Hjt logi siivoukseen

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

torstai 13.11.2025 / 06:35

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt logi siivoukseen

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Hjt logi siivoukseen

Siirry:

Kirjoittaja

Viesti

karpanen

Junior Member

25. huhtikuuta 2008 @ 17:21

Linkki tähän viestiin

Täälläkin on netti hidastellut pelikäytössä jo useamman viikon. Toivottavasti tästä on jotain hyötyä myös sen suhteen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:01, on 25.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\active smart\Active SMART\ASmartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\Hjt\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.fi
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Download\AVGANT~1.193\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft IE] IEXPLORE.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Msn Messenger] msnmsgs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft IE] IEXPLORE.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Msn Messenger] msnmsgs.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ActiveSMART Service - Ariolic Software, Ltd. (http://www.ariolic.com) - C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\active smart\Active SMART\ASmartService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\spyware terminator\Spyware Terminator\sp_rsser.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Spy Sweeper\SpySweeper.exe

--
End of file - 8189 bytes

[ + lainaa]

Hujo

Suspended permanently

26. huhtikuuta 2008 @ 12:00

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

============

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

karpanen

Junior Member

27. huhtikuuta 2008 @ 22:35

Linkki tähän viestiin

skannaukset tehty ja tässä tulokset:

Combofix

ComboFix 08-04-24.1 - Syrjänen 2008-04-26 23:45:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.633 [GMT 3:00]
Running from: C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\Combofix\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_XPROTECTOR

((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-26 23:47 . 2008-04-26 23:47 3,375,239 --------- C:\WINDOWS\{00000001-00000000-00000009-00001102-00000002-100A1102}.BAK
2008-04-26 09:21 . 2008-04-26 09:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 09:21 . 2008-04-26 09:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-24 18:22 . 2008-04-24 18:22 <DIR> d-------- C:\Program Files\Vodafone
2008-04-24 18:22 . 2008-04-24 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-24 18:22 . 2007-10-15 16:27 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-04-24 18:22 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-24 18:22 . 2004-08-04 08:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-11 15:41 . 2008-04-11 15:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-11 15:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-11 15:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-11 15:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-11 15:40 . 2008-04-11 15:43 <DIR> d-------- C:\Program Files\Windows Live
2008-04-11 15:40 . 2008-04-11 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 15:38 . 2008-04-08 16:21 <DIR> d-------- C:\Spy Sweeper
2008-04-08 15:38 . 2008-04-08 15:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-08 15:38 . 2008-04-08 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-08 15:38 . 2007-06-15 13:38 1,521,216 --a------ C:\WINDOWS\WRSetup.dll
2008-04-08 15:38 . 2007-06-15 13:22 160,320 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-08 15:38 . 2007-06-15 13:22 24,128 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-08 15:38 . 2007-06-15 13:21 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-08 15:38 . 2007-06-15 13:21 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-04-07 17:00 . 2008-04-07 17:00 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{810E7A01-BF04-400B-B935-75AFCAF5CDE6}
2008-04-07 16:56 . 2003-05-28 19:34 188,416 --a------ C:\WINDOWS\system32\macdll.dll
2008-04-05 17:21 . 2007-07-09 16:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-05 17:17 . 2008-04-05 17:17 <DIR> d-------- C:\Documents and Settings\Syrjänen
2008-04-04 16:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-04 16:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-04 16:42 . 2008-04-04 16:42 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 16:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 15:22 --------- d-----w C:\Program Files\Vodafone
2008-04-23 13:24 --------- d-----w C:\Program Files\DC++
2008-04-17 18:37 --------- d-----w C:\Program Files\azureus
2008-04-11 11:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 13:48 --------- d-----w C:\Program Files\WinClamAVShield
2008-04-04 13:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2006-04-15 19:31 27 ----a-w C:\Program Files\stng260.opt
2006-04-15 19:19 17 ----a-w C:\Program Files\stinger.opt
2004-03-11 10:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-08-16 19:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
2005-10-18 12:20 242,713 --sha-w C:\WINDOWS\system32\lkcs.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-05_17.16.39.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-08-29 02:57:58 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-28 22:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
- 2006-05-09 12:18:06 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-05 14:29:46 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2006-05-09 12:18:04 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-05 14:29:49 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-08-24 12:54:00 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-09 12:48:24 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-08-24 12:54:00 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-04-09 12:48:24 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-08-24 12:54:00 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-04-09 12:48:24 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-08-24 12:53:54 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:18 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:53:56 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:19 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:53:56 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:20 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:53:57 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:20 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:53:57 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:21 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:53:58 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:21 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:53:58 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:22 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:53:59 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:22 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:53:59 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:23 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:54:01 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-09 12:48:24 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-08-24 12:54:02 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-04-09 12:48:25 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-08-24 12:54:02 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-04-09 12:48:25 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-08-24 12:54:02 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-04-09 12:48:25 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-08-24 12:54:03 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-04-09 12:48:25 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-08-24 12:54:00 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-04-09 12:48:24 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2006-05-09 12:17:59 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-05 14:30:07 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2006-05-09 12:17:59 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-05 14:29:50 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2006-05-09 12:18:06 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-04-05 14:30:01 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2006-05-09 12:18:07 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-05 14:29:57 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-05-09 12:18:04 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-04-05 14:30:02 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2006-05-09 12:18:05 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-05 14:29:47 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2006-05-09 12:18:05 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-05 14:30:05 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2006-05-09 12:18:05 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-05 14:29:56 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2006-05-09 12:18:05 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-05 14:29:52 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2006-05-09 12:18:05 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-04-05 14:29:52 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2006-05-09 12:18:05 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-05 14:30:00 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2006-05-09 12:18:05 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-05 14:30:08 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2006-05-09 12:18:05 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-05 14:29:58 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2006-05-09 12:18:05 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-05 14:29:53 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2006-05-09 12:18:05 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-05 14:29:55 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2006-05-09 12:18:05 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-05 14:30:03 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2006-05-09 12:18:07 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-05 14:29:44 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2006-05-09 12:18:05 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-05 14:29:51 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2006-05-09 12:18:05 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-05 14:29:48 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2006-05-09 12:18:05 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-05 14:30:04 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2006-05-09 12:18:05 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-05 14:29:54 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2006-05-09 12:18:06 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-04-05 14:29:59 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2006-05-09 12:18:05 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-04-05 14:30:09 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-04-05 14:30:45 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8c2d6839\CustomMarshalers.dll
+ 2008-04-05 14:32:23 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e936e715\CustomMarshalers.dll
+ 2008-04-05 14:32:12 3,379,200 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_145f4dd3\mscorlib.dll
+ 2008-04-05 14:33:24 8,880,128 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5ef0a96c\mscorlib.dll
+ 2008-04-05 14:33:01 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_05e9bc79\System.Design.dll
+ 2008-04-05 14:31:57 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4bd120cd\System.Design.dll
+ 2008-04-05 14:30:54 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0efe41da\System.Drawing.Design.dll
+ 2008-04-05 14:32:24 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8fe6e9de\System.Drawing.Design.dll
+ 2008-04-05 14:33:10 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_032131d7\System.Drawing.dll
+ 2008-04-05 14:32:02 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_553e8d94\System.Drawing.dll
+ 2008-04-05 14:32:40 7,880,704 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2ccb6c86\System.Windows.Forms.dll
+ 2008-04-05 14:31:24 3,014,656 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b9af745e\System.Windows.Forms.dll
+ 2008-04-05 14:31:45 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_02ea57b8\System.Xml.dll
+ 2008-04-05 14:32:54 5,505,024 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_15ee8dee\System.Xml.dll
+ 2008-04-05 14:32:22 4,763,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2a6ca4d0\System.dll
+ 2008-04-05 14:30:37 1,953,792 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_bf723252\System.dll
+ 2004-12-07 12:31:27 1,865 ----a-w C:\WINDOWS\backup\TB041207.DAT
+ 2008-04-26 20:49:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-02-22 20:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
+ 2007-02-28 11:21:04 130,472 ----a-w C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
+ 2007-02-28 11:21:04 142,248 ----a-w C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
+ 2006-11-08 17:23:51 2,728 ----a-w C:\WINDOWS\eReg.dat
+ 2008-04-11 12:42:46 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-04-24 15:22:15 2,806 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\ARPPRODUCTICON.exe
+ 2008-04-24 15:22:15 65,536 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\NewShortcut1_5E3003BD8B2446E5BEDC66B4435E8637.exe
+ 2008-04-05 14:27:33 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2004-10-23 06:47:25 2,862 ----a-r C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\Readme_icon.exe
+ 2004-10-23 06:47:25 2,862 ----a-r C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\Uninstall_icon.exe
- 1998-10-29 14:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
+ 1998-10-29 13:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
- 2003-02-20 16:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-14 22:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 16:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-14 22:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 16:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-14 22:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 16:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-14 22:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 16:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-14 21:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 07:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 08:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 07:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 08:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 16:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 21:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 11:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 04:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 11:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 04:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 11:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 16:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 21:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 04:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 11:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 04:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 11:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 04:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 11:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 04:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 11:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 16:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 21:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 16:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 21:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 16:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-14 21:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 16:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-14 21:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 04:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 11:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 16:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 21:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 16:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 21:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 16:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-14 21:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 16:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-14 21:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 13:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 16:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-14 21:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 04:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 11:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-20 16:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-14 21:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 04:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 11:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 04:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 11:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 04:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 11:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 04:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 11:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 04:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 11:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 04:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 11:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 04:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 11:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 16:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 21:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 04:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 11:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 04:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 11:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 04:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 11:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 04:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 11:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 04:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 11:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 04:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 11:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 04:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 11:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 04:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 11:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 04:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 11:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 04:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 11:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 04:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 11:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 04:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 11:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 10:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 07:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 08:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-20 17:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-14 23:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2003-02-21 02:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 05:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2007-08-16 15:00:59 195,516 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
+ 2007-08-16 15:00:59 195,516 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat.bak
+ 2004-08-04 08:07:21 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2001-08-18 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-18 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-18 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-18 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2008-03-09 20:54:04 1,099,264 ----a-w C:\WINDOWS\system32\AdjMmsEng.dll
+ 2008-02-09 15:28:40 323,584 ----a-w C:\WINDOWS\system32\AudioGenie2.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 16:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2004-03-01 03:18:26 1,535 ----a-w C:\WINDOWS\system32\Data\CTC0060W.DAT
+ 2004-03-01 03:18:26 1,535 ----a-w C:\WINDOWS\system32\Data\CTC0102W.DAT
+ 2004-03-01 03:18:26 1,535 ----a-w C:\WINDOWS\system32\Data\CTC0222W.DAT
+ 2004-03-01 03:18:26 1,535 ----a-w C:\WINDOWS\system32\Data\CTC0226W.DAT
+ 2004-03-01 03:18:26 1,535 ----a-w C:\WINDOWS\system32\Data\CTC0228W.DAT
+ 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2001-08-17 11:12:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\brfilt.sys
- 2007-06-14 18:09:18 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-12-07 01:07:12 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-04-16 19:45:28 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 16:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-12-07 01:07:12 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 01:07:12 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 01:07:12 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-12-07 01:07:12 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2001-08-18 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2001-08-18 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-18 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2007-07-06 10:05:47 72,960 -c----w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 12:46:59 138,240 -c----w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 47,104 -c----w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 16,896 -c----w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 660,992 -c----w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 177,152 -c----w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 48,640 -c----w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 471,552 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 01:07:13 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 01:07:13 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2001-08-18 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
- 2007-05-17 11:28:05 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2001-08-18 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-06-14 18:09:20 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 01:07:14 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2001-08-18 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
- 2007-06-26 14:09:10 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 01:07:14 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2001-08-18 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-08-18 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2005-01-28 05:53:16 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 14:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2001-08-18 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2007-04-16 19:45:48 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 16:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-04-16 19:45:20 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 16:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-04-16 19:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 16:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-04-16 19:45:42 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 16:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-04-16 19:47:36 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 16:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-04-16 19:45:36 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 16:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2006-05-19 21:16:24 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2006-05-19 21:16:24 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2004-08-04 05:58:20 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2001-08-18 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 1998-10-06 12:36:26 1,984 ----a-w C:\WINDOWS\system32\drivers\papycpu.sys
+ 1998-10-06 12:36:26 1,888 ----a-w C:\WINDOWS\system32\drivers\papyjoy.sys
- 2005-03-27 14:03:27 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2005-02-10 04:26:19 86,016 ----a-w C:\WINDOWS\system32\ExControl.dll
- 2007-06-14 18:09:19 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-06-03 11:31:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
+ 2008-04-10 14:50:40 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:09:19 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2005-02-05 22:18:08 32,768 ----a-w C:\WINDOWS\system32\IsDRM.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2001-08-18 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2005-11-05 22:34:50 145,408 ----a-w C:\WINDOWS\system32\Lame.exe
+ 2005-11-30 11:49:56 161,792 ----a-w C:\WINDOWS\system32\lame_enc.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2001-08-18 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2001-08-18 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2004-08-04 07:56:42 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-04 07:56:42 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 07:56:42 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-04 07:56:42 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 07:56:42 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 07:56:42 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 07:56:42 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 07:56:42 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2007-08-03 04:34:10 16,789,464 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 05:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-11-04 12:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 12:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2001-08-18 12:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2007-10-12 13:34:50 71,096 ----a-w C:\WINDOWS\system32\NMSAccess.exe
+ 2008-01-28 21:08:40 1,140,152 ----a-w C:\WINDOWS\system32\NMSDVDX.dll
+ 2005-12-31 14:13:14 24,576 ----a-w C:\WINDOWS\system32\ogg.dll
+ 2002-07-19 15:48:22 157,696 ----a-w C:\WINDOWS\system32\OggEnc.exe
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
- 2008-03-30 06:19:29 60,956 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-24 15:23:58 60,956 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 06:19:29 397,682 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-24 15:23:58 397,682 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-01-19 10:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-07-30 16:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 16:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
+ 2001-08-18 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2007-06-15 10:22:04 16,448 ----a-w C:\WINDOWS\system32\ssiefr.EXE
- 2007-01-29 08:58:06 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2004-10-23 06:52:37 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
+ 2001-08-18 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 01:07:14 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2001-08-18 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2001-08-18 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2005-01-28 05:53:16 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 14:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2004-06-24 23:48:08 139,264 ----a-w C:\WINDOWS\system32\voltoCDX.dll
+ 2005-12-31 14:19:08 1,097,728 ----a-w C:\WINDOWS\system32\vorbis.dll
+ 2001-08-18 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2007-06-15 10:22:04 219,712 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2007-06-15 10:22:04 26,688 ----a-w C:\WINDOWS\system32\wrlzma.dll
- 2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 16:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 16:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 16:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 16:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 16:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 16:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 16:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-26 20:49:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4f8.dat
+ 2005-12-11 15:31:01 2,829 ----a-w C:\WINDOWS\W2BNEUnin.pif
+ 2007-05-08 12:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56 15360]
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-08-28 11:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 01:59 520192]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-24 09:50 28672]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16 2635472]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 13:13 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 13:14 69632]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:56 15360]
"Microsoft IE"="IEXPLORE.EXE" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft IE"="IEXPLORE.EXE" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Msn Messenger"="msnmsgs.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^Active SMART.lnk]
path=C:\Documents and Settings\Syrjänen\Start Menu\Programs\Startup\Active SMART.lnk
backup=C:\WINDOWS\pss\Active SMART.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Syrjänen\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Syrjänen\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
path=C:\Documents and Settings\Syrjänen\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK
backup=C:\WINDOWS\pss\Registration Brothers In Arms.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk]
path=C:\Documents and Settings\Syrjänen\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk
backup=C:\WINDOWS\pss\The Matrix_ Path of Neo Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\Download\AVGANT~1.193\AVGANT~1\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\daemon tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\FreeRAM xp pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-03-23 17:06 1398272 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft IE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft LSASS Network File]
C:\WINDOWS\system32\KLSASS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-29 00:43 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\documents and settings\syrjänen\desktop\ohjelmia\poweri\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Documents and Settings\Syrjänen\Desktop\pelit\half life 2\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-18 17:37 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarlordsBattlecryIIISetup.exe]
E:\DOWNLO~1\WARLOR~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
C:\WINDOWS\system32\winsys2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"TrkWks"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"srservice"=2 (0x2)
"SPTISRV"=3 (0x3)
"sfrem01"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"PolicyAgent"=3 (0x3)
"MSDTC"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Creative Service for CDROM Access"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"ATI Smart"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"SDhelper"=3 (0x3)
"NtmsSvc"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Browser"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\azureus latauksia\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Download\\dc++\\CIVILIZATION4\\Civilization4.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 18:11]
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-06-15 13:21]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 15:36]
R1 SSHDRV76;SSHDRV76;C:\WINDOWS\system32\drivers\SSHDRV76.sys [2006-06-14 16:42]
R1 SSHDRV82;SSHDRV82;C:\WINDOWS\system32\drivers\SSHDRV82.sys [2006-05-09 15:20]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2006-05-09 15:22]
R2 ActiveSMART Service;ActiveSMART Service;C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\active smart\Active SMART\ASmartService.exe []
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 12:35]
S2 AvgCore;AVG6 Kernel;C:\DOCUME~1\SYRJNE~1\DESKTOP\avgcore.sys []
S2 AvgFsh;AVG6 Rezident Driver;C:\DOCUME~1\SYRJNE~1\DESKTOP\avgfsh.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S4 AvgServ;AVG6 Service;C:\DOCUME~1\SYRJNE~1\DESKTOP\avgserv.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dad7661-11ff-11dd-8dfb-0011092cf98a}]
\Shell\AutoRun\command - H:\StartVMCLite.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 09:00:00 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
"2008-04-26 20:49:09 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- E:\azureus lataukset\uus xoft\XoftSpySE\XoftSpy.exe
"2008-03-11 01:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- E:\azureus lataukset\uus xoft\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 23:49:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-04-26 23:53:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-26 20:52:58
ComboFix2.txt 2008-04-05 14:16:59

Pre-Run: 5,084,491,776 bytes free
Post-Run: 5,062,795,264 bytes free

745 --- E O F --- 2008-04-17 19:45:43

[ + lainaa]

karpanen

Junior Member

27. huhtikuuta 2008 @ 22:46

Linkki tähän viestiin

SDfix

SDFix: Version 1.175
Run by Syrj?nen on su 27.04.2008 at 00:11

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\SYRJNE~1\Desktop\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\KLSUICBN.EXE - Deleted
C:\WINDOWS\SYSTEM32\KZJBKU.EXE - Deleted
C:\WINDOWS\SYSTEM32\PRKCWW.EXE - Deleted
C:\WINDOWS\SYSTEM32\PYAHOF.EXE - Deleted
C:\WINDOWS\SYSTEM32\RIQEVE.EXE - Deleted
C:\WINDOWS\SYSTEM32\SNJITE.EXE - Deleted
C:\WINDOWS\SYSTEM32\SXTAHZ.EXE - Deleted
C:\WINDOWS\SYSTEM32\TFLKAB.EXE - Deleted
C:\WINDOWS\SYSTEM32\VTNNVB.EXE - Deleted
C:\WINDOWS\SYSTEM32\YKESTL.EXE - Deleted
C:\WINDOWS\SYSTEM32\WGALOGON.DLL - Deleted
C:\WINDOWS\system32\TFTP1460 - Deleted
C:\WINDOWS\system32\TFTP1552 - Deleted
C:\WINDOWS\system32\TFTP1980 - Deleted
C:\WINDOWS\system32\TFTP2184 - Deleted
C:\WINDOWS\system32\TFTP9176 - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 00:23:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:8bd64312
"s2"=dword:3f49bfbf
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b3,a4,e1,24,38,7b,8f,2e,0a,d6,35,c3,60,19,f6,11,bc,e2,15,7a,7b,..
"p0"="C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\daemon tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,f8,2e,6b,73,05,67,34,7e,be,89,53,5a,a5,76,12,0c,..
"khjeh"=hex:47,2a,4f,fe,96,02,80,91,ef,be,47,52,70,d9,f3,5a,d6,f5,ca,01,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:39,16,c4,68,3c,23,87,22,f6,29,b4,42,b7,be,66,4f,8c,a1,c6,9e,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:b3,a4,e1,24,38,7b,8f,2e,0a,d6,35,c3,60,19,f6,11,bc,e2,15,7a,7b,..
"p0"="C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\daemon tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2a,f8,2e,6b,73,05,67,34,7e,be,89,53,5a,a5,76,12,0c,..
"khjeh"=hex:47,2a,4f,fe,96,02,80,91,ef,be,47,52,70,d9,f3,5a,d6,f5,ca,01,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:39,16,c4,68,3c,23,87,22,f6,29,b4,42,b7,be,66,4f,8c,a1,c6,9e,ea,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\azureus latauksia\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\azureus latauksia\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Download\\dc++\\CIVILIZATION4\\Civilization4.exe"="C:\\Download\\dc++\\CIVILIZATION4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\SYRJNE~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 16 Aug 2003 579,584 A.SHR --- "C:\WINDOWS\system32\cd.exe"
Mon 8 Nov 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 8 Nov 2004 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Tue 8 Nov 2005 306 A..H. --- "C:\Documents and Settings\Syrj?nen\Application Data\AVG7\avgemc.cfg.bak"
Thu 17 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BITB8.tmp"
Wed 22 Mar 2006 444 ...HR --- "C:\Documents and Settings\All Users\Application Data\SecuROM\UserData\securom_v7_01G.bak"
Fri 22 Oct 2004 141 A..H. --- "C:\Documents and Settings\Syrj?nen\Application Data\Microsoft\Internet Explorer\brndlog.bak"
Sun 6 Apr 2008 8,517 ...HR --- "C:\Documents and Settings\Syrj?nen\Application Data\SecuROM\UserData\securom_v7_01.bak"
Wed 13 Sep 2006 211 A.SHR --- "C:\Documents and Settings\Syrj?nen\Application Data\Everest Labs\SpyDefense\Backups\BF1C.tmp"

Finished!

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 689

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 167281
Kulunut aika: 1 hour(s), 41 minute(s), 10 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> No action taken.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
D:\azureus latauksia\Avast! Antivirus Professional v4.7.986 with KeyGen & Skins\Avast.Pro.v4.7.986.Incl.Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> No action taken.

Kaspersky

KASPERSKY ONLINE SCANNER REPORT
Sunday, April 27, 2008 10:21:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/04/2008
Kaspersky Anti-Virus database records: 727494
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 131255
Number of viruses found 5
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 03:29:53

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Syrjänen\Application Data\Mozilla\Firefox\Profiles\ix1h5acw.Oletuskäyttäjä5\cert8.db Object is locked skipped
C:\Documents and Settings\Syrjänen\Application Data\Mozilla\Firefox\Profiles\ix1h5acw.Oletuskäyttäjä5\history.dat Object is locked skipped
C:\Documents and Settings\Syrjänen\Application Data\Mozilla\Firefox\Profiles\ix1h5acw.Oletuskäyttäjä5\key3.db Object is locked skipped
C:\Documents and Settings\Syrjänen\Application Data\Mozilla\Firefox\Profiles\ix1h5acw.Oletuskäyttäjä5\parent.lock Object is locked skipped
C:\Documents and Settings\Syrjänen\Application Data\Mozilla\Firefox\Profiles\ix1h5acw.Oletuskäyttäjä5\search.sqlite Object is locked skipped
C:\Documents and Settings\Syrjänen\Application Data\Mozilla\Firefox\Profiles\ix1h5acw.Oletuskäyttäjä5\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Syrjänen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\SmitfraudFix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\SmitfraudFix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\SmitfraudFix\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Syrjänen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Application Data\Microsoft\Windows Live Contacts\syrjasam@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Application Data\Microsoft\Windows Live Contacts\syrjasam@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Temp\~DFCDCE.tmp Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Temp\~DFCDE8.tmp Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Temp\~DFEDA1.tmp Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Temp\~DFEDE7.tmp Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Temp\~ROMFN_000001DC Object is locked skipped
C:\Documents and Settings\Syrjänen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Syrjänen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Syrjänen\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Taustasuojaus.txt Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\security\winsecure.dll.mwt Infected: Backdoor.Win32.Iroffer.1227 skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_568.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\update\pv.exe Infected: not-a-virus:Monitor.Win32.PrcView.3724 skipped
C:\WINDOWS\update\start.exe Infected: not-a-virus:NetTool.Win32.Calc-SETI@Home.c skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000001-00000000-00000009-00001102-00000002-100A1102}.CDF Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:18, on 27.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\active smart\Active SMART\ASmartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\Hjt\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.fi
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Download\AVGANT~1.193\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft IE] IEXPLORE.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Msn Messenger] msnmsgs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft IE] IEXPLORE.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Msn Messenger] msnmsgs.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ActiveSMART Service - Ariolic Software, Ltd. (http://www.ariolic.com) - C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\active smart\Active SMART\ASmartService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\spyware terminator\Spyware Terminator\sp_rsser.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Spy Sweeper\SpySweeper.exe

--
End of file - 8067 bytes

[ + lainaa]

Hujo

Suspended permanently

28. huhtikuuta 2008 @ 02:45

Linkki tähän viestiin

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

[ + lainaa]

Voiko tietsikka koskaan toimia?

karpanen

Junior Member

28. huhtikuuta 2008 @ 22:46

Linkki tähän viestiin

en muistanut ottaa tota virus logia mutta tossa on jotain tietoa siitä jos auttaa,vai onko mahdollista saada se virus log vielä jostain näkyviin?

Mon Apr 28 21:41:58 2008 => Total Number of Files Scanned: 134005
Mon Apr 28 21:41:58 2008 => Total Number of Virus(es) Found: 11
Mon Apr 28 21:41:58 2008 => Total Number of Disinfected Files: 0
Mon Apr 28 21:41:58 2008 => Total Number of Files Renamed: 6
Mon Apr 28 21:41:58 2008 => Total Number of Deleted Files: 0
Mon Apr 28 21:41:58 2008 => Total Number of Errors: 38
Mon Apr 28 21:41:58 2008 => Time Elapsed: 04:57:22
Mon Apr 28 21:41:58 2008 => Virus Database Date: 2008/04/28
Mon Apr 28 21:41:58 2008 => Virus Database Count: 728781

[ + lainaa]

Hujo

Suspended permanently

29. huhtikuuta 2008 @ 01:50

Linkki tähän viestiin

ajas tuosta

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

=============

Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

karpanen

Junior Member

29. huhtikuuta 2008 @ 17:42

Linkki tähän viestiin

ei onnistunut toi avg. viimestään kun olin menny vikasietotilaan ja koitin käynnistää avg:n tuli viesti "connection to service failed. Please reinstall AVG Anti-Spyware 7.5"
Mitä teen?

[ + lainaa]

Hujo

Suspended permanently

30. huhtikuuta 2008 @ 08:21

Linkki tähän viestiin

Lataa: RegSeeker.zip työpöydälle:

Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

karpanen

Junior Member

30. huhtikuuta 2008 @ 10:49

Linkki tähän viestiin

no nyt on toikin ajettu. löyti se jonkun pari tuhatta. vieläkö sulla on ässiä hihassa, jos ei niin kiitos paljon Hujo.

[ + lainaa]

Hujo

Suspended permanently

30. huhtikuuta 2008 @ 10:55

Linkki tähän viestiin

Lataa Deckard's System Scanner
Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä main.txt ja extra.txt sisältö seuraavaan vastaukseesi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

karpanen

Junior Member

30. huhtikuuta 2008 @ 13:02

Linkki tähän viestiin

tossa main.txt

Deckard's System Scanner v20071014.68
Run by Syrjänen on 2008-04-30 11:49:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.59 GiB (less than 15%) free.

-- HijackThis (run as Syrjänen.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:11, on 30.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\active smart\Active SMART\ASmartService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Syrjänen\Desktop\dss.exe
C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\Hjt\Syrjänen.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft IE] IEXPLORE.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Msn Messenger] msnmsgs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft IE] IEXPLORE.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Msn Messenger] msnmsgs.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\SYRJNE~1\Desktop\ohjelmia\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ActiveSMART Service - Ariolic Software, Ltd. (http://www.ariolic.com) - C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\active smart\Active SMART\ASmartService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\spyware terminator\Spyware Terminator\sp_rsser.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Spy Sweeper\SpySweeper.exe

--
End of file - 7981 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Teefer (Teefer for NT) - c:\windows\\systemroot\system32\drivers\teefer.sys (file missing)
R1 papycpu - c:\windows\system32\drivers\papycpu.sys
R1 papyjoy - c:\windows\system32\drivers\papyjoy.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV61 - c:\windows\system32\drivers\sshdrv61.sys
R1 SSHDRV76 - c:\windows\system32\drivers\sshdrv76.sys <Not Verified; ; ProtectCD>
R1 SSHDRV82 - c:\windows\system32\drivers\sshdrv82.sys <Not Verified; ; ProtectCD>
R1 SSHDRV85 - c:\windows\system32\drivers\sshdrv85.sys <Not Verified; ; ProtectCD>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 ACEDRV05 - c:\windows\system32\drivers\acedrv05.sys <Not Verified; Protect Software GmbH; >
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 AvgCore (AVG6 Kernel) - c:\docume~1\syrjne~1\desktop\avgcore.sys (file missing)
S2 AvgFsh (AVG6 Rezident Driver) - c:\docume~1\syrjne~1\desktop\avgfsh.sys (file missing)
S3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 catchme - c:\docume~1\syrjne~1\locals~1\temp\catchme.sys (file missing)
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys (file missing)
S3 ctdvda2k (Creative DVD-Audio Device Driver) - c:\windows\system32\drivers\ctdvda2k.sys (file missing)
S3 dbustrcm - c:\docume~1\syrjne~1\locals~1\temp\dbustrcm.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GMSIPCI - f:\install\gmsipci.sys (file missing)
S3 MSICPL - f:\install4\msicpl.sys (file missing)
S3 NTACCESS - f:\ntaccess.sys (file missing)
S3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 SetupNTGLM7X - f:\ntglm7x.sys (file missing)
S3 sony_ssm.sys - c:\docume~1\syrjne~1\locals~1\temp\sony_ssm.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\documents and settings\syrjänen\desktop\ohjelmia\spyware terminator\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
S4 AvgServ (AVG6 Service) -
S4 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe <Not Verified; Sony DADC Austria AG.; >

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA(R) nForce(TM) Audio Codec Interface
Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_57001462&REV_A1\3&13C0B0C5&0&30
Manufacturer: NVIDIA Corporation
Name: NVIDIA(R) nForce(TM) Audio Codec Interface
PNP Device ID: PCI\VEN_10DE&DEV_006A&SUBSYS_57001462&REV_A1\3&13C0B0C5&0&30
Service: nvax

Class GUID: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA NForce MCP2 IDE Controller
Device ID: ROOT\HDC\0000
Manufacturer: NVIDIA
Name: NVIDIA NForce MCP2 IDE Controller
PNP Device ID: ROOT\HDC\0000
Service: pciide

-- Scheduled Tasks -------------------------------------------------------------

2008-04-30 10:34:53 490 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-04-28 12:00:00 338 --a------ C:\WINDOWS\Tasks\XoftSpy.job
2008-03-11 04:00:00 418 --a------ C:\WINDOWS\Tasks\XoftSpySE.job

-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 10:22:41 0 d-------- C:\RegSeeker
2008-04-28 17:09:19 0 dr-h----- C:\Documents and Settings\Syrjänen\Recent
2008-04-27 18:16:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 18:16:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-27 13:51:20 0 d-------- C:\Documents and Settings\Syrjänen\Application Data\Malwarebytes
2008-04-27 13:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 00:07:41 0 d-------- C:\WINDOWS\ERUNT
2008-04-27 00:02:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-24 18:29:35 0 d-------- C:\Documents and Settings\Syrjänen\Application Data\Macrovision
2008-04-24 18:22:06 0 d-------- C:\Program Files\Vodafone
2008-04-24 18:22:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-11 15:41:10 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-11 15:40:12 0 d-------- C:\Program Files\Windows Live
2008-04-11 15:40:04 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-09 15:08:39 0 d-------- C:\Documents and Settings\Syrjänen\e-Safekey
2008-04-08 15:38:38 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-08 15:38:30 0 d-------- C:\Spy Sweeper
2008-04-08 15:38:30 0 d-------- C:\Documents and Settings\Syrjänen\Application Data\Webroot
2008-04-08 15:38:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-07 17:00:09 0 d--h----- C:\Documents and Settings\All Users\Application Data\{810E7A01-BF04-400B-B935-75AFCAF5CDE6}
2008-04-07 16:56:23 188416 --a------ C:\WINDOWS\system32\macdll.dll <Not Verified; Matthew T. Ashland; Monkey's Audio>
2008-04-05 17:07:55 68096 --a------ C:\WINDOWS\zip.exe
2008-04-05 17:07:55 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-05 17:07:55 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-05 17:07:55 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-05 17:07:55 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-05 17:07:55 98816 --a------ C:\WINDOWS\sed.exe
2008-04-05 17:07:55 80412 --a------ C:\WINDOWS\grep.exe
2008-04-05 17:07:55 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-04 16:48:44 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-04 16:48:44 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-04 16:42:57 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-04 16:42:55 0 d-------- C:\Documents and Settings\Syrjänen\Application Data\Spyware Terminator

-- Find3M Report ---------------------------------------------------------------

2008-04-30 10:34:57 40 --a------ C:\biosinfo
2008-04-30 10:34:02 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000002-100A1102}.dat
2008-04-30 10:34:02 288 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000009-00001102-00000002-100A1102}.dat
2008-04-27 16:53:23 0 d-------- C:\Program Files\DC++
2008-04-25 19:43:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 18:21:24 0 d-------- C:\Documents and Settings\Syrjänen\Application Data\Azureus
2008-04-17 21:37:03 0 d-------- C:\Program Files\azureus
2008-04-11 15:41:10 0 d-------- C:\Program Files\Common Files
2008-04-10 17:50:40 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-06 12:18:54 0 d-------- C:\Documents and Settings\Syrjänen\Application Data\Bioshock
2008-04-04 16:48:57 3066 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 16:48:42 0 d-------- C:\Program Files\WinClamAVShield
2008-03-09 23:54:04 1099264 --a------ C:\WINDOWS\system32\AdjMmsEng.dll <Not Verified; MultiMedia Soft; adjstud Dynamic Link Library>
2008-02-09 18:28:40 323584 --a------ C:\WINDOWS\system32\AudioGenie2.dll <Not Verified; Stefan Toengi; audiogenie Module>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [28.08.2003 11:45 C:\WINDOWS\system32\CTHELPER.EXE]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [29.05.2002 01:59]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [24.05.2002 09:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16.02.2005 17:15]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [27.09.2005 12:16]
"SW20"="C:\WINDOWS\system32\sw20.exe" [07.09.2006 13:13]
"SW24"="C:\WINDOWS\system32\sw24.exe" [07.09.2006 13:14]
"nwiz"="nwiz.exe" [29.06.2007 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [29.06.2007 00:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29.06.2007 00:43]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:56]
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29.03.2007 15:41]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Microsoft IE"=IEXPLORE.EXE

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Msn Messenger"=msnmsgs.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft IE"=IEXPLORE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^Active SMART.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^PowerReg Scheduler.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Syrjänen^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\daemon tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\FreeRAM xp pro\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???
?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft IE]
IEXPLORE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft LSASS Network File]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\documents and settings\syrjänen\desktop\ohjelmia\poweri\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
???
?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarlordsBattlecryIIISetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"TrkWks"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"srservice"=2 (0x2)
"SPTISRV"=3 (0x3)
"sfrem01"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"PolicyAgent"=3 (0x3)
"MSDTC"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Creative Service for CDROM Access"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"ATI Smart"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"SDhelper"=3 (0x3)
"NtmsSvc"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Browser"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dad7661-11ff-11dd-8dfb-0011092cf98a}]
AutoRun\command- H:\StartVMCLite.exe

-- End of Deckard's System Scanner: finished at 2008-04-30 11:54:49 ------------

ja tossa extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1023.49 MiB / 641.49 MiB
Pagefile Memory (total/avail): 1696.05 MiB / 1411.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.7 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 58.59 GiB total, 4.59 GiB free.
D: is Fixed (NTFS) - 48.83 GiB total, 5.38 GiB free.
E: is Fixed (NTFS) - 45.23 GiB total, 8.11 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y160P0 - 152.66 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 58.59 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 94.06 GiB - D: - E:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: Sygate Personal Firewall Pro v4.6 (Sygate Technologies, Inc.)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH) Disabled Outdated
AV: Spy Sweeper with AntiVirus v5.5.1.3354 (Webroot Software Inc.) Disabled Outdated
AV: avast! antivirus 4.8.1169 [VPS 080430-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\azureus latauksia\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\azureus latauksia\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Download\\dc++\\CIVILIZATION4\\Civilization4.exe"="C:\\Download\\dc++\\CIVILIZATION4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Syrj?nen\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TZSTDTAS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Syrj?nen
LOGONSERVER=\\TZSTDTAS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Documents and Settings\Syrj?nen\Desktop\New Folder\ALZip
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SYRJNE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SYRJNE~1\LOCALS~1\Temp
USERDOMAIN=TZSTDTAS
USERNAME=Syrj?nen
USERPROFILE=C:\Documents and Settings\Syrj?nen
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Syrjänen (admin)
(guest)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21313051-BEA2-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CAF07A2-BEA4-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D1B8E00-39E3-4810-BAB1-693E31CEFC42}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7052066D-7016-11D5-B89E-00B0D0D26B88}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D54AAC0A-BE99-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99CDAF0C-AF5D-422F-B469-33048A949994}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99CDAF0C-AF5D-422F-B469-33048A949994}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
ACD/Labs Software in C:\ACDFREE8\ --> C:\ACDFREE8\setup\setup.exe -uninstall
Active SMART --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\active smart\Active SMART\UninsHs.exe" /u1=ActiveSMART_2_6
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70000000000}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
ArcSoft Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD708DF0-9F04-4CB3-821A-85804A833B4D}\SETUP.EXE" -l0x9 -uninst
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudioEdit Deluxe --> "C:\Documents and Settings\All Users\Application Data\{810E7A01-BF04-400B-B935-75AFCAF5CDE6}\setup_aed.exe" REMOVE=TRUE MODIFY=FALSE
AudioEdit Deluxe --> C:\Documents and Settings\All Users\Application Data\{810E7A01-BF04-400B-B935-75AFCAF5CDE6}\setup_aed.exe
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Band-in-a-Box 12 --> "C:\Program Files\biab\unins000.exe"
Battlefield 1942 Multiplayer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5ED20FB0-678F-41EE-9211-DC9C670FD193}\Setup.exe" -l0x9
Battlefield 1942 Secret Weapons of WWII Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{909354DE-C180-4B00-B61F-9A6D805E5796}\Setup.exe" -l0x9
BioShock --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe" -l0x9 -removeonly
BS.player --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon Internet Library for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6A0DBAA6-4FEC-41B7-858E-99EF59B9173C}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities File Viewer Utility 1.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "C:\Documents and Settings\Syrjänen\Desktop\ccleaner\uninst.exe"
CodecInstaller 2.6.3 --> C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\codec installer\CodecInstaller\uninst.exe
Colin McRae Rally 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC67770B-581D-4E96-B72A-A7907CE18725}\setup.exe" -l0x9
ConvertXtoDVD 2.1.10.209 --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\albatross\ConvertXtoDVD\unins000.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative MuVo V200 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{903EC56F-EA7E-4309-B0E6-9F1AE22FCC08}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
DirectShow .SHN FIlter --> "C:\Program Files\DirectShow .SHN FIlter\Uninstall.exe" "C:\Program Files\DirectShow .SHN FIlter\install.log"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Eraser 5.8 --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\ERASER, ÄLÄ LEIKI !\Eraser\unins000.exe"
EVEREST Ultimate Edition v3.00 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
ffdshow [rev 1928] [2008-04-10] --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\codec installer\c\ffdshow\unins000.exe"
FlatOut --> MsiExec.exe /I{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}
GameShadow --> MsiExec.exe /I{493DD068-D1BC-4B86-955A-4BE9ECEA45EE}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Guitar Pro 5.0 --> "E:\azureus lataukset\Guitar Pro 5\Guitar Pro 5\install\unins000.exe"
Heroes of Might & Magic V: Hammers of Fate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200091}\setup.exe" -l0x9
Heroes of Might and Magic V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\SETUP.EXE" -l0x9
HijackThis 2.0.2 --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\Hjt\HijackThis.exe" /uninstall
Hitman Blood Money --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Indeo® software --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\Intel\Indeo\Indeo Uninstall.isu" -c"C:\WINDOWS\system32\SavedSystemFiles\indounin.dll"
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0xb UNINSTALL
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0xb
Logitech iTouch -ohjelmisto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0xb UNINSTALL
Logitech MouseWare 9.61 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0xb -l000b UNINSTALL
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\malware\Malwarebytes' Anti-Malware\unins000.exe"
Max Payne 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\Setup.exe" -l0x9
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Minilyrics(remove only) --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\lyrics\Minilyrics\uninst-ml.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Music Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9
MuVo Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NHL07 --> E:\Pelejä\nhl 07\EAUninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C877DA0-5EFF-11D4-9254-0000F460E7A9}\setup.exe" UNINSTALL
OpenMG Secure Module 3.0.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A228A09C-4826-42E0-A3D8-95B2BAAB5049}\setup.exe" /UNINSTALL
Paint.NET v3.0 --> MsiExec.exe /X{267AB309-8021-4CAE-9698-D9A0BEEF7FBA}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PowerStrip 3 (remove only) --> C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\poweri\uninstal.exe
Pro Evolution Soccer 5 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{85C3FA3C-4832-4204-B21E-168E4920936A} /l1033
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
QuickTime Alternative 1.81 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason --> MsiExec.exe /X{AB9FC2F9-7FC7-11D7-9D82-00065BABCB42}
San Andreas Mod Installer --> "C:\WINDOWS\San Andreas Mod Installer\uninstall.exe" "/U:C:\Program Files\San Andreas Mod Installer\Uninstall\uninstall.xml"
Sibelius 3 --> C:\PROGRA~1\SIBELI~1\SIBELI~1\UNWISE.EXE C:\PROGRA~1\SIBELI~1\SIBELI~1\INSTALL.LOG
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sony Net MD Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6BECFE0-74CE-11D5-B8A3-00B0D0D26B88}\setup.exe" UNINSTALL
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spy Sweeper --> "C:\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\spybot\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 4.0 --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\spyware doctor\unins000.exe"
Spyware Terminator --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\spyware terminator\Spyware Terminator\unins000.exe"
Stronghold Crusader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\Setup.exe" -l0x9
Subtitle Workshop 2.51 --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\subtitleworkshop251\Subtitle Workshop\uninstall.exe"
Sygate Personal Firewall Pro --> MsiExec.exe /I{10B446B3-4DF4-4489-A168-8A98F7CD807E}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Godfather? The Game --> D:\azureus latauksia\The.Godfather.The.Game\install\EAUninstall.exe
Tony Hawk's American Wasteland (TM) --> MsiExec.exe /I{3293C06B-003F-4027-8380-FFD79E38167D}
Tony Hawk's American Wasteland 1.01 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{925D9613-EA6A-4DF0-9186-AD968159D1B1}\setup.exe" -l0x9 -removeonly
Total Commander (Remove or Repair) --> C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\total com\totalcmd\tcuninst.exe
TweakNow RegCleaner Standard --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\ohjelma\TweakNow RegCleaner Std\unins000.exe"
Uniblue Registry Booster --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\Registry Booster\unins000.exe"
Uniblue SpeedUpMyPC --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\woodpecker\SpeedUpMyPC\unins000.exe"
Unlocker 1.8.5 --> C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\unlocker\uninst.exe
Unreal Tournament 2004 --> D:\azureus latauksia\unreal tournament 2004\System\Setup.exe uninstall "UT2004"
Warcraft II BNE --> C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
WaveLab 4.0e --> C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
Windows Live Messenger --> MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
Windows Liven kirjautumisavustaja --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR-pakkausohjelma --> C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\RAR\uninstall.exe
WinZip --> "C:\Download\dc++\winzip\WINZIP32.EXE" /uninstall
Virtua Tennis 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B63540D-D942-4C38-B42E-A48AE0145970}\setup.exe" -l0x9 -removeonly
Vodafone Mobile Connect Lite --> MsiExec.exe /X{B5761811-28F3-4257-B537-815C5EEF472C}
Xfire (remove only) --> "C:\Program Files\Xfire2\uninst.exe"
ZDaemon (remove only) --> "C:\Documents and Settings\Syrjänen\Desktop\ohjelmia\chicken\uninstall.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type490 / Error
Event Submitted/Written: 04/30/2008 11:53:09 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type489 / Error
Event Submitted/Written: 04/30/2008 11:52:54 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type488 / Error
Event Submitted/Written: 04/30/2008 11:51:37 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type487 / Error
Event Submitted/Written: 04/30/2008 11:51:37 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type486 / Error
Event Submitted/Written: 04/30/2008 11:51:36 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3567 / Error
Event Submitted/Written: 04/30/2008 10:35:11 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsXP

Event Record #/Type3565 / Error
Event Submitted/Written: 04/30/2008 10:35:09 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG6 Rezident Driver service failed to start due to the following error:
%%2

Event Record #/Type3564 / Error
Event Submitted/Written: 04/30/2008 10:35:09 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG6 Kernel service failed to start due to the following error:
%%2

Event Record #/Type3551 / Error
Event Submitted/Written: 04/30/2008 10:18:41 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsXP

Event Record #/Type3550 / Error
Event Submitted/Written: 04/30/2008 10:18:39 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG6 Rezident Driver service failed to start due to the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-04-30 11:54:49 ------------

[ + lainaa]

Hujo

Suspended permanently

30. huhtikuuta 2008 @ 13:20

Linkki tähän viestiin

Sulla on siellä aika vähän tuota tyhjää tilaa kovolla

ajas wintoosan uudelleen järjätäminen ja levyn ehytys

==========

Poistas lisää poista sovelutuksesta

Spyware Terminator
Webroot Spy Sweeper

[ + lainaa]

Voiko tietsikka koskaan toimia?

Mainos

karpanen

Junior Member

1. toukokuuta 2008 @ 15:43

Linkki tähän viestiin

siivoilin konetta kuten ehdotit ja nyt on kone taas elämänsä kunnossa. nettikin toimii taas.
KIITOS PALJON Hujo!

[ + lainaa]

Vastaa

Aloita uusi viestiketju

Aiheeseen liittyviä linkkejä

Lataa uusin versio HijackThis-ohjelmasta täältä!

Aiheeseen liittyviä viestiketjuja	Viestejä	Viimeisin viesti	Keskustelualue
HJT Logi	2	3. kesäkuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-logi ja vale-firefox ongelmia....virus koneella ?	4	6. toukokuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT logi, kone jumittaa	1	3. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Näppäimistö sekoilee hjt log	1	2. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-log ja Malwarebytes- log, Troijalainen? Apu tarpeen!	2	10. maaliskuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-loki, kone valtavan hidas ja perusskannereiden läpi ajamisella ei vaikutusta	1	19. helmikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
probook 445 hjt-logit	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT loki tarkastukseen	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Win7 + HJT ongelma ja kummitteleva Mass effect 2	1	11. tammikuuta 2014	Windows -ongelmat
HJT-logia..	1	9. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt logi siivoukseen


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.