ComboFix 09-11-08.03 - HP_Administrator 11/09/2009 17:30.2.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.626 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator.KAMLION-2\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ---- Previous Run ------- . c:\data\IluPak.exe c:\docume~1\HP_ADM~1.KAM\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\HP_Administrator.KAMLION-2\Local Settings\Temp\IadHide5.dll c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\kb913800.exe c:\windows\system32\arksjwle.ini c:\windows\system32\CdedLnpo.ini c:\windows\system32\Plugins\ml\ml_pmp_device_Audio Player.ini c:\windows\system32\ps2.bat c:\windows\system32\sbqoftet.ini c:\windows\system32\tvujfpvt.ini c:\windows\wiaserviv.log D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 ))))))))))))))))))))))))))))))) . 2009-11-09 04:45 . 2009-11-09 04:45 -------- d-----w- c:\program files\iPod 2009-11-09 04:44 . 2009-11-09 04:46 -------- d-----w- c:\program files\iTunes 2009-11-09 04:30 . 2009-11-09 04:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-08 21:02 . 2009-11-08 21:03 -------- d-----w- c:\program files\Guild Wars 2009-11-08 06:47 . 2009-11-08 06:47 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Local Settings\Application Data\Threat Expert 2009-11-07 07:26 . 2009-11-09 22:02 -------- d-----w- c:\program files\Spyware Doctor 2009-11-07 07:26 . 2009-11-09 22:02 -------- d-----w- c:\program files\Common Files\PC Tools 2009-11-04 00:37 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\3a55a213.dll 2009-11-04 00:37 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\164c7c10.dll 2009-11-03 22:59 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\25591d1.dll 2009-11-03 22:59 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\23b3f5c0.dll 2009-11-03 22:32 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\68f6e30.dll 2009-11-03 22:32 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\28be8f12.dll 2009-11-03 22:26 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\47eef70.dll 2009-11-03 22:26 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\19798a66.dll 2009-11-03 22:25 . 2009-11-03 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon 2009-11-03 22:25 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\300fe4.dll 2009-11-03 22:25 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\12e6128c.dll 2009-11-03 22:22 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\74c62ce.dll 2009-11-03 22:22 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\5a963ed.dll 2009-11-03 21:47 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\ab4b270.dll 2009-11-03 21:47 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\19e8b4a0.dll 2009-11-03 19:01 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\fe1e2a4.dll 2009-11-03 19:01 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\768644e.dll 2009-11-03 18:55 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\2a364e7.dll 2009-11-03 18:55 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\1fb52ff2.dll 2009-11-03 18:43 . 2009-11-03 18:44 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\NeopleLauncherDFO 2009-11-03 18:43 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\ef296da.dll 2009-11-03 18:43 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\868d2ce.dll 2009-11-03 18:43 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\18c1f5b6.dll 2009-11-03 18:43 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\173a3f8c.dll 2009-11-03 06:02 . 2009-11-03 06:02 -------- d-----w- c:\program files\Safer Networking 2009-10-26 05:44 . 2009-10-26 05:44 -------- d-----w- c:\program files\SEGA 2009-10-25 20:19 . 2009-10-25 20:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion 2009-10-25 18:15 . 2009-10-25 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar 2009-10-25 18:15 . 2009-10-25 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-10-25 01:52 . 2009-10-25 01:52 -------- d-----w- c:\program files\CCleaner 2009-10-24 23:19 . 2009-10-24 23:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-24 23:18 . 2009-11-09 22:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache 2009-10-24 18:57 . 2009-10-24 18:57 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\Malwarebytes 2009-10-24 18:57 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-24 18:57 . 2009-10-24 18:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-24 18:57 . 2009-10-24 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-24 18:57 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-24 17:17 . 2009-10-24 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-10-24 17:00 . 2009-10-24 17:00 -------- d-----w- c:\program files\DIFX 2009-10-24 17:00 . 2009-10-24 17:00 -------- d-----w- c:\program files\USB TV 2009-10-24 16:22 . 2009-07-24 13:55 1090816 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-10-21 09:09 . 2009-10-21 09:09 1749728 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\NMService.exe 2009-10-21 09:09 . 2009-10-21 09:09 1659624 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\nmconew.dll 2009-10-16 06:37 . 2009-10-16 06:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\TSVNCache 2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll 2009-10-13 21:35 . 2009-10-13 21:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-09 22:22 . 2009-04-16 04:23 -------- d-----w- c:\program files\FreeMeter 2009-11-09 22:02 . 2007-07-25 02:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-09 21:05 . 2008-11-30 23:03 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\DNA 2009-11-09 18:03 . 2008-11-30 23:03 -------- d-----w- c:\program files\DNA 2009-11-09 06:56 . 2008-10-03 01:30 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\LimeWire 2009-11-09 04:50 . 2008-06-24 05:55 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\.purple 2009-11-09 04:45 . 2009-04-09 22:21 -------- d-----w- c:\program files\Common Files\Apple 2009-11-09 04:28 . 2008-06-24 05:44 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\Apple Computer 2009-11-09 03:57 . 2006-02-22 17:18 -------- d-----w- c:\program files\LimeWire 2009-11-09 01:21 . 2009-01-19 04:00 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\Online Solutions 2009-11-08 05:59 . 2008-07-05 01:32 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\Xfire 2009-11-05 22:51 . 2008-06-24 22:03 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\uTorrent 2009-11-05 01:47 . 2005-12-30 11:58 -------- d-s---w- c:\program files\Xfire 2009-11-04 18:32 . 2009-03-03 23:23 -------- d-s---w- c:\program files\Nexon 2009-11-04 10:42 . 2009-03-03 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-11-03 21:19 . 2008-08-04 18:39 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll 2009-11-03 21:19 . 2008-08-04 18:39 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll 2009-11-03 21:19 . 2008-08-04 18:39 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll 2009-11-03 21:19 . 2008-08-04 18:39 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll 2009-11-03 21:19 . 2008-08-04 18:39 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll 2009-11-03 21:19 . 2008-08-04 18:39 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe 2009-10-30 02:43 . 2008-09-07 18:50 7468 ----a-w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\wklnhst.dat 2009-10-28 00:10 . 2008-06-24 06:33 73936 ----a-w- c:\documents and settings\HP_Administrator.KAMLION-2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-27 23:54 . 2009-01-17 18:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-27 23:51 . 2008-06-22 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-26 05:52 . 2005-09-15 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-26 05:43 . 2009-02-04 00:14 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\DAEMON Tools Pro 2009-10-25 20:30 . 2009-03-26 14:25 7343628 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-10-25 19:42 . 2005-09-15 03:59 -------- d-----w- c:\program files\Google 2009-10-25 02:39 . 2008-11-02 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-24 17:06 . 2005-09-15 03:11 -------- d-----w- c:\program files\ATI Technologies 2009-10-24 16:37 . 2008-05-05 15:01 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-10-24 16:31 . 2009-05-25 18:00 -------- d-----w- c:\program files\LSI SoftModem 2009-10-24 16:22 . 2009-10-03 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-24 16:11 . 2009-02-04 00:06 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\DAEMON Tools Lite 2009-10-24 16:06 . 2009-02-04 00:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-10-24 15:57 . 2008-07-12 22:09 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-10-20 20:55 . 2009-09-20 19:53 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\HpUpdate 2009-10-04 02:24 . 2008-06-26 20:53 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\gtk-2.0 2009-10-03 06:05 . 2009-10-03 06:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR 2009-10-03 06:05 . 2008-06-24 06:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-03 06:05 . 2008-06-24 06:17 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-03 06:05 . 2008-06-24 06:17 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-03 06:05 . 2008-06-24 06:17 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-30 02:52 . 2005-12-22 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-09-22 19:35 . 2005-09-15 03:30 -------- d-----w- c:\program files\Common Files\Real 2009-09-22 19:34 . 2009-09-22 19:34 -------- d-----w- c:\program files\Common Files\xing shared 2009-09-22 19:34 . 2009-09-22 19:34 -------- d-----w- c:\program files\real 2009-09-22 19:25 . 2009-09-21 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-21 21:48 . 2009-09-21 21:48 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2009-09-21 19:42 . 2008-07-21 00:56 -------- d-----w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\U3 2009-09-21 18:59 . 2009-09-21 18:59 -------- d-----w- c:\program files\InterAct 2009-09-18 16:35 . 2005-09-15 02:59 -------- d-----w- c:\program files\Java 2009-09-18 16:34 . 2009-09-18 16:34 152576 ----a-w- c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-09-16 03:57 . 2009-09-16 03:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2009-09-16 03:57 . 2009-09-16 03:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2009-09-16 03:56 . 2009-09-16 03:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2009-09-16 03:53 . 2009-09-16 03:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2009-09-16 03:53 . 2009-09-16 03:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2009-09-16 03:52 . 2009-02-22 20:50 -------- d-----w- c:\program files\Zune 2009-09-15 01:47 . 2009-09-15 01:47 -------- d-----w- c:\program files\iPhone Configuration Utility 2009-09-15 01:46 . 2009-09-15 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-15 01:42 . 2005-09-15 03:43 -------- d-----w- c:\program files\QuickTime 2009-09-14 01:32 . 2009-09-14 01:32 -------- d-----w- c:\program files\LJ Comment Stats Wizard 2009-09-11 14:18 . 2004-08-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 17:17 . 2009-09-04 17:17 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2009-09-04 17:16 . 2009-09-04 17:16 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2009-09-02 04:29 . 2009-09-02 04:29 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2009-09-02 04:29 . 2009-09-02 04:29 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2009-09-02 04:29 . 2009-09-02 04:29 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2009-09-02 04:29 . 2009-09-02 04:29 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2009-09-02 04:29 . 2009-09-02 04:29 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2009-09-02 04:29 . 2009-09-02 04:29 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2009-09-02 04:28 . 2009-09-02 04:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys 2009-08-29 08:08 . 2004-08-10 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-27 02:41 . 2005-03-08 19:43 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2009-08-27 02:41 . 2005-03-08 19:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2009-08-27 02:40 . 2005-03-08 19:43 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2009-08-26 08:00 . 2004-08-10 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-17 16:37 . 2009-08-17 16:37 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll 2009-08-17 16:37 . 2009-08-17 16:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2009-08-13 19:07 . 2005-09-15 03:12 1163328 ----a-w- c:\windows\system32\drivers\AGRSM.sys 2008-07-20 19:50 . 2008-07-20 19:50 22 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-25_01.29.05 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll - 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll - 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll - 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll - 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll - 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll - 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll - 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll - 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll - 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll - 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll - 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll - 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll - 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll - 2005-07-02 13:28 . 2009-10-16 03:00 79134 c:\windows\system32\perfc009.dat + 2005-07-02 13:28 . 2009-11-03 03:56 79134 c:\windows\system32\perfc009.dat + 2009-11-08 06:48 . 2009-11-08 06:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2005-01-28 09:29 . 2009-11-08 06:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2005-01-28 09:29 . 2009-10-13 21:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-10-13 21:35 . 2009-10-13 21:35 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-10-13 21:35 . 2009-11-08 06:48 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2005-01-28 09:29 . 2009-11-08 06:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2005-01-28 09:29 . 2009-10-13 21:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-18 21:01 . 2009-10-17 05:19 25214 c:\windows\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe + 2008-08-18 21:01 . 2009-11-06 06:37 25214 c:\windows\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe + 2009-10-26 05:51 . 2009-10-26 05:51 40960 c:\windows\Installer\{778D5912-DF4A-4019-A654-3505151D0756}\NewShortcut1.exe - 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll - 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll + 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll + 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll - 2005-07-02 13:28 . 2009-10-16 03:00 463842 c:\windows\system32\perfh009.dat + 2005-07-02 13:28 . 2009-11-03 03:56 463842 c:\windows\system32\perfh009.dat + 2005-07-02 13:34 . 2009-10-27 22:22 267008 c:\windows\system32\FNTCACHE.DAT + 2009-11-07 17:43 . 2009-11-07 17:43 195584 c:\windows\Installer\db8336e.msi + 2009-11-09 04:34 . 2009-11-09 04:34 796672 c:\windows\Installer\c75079.msi + 2009-11-07 07:27 . 2009-11-07 07:27 228352 c:\windows\Installer\b841e5d.msi + 2009-11-09 04:47 . 2009-11-09 04:47 102400 c:\windows\Installer\{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}\iTunesIco.exe + 2009-11-04 22:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-04 22:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe + 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll - 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll - 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2004-08-10 12:00 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll + 2004-08-10 12:00 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-11-09 04:47 . 2009-11-09 04:47 4454912 c:\windows\Installer\c7581e.msi + 2009-10-26 05:51 . 2009-10-26 05:51 6853632 c:\windows\Installer\1fd8ba3.msi + 2009-10-26 05:51 . 2009-10-26 05:51 1499648 c:\windows\Installer\{778D5912-DF4A-4019-A654-3505151D0756}\ARPPRODUCTICON.exe + 2009-11-04 22:00 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Google Update"="c:\documents and settings\HP_Administrator.KAMLION-2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-02 133104] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 219008] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-03 2923192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-30 2025752] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-03 18085888] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-10-24 81997] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-9-14 36903] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-03 06:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Pidgin\\pidgin.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LucasArts\\Star Wars Battlefront PS2 Server\\battlefront.exe"= "c:\\Program Files\\LucasArts\\Star Wars Battlefront II PS2 Server\\swbf2sm.exe"= "c:\\Program Files\\LucasArts\\Star Wars Battlefront II PS2 Server\\BattlefrontII.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\LucasArts\\Jedi Knight\\JK.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"= "c:\\Documents and Settings\\HP_Administrator.KAMLION-2\\My Documents\\Emulation 2.0\\Nintendo\\Super Nintendo\\Emulators\\zsneswv1.36\\ZSNESW.EXE"= "c:\\Program Files\\Quake III Arena\\quake3.exe"= "c:\\UT2004\\System\\UT2004.exe"= "c:\\Program Files\\LucasArts\\MotS\\JKM.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Nexon\\DFO\\DFO.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56440:TCP"= 56440:TCP:Pando Media Booster "56440:UDP"= 56440:UDP:Pando Media Booster "8767:UDP"= 8767:UDP:Voice "14534:TCP"= 14534:TCP:Webinterface "51234:TCP"= 51234:TCP:TCP query "8767:TCP"= 8767:TCP:TS "13548:TCP"= 13548:TCP:TS "58300:TCP"= 58300:TCP:Pando Media Booster "58300:UDP"= 58300:UDP:Pando Media Booster R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/24/2008 1:17 AM 108552] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/24/2008 1:17 AM 335240] S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/3/2009 1:05 AM 908056] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/3/2009 1:05 AM 297752] S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/25/2009 1:25 PM 55152] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360] --- Other Services/Drivers In Memory --- *NewlyCreated* - DOT3SVC *NewlyCreated* - EAPHOST *NewlyCreated* - MBR *NewlyCreated* - VSDATANT *Deregistered* - mbr . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\Mozilla\Firefox\Profiles\328ua8nw.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com (Virtus Designs) FF - prefs.js: browser.startup.homepage - gamefaqs.com FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\HP_Administrator.KAMLION-2\Application Data\Mozilla\Firefox\Profiles\328ua8nw.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll FF - plugin: c:\documents and settings\HP_Administrator.KAMLION-2\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-09 17:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys spzt.sys >>UNKNOWN [0x86F88938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF73B6B40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF73B6B40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF73B6B40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF73B6B40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF73B6B40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF73B6B40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-11-09 18:03 ComboFix-quarantined-files.txt 2009-11-09 23:03 Pre-Run: 80,110,006,272 bytes free Post-Run: 80,098,635,776 bytes free - - End Of File - - 4F66CE6E1BDF53C52EA6252A3770CE24