Malware Sucks! -- Antispyware-reviews.biz[INACTIVE]

hookembevo · April 4, 2008

My wife (or kids) managed to download some nasty junk.. I continuously get popups, etc. Here's my logfile.

Thanks in advance for the assistance!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:06:15 PM, on 4/3/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\p2phost.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\yujsurtw\folgtctw.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Trend Micro\Internet Security\UfNavi.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ELISAC~1\AppData\Local\Temp\awtttuVM.dll,#1

O4 - HKCU\..\Run: [yujsurtw] C:\ProgramData\yujsurtw\folgtctw.exe

O4 - HKCU\..\Run: [iHVyPJFShD] C:\ProgramData\nknkvibk\xuxspgtw.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ELISAC~1\AppData\Local\Temp\jkkKcBtR.dll,c

O4 - HKCU\..\Run: [945c3710] rundll32.exe "C:\Users\ELISAC~1\AppData\Local\Temp\ossiryjh.dll",b

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11874 bytes

Andro1d · April 4, 2008

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

As a Vista user I will require that all the programms I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programms may fail to do their job properly.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

For more information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  -----------------------------------------------------------

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combofix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

hookembevo · April 10, 2008

Sorry for the slow response. I thought I was going to get a notification when I got a response, but here goes.

ComboFix 08-04-09.8 - ***** ********* 2008-04-10 1:25:24.2 - NTFSx86

MicrosoftÂ® Windows Vistaâ„¢ Ultimate 6.0.6000.0.1252.1.1033.18.933 [GMT -5:00]

Running from: C:\Users\***** *********\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))

.

2008-04-08 19:56 . 2008-02-14 18:19 944,184 --a------ C:\Windows\System32\winload.exe

2008-04-08 19:56 . 2008-02-19 00:10 620,088 --a------ C:\Windows\System32\ci.dll

2008-04-08 19:56 . 2008-02-29 01:39 371,712 --a------ C:\Windows\System32\srcore.dll

2008-04-08 19:56 . 2008-02-29 01:38 313,856 --a------ C:\Windows\System32\rstrui.exe

2008-04-08 19:56 . 2008-02-29 01:39 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-08 19:56 . 2008-02-29 01:51 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-08 19:56 . 2008-02-29 01:38 16,384 --a------ C:\Windows\System32\srdelayed.exe

2008-04-08 19:56 . 2008-02-29 01:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll

2008-04-08 19:56 . 2008-02-29 01:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-03 23:34 . 2008-04-03 23:34 <DIR> d-------- C:\Windows\System32\HouseCall 6.6

2008-04-03 22:33 . 2008-04-03 22:33 <DIR> d-------- C:\Users\***** *********\AppData\Roaming\Malwarebytes

2008-04-03 22:33 . 2008-04-03 22:33 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-04-03 22:33 . 2008-04-03 22:33 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-04-03 22:33 . 2008-04-03 22:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-03 21:23 . 2008-04-03 22:01 <DIR> d-------- C:\Program Files\Panda Security

2008-04-03 21:03 . 2008-04-03 23:35 <DIR> d-------- C:\Users\***** *********\AppData\Roaming\HouseCall 6.6

2008-04-03 21:02 . 2008-04-03 21:02 <DIR> d-------- C:\Windows\Sun

2008-04-02 20:04 . 2008-04-02 20:04 <DIR> d-------- C:\Users\All Users\Trend Micro

2008-04-02 20:04 . 2008-04-02 20:04 <DIR> d-------- C:\ProgramData\Trend Micro

2008-04-02 20:03 . 2008-04-03 21:49 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-01 22:21 . 2008-04-03 22:51 <DIR> d-------- C:\Users\All Users\yujsurtw

2008-04-01 22:21 . 2008-04-03 19:45 <DIR> d-------- C:\Users\All Users\nknkvibk

2008-04-01 22:21 . 2008-04-03 22:51 <DIR> d-------- C:\ProgramData\yujsurtw

2008-04-01 22:21 . 2008-04-03 19:45 <DIR> d-------- C:\ProgramData\nknkvibk

2008-03-12 05:38 . 2007-12-16 17:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-03-12 05:38 . 2007-12-16 04:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 08:14 --------- d-----w C:\Program Files\Windows Mail

2008-04-09 08:07 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-08 23:24 28,285 ----a-w C:\Users\***** *********\AppData\Roaming\nvModes.dat

2008-03-26 03:21 --------- d-----w C:\Users\***** *********\AppData\Roaming\Creative

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-26 02:47 --------- d-----w C:\ProgramData\Dell

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-16 16:02 --------- d-----w C:\ProgramData\WLInstaller

2008-02-16 16:02 --------- d-----w C:\Program Files\Windows Live

2008-02-16 15:59 --------- d-----w C:\Users\***** *********\AppData\Roaming\PeerNetworking

2008-02-16 05:07 65,936 ----a-w C:\Windows\system32\drivers\tmtdi.sys

2008-02-16 05:07 52,496 ----a-w C:\Windows\system32\drivers\tmactmon.sys

2008-02-16 05:07 52,240 ----a-w C:\Windows\system32\drivers\tmevtmgr.sys

2008-02-16 05:07 35,856 ----a-w C:\Windows\system32\drivers\tmpreflt.sys

2008-02-16 05:07 202,768 ----a-w C:\Windows\system32\drivers\tmxpflt.sys

2008-02-16 05:07 138,384 ----a-w C:\Windows\system32\drivers\tmcomm.sys

2008-02-16 05:07 1,126,072 ----a-w C:\Windows\system32\drivers\vsapint.sys

2008-02-15 01:35 --------- d-----w C:\ProgramData\Apple Computer

2008-02-15 01:35 --------- d-----w C:\Program Files\iTunes

2008-02-15 01:35 --------- d-----w C:\Program Files\iPod

2008-02-15 01:34 --------- d-----w C:\Program Files\QuickTime

2008-02-13 09:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 09:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 09:06 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 09:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-13 09:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-13 09:06 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 09:06 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 09:06 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 09:06 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 09:05 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 09:05 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 09:05 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 09:05 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 09:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-13 09:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 09:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 09:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 09:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 09:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 09:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-12 17:01 1,030 ----a-w C:\Users\***** *********\AppData\Roaming\wklnhst.dat

2008-02-12 02:08 --------- d-----w C:\Program Files\Picasa2

2008-02-12 02:07 --------- d-----w C:\Program Files\Google

2008-01-10 09:03 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-25 05:46 407,010,384 ----a-w C:\Users\***** *********\X12-30196.exe

2007-11-25 05:44 404,349,240 ----a-w C:\Users\***** *********\X13-40150.exe

2007-11-10 16:24 174 --sha-w C:\Program Files\desktop.ini

2007-10-31 12:04 76 --sha-r C:\Windows\CT4CET.bin

2007-12-04 15:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-12-04 15:07 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-12-04 15:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((( snapshot@2008-04-04_ 0.18.40.34 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-04 04:15:33 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-09 08:16:50 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-10 06:24:05 6,336,512 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT

- 2008-03-13 08:09:30 665,600 ----a-w C:\Windows\inf\drvindex.dat

+ 2008-04-09 08:13:42 665,600 ----a-w C:\Windows\inf\drvindex.dat

- 2008-04-03 01:05:38 51,200 ----a-w C:\Windows\inf\infpub.dat

+ 2008-04-09 08:14:12 51,200 ----a-w C:\Windows\inf\infpub.dat

- 2008-04-03 01:05:37 86,016 ----a-w C:\Windows\inf\infstor.dat

+ 2008-04-09 08:14:12 86,016 ----a-w C:\Windows\inf\infstor.dat

- 2008-04-03 01:05:38 86,016 ----a-w C:\Windows\inf\infstrng.dat

+ 2008-04-09 08:13:43 86,016 ----a-w C:\Windows\inf\infstrng.dat

+ 2006-10-27 05:00:12 1,841,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL

- 2008-03-13 08:03:46 1,165,584 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-04-09 08:07:55 1,165,584 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe

- 2008-03-13 08:03:46 20,240 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-04-09 08:07:56 20,240 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-03-13 08:03:46 217,864 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe

+ 2008-04-09 08:07:56 217,864 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe

- 2008-03-13 08:03:46 18,704 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-04-09 08:07:56 18,704 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-03-13 08:03:46 35,088 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-04-09 08:07:56 35,088 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-03-13 08:03:46 845,584 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-04-09 08:07:55 845,584 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe

- 2008-03-13 08:03:46 922,384 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-04-09 08:07:56 922,384 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe

- 2008-03-13 08:03:46 272,648 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-04-09 08:07:56 272,648 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe

- 2008-03-13 08:03:46 888,080 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-04-09 08:07:56 888,080 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-03-13 08:03:46 1,172,240 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-04-09 08:07:55 1,172,240 ----a-r C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-04-10 06:29:52 53,248 ----a-w C:\Windows\PSEXESVC.EXE

- 2008-04-04 04:11:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-09 08:02:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-04 04:17:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-09 08:17:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-04-04 04:13:00 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-09 08:04:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-04 05:17:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-10 06:29:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-10 06:29:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-02-13 09:02:24 124,928 ----a-w C:\Windows\System32\advpack.dll

+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\System32\advpack.dll

- 2008-04-04 04:16:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-09 22:51:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-04-04 04:16:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-09 22:51:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-04 04:16:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-09 22:51:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-04-04 05:13:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-04-10 06:25:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2006-11-02 09:46:04 162,816 ----a-w C:\Windows\System32\dnsapi.dll

+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\System32\dnsapi.dll

- 2006-11-02 09:45:02 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe

+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe

- 2006-11-02 09:46:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll

+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll

- 2008-02-13 09:02:22 347,136 ----a-w C:\Windows\System32\dxtmsft.dll

+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\System32\dxtmsft.dll

- 2008-02-13 09:02:22 214,528 ----a-w C:\Windows\System32\dxtrans.dll

+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\System32\dxtrans.dll

- 2007-11-25 09:11:20 421,296 ----a-w C:\Windows\System32\FNTCACHE.DAT

+ 2008-04-09 08:17:00 421,296 ----a-w C:\Windows\System32\FNTCACHE.DAT

- 2008-02-13 09:02:21 63,488 ----a-w C:\Windows\System32\icardie.dll

+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\System32\icardie.dll

- 2008-02-13 09:02:19 70,656 ----a-w C:\Windows\System32\ie4uinit.exe

+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\System32\ie4uinit.exe

- 2008-02-13 09:02:23 383,488 ----a-w C:\Windows\System32\ieapfltr.dll

+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\System32\ieapfltr.dll

- 2008-02-13 09:02:28 6,066,176 ----a-w C:\Windows\System32\ieframe.dll

+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\System32\ieframe.dll

- 2008-02-13 09:02:19 44,544 ----a-w C:\Windows\System32\iernonce.dll

+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\System32\iernonce.dll

- 2008-02-13 09:02:29 180,736 ----a-w C:\Windows\System32\ieui.dll

+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\System32\ieui.dll

- 2008-02-13 09:02:24 27,648 ----a-w C:\Windows\System32\jsproxy.dll

+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\System32\jsproxy.dll

- 2008-02-13 09:02:24 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll

+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll

- 2008-03-05 13:30:56 19,148,408 ----a-w C:\Windows\System32\mrt.exe

+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe

- 2008-02-13 09:02:26 3,592,192 ----a-w C:\Windows\System32\mshtml.dll

+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\System32\mshtml.dll

- 2008-02-13 09:02:27 478,208 ----a-w C:\Windows\System32\mshtmled.dll

+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\System32\mshtmled.dll

- 2008-02-13 09:02:21 671,232 ----a-w C:\Windows\System32\mstime.dll

+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\System32\mstime.dll

- 2008-04-04 04:20:21 104,868 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-09 08:21:58 104,868 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-04 04:20:21 621,552 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-09 08:21:58 621,552 ----a-w C:\Windows\System32\perfh009.dat

- 2008-02-13 09:02:24 44,544 ----a-w C:\Windows\System32\pngfilt.dll

+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\System32\pngfilt.dll

- 2008-03-23 17:29:22 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2008-04-09 08:17:56 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2008-02-13 09:02:23 1,159,680 ----a-w C:\Windows\System32\urlmon.dll

+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\System32\urlmon.dll

- 2008-03-13 08:09:37 1,216,323 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-04-09 08:14:31 26,403,608 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll

+ 2008-02-22 04:48:31 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll

+ 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll

+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe

+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe

+ 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll

+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe

+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe

+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll

+ 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll

+ 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll

+ 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll

+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe

+ 2008-02-13 09:08:42 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe

+ 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe

+ 2008-02-13 09:08:41 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe

+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe

+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe

+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe

+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe

+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll

+ 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll

+ 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll

+ 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll

+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll

+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe

+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll

+ 2007-12-16 11:49:22 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll

+ 2007-12-16 09:41:27 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe

+ 2007-12-16 11:49:22 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll

+ 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll

+ 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll

+ 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll

+ 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll

+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll

+ 2008-02-22 04:51:42 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll

+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll

+ 2008-02-22 04:52:08 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll

+ 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll

+ 2008-02-22 04:52:15 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll

+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll

+ 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll

+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll

+ 2008-02-22 04:50:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll

+ 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll

+ 2008-02-22 04:50:26 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll

+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll

+ 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll

+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll

+ 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll

+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll

+ 2008-02-22 04:49:41 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll

+ 2008-02-22 04:52:15 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll

+ 2008-02-22 04:52:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll

+ 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll

+ 2008-02-22 05:01:41 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll

+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll

+ 2008-02-22 04:49:22 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll

+ 2008-02-22 04:52:21 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll

+ 2008-02-22 04:52:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll

+ 2008-02-13 09:02:23 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat

+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll

+ 2008-02-13 09:02:23 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat

+ 2008-02-22 04:49:22 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll

+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll

+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll

+ 2008-02-22 04:49:00 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll

+ 2008-02-22 04:49:00 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll

+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll

+ 2008-02-22 04:50:17 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll

+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll

+ 2008-02-22 04:50:17 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll

+ 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll

+ 2008-02-22 04:50:05 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll

+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll

+ 2008-02-22 04:49:21 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll

+ 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe

+ 2008-02-21 04:43:03 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe

+ 2008-02-22 02:43:50 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe

+ 2008-02-22 02:44:11 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe

+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe

+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll

+ 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll

+ 2008-02-22 02:43:42 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe

+ 2008-02-22 04:49:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll

+ 2008-02-22 04:49:24 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll

+ 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll

+ 2008-02-22 04:49:22 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll

+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll

+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll

+ 2008-02-22 04:49:24 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll

+ 2008-02-22 04:49:24 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll

+ 2008-02-21 04:43:03 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe

+ 2008-02-22 02:44:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe

+ 2008-02-21 04:43:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe

+ 2008-02-22 02:44:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe

+ 2008-03-17 22:43:16 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16660_none_f060fbf66e8469dc\OESpamFilter.dat

+ 2008-03-17 22:16:50 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20801_none_f12c7a798770787e\OESpamFilter.dat

+ 2008-03-17 22:18:52 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18040_none_f25cda746b9ac2eb\OESpamFilter.dat

+ 2008-03-17 22:17:41 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22144_none_f2ea786784b4c811\OESpamFilter.dat

+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe

+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll

+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll

+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe

+ 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe

+ 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll

+ 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll

+ 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe

+ 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe

+ 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll

+ 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll

+ 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe

+ 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe

+ 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll

+ 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll

+ 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe

+ 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys

+ 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys

+ 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys

+ 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:32 2159104 C:\Windows\System32\oobefldr.dll]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:34 125440]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:03 1232896]

"yujsurtw"="C:\ProgramData\yujsurtw\folgtctw.exe" [ ]

"iHVyPJFShD"="C:\ProgramData\nknkvibk\xuxspgtw.exe" [ ]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-10 11:12 1006264]

"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 09:14 180224]

"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 19:35 857648]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 11:23 405504]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-09-21 02:07 184320]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 00:54 36864]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 22:24 86016]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 22:24 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 22:24 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 22:24 8497696]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-31 07:15 1862144]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 05:20 17920]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43 118784]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]

"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 14:19 1398024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50 703280]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-31 06:55:50 50688]

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 18:13:26 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7DC237D6-C39D-4972-8763-ED9B9728BEEA}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{BD2A47CF-6B3D-43C1-8E1C-07602F03824F}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{A1E94C37-87F4-4376-BC94-9253E854C16A}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{349E9F3E-A876-41EB-A601-8579F88205EE}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema

"{822650D8-2663-4B09-B5C6-CEE0FB721F59}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{04DC30A6-D814-4DAA-BAFD-BDB4CA0DAFE9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{76C50255-AD15-4B7E-8E28-A965527138FC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{5B1D9FAF-2FF8-48EA-9AA2-0DECA701B2C1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{B8FB54E8-0006-4D32-8EAF-54A164140381}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{72211A99-DFE5-4DCC-8ABE-A435D25FB807}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{46A4CD05-C268-4426-8535-73A4FDB599B8}C:\\users\\***** *********\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\6crhtf33\\housecall66[1].exe"= UDP:C:\users\***** *********\appdata\local\microsoft\windows\temporary internet files\content.ie5\6crhtf33\housecall66[1].exe:housecall66[1].exe

"UDP Query User{00FDAB59-4A95-4E06-AE83-678358A76C3F}C:\\users\\***** *********\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\6crhtf33\\housecall66[1].exe"= TCP:C:\users\***** *********\appdata\local\microsoft\windows\temporary internet files\content.ie5\6crhtf33\housecall66[1].exe:housecall66[1].exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 14:25]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2006-10-20 15:34]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 18:03]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 00:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-10 01:30:00

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-10 1:31:23

ComboFix-quarantined-files.txt 2008-04-10 06:31:11

ComboFix2.txt 2008-04-04 05:19:04

Pre-Run: 97,391,890,432 bytes free

Post-Run: 97,049,530,368 bytes free

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:43:34 AM, on 4/10/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\PROGRA~1\MICROS~2\OFFICE11\WORDVIEW.EXE

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE