,648 --a------ C:\Windows\System32\stuninstall . exe 2008-07-27 14:01 . 2008-07-27 19:31 <DIR> d-------- C:\Program Files\Astro Avenger 2 2008-07-27 12:56 . 2008-07-27 12:56 <DIR> d-------- C:\Users\image\AppData\Roaming\Copernic 2008-07-27 12:56 . 2008-07-27 12:56 <DIR> d-------- C:\Program Files\Copernic Desktop Search 2 2008-07-27 12:33 . 2008-03-03 20:06 150,064 --a------ C:\Windows\System32\vmnat . exe 2008-07-27 12:33 . 2008-03-03 20:06 121,392 --a------ C:\Windows\System32\vmnetdhcp . exe 2008-07-27 12:33 . 2008-03-03 19:12 50,992 -ra------ C:\Windows\System32\vmnetbridge . dll 2008-07-27 12:33 . 2008-03-03 19:12 28,592 -ra------ C:\Windows\System32\drivers\vmnetbridge . sys 2008-07-27 12:33 . 2008-03-03 20:06 25,136 --a------ C:\Windows\System32\drivers\vmnetuserif . sys 2008-07-27 12:33 . 2008-03-03 19:12 17,712 -ra------ C:\Windows\System32\drivers\vmnet . sys 2008-07-27 12:33 . 2008-03-03 19:12 16,816 --a------ C:\Windows\System32\drivers\vmnetadapter . sys 2008-07-27 12:33 . 2008-03-03 19:12 13,104 --a------ C:\Windows\System32\vnetinst . dll 2008-07-27 12:32 . 2008-03-03 20:05 436,784 --a------ C:\Windows\System32\vnetlib . dll 2008-07-27 12:31 . 2008-03-03 20:06 20,912 --a------ C:\Windows\System32\drivers\VMkbd . sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-08-24 22:41 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5 2008-08-24 21:49 --------- d-----w C:\Users\image\AppData\Roaming\skypePM 2008-08-24 11:04 --------- d-----w C:\ProgramData\Google Updater 2008-08-24 09:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-08-23 11:02 --------- d-----w C:\Program Files\RemoteObserverClient 2008-08-21 20:31 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-21 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 11:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 22:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-20 22:26 --------- d---a-w C:\ProgramData\TEMP 2008-08-18 05:45 --------- d-----w C:\ProgramData\Team MediaPortal 2008-08-18 05:44 --------- d-----w C:\Program Files\Team MediaPortal 2008-08-17 03:01 17,144 ----a-w C:\Windows\system32\drivers\mbam . sys 2008-08-09 02:49 --------- d-----w C:\ProgramData\Pinnacle 2008-08-09 02:48 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-09 02:29 --------- d-----w C:\Program Files\Pinnacle 2008-08-07 09:33 --------- d-----w C:\Program Files\FirstClass 2008-08-02 05:53 355,584 ----a-w C:\Windows\System32\TuneUpDefragService . exe 2008-08-02 05:53 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-07-26 04:03 --------- d-----w C:\Program Files\iTunes Library Updater 2008-07-22 06:02 --------- d-----w C:\Program Files\Any Video Converter 2008-07-22 04:57 --------- d-----w C:\Program Files\DVD Flick 2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt . sys 2008-07-19 05:52 --------- d-----w C:\Program Files\QuickTime 2008-07-19 02:58 --------- d-----w C:\Program Files\NeoSmart Technologies 2008-07-17 00:39 53,248 ----a-w C:\Windows\System32\davclnt . dll 2008-07-17 00:39 196,096 ----a-w C:\Windows\System32\WebClnt . dll 2008-07-17 00:39 110,080 ----a-w C:\Windows\system32\drivers\mrxdav . sys 2008-07-17 00:37 64,000 ----a-w C:\Windows\System32\ntlanman . dll 2008-07-17 00:37 49,720 ----a-w C:\Windows\system32\drivers\mup . sys 2008-07-17 00:37 39,936 ----a-w C:\Windows\System32\networkitemfactory . dll 2008-07-17 00:37 3,072,000 ----a-w C:\Windows\System32\networkmap . dll 2008-07-17 00:37 2,226,688 ----a-w C:\Windows\System32\networkexplorer . dll 2008-07-17 00:33 21,504 ----a-w C:\Windows\System32\netbtugc . exe 2008-07-17 00:33 184,320 ----a-w C:\Windows\system32\drivers\netbt . sys 2008-07-15 01:21 --------- d-----w C:\Program Files\Folder Marker 2008-07-15 00:56 --------- d-----w C:\ProgramData\DVD Shrink 2008-07-14 01:44 --------- d-----w C:\Program Files\Real Alternative 2008-07-13 11:43 --------- d-----w C:\Program Files\ArchMage 2008-07-12 07:39 --------- d-----w C:\Program Files\WordWeb 2008-07-12 02:02 --------- d-----w C:\Program Files\Electronic Piano 2 . 5 2008-07-11 11:18 --------- d-----w C:\Program Files\Wondershare 2008-07-11 05:15 --------- d-----w C:\Program Files\DVD Shrink 2008-07-10 00:16 --------- d-----w C:\Program Files\MagicScore Music Software 2008-07-09 06:12 --------- d-----w C:\Program Files\YoutubeGet 2008-07-08 21:16 235,712 ----a-w C:\Windows\system32\drivers\truecrypt . sys 2008-07-08 21:16 --------- d-----w C:\Program Files\Converber 2008-07-08 08:38 --------- d-----w C:\Program Files\VS Revo Group 2008-07-08 05:54 --------- d-----w C:\ProgramData\LogiShrd 2008-07-08 05:53 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005 . Wdf 2008-07-08 05:52 --------- d-----w C:\ProgramData\Logitech 2008-07-08 05:52 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-07-08 05:51 --------- d-----w C:\Program Files\Logitech 2008-07-06 07:01 --------- d-----w C:\ProgramData\TrackMania 2008-07-05 22:48 --------- d-----w C:\Program Files\TmNationsForever 2008-07-05 04:26 --------- d-----w C:\Program Files\ASUS 2008-07-01 10:48 --------- d-----w C:\Program Files\Unlocker 2008-07-01 10:43 --------- d-----w C:\Program Files\Google 2008-07-01 03:26 85,008 ----a-w C:\Windows\system32\drivers\cmdguard . sys 2008-07-01 03:26 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp . sys 2008-07-01 03:26 143,104 ----a-w C:\Windows\System32\guard32 . dll 2008-07-01 03:26 --------- d-----w C:\ProgramData\comodo 2008-07-01 03:26 --------- d-----w C:\Program Files\COMODO 2008-06-24 10:52 --------- d-----w C:\Program Files\BMW M3 Challenge 2008-06-23 04:42 32,256 ----a-w C:\Windows\System32\RC00C140 . dll 2008-06-23 04:42 27,136 ----a-w C:\Windows\System32\RCINST . DLL 2008-06-06 08:58 45,056 ----a-w C:\Windows\NCUNINST . EXE 2008-05-28 21:28 28,416 ----a-w C:\Windows\System32\uxtuneup . dll 2008-05-28 21:28 16,640 ----a-w C:\Windows\System32\authuitu . dll 2008-05-28 08:01 615,424 ----a-w C:\Windows\System32\themeui . dll 2008-05-28 08:01 240,640 ----a-w C:\Windows\System32\uxtheme . dll 2007-03-20 06:53 108 --sha-r C:\Windows\neoqaz2 . dll 2008-02-11 08:21 952 --sha-w C:\Windows\System32\KGyGaAvL . sys . ((((((((((((((((((((((((((((( snapshot@2008-08-24_22 . 49 . 34 . 07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-24 10:41:39 2,490,728 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3 . 0 . 0 . 0 . dat + 2008-08-24 22:23:20 2,490,728 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3 . 0 . 0 . 0 . dat - 2008-08-24 10:43:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0 . dat + 2008-08-24 22:34:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0 . dat - 2008-08-24 10:43:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1 . dat + 2008-08-24 22:34:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1 . dat - 2008-08-24 10:45:27 1,572,864 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER . DAT + 2008-08-24 22:37:26 1,572,864 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER . DAT - 2008-08-24 10:45:27 1,380,352 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER . D AT + 2008-08-24 22:37:31 1,380,352 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER . D AT - 2008-08-24 10:44:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History . IE5\index . d at + 2008-08-24 22:36:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History . IE5\index . d at - 2008-08-24 10:44:08 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content . IE5\index . dat + 2008-08-24 22:36:04 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content . IE5\index . dat - 2008-08-24 10:44:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index . dat + 2008-08-24 22:36:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index . dat - 2008-01-02 18:21:36 17,642,616 ----a-w C:\Windows\System32\mrt . exe + 2008-08-04 23:11:02 15,888,504 ----a-w C:\Windows\System32\mrt . exe - 2008-08-24 07:54:33 13,830 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-643970264-1529554251-782984527-11869_UserData . bin + 2008-08-24 22:38:44 14,116 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-643970264-1529554251-782984527-11869_UserData . bin - 2008-08-24 07:54:32 123,794 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData . bin + 2008-08-24 22:38:44 123,992 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData . bin - 2008-08-23 09:57:43 90,146 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData . bin + 2008-08-24 22:38:40 90,340 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData . bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sy ncplicity Icon Overlay (Folder)] @="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}" [HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}] 2008-07-25 10:51 38400 --a------ C:\Program Files\Syncplicity\SyncplicityShellExt . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sy ncplicity Icon Overlay (Fully Synced)] @="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}" [HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}] 2008-07-25 10:51 38400 --a------ C:\Program Files\Syncplicity\SyncplicityShellExt . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sy ncplicity Icon Overlay (Not Latest Version)] @="{284C090F-EB1D-4A6E-872E-6DB72E417E24}" [HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}] 2008-07-25 10:51 38400 --a------ C:\Program Files\Syncplicity\SyncplicityShellExt . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sy ncplicity Icon Overlay (Shared Folder)] @="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}" [HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}] 2008-07-25 10:51 38400 --a------ C:\Program Files\Syncplicity\SyncplicityShellExt . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2006-12-04 13:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2006-12-04 13:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns . dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar . exe" [2008-01-10 10:50 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr . Exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype . exe" [2008-05-30 15:54 21718312] "Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService . exe" [2008-04-11 08:38 1583624] "Snarl"="C:\Program Files\full phat\Snarl\snarl . exe" [2007-03-15 02:16 253952] "Executor"="C:\Program Files\Executor\executor . exe" [2008-05-19 13:32 1052672] "UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon . exe" [2007-09-17 16:37 228352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ThpSrv"="C:\Windows\system32\thpsrv" [X] "Apoint"="C:\Program Files\Apoint2K\Apoint . exe" [2006-09-11 19:21 180224] "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher . exe" [2006-12-04 12:29 49168] "IgfxTray"="C:\Windows\system32\igfxtray . exe" [2007-03-06 12:36 138008] "HotKeysCmds"="C:\Windows\system32\hkcmd . exe" [2007-03-06 12:35 158488] "Persistence"="C:\Windows\system32\igfxpers . exe" [2007-03-06 12:35 133912] "PAC7311_Monitor"="C:\Windows\PixArt\PAC7311\Monitor . exe" [2006-11-03 10:01 319488] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier . exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask . exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper . exe" [2008-07-30 10:47 289064] "Kernel and Hardware Abstraction Layer"="KHALMNPR . EXE" [2008-02-29 03:12 76304 C:\Windows\KHALMNPR . Exe] [HKEY_USERS\ . DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr . exe" [2007-10-18 11:34 5724184] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager . lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng . exe [2006-11-26 04:29:44 2134016] iReboot 1 . 1 . 0 . lnk - C:\Program Files\NeoSmart Technologies\iReboot\iReboot . exe [2008-04-27 23:49:16 205312] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-12-04 12:50 90112 C:\Windows\System32\psqlpwd . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc . i420"= vdrcodec . dll "msacm . dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm . acm "VIDC . MJPG"= Pvmjpg30 . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-643970264-1529554251-782984527-11869\Scripts\Logon\0\0] "Script"=\\sweden\netlogon\settime . bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-643970264-1529554251-782984527-11869\Scripts\Logon\0\1] "Script"=\\sweden\NETLOGON\referencite . bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-643970264-1529554251-782984527-11869\Scripts\Logon\1\0] "Script"=08student . bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-643970264-1529554251-782984527-11869\Scripts\Logon\1\1] "Script"=pushprinterconnections . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A2Menu] --a------ 2007-12-22 23:55 811008 C:\Program Files\Aston2 Menu\A2Menu . exe	Blam (54)
698683	2008-08-25 06:24:00	[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{DA806815-2928-4C36-BEDB-185A3F2779BE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{964B2A7A-27A3-4779-BC64-6E411BA91393}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service "{1252A1A8-CE52-48C4-A7D0-4359BAD1791F}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service "{37B2D698-1B83-4B46-8CD9-D39F7372DCE6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5C471523-00C5-4EC4-B9E5-18027D7405C3}C:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:C:\program files\flightgear\bin\win32\fgfs.exe:fgfs "UDP Query User{DDFCA996-F226-4CA9-B640-35FC36A73055}C:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:C:\program files\flightgear\bin\win32\fgfs.exe:fgfs "{EA3AD50B-284F-451F-B566-E473FB8E5DD0}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{23705D63-9538-48B8-BC2C-F22E094F9EE8}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{FD4C0163-CDB1-484E-AF39-33BD4A5B95C8}"= UDP:C:\Program Files\Ice Cream Tycoon\ICT.exe:Ice Cream Tycoon "{EE774825-3ABF-4695-9739-DA5D2743B1D6}"= TCP:C:\Program Files\Ice Cream Tycoon\ICT.exe:Ice Cream Tycoon "TCP Query User{42E4F08B-8830-4C63-A146-1FE10429D525}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D3FD9185-4061-4839-8630-64AB0C859979}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{EFFABC88-1142-45A8-9AD3-9C04915C6791}C:\\program files\\crossloop\\crossloopconnect.exe"= UDP:C:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing "UDP Query User{35A30BC4-F612-4B49-97CE-3DBD3399BC50}C:\\program files\\crossloop\\crossloopconnect.exe"= TCP:C:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing "TCP Query User{13652786-44D8-4C91-A067-FE29154273AB}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher "UDP Query User{107B4F44-BD03-4D6B-AD26-4C97A7BA66FC}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher "TCP Query User{0D88326B-6662-4228-AA84-DFDA5F1B8874}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade "UDP Query User{169A31E4-448F-4129-8A9E-5C3B569DC9A3}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade "TCP Query User{DA22228B-61B0-4656-B64C-3BAFCA5B7897}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher "UDP Query User{9C7DDA92-D576-4401-A594-CA45DF4D331C}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher "TCP Query User{623750C5-7B4C-42A3-8F87-75F045104C02}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{3DF66769-C973-4FC3-B395-1B8F56FD7038}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{958A4C75-634F-4912-8351-B289BECA9720}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "UDP Query User{0BCCF79A-F75E-4F3F-838A-03ECB199138D}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "{3814DE87-AC92-460F-9880-CB0C3AA0AEFC}"= UDP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP) "{F2688E47-2FAC-4A05-865C-20143B996F72}"= TCP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP) "TCP Query User{27DFC128-DECB-4FEC-8B5B-05E2EE2AECD3}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{FD07D66B-69BA-477C-BC84-A7D5BD131F3C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{F0C960F5-0E17-429F-A73D-8CCAF2183333}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{DE59728B-F5B4-41B9-BC44-91B2F451F07C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{27B8A24A-C21F-432A-97B1-70D76A72F6F7}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{C66B37A8-9D83-4503-863F-2F1942CF6DCC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{7563AABB-10A8-42CC-A84C-C679236625DE}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{35A15CC1-F285-4460-8D1C-E12624F1FE04}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "{F6C0294E-5C0B-4874-BA93-B0A59C599041}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "TCP Query User{970295E3-E05C-4B08-A026-345ECCE14D4A}C:\\program files\\ogplanet\\bb tanks\\game.exe"= UDP:C:\program files\ogplanet\bb tanks\game.exe:BBTanks Launcher "UDP Query User{A94755E8-77D7-4704-B770-9B2E9E6051D8}C:\\program files\\ogplanet\\bb tanks\\game.exe"= TCP:C:\program files\ogplanet\bb tanks\game.exe:BBTanks Launcher "TCP Query User{D4FB043A-56F4-4A8F-AF1C-8BAA2483C837}C:\\program files\\xchat\\xchat.exe"= UDP:C:\program files\xchat\xchat.exe:XChat IRC Client "UDP Query User{3F946F02-C8BD-4870-A81F-35E8C67431BA}C:\\program files\\xchat\\xchat.exe"= TCP:C:\program files\xchat\xchat.exe:XChat IRC Client "{1BF30BF2-A489-4AE3-B0FE-CE17ABEA012C}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War "{520E1CC0-F778-4AC9-B21B-BB0CD69DE691}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War "TCP Query User{DE1A85DF-6238-47C7-B496-03A5ADB62DFC}C:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox "UDP Query User{9B4E9521-3583-4AFC-B9DE-AD70722CF0E6}C:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox "TCP Query User{8C66D16B-C12D-49F8-8950-B642E79F4D14}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= UDP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "UDP Query User{16855C45-17FD-43D0-959A-88A7E59559AD}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= TCP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "TCP Query User{26E1EFAC-2906-4DB3-A49A-B7AA1736E9F7}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= UDP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "UDP Query User{2962CA78-708E-49A5-8F13-60B7A49924DC}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= TCP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "{65718524-FD67-497D-8ED4-25432DE4E400}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "TCP Query User{969A9FF1-A858-4EC7-9D90-6AB53A0028CA}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= UDP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "UDP Query User{15F734D7-FF89-4377-ABF6-749BBF6C75D5}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= TCP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "TCP Query User{E0B2D7C1-19C7-4B03-9906-80E700A9A9F7}C:\\program files\\valix netsearch\\valix netsearch.exe"= UDP:C:\program files\valix netsearch\valix netsearch.exe:Valix NetSearch "UDP Query User{C3289091-197C-4D6C-A74C-415AB2D420EA}C:\\program files\\valix netsearch\\valix netsearch.exe"= TCP:C:\program files\valix netsearch\valix netsearch.exe:Valix NetSearch "TCP Query User{D787FCC3-F752-45F9-8A58-B07C6C1C1BF7}C:\\program files\\valix netsearch\\valix netsearch.exe"= UDP:C:\program files\valix netsearch\valix netsearch.exe:Valix NetSearch "UDP Query User{04B8336E-A7B2-4D58-A28B-E8E3EEC7EB74}C:\\program files\\valix netsearch\\valix netsearch.exe"= TCP:C:\program files\valix netsearch\valix netsearch.exe:Valix NetSearch "{A55F1D4C-21A8-4FF4-AB72-1F9B365065CE}"= UDP:C:\Program Files\Macrium\Reflect\reflect.exe:reflect "{5EF30288-A702-4258-9FFF-1039D0211218}"= TCP:C:\Program Files\Macrium\Reflect\reflect.exe:reflect "{ED74EA0A-CE77-410B-846A-124031D5CBD5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4F04A9A9-84EF-44CF-81BC-0671B66512F8}"= UDP:I:\Dreamweaver 8 protable.exe:Dreamweaver 8 protable "{74DA64AC-CDB8-4034-A6A3-0943CB769BAA}"= TCP:I:\Dreamweaver 8 protable.exe:Dreamweaver 8 protable "{11CB2F8E-A70B-47E4-94F3-BF428188B09B}"= UDP:I:\UTORRENT\utorrent.exe:µTorrent "{EBFF0E11-1CBA-424E-AD43-98CBBFD3AAB4}"= TCP:I:\UTORRENT\utorrent.exe:µTorrent "{3EFCFCEC-C5CA-4B1F-B2E7-8CC8AFE4A36B}"= UDP:I:\UTORRENT\utorrent.exe:µTorrent "{389A22AC-B994-4FFC-BFB9-781299A18EBA}"= TCP:I:\UTORRENT\utorrent.exe:µTorrent "{57B6E503-1EA4-4B5A-ADC5-C7CD79B86C02}"= UDP:H:\UTORRENT\utorrent.exe:µTorrent "{A4021550-21F0-47E8-9260-7C6C13513B33}"= TCP:H:\UTORRENT\utorrent.exe:µTorrent	Blam (54)
698684	2008-08-25 06:29:00	"TCP Query User{6C7DFE5C-017A-40A3-BC61-19D5C722C1FA}E:\\halo\\halo.exe"= UDP:E:\halo\halo.exe:Halo "UDP Query User{E49A42A3-723A-4F44-BF3C-24B324FF8761}E:\\halo\\halo.exe"= TCP:E:\halo\halo.exe:Halo "TCP Query User{1BB065D9-5FB3-4D20-B78E-1C212AC07D86}E:\\halo\\halo.exe"= UDP:E:\halo\halo.exe:Halo "UDP Query User{24563351-AD03-492F-B32C-71A4DB562BC4}E:\\halo\\halo.exe"= TCP:E:\halo\halo.exe:Halo "TCP Query User{FED56516-F400-45EF-BABA-936E17A878C6}E:\\halo\\halo.exe"= UDP:E:\halo\halo.exe:Halo "UDP Query User{77B0E10C-FE27-45BF-810A-E54CB93A52D1}E:\\halo\\halo.exe"= TCP:E:\halo\halo.exe:Halo "TCP Query User{C90D7C9D-C67F-4F91-B70A-AE298C861690}D:\\settings\\desktop\\halo\\halo.exe"= UDP:D:\settings\desktop\halo\halo.exe:Halo "UDP Query User{02DDCB0B-3038-41D9-802A-6CBFCCC383F8}D:\\settings\\desktop\\halo\\halo.exe"= TCP:D:\settings\desktop\halo\halo.exe:Halo "TCP Query User{8698D004-D3C0-418B-BB12-5AF1F02AFF6E}C:\\program files\\asus\\wl-520gu wireless router utilities\\discovery.exe"= UDP:C:\program files\asus\wl-520gu wireless router utilities\discovery.exe:ASUS Device Discovery Application "UDP Query User{7757D32B-A514-493C-8436-F3099E417D70}C:\\program files\\asus\\wl-520gu wireless router utilities\\discovery.exe"= TCP:C:\program files\asus\wl-520gu wireless router utilities\discovery.exe:ASUS Device Discovery Application "TCP Query User{E7A0F802-9F30-463E-A08A-D9D6BEB3E354}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{4AFEB00F-1B77-47F9-9EDA-18A228B358A0}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever "{5EDC1597-A017-4AD5-A909-75F841997A38}"= UDP:H:\UTORRENT\utorrent.exe:µTorrent "{7D5B0DA9-D754-4A13-8793-7786B0EEAAE7}"= TCP:H:\UTORRENT\utorrent.exe:µTorrent "{69D36FDB-93C1-4708-85C4-3A0E9B3D23C0}"= UDP:C:\Program Files\pipi\jfCacheMgr.exe:jfCacheMgr(http://www.pipi.cn) "{DF0534C6-B8CD-44FD-977F-998BFF2EF23B}"= TCP:C:\Program Files\pipi\jfCacheMgr.exe:jfCacheMgr(http://www.pipi.cn) "{059251BA-D3B9-4D74-BC49-6F2B34C16887}"= UDP:C:\Program Files\pipi\KmLiveUpdate.exe:KmLiveUpdate(http://www.pipi.cn) "{2758C7AC-67F6-45D4-BCA0-1286E65B4BA5}"= TCP:C:\Program Files\pipi\KmLiveUpdate.exe:KmLiveUpdate(http://www.pipi.cn) "{916DA0F3-A3E1-48C6-B5F9-BAD67F1585C3}"= UDP:C:\Program Files\pipi\PIPIPlayer.exe:PIPIPlayer "{AFAC3145-6E12-48BA-971A-BB874DD2FE83}"= TCP:C:\Program Files\pipi\PIPIPlayer.exe:PIPIPlayer "TCP Query User{13C126DE-588E-4EE6-8D1D-158E75FD6064}D:\\settings\\desktop\\halo\\halo.exe"= UDP:D:\settings\desktop\halo\halo.exe:Halo "UDP Query User{0F5C3514-0F67-4F10-8AFC-E11D62303570}D:\\settings\\desktop\\halo\\halo.exe"= TCP:D:\settings\desktop\halo\halo.exe:Halo "TCP Query User{CD19B5EE-EBD4-4AD1-8ADB-73BEA44168F3}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{631EB2E3-F5A8-4DB5-9848-BBC272ACC888}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{4BF386E1-C821-43B7-A551-81DFF9CFDDA7}F:\\documents\\halo2\\halo.exe"= UDP:F:\documents\halo2\halo.exe:Halo "UDP Query User{DB6C008E-BBDB-45BA-8748-6B52A15828CE}F:\\documents\\halo2\\halo.exe"= TCP:F:\documents\halo2\halo.exe:Halo "TCP Query User{A530E7E0-56FD-4630-8D1B-B8D4C26510DB}F:\\documents\\halo2\\halo.exe"= UDP:F:\documents\halo2\halo.exe:Halo "UDP Query User{26597B61-B5FC-427B-8E20-7CAC0519274E}F:\\documents\\halo2\\halo.exe"= TCP:F:\documents\halo2\halo.exe:Halo "{2C2B5563-3829-4C09-B96E-FC1BC7660438}"= UDP:F:\PortableApps\UTORRENT\utorrent.exe:µTorrent "{22E52FC4-308A-44F7-BAC5-3F4AAE6E52A4}"= TCP:F:\PortableApps\UTORRENT\utorrent.exe:µTorrent "TCP Query User{295C2065-476C-4860-AA58-EE6EEC1152E9}F:\\documents\\halo2\\halo.exe"= UDP:F:\documents\halo2\halo.exe:Halo "UDP Query User{5A65126C-C0FD-43AB-806A-CC6718140F63}F:\\documents\\halo2\\halo.exe"= TCP:F:\documents\halo2\halo.exe:Halo "TCP Query User{F971107E-F96F-494B-9452-F58560131AAD}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java(TM) Platform SE binary "UDP Query User{2C39D6B7-34CC-401E-B030-5C3A4DEA36D5}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java(TM) Platform SE binary "TCP Query User{353D83EC-C410-45B1-9C3C-F8D32953EF25}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{009603FA-B0ED-4460-AF14-1A139C949EA1}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "{C7CB011A-6BAC-407D-B6FB-422D36806CA0}"= UDP:F:\PortableApps\UTORRENT\utorrent.exe:µTorrent "{6FE266CC-98E0-451E-8192-D08B548595BB}"= TCP:F:\PortableApps\UTORRENT\utorrent.exe:µTorrent "{9FA3AF33-EC43-4B18-99E1-4B256DBF6628}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server "{542E8BDF-AD0C-42D0-A2C0-2ABEC90B48C1}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server "TCP Query User{437C013E-A3D0-4978-8532-8EDF220D33EB}C:\\program files\\pinnacle\\shared files\\programs\\strmserver\\strmserver.exe"= UDP:C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe:Streaming Server "UDP Query User{D8A374F3-472F-443B-96B6-42EBBA017196}C:\\program files\\pinnacle\\shared files\\programs\\strmserver\\strmserver.exe"= TCP:C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe:Streaming Server "TCP Query User{AE881B2D-F71E-4624-B21C-9BCB0000777D}T:\\documents\\halo2\\halo.exe"= UDP:T:\documents\halo2\halo.exe:Halo "UDP Query User{681669A2-0974-4269-BD64-6DF4BF2E1F6C}T:\\documents\\halo2\\halo.exe"= TCP:T:\documents\halo2\halo.exe:Halo "TCP Query User{1D55F93A-0BF7-4EE7-95B5-DD7611ECFFB1}F:\\documents\\games\\far cry\\bin32\\farcry.exe"= UDP:F:\documents\games\far cry\bin32\farcry.exe:Far Cry "UDP Query User{3E1B7B56-2FB3-4A07-8916-A1A460F9E3A3}F:\\documents\\games\\far cry\\bin32\\farcry.exe"= TCP:F:\documents\games\far cry\bin32\farcry.exe:Far Cry "TCP Query User{C1C957E4-C51F-4D9A-8682-806AC0CAC94B}G:\\documents\\games\\halo2\\halo.exe"= UDP:G:\documents\games\halo2\halo.exe:Halo "UDP Query User{F008D8EC-D872-466F-BB7F-D25C94BF2594}G:\\documents\\games\\halo2\\halo.exe"= TCP:G:\documents\games\halo2\halo.exe:Halo "TCP Query User{2B78690E-0967-4F3F-BE1B-6A239E8DFE25}G:\\documents\\games\\halo custom edition\\haloce.exe"= UDP:G:\documents\games\halo custom edition\haloce.exe:Halo "UDP Query User{983B47B4-658F-42BC-8E7F-2BA3500ABE9C}G:\\documents\\games\\halo custom edition\\haloce.exe"= TCP:G:\documents\games\halo custom edition\haloce.exe:Halo "TCP Query User{4D3226A0-7F16-4562-B7BE-E5FD2FD4C7A1}G:\\documents\\games\\halo2\\halo.exe"= UDP:G:\documents\games\halo2\halo.exe:Halo "UDP Query User{A4441128-D8CE-4104-82C3-AC87916A178A}G:\\documents\\games\\halo2\\halo.exe"= TCP:G:\documents\games\halo2\halo.exe:Halo "{E93EFF04-EA32-41C5-9D46-051C0C1DC528}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D38B2431-E089-4AE4-98CC-7ABA751531FC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\xchat\\xchat.exe"= C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys [2006-10-31 11:47] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS [2006-10-20 13:11] R0 WsFsF;WsFsF;C:\Windows\system32\Drivers\WsFsFwlh.s ys [2007-05-08 19:18] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-20 02:35] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-01 15:26] R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\system32\DRIVERS\StarPortLite.sy s [2008-06-27 12:31] R1 wscam6300;wscam6300;C:\Windows\system32\Drivers\ws cam6300.sys [2007-05-08 19:18] R1 wstdi;wstdi;C:\Windows\system32\Drivers\wstdiwlh.s ys [2007-05-08 19:18] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswF sBlk.sys [2008-07-20 02:37] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2008-07-20 02:36] R2 iReboot;iReboot Background Service;C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 23:49] R2 KbdFIOControl;KbdFIOControl;C:\Windows\system32\Dr ivers\KbdF.sys [2007-11-18 12:10] R2 PVM Service;PVM Service;C:\Program Files\RingThree\bin\pvmservice.exe [2007-11-08 13:02] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 21:45] R2 WebsenseDesktopClient;Websense Desktop Client;C:\Program Files\PMM\WDC.exe [2007-05-08 19:18] S2 gupdate1c88e2ea271caa6;Google Update Service (gupdate1c88e2ea271caa6);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-16 20:24] S2 roclient;roclient;C:\Program Files\RemoteObserverClient\roclient.exe [] S3 kqemu;KQEMU virtualisation module for QEMU;C:\Windows\system32\DRIVERS\kqemu.sys [2008-07-30 22:29] S3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-10-19 14:32] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-08-02 17:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc rsmsvcs REG_MULTI_SZ ntmssvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{434d3cf3-698b-11dd-9432-00037ab14bb9}] \shell\AutoRun\command - I:\ekugb3.bat \shell\explore\Command - I:\ekugb3.bat \shell\open\Command - I:\ekugb3.bat [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{479958fe-3736-11dd-9510-00037ab14bb9}] \shell\AutoRun\command - F:\StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8e03e5bd-1a1d-11dd-9f0f-00037ab14bb9}] \shell\Auto\command - Start.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a51bd3b3-99db-11dc-bb4c-806e6f6e6963}] \shell\AutoRun\command - E:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bfed0697-690c-11dd-8caf-00037ab14bb9}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m5launch.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d2c3f14c-461a-11dd-9c5d-00037ab14bb9}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d642eb9a-6c99-11dd-9b3a-00037ab14bb9}] \shell\AutoRun\command - F:\rqq2v.bat \shell\explore\Command - F:\rqq2v.bat \shell\open\Command - F:\rqq2v.bat [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d642eb9f-6c99-11dd-9b3a-00037ab14bb9}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ff8a9ff8-68be-11dd-a340-00037ab14bb9}] \shell\AutoRun\command - F:\StartPortableApps.exe . Contents of the 'Scheduled Tasks' folder 2008-08-24 C:\Windows\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09] 2008-08-24 C:\Windows\Tasks\GoogleUpdateTask.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-16 20:24] 2008-08-24 C:\Windows\Tasks\User_Feed_Synchronization-{CC00CB17-5E0B-4AC7-85DE-3C607F951946}.job - C:\Windows\system32\msfeedssync.exe [2008-06-01 13:52] . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 10:48:18 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll -> C:\Program Files\Executor\hookwinr.dll -> C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem203000030.dll . Completion time: 2008-08-25 10:49:57 ComboFix-quarantined-files.txt 2008-08-24 22:49:51 ComboFix2.txt 2008-08-24 20:34:22 ComboFix3.txt 2008-08-24 10:51:21 Pre-Run: 15,731,867,648 bytes free Post-Run: 15,672,987,648 bytes free 515 --- E O F --- 2008-08-24 21:56:07	Blam (54)
698685	2008-08-25 06:53:00	Ok . All done . The malware has been removed . This will clear away any of the files and folders that were created by ComboFix . Go to : Start > Run then copy and paste the following highlighted text below into the box and click OK . ComboFix /u . photobucket . com/albums/z176/EPL47/CF_Cleanup . png" target="_blank">i189 . photobucket . com	Pancake (6359)
698686	2008-08-25 07:10:00	I Forgot to check these bat files . . . Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: File:: F:\rqq2v . bat I:\ekugb3 . bat Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d642eb9a-6c99-11dd-9b3a-00037ab14bb9}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{434d3cf3-698b-11dd-9432-00037ab14bb9}] I:\ekugb3 . bat Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall . Altering this script in any way could damage your computer*	Pancake (6359)
698687	2008-08-25 11:36:00	Will do that now My avast icon has disppeared from the taskbar notification area and how can I ge tback autoplay after this has finished(and all the other things combofix disbaled)	Blam (54)
698688	2008-08-25 11:50:00	Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.779 [GMT 12:00] Running from: D:\Settings\Desktop\ComboFix.exe Command switches used :: D:\Settings\Desktop\CFScript.txt FILE :: F:\rqq2v.bat I:\ekugb3.bat . ((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))) . 2008-08-24 20:11 . 2008-08-24 20:11 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-24 20:10 . 2008-08-24 20:10 <DIR> d-------- C:\Program Files\iTunes 2008-08-24 20:10 . 2008-08-24 20:10 <DIR> d-------- C:\Program Files\iPod 2008-08-23 22:57 . 2008-08-23 22:57 <DIR> d-------- C:\AUTORUN.INF.del 2008-08-23 22:56 . 2008-08-23 22:56 28,672 --a------ C:\Windows\System32\Partizan.exe 2008-08-23 22:52 . 2008-08-23 22:52 <DIR> d-------- C:\Program Files\UnHackMe 2008-08-23 22:52 . 2005-04-03 15:02 8,944 --a------ C:\Windows\System32\drivers\UnHackMeDrv.sys 2008-08-22 08:30 . 2008-08-22 08:30 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-08-22 08:29 . 2008-08-22 08:29 <DIR> d-------- C:\Program Files\WMV9_VCM 2008-08-22 08:27 . 2008-08-22 08:27 <DIR> d-------- C:\Program Files\Xara 2008-08-22 08:27 . 2008-08-22 08:27 <DIR> d-------- C:\Program Files\Common Files\Xara 2008-08-21 22:52 . 2008-08-22 08:42 <DIR> d-------- C:\Users\All Users\ESET 2008-08-21 22:52 . 2008-08-22 08:42 <DIR> d-------- C:\ProgramData\ESET 2008-08-21 19:28 . 2008-08-21 19:28 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-08-20 17:43 . 2008-08-20 17:44 <DIR> d-------- C:\Program Files\Edraw Max 2008-08-20 13:22 . 2008-08-20 13:22 1,743,704 --a------ C:\Windows\System32\wuaueng.dll 2008-08-20 13:22 . 2008-08-20 13:22 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-08-20 13:22 . 2008-08-20 13:22 556,376 --a------ C:\Windows\System32\wuapi.dll 2008-08-20 13:22 . 2008-08-20 13:22 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-20 13:22 . 2008-08-20 13:22 53,592 --a------ C:\Windows\System32\wuauclt.exe 2008-08-20 13:22 . 2008-08-20 13:22 44,888 --a------ C:\Windows\System32\wups2.dll 2008-08-20 13:22 . 2008-08-20 13:22 36,184 --a------ C:\Windows\System32\wups.dll 2008-08-20 13:21 . 2008-08-20 13:21 163,392 --a------ C:\Windows\System32\wuwebv.dll 2008-08-20 13:21 . 2008-08-20 13:21 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-19 13:37 . 2008-08-19 13:37 <DIR> d-------- C:\Program Files\Executor 2008-08-18 18:19 . 2008-08-18 18:19 <DIR> d-------- C:\Program Files\Blue Onion Software 2008-08-18 18:08 . 2008-08-18 18:08 19,326,464 --a------ C:\Windows\System32\imageres.dll 2008-08-18 18:07 . 2007-06-05 11:26 567,040 --a------ C:\Windows\System32\wbocx.ocx 2008-08-18 18:07 . 2007-06-05 11:26 56,496 --a------ C:\Windows\System32\wbhelp2.dll 2008-08-18 12:59 . 2008-08-18 17:44 <DIR> d-------- C:\Program Files\MediaPortal 2008-08-18 10:03 . 2008-08-18 10:07 <DIR> d-------- C:\Program Files\Circle Dock 0.9.1 2008-08-17 22:24 . 2008-08-17 22:25 <DIR> d-------- C:\Program Files\Rock Legend 2008-08-16 22:25 . 2008-08-16 22:25 75 -r-hs---- C:\Windows\CT4MET.BIN 2008-08-16 22:24 . 2008-08-16 22:24 <DIR> d-------- C:\Program Files\Reallusion 2008-08-16 22:24 . 2008-08-16 22:24 <DIR> d-------- C:\Program Files\Common Files\Reallusion 2008-08-15 21:14 . 2008-08-22 11:36 327,680 --a------ C:\Windows\SPInstall.etl 2008-08-13 22:10 . 2008-08-13 22:10 <DIR> d-------- C:\Program Files\Microsoft Virtual PC 2008-08-13 20:48 . 2008-08-13 20:48 <DIR> d-------- C:\Program Files\Runtime Software 2008-08-13 20:30 . 2008-08-13 20:30 <DIR> d-------- C:\Program Files\EyeDefender 2008-08-13 20:23 . 2008-08-13 20:23 720,896 --a------ C:\Windows\iun6002.exe 2008-08-13 20:12 . 2008-08-13 20:12 <DIR> d-------- C:\Program Files\Transcend Utility 2008-08-12 10:16 . 2008-08-12 10:16 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_0 1005.Wdf 2008-08-10 16:44 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-08-10 10:24 . 2008-08-10 10:24 <DIR> d-------- C:\Program Files\Realore 2008-08-09 14:46 . 2008-08-09 14:46 <DIR> dr------- C:\Users\12189\Documents 2008-08-09 14:42 . 2008-08-09 14:42 <DIR> d-------- C:\Users\All Users\Adobe 2008-08-09 14:39 . 2007-12-11 01:05 554,240 --a------ C:\Windows\System32\drivers\mod7700.sys 2008-08-09 14:39 . 2006-06-29 16:49 53,248 --a------ C:\Windows\System32\ModrcCoInstall.dll 2008-08-09 14:39 . 2007-10-19 14:32 13,824 --a------ C:\Windows\System32\drivers\modrc.sys 2008-08-09 14:32 . 2008-08-09 14:32 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-09 14:30 . 2003-03-19 05:28 2,179,072 --------- C:\Windows\System32\mfc71d.dll 2008-08-09 14:30 . 2003-03-19 04:04 765,952 --------- C:\Windows\System32\msvcp71d.dll 2008-08-09 14:30 . 2002-01-05 20:16 737,280 --------- C:\Windows\System32\msvcp70d.dll 2008-08-09 14:30 . 2003-03-19 04:03 544,768 --------- C:\Windows\System32\msvcr71d.dll 2008-08-09 14:30 . 2002-01-05 20:16 536,576 --------- C:\Windows\System32\msvcr70d.dll 2008-08-09 14:30 . 2004-07-23 08:00 446,464 --------- C:\Windows\System32\HHActiveX.dll 2008-08-09 14:30 . 2004-06-03 11:47 385,100 --------- C:\Windows\System32\MSVCRTD.DLL 2008-08-08 17:48 . 2008-08-14 19:56 <DIR> d-------- C:\Lyrics 2008-08-08 17:47 . 2008-08-08 17:47 <DIR> d-------- C:\Program Files\Minilyrics 2008-08-07 23:17 . 2008-08-07 23:17 <DIR> d-------- C:\Program Files\RealVNC 2008-08-07 10:49 . 2008-08-07 10:49 4,096,054 --a------ C:\Windows\BGInfo.bmp 2008-08-06 21:58 . 2008-08-06 21:58 <DIR> d-------- C:\Program Files\Syncplicity 2008-08-06 21:31 . 2008-08-06 21:31 <DIR> d-------- C:\Users\image\AppData\Roaming\Desktop3D 2008-08-06 19:58 . 2008-08-09 12:57 <DIR> d-------- C:\Program Files\Magicboss 2008-08-06 19:58 . 2008-08-06 21:30 120 --a------ C:\Windows\mgboss_reg.ini 2008-08-06 18:01 . 2008-08-06 18:01 <DIR> d-------- C:\Program Files\RingThree 2008-08-06 12:01 . 2008-08-06 12:01 <DIR> d-------- C:\Program Files\vLite 2008-08-05 22:52 . 2008-08-05 22:52 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-08-05 22:50 . 2008-08-05 22:50 <DIR> d-------- C:\Program Files\Give Away Of The Day 2008-08-05 22:50 . 2008-06-27 12:31 93,544 --a------ C:\Windows\System32\drivers\StarPortLite.sys 2008-08-05 19:23 . 2008-08-05 19:23 <DIR> dr------- C:\Program Files\Aston2 Menu 2008-08-04 21:13 . 2008-08-04 21:13 <DIR> d-------- C:\Program Files\Your Freedom 2008-08-03 20:23 . 2008-08-03 20:23 <DIR> d-------- C:\Program Files\Gambana 2008-08-03 18:33 . 2008-08-03 18:33 <DIR> d-------- C:\Program Files\StickMen Screen Saver 2008-08-02 23:35 . 2008-08-02 23:35 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services 2008-08-02 23:35 . 2008-08-02 23:35 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-08-02 23:34 . 2008-08-02 23:34 <DIR> d-------- C:\Windows\System32\Visual Studio 2008Templates 2008-08-02 23:34 . 2008-08-02 23:34 <DIR> d-------- C:\Windows\System32\Visual Studio 2008 2008-08-02 23:32 . 2008-08-02 23:35 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0 2008-08-02 23:31 . 2008-08-02 23:31 <DIR> d-------- C:\Program Files\Microsoft SDKs 2008-08-02 19:35 . 2008-08-02 19:35 779,800 --a------ C:\Windows\System32\PresentationNative_v0300.dll 2008-08-02 19:35 . 2008-08-02 19:35 579,584 --a------ C:\Windows\System32\icardagt.exe 2008-08-02 19:35 . 2008-08-02 19:35 350,744 --a------ C:\Windows\System32\PresentationHost.exe 2008-08-02 19:35 . 2008-08-02 19:35 106,520 --a------ C:\Windows\System32\PresentationCFFRasterizerNativ e_v0300.dll 2008-08-02 19:35 . 2008-08-02 19:35 88,576 --a------ C:\Windows\System32\infocardapi.dll 2008-08-02 19:35 . 2008-08-02 19:35 33,304 --a------ C:\Windows\System32\PresentationHostProxy.dll 2008-08-02 19:35 . 2008-08-02 19:35 28,160 --a------ C:\Windows\System32\infocardcpl.cpl 2008-08-02 19:35 . 2008-08-02 19:35 11,776 --a------ C:\Windows\System32\icardres.dll 2008-08-02 19:27 . 2008-08-02 19:27 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-08-02 19:25 . 2008-08-02 19:25 <DIR> d-------- C:\Program Files\ArcaMania 2 2008-08-01 17:16 . 2008-08-01 17:16 <DIR> d-------- C:\Program Files\Common Files\Pointstone 2008-08-01 15:14 . 2008-08-01 15:14 <DIR> d-------- C:\Windows\System32\Nexus Radio 2008-08-01 15:14 . 2008-08-01 15:14 <DIR> d-------- C:\Program Files\SideSlide 2008-08-01 15:14 . 2008-08-11 08:33 <DIR> d-------- C:\Program Files\Nexus Radio 2008-08-01 15:14 . 2008-08-01 15:14 <DIR> d-------- C:\My Recorded Files 2008-07-30 20:07 . 2008-07-30 20:07 <DIR> d-------- C:\Program Files\filehippo.com 2008-07-30 14:38 . 2008-07-30 22:29 123,939 --a------ C:\Windows\System32\drivers\kqemu.sys 2008-07-29 21:21 . 2008-07-29 21:21 <DIR> d-------- C:\Program Files\zabkat 2008-07-29 19:30 . 2008-08-01 17:16 <DIR> d-------- C:\Program Files\Pointstone 2008-07-29 19:19 . 2008-07-29 19:19 <DIR> d-------- C:\Program Files\full phat 2008-07-29 19:19 . 2008-07-29 19:19 <DIR> d-------- C:\Program Files\Common Files\k23 productions 2008-07-29 12:19 . 2008-07-29 12:19 <DIR> d--h----- C:\Windows\PIF 2008-07-28 20:48 . 2003-06-25 16:05 266,360 --a------ C:\Windows\System32\TweakUI.exe 2008-07-28 20:48 . 2002-06-21 15:09 160,217 --a------ C:\Windows\System32\PowerToysLicense.rtf 2008-07-28 19:43 . 2008-07-28 19:43 <DIR> d-------- C:\Windows\System32\dsl-embedded 2008-07-28 16:38 . 2008-07-28 16:38 <DIR> d-------- C:\Program Files\AnVir Task Manager 2008-07-27 18:28 . 2008-07-27 18:28 <DIR> d-------- C:\Users\12189\.idlerc 2008-07-27 18:27 . 2008-07-27 18:27 <DIR> d-------- C:\Program Files\Python 2008-07-27 18:01 . 2008-08-11 21:19 <DIR> d-------- C:\Program Files\Eraser 2008-07-27 18:01 . 2008-07-27 18:01 155,648 --a------ C:\Windows\System32\stuninstall.exe 2008-07-27 14:01 . 2008-07-27 19:31 <DIR> d-------- C:\Program Files\Astro Avenger 2 2008-07-27 12:56 . 2008-07-27 12:56 <DIR> d-------- C:\Users\image\AppData\Roaming\Copernic 2008-07-27 12:56 . 2008-07-27 12:56 <DIR> d-------- C:\Program Files\Copernic Desktop Search 2 2008-07-27 12:33 . 2008-03-03 20:06 150,064 --a------ C:\Windows\System32\vmnat.exe 2008-07-27 12:33 . 2008-03-03 20:06 121,392 --a------ C:\Windows\System32\vmnetdhcp.exe 2008-07-27 12:33 . 2008-03-03 19:12 50,992 -ra------ C:\Windows\System32\vmnetbridge.dll 2008-07-27 12:33 . 2008-03-03 19:12 28,592 -ra------ C:\Windows\System32\drivers\vmnetbridge.sys 2008-07-27 12:33 . 2008-03-03 20:06 25,136 --a------ C:\Windows\System32\drivers\vmnetuserif.sys 2008-07-27 12:33 . 2008-03-03 19:12 17,712 -ra------ C:\Windows\System32\drivers\vmnet.sys 2008-07-27 12:33 . 2008-03-03 19:12 16,816 --a------ C:\Windows\System32\drivers\vmnetadapter.sys 2008-07-27 12:33 . 2008-03-03 19:12 13,104 --a------ C:\Windows\System32\vnetinst.dll 2008-07-27 12:32 . 2008-03-03 20:05 436,784 --a------ C:\Windows\System32\vnetlib.dll 2008-07-27 12:31 . 2008-03-03 20:06 20,912 --a------ C:\Windows\System32\drivers\VMkbd.sys 2008-07-27 12:29 . 2008-08-25 22:50 <DIR> d-------- C:\Users\All Users\VMware 2008-07-27 12:29 . 2008-08-25 22:50 <DIR> d-------- C:\ProgramData\VMware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-08-25 11:06 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5 2008-08-25 05:32 --------- d-----w C:\Users\image\AppData\Roaming\skypePM 2008-08-24 11:04 --------- d-----w C:\ProgramData\Google Updater 2008-08-24 09:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-08-23 11:02 --------- d-----w C:\Program Files\RemoteObserverClient 2008-08-21 20:31 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-21 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 11:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 22:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-20 22:26 --------- d---a-w C:\ProgramData\TEMP 2008-08-18 05:45 --------- d-----w C:\ProgramData\Team MediaPortal 2008-08-18 05:44 --------- d-----w C:\Program Files\Team MediaPortal 2008-08-17 03:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-09 02:49 --------- d-----w C:\ProgramData\Pinnacle 2008-08-09 02:48 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-09 02:29 --------- d-----w C:\Program Files\Pinnacle 2008-08-07 09:33 --------- d-----w C:\Program Files\FirstClass 2008-08-02 05:53 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-08-02 05:53 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-07-26 04:03 --------- d-----w C:\Program Files\iTunes Library Updater 2008-07-24 10:19 --------- d-----w C:\Program Files\KGB Archiver 2008-07-22 06:02 --------- d-----w C:\Program Files\Any Video Converter 2008-07-22 04:57 --------- d-----w C:\Program Files\DVD Flick 2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-07-19 05:52 --------- d-----w C:\Program Files\QuickTime 2008-07-19 02:58 --------- d-----w C:\Program Files\NeoSmart Technologies 2008-07-17 00:39 53,248 ----a-w C:\Windows\System32\davclnt.dll 2008-07-17 00:39 196,096 ----a-w C:\Windows\System32\WebClnt.dll 2008-07-17 00:39 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-07-17 00:37 64,000 ----a-w C:\Windows\System32\ntlanman.dll 2008-07-17 00:37 49,720 ----a-w C:\Windows\system32\drivers\mup.sys 2008-07-17 00:37 39,936 ----a-w C:\Windows\System32\networkitemfactory.dll 2008-07-17 00:37 3,072,000 ----a-w C:\Windows\System32\networkmap.dll 2008-07-17 00:37 2,226,688 ----a-w C:\Windows\System32\networkexplorer.dll 2008-07-17 00:33 21,504 ----a-w C:\Windows\System32\netbtugc.exe 2008-07-17 00:33 184,320 ----a-w C:\Windows\system32\drivers\netbt.sys 2008-07-15 01:21 --------- d-----w C:\Program Files\Folder Marker 2008-07-15 00:56 --------- d-----w C:\ProgramData\DVD Shrink 2008-07-14 01:44 --------- d-----w C:\Program Files\Real Alternative 2008-07-13 11:43 --------- d-----w C:\Program Files\ArchMage 2008-07-12 07:39 --------- d-----w C:\Program Files\WordWeb 2008-07-12 02:02 --------- d-----w C:\Program Files\Electronic Piano 2.5 2008-07-11 11:18 --------- d-----w C:\Program Files\Wondershare 2008-07-11 05:15 --------- d-----w C:\Program Files\DVD Shrink 2008-07-10 00:16 --------- d-----w C:\Program Files\MagicScore Music Software 2008-07-09 06:12 --------- d-----w C:\Program Files\YoutubeGet 2008-07-08 21:16 235,712 ----a-w C:\Windows\system32\drivers\truecrypt.sys 2008-07-08 21:16 --------- d-----w C:\Program Files\Converber 2008-07-08 08:38 --------- d-----w C:\Program Files\VS Revo Group 2008-07-08 05:54 --------- d-----w C:\ProgramData\LogiShrd 2008-07-08 05:53 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf 2008-07-08 05:52 --------- d-----w C:\ProgramData\Logitech 2008-07-08 05:52 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-07-08 05:51 --------- d-----w C:\Program Files\Logitech 2008-07-06 07:01 --------- d-----w C:\ProgramData\TrackMania 2008-07-05 22:48 --------- d-----w C:\Program Files\TmNationsForever 2008-07-05 04:26 --------- d-----w C:\Program Files\ASUS 2008-07-01 10:48 --------- d-----w C:\Program Files\Unlocker 2008-07-01 10:43 --------- d-----w C:\Program Files\Google 2008-07-01 03:26 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys 2008-07-01 03:26 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys 2008-07-01 03:26 143,104 ----a-w C:\Windows\System32\guard32.dll 2008-07-01 03:26 --------- d-----w C:\ProgramData\comodo 2008-07-01 03:26 --------- d-----w C:\Program Files\COMODO 2008-06-23 04:42 32,256 ----a-w C:\Windows\System32\RC00C140.dll 2008-06-23 04:42 27,136 ----a-w C:\Windows\System32\RCINST.DLL 2008-06-06 08:58 45,056 ----a-w C:\Windows\NCUNINST.EXE 2008-05-28 21:28 28,416 ----a-w C:\Windows\System32\uxtuneup.dll 2008-05-28 21:28 16,640 ----a-w C:\Windows\System32\authuitu.dll 2008-05-28 08:01 615,424 ----a-w C:\Windows\System32\themeui.dll 2008-05-28 08:01 240,640 ----a-w C:\Windows\System32\uxtheme.dll 2007-03-20 06:53 108 --sha-r C:\Windows\neoqaz2.dll 2008-02-11 08:21 952 --sha-w C:\Windows\System32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-24_22.49.34.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-24 10:41:39 2,490,728 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat + 2008-08-25 10:36:38 2,490,728 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat - 2008-08-24 10:43:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat + 2008-08-25 10:49:13 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat - 2008-08-24 10:43:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat + 2008-08-25 10:49:13 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat - 2008-08-24 10:45:27 1,572,864 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-08-25 10:51:49 1,572,864 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-08-24 10:45:27 1,380,352 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-08-25 10:51:43 1,380,352 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT - 2008-08-24 10:44:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2008-08-25 10:50:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at - 2008-08-24 10:44:08 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-08-25 10:50:24 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-08-24 10:44:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat + 2008-08-25 10:50:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2008-08-24 10:37:19 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t + 2008-08-25 11:10:11 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t - 2008-01-02 18:21:36 17,642,616 ----a-w C:\Windows\System32\mrt.exe + 2008-08-04 23:11:02 15,888,504 ----a-w C:\Windows\System32\mrt.exe - 2008-08-22 07:44:13 115,660 ----a-w C:\Windows\System32\perfc009.dat + 2008-08-25 05:37:10 115,660 ----a-w C:\Windows\System32\perfc009.dat - 2008-08-22 07:44:13 639,608 ----a-w C:\Windows\System32\perfh009.dat + 2008-08-25 05:37:10 639,608 ----a-w C:\Windows\System32\perfh009.dat - 2008-08-24 07:54:33 13,830 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-643970264-1529554251-782984527-11869_UserData.bin + 2008-08-25 10:52:58 14,116 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-643970264-1529554251-782984527-11869_UserData.bin - 2008-08-24 07:54:32 123,794 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin + 2008-08-25 10:52:58 124,128 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin - 2008-08-23 09:57:43 90,146 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin + 2008-08-25 10:52:55 90,396 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin - 2008-08-21 03:22:20 416,978 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin + 2008-08-25 03:35:46 420,394 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin . -- Snapshot reset to current date --	Blam (54)
698689	2008-08-25 11:50:00	ComboFix 08-08-24 . 02 - 12189 2008-08-25 23:10:25 . 4 - NTFSx86 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sy ncplicity Icon Overlay (Folder)] @="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}" [HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}] 2008-07-25 10:51 38400 --a------ C:\Program Files\Syncplicity\SyncplicityShellExt . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sy ncplicity Icon Overlay (Fully Synced)] @="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}" [HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}] 2008-07-25 10:51 38400 --a------ C:\Program Files\Syncplicity\SyncplicityShellExt . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sy ncplicity Icon Overlay (Not Latest Version)] @="{284C090F-EB1D-4A6E-872E-6DB72E417E24}" [HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}] 2008-07-25 10:51 38400 --a------ C:\Program Files\Syncplicity\SyncplicityShellExt . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sy ncplicity Icon Overlay (Shared Folder)] @="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}" [HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}] 2008-07-25 10:51 38400 --a------ C:\Program Files\Syncplicity\SyncplicityShellExt . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2006-12-04 13:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2006-12-04 13:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns . dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar . exe" [2008-01-10 10:50 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr . Exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype . exe" [2008-05-30 15:54 21718312] "Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService . exe" [2008-04-11 08:38 1583624] "Snarl"="C:\Program Files\full phat\Snarl\snarl . exe" [2007-03-15 02:16 253952] "Executor"="C:\Program Files\Executor\executor . exe" [2008-05-19 13:32 1052672] "UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon . exe" [2007-09-17 16:37 228352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ThpSrv"="C:\Windows\system32\thpsrv" [X] "Apoint"="C:\Program Files\Apoint2K\Apoint . exe" [2006-09-11 19:21 180224] "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher . exe" [2006-12-04 12:29 49168] "IgfxTray"="C:\Windows\system32\igfxtray . exe" [2007-03-06 12:36 138008] "HotKeysCmds"="C:\Windows\system32\hkcmd . exe" [2007-03-06 12:35 158488] "Persistence"="C:\Windows\system32\igfxpers . exe" [2007-03-06 12:35 133912] "PAC7311_Monitor"="C:\Windows\PixArt\PAC7311\Monitor . exe" [2006-11-03 10:01 319488] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier . exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask . exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper . exe" [2008-07-30 10:47 289064] "Kernel and Hardware Abstraction Layer"="KHALMNPR . EXE" [2008-02-29 03:12 76304 C:\Windows\KHALMNPR . Exe] [HKEY_USERS\ . DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr . exe" [2007-10-18 11:34 5724184] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager . lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng . exe [2006-11-26 04:29:44 2134016] iReboot 1 . 1 . 0 . lnk - C:\Program Files\NeoSmart Technologies\iReboot\iReboot . exe [2008-04-27 23:49:16 205312] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-12-04 12:50 90112 C:\Windows\System32\psqlpwd . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc . i420"= vdrcodec . dll "msacm . dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm . acm "VIDC . MJPG"= Pvmjpg30 . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-643970264-1529554251-782984527-11869\Scripts\Logon\0\0] "Script"=\\sweden\netlogon\settime . bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-643970264-1529554251-782984527-11869\Scripts\Logon\0\1] "Script"=\\sweden\NETLOGON\referencite . bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-643970264-1529554251-782984527-11869\Scripts\Logon\1\0] "Script"=08student . bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-643970264-1529554251-782984527-11869\Scripts\Logon\1\1] "Script"=pushprinterconnections . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A2Menu] --a------ 2007-12-22 23:55 811008 C:\Program Files\Aston2 Menu\A2Menu . exe	Blam (54)
1 2 3 4 5 6 7 8