Virtomonde and win32.trojan.agent help - Page 2

Question

Suspishio 32 Posting Virtuoso

16 Years Ago

...
P.S I would try the other method, I just have to find 6 hours to set aside to try it though.

Yeah - I know.. But I reckon you've spent at least that on the analytical method and all these days have passed by and poor crunchie must be cross-eyed by now!. The perpetuator of your problem, as crunchie has identified, is this damn phoney WinAV executable. But how to get rid of it and its spawns/generated baddies?

I say the cluster searching by date & time of unrecognisable DLLs, SYS, DAT, EXE etc. files is as systematic as it needs to get - followed by the (sometimes trickier) task of their removal (hence a second PC). It will also turn up properly named system files that have been replaced by the trojan if it wasn't "clever" enough to retain the original date/time stamp (I've yet to see that "cleverness", but I don't do what crunchie does at all often).

Anyway, stay in touch.

crunchie 990 Most Valuable Poster

16 Years Ago

I wonder why filefind did not turn up any of those files then?? If you did a system search for all the dgsetu files, how many would you find? Am thinking that perhaps they all need nailing at once.
Did combofix produce a log from the last scan?

Suspishio 32 Posting Virtuoso

16 Years Ago

The file is sitting there in the windows/system32 folder. There is also a dgsetu.1, dgsetu.2, dgsetu.3, dgsetu.4 and a dgsetu.5 right next to it.

To nail themn all at once, I'd put the drive onto another machine and do it there. If the files are locked by windows there are file unlocking programs you can download to deal with that.

I managed to delete such obstinate files by using the command line DEL when the drive was attached to another PC.

Then while you're about it, do look for clusters around the date and time of the files you delete.

The whole point of doing all this on a second PC is that nothing trojan will be active to thwart you.

Suspishio 32 Posting Virtuoso

16 Years Ago

2007-09-22 13:10 105,541 --a------ C:\WINDOWS\SYSTEM32\dgsetu.dll
2007-09-22 13:09 17,280 C:\WINDOWS\SYSTEM32\DRIVERS\ozhvqaso.sys
: :
R0 bwtxznul;bwtxznul;C:\WINDOWS\system32\drivers\ozhvqaso.sys
: :
S3 hfznagrr;hfznagrr;C:\WINDOWS\system32\drivers\hfznagrr.sys
---------------------------------------------------------
Is 22-Sep-07 by any chance when you first noticed some problems, or shortly afterwards?

The reason, as you may be aware, that the DLL can't be deleted is that the trojan has the file open and is still doing its dirty work. The only way I know of getting ris of this file is not to have it active and that means putting the drive onto another PC.

Maybe you'll finally get round to trying it! I feel so sorry for you that all this ComboFix and HJT stuff is basically confirming the picture I'm painting and you're still not where you need to be.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

taylorjt4 0 Junior Poster in Training · Answer 1 · 2007-10-14T20:02:35+00:00

Tried the avenger in safe mode and still nothing!
ARGh!

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vqpggmvd

*******************

Script file located at: \??\C:\Program Files\ffflnilg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not open file C:\WINDOWS\system32\dgsetu.dll for replacement
Replacement with dummy of file C:\WINDOWS\system32\dgsetu.dll failed!

Could not process line:
C:\WINDOWS\system32\dgsetu.dll
Status: 0xc0000022

Completed script processing.

*******************

Finished! Terminate.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 2 · 2007-10-15T16:16:37+00:00

I do not know what to suggest now then :(. Although I suppose it can be removed if you remove the hard drive and slave it to another system. Would want to be careful that the infection did not spread though.
The recovery console could also be used, but I have zero experience in it's use.

Suspishio 32 Posting Virtuoso Team Colleague · Answer 3 · 2007-10-15T16:33:22+00:00

So with the best of the Forum brains stumped, we're back to my suggestion. I'm amazed at the lack of take-up so far of this method;maybe it's because I mis-spelt Virtumonde in the thread title and perhaps the Mods might corrct that for me.

There's little (I reckon no) risk of spreading the infection on the PC to which you slave the disk provided that you don't open any macro capable documents from the infected drive and run no executables off it in the second PC.

I tell you the method works. It's systematic provided you have the patience to be thorough and examine as many directories as possible for the clusters of infection sources and re-spawns. It'll be several hours work and I'm perverse enough to have enjoyed it!

You'll need SpyBot and AVG Anti-Spyware on the second PC and the original.

If you do follow my method, it might be as well to come back to the forum with a list of what you've removed or google some of the items and let us know the Trojan/Virus you've picked up.

SpyBot and AVG, in my experience, do pick up the Trojans. So you'll want to run these programs a couple of times in the original PC when you put the disk back in.

Best of ....

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2007-10-15T18:48:04+00:00

Can try this way that I have just found out about;

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the following text in the code box:

File::
C:\WINDOWS\system32\dgsetu.dll

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]

Referring to the image above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Post another hijackthis log too if the removal was successful.

taylorjt4 0 Junior Poster in Training · Answer 5 · 2007-10-17T10:54:29+00:00

Still nothing, the file still shows up on the HJT log!
I do appreciate all the help so far though.

John

P.S I would try the other method, I just have to find 6 hours to set aside to try it though.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2007-10-17T16:00:50+00:00

Is the file actually there on the pc? Have you done a search for it?

taylorjt4 0 Junior Poster in Training · Answer 7 · 2007-10-17T17:45:25+00:00

The file is sitting there in the windows/system32 folder. There is also a dgsetu.1, dgsetu.2, dgsetu.3, dgsetu.4 and a dgsetu.5 right next to it.

taylorjt4 0 Junior Poster in Training · Answer 8 · 2007-10-18T04:41:17+00:00

Here is the combofix log.

ComboFix 07-10-07.2 - Owner 2007-10-17  0:41:36.4 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.251 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

FILE::
C:\WINDOWS\system32\dgsetu.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dgsetu.dll . . . . failed to delete

.
(((((((((((((((((((((((((   Files Created from 2007-09-17 to 2007-10-17  )))))))))))))))))))))))))))))))
.

2007-10-14 14:55    31  --ah-----   C:\WINDOWS\uccspecc.sys
2007-10-14 14:55    <DIR>    d--------   C:\Program Files\Coupons
2007-10-13 20:35    <DIR>    d--------   C:\Program Files\GiPo@Utilities
2007-10-13 20:35    <DIR>    d--------   C:\Program Files\Common Files\Gibinsoft Shared
2007-10-12 13:37    51,392  --a------   C:\WINDOWS\SYSTEM32\DRIVERS\atnt40k.sys
2007-10-12 13:36    183,361 --a------   C:\WINDOWS\SYSTEM32\atasnt40.dll
2007-10-11 20:39    <DIR>    d--------   C:\!KillBox
2007-10-09 14:17    582,656 -----c---   C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-10-09 07:17    <DIR>    d--------   C:\WINDOWS\ERUNT
2007-10-07 20:44    51,200  --a------   C:\WINDOWS\NirCmd.exe
2007-10-07 00:32    24,576  --a------   C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2007-10-06 22:54    <DIR>    d--------   C:\hijackthis
2007-10-02 13:45    <DIR>    d--------   C:\VundoFix Backups
2007-09-24 19:35    31,616  --a--c---   C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2007-09-24 19:35    31,616  --a------   C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2007-09-24 19:35    21,504  --a--c---   C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2007-09-24 19:35    21,504  --a------   C:\WINDOWS\SYSTEM32\hidserv.dll
2007-09-24 19:35    14,848  --a--c---   C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2007-09-24 19:35    14,848  --a------   C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2007-09-22 13:10    105,541 --a------   C:\WINDOWS\SYSTEM32\dgsetu.dll
2007-09-22 13:09    17,280      C:\WINDOWS\SYSTEM32\DRIVERS\ozhvqaso.sys
2007-09-22 01:20    10,872  --a------   C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-09-22 01:03    <DIR>    d--------   C:\Program Files\Temporary

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 10:25    ---------   d--------   C:\Program Files\Lx_cats
2007-09-27 21:41    ---------   d--------   C:\Program Files\Imikimi
2007-09-13 01:17    ---------   d--------   C:\Documents and Settings\Owner\Application Data\DVD Profiler
2007-09-13 01:17    ---------   d--------   C:\Documents and Settings\Owner\Application Data\DVD Profiler
2007-09-12 00:38    ---------   d--------   C:\Program Files\DVD Profiler
2007-09-11 19:51    ---------   d--------   C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Manager
2007-09-11 19:51    ---------   d--------   C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Manager
2007-09-11 19:49    ---------   d--------   C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer
2007-09-11 19:49    ---------   d--------   C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer
2007-08-28 13:31    ---------   d--------   C:\Program Files\AIM6
2007-08-28 13:31    ---------   d--------   C:\Documents and Settings\Owner\Application Data\acccore
2007-08-28 13:31    ---------   d--------   C:\Documents and Settings\Owner\Application Data\acccore
2007-08-28 13:31    ---------   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2007-08-28 13:30    ---------   d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2007-02-02 11:48    28672   --a--c---   C:\Documents and Settings\Owner\atwbxdet.dll
2006-06-10 06:57    1775221 --a--c---   C:\Program Files\NXSetup_multi.exe
2005-01-01 15:53    1302070 --a--c---   C:\Program Files\GrabIt151b.exe
2004-12-22 14:43    376656  --a--c---   C:\Program Files\musicmatch_installer.exe
2004-12-20 00:25    4039438 --a--c---   C:\Program Files\dvdpro.zip
2004-12-14 22:10    590 --a--c---   C:\Program Files\FlipWords.ini
2004-12-14 01:45    4354751 --a--c---   C:\Program Files\FlipWordsSetup.exe
2004-12-05 14:06    487544  --a--c---   C:\Program Files\msgr6suite.exe
2004-02-19 03:26    1131802 --a--c---   C:\Program Files\CUSTOMART.zip
.

(((((((((((((((((((((((((((((   snapshot@2007-10-07_21.21.35.95   )))))))))))))))))))))))))))))))))))))))))
.
----a-w            14,048 2007-03-06 01:22:36  C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w           213,216 2007-03-06 01:22:41  C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w           124,928 2007-08-20 10:02:09  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w           214,528 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w           132,608 2007-08-20 10:02:09  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w            63,488 2007-08-20 10:02:09  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w            70,656 2007-08-17 10:12:34  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w           153,088 2007-08-20 10:02:09  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w           230,400 2007-08-20 10:02:09  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w           161,792 2007-08-17 07:29:55  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w         2,455,488 2007-04-17 09:28:12  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w           383,488 2007-08-20 10:02:09  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w           387,584 2007-08-20 10:02:09  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w         6,066,176 2007-08-20 10:02:10  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w            44,544 2007-08-20 10:02:10  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w           267,776 2007-08-20 10:02:10  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w            13,824 2007-08-17 10:12:35  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w           625,152 2007-08-17 10:12:49  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w            27,648 2007-08-20 10:02:10  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w           459,264 2007-08-20 10:02:10  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w            52,224 2007-08-20 10:02:10  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w         3,592,192 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w           478,208 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w           193,024 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w           671,232 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w           102,400 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w           105,984 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w         1,161,728 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w           232,960 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w           825,344 2007-08-20 10:02:11  C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w            22,752 2007-03-06 01:22:34  C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w           716,000 2007-03-06 01:22:59  C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w           371,424 2007-03-06 01:23:51  C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w            14,048 2007-03-06 01:22:36  C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w           213,216 2007-03-06 01:22:41  C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w           683,520 2007-08-21 06:25:02  C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w            22,752 2007-03-06 01:22:34  C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w           716,000 2007-03-06 01:22:59  C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w           371,424 2007-03-06 01:23:51  C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w           581,120 2004-08-04 07:56:44  C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w           248,320 2007-03-09 11:28:00  C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w           213,216 2005-10-12 23:12:26  C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w           371,424 2005-10-12 23:12:33  C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w           683,520 2007-05-16 15:12:02  C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w           213,216 2007-03-06 01:22:41  C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w           371,424 2007-03-06 01:23:51  C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w           172,032 2007-10-12 17:37:06  C:\WINDOWS\Downloaded Program Files\atcliun.exe
----a-w            34,384 2007-10-12 17:36:45  C:\WINDOWS\Downloaded Program Files\atgpcdec.dll
----a-w            94,872 2007-10-12 17:36:45  C:\WINDOWS\Downloaded Program Files\atgpcext.dll
----a-w           110,592 2007-10-12 17:36:56  C:\WINDOWS\Downloaded Program Files\atmgr.exe
----a-w            87,632 2007-04-11 13:24:02  C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
----a-w           401,408 2007-10-12 17:36:52  C:\WINDOWS\Downloaded Program Files\WebEx\424\atarm.dll
----a-w           151,552 2007-10-12 17:37:17  C:\WINDOWS\Downloaded Program Files\WebEx\424\atas32.dll
----a-w            77,824 2007-10-12 17:37:15  C:\WINDOWS\Downloaded Program Files\WebEx\424\atasanot.exe
----a-w           409,600 2007-10-12 17:37:21  C:\WINDOWS\Downloaded Program Files\WebEx\424\atasctrl.dll
----a-w           262,144 2007-10-12 17:37:03  C:\WINDOWS\Downloaded Program Files\WebEx\424\ataudio.dll
----a-w            61,440 2007-10-12 17:36:52  C:\WINDOWS\Downloaded Program Files\WebEx\424\atcarmcl.dll
----a-w            18,432 2007-10-12 17:36:57  C:\WINDOWS\Downloaded Program Files\WebEx\424\atconc.dll
----a-w           110,592 2007-10-12 17:37:14  C:\WINDOWS\Downloaded Program Files\WebEx\424\atdocvu.dll
----a-w            81,408 2007-10-12 17:37:10  C:\WINDOWS\Downloaded Program Files\WebEx\424\atjpeg60.dll
----a-w            24,576 2007-10-12 17:36:53  C:\WINDOWS\Downloaded Program Files\WebEx\424\atkbctl.dll
----a-w           135,168 2007-10-12 17:36:55  C:\WINDOWS\Downloaded Program Files\WebEx\424\atlchat.dll
----a-w            24,576 2007-10-12 17:36:52  C:\WINDOWS\Downloaded Program Files\WebEx\424\atmemmgr.dll
----a-w            65,536 2007-10-12 17:36:46  C:\WINDOWS\Downloaded Program Files\WebEx\424\atnetext.dll
----a-w            61,440 2007-10-12 17:37:00  C:\WINDOWS\Downloaded Program Files\WebEx\424\atnote.dll
----a-w            36,864 2007-10-12 17:37:09  C:\WINDOWS\Downloaded Program Files\WebEx\424\atpack.dll
----a-w            35,840 2007-10-12 17:37:09  C:\WINDOWS\Downloaded Program Files\WebEx\424\atpacko.dll
----a-w            32,768 2007-10-12 17:37:09  C:\WINDOWS\Downloaded Program Files\WebEx\424\atpcapnt.dll
----a-w         1,605,632 2007-10-12 17:37:14  C:\WINDOWS\Downloaded Program Files\WebEx\424\atpdmod.dll
----a-w           131,072 2007-10-12 17:37:10  C:\WINDOWS\Downloaded Program Files\WebEx\424\atpng12.dll
----a-w           278,528 2007-10-12 17:37:05  C:\WINDOWS\Downloaded Program Files\WebEx\424\atpollk2.dll
----a-w         1,593,344 2007-10-12 17:36:53  C:\WINDOWS\Downloaded Program Files\WebEx\424\atres.dll
----a-w            28,672 2007-10-12 17:37:15  C:\WINDOWS\Downloaded Program Files\WebEx\424\atshell.exe
----a-w           118,784 2007-10-12 17:37:22  C:\WINDOWS\Downloaded Program Files\WebEx\424\atssrcli.dll
----a-w            45,056 2007-10-12 17:37:22  C:\WINDOWS\Downloaded Program Files\WebEx\424\atssrinf.dll
----a-w           221,184 2007-10-12 17:36:50  C:\WINDOWS\Downloaded Program Files\WebEx\424\attp.dll
----a-w            90,112 2007-10-12 17:37:23  C:\WINDOWS\Downloaded Program Files\WebEx\424\atucfobj.dll
----a-w           655,408 2007-10-12 17:37:05  C:\WINDOWS\Downloaded Program Files\WebEx\424\atvideo.dll
----a-w           249,856 2007-10-12 17:36:54  C:\WINDOWS\Downloaded Program Files\WebEx\424\atwbxui.dll
----a-w            73,728 2007-10-12 17:37:11  C:\WINDOWS\Downloaded Program Files\WebEx\424\cnvtata.dll
----a-w           102,400 2007-10-12 17:36:55  C:\WINDOWS\Downloaded Program Files\WebEx\424\mcres.dll
----a-w           380,928 2007-10-12 17:36:55  C:\WINDOWS\Downloaded Program Files\WebEx\424\pfwres.dll
----a-w            36,864 2007-10-12 17:37:07  C:\WINDOWS\Downloaded Program Files\WebEx\424\raurl.dll
----a-w            36,864 2007-10-12 17:36:54  C:\WINDOWS\Downloaded Program Files\WebEx\424\uilibres.dll
----a-w            65,536 2007-10-12 17:36:46  C:\WINDOWS\Downloaded Program Files\WebEx\424\wbxcrypt.dll
----a-w           933,888 2007-10-12 17:36:59  C:\WINDOWS\Downloaded Program Files\WebEx\424\webexmgr.dll
----a-w           163,328 2007-09-28 02:03:23  C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w         7,356,416 2007-10-11 00:11:56  C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
----a-w           245,760 2007-10-11 00:11:56  C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w           163,328 2007-09-28 02:03:23  C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w         7,356,416 2007-10-09 11:17:23  C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
----a-w           245,760 2007-10-09 11:17:23  C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
-c----w           124,928 2007-06-27 14:34:51  C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w           214,528 2006-10-17 17:57:50  C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w           132,608 2007-06-27 14:34:51  C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w            61,952 2006-10-17 17:58:20  C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w            63,488 2007-06-27 08:27:04  C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w           153,088 2007-06-27 14:34:51  C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w           230,400 2007-06-27 14:34:51  C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w           161,792 2007-06-27 07:00:33  C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w           383,488 2007-06-27 14:34:51  C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w           384,512 2007-06-27 14:34:51  C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w         6,058,496 2007-06-27 14:34:55  C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w            44,544 2007-06-27 14:34:55  C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w           267,776 2007-06-27 14:34:55  C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w            13,824 2007-06-27 08:27:05  C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w           625,152 2007-06-27 08:27:30  C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w            27,648 2007-06-27 14:34:56  C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w           459,264 2007-06-27 14:34:56  C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w            52,224 2007-06-27 14:34:56  C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w         3,583,488 2007-07-19 06:59:59  C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w           477,696 2007-06-27 14:34:57  C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w           193,024 2007-06-27 14:34:58  C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w           671,232 2007-06-27 14:34:58  C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w           102,400 2007-06-27 14:34:58  C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w           105,984 2007-06-27 14:34:58  C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w         1,152,000 2007-06-27 14:34:58  C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w           232,960 2007-06-27 14:34:59  C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w           823,808 2007-06-27 14:34:59  C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w           213,216 2007-03-06 01:22:41  C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w           371,424 2007-03-06 01:23:51  C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r            14,336 2007-10-14 00:35:38  C:\WINDOWS\Installer\{9F185C48-595B-401A-A1D6-AAB324890DC4}\IconCBE855212.exe
----a-w            14,048 2005-10-12 23:12:25  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w           213,216 2005-10-12 23:12:26  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w           584,192 2007-07-09 13:09:42  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w           115,712 2007-06-13 06:53:14  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w           582,656 2007-07-09 13:16:16  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w           350,720 2007-06-19 07:24:36  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w            22,752 2005-10-12 23:12:25  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w           716,000 2005-10-12 23:12:28  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w           371,424 2005-10-12 23:12:33  C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w            14,048 2007-03-06 01:22:36  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w           213,216 2007-03-06 01:22:41  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w           124,928 2007-08-20 10:04:34  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w           214,528 2007-08-20 10:04:34  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w           132,608 2007-08-20 10:04:34  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w            63,488 2007-08-20 10:04:34  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w            63,488 2007-08-17 10:20:54  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w           153,088 2007-08-20 10:04:34  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w           230,400 2007-08-20 10:04:35  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w           161,792 2007-08-17 07:34:25  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w           383,488 2007-08-20 10:04:35  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w           384,512 2007-08-20 10:04:35  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w         6,058,496 2007-08-20 10:04:37  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w            44,544 2007-08-20 10:04:38  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w           267,776 2007-08-20 10:04:38  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w            13,824 2007-08-17 10:20:54  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w           625,152 2007-08-17 10:21:21  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w            27,648 2007-08-20 10:04:39  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w           459,264 2007-08-20 10:04:39  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w            52,224 2007-08-20 10:04:39  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w         3,584,512 2007-08-20 10:04:41  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w           477,696 2007-08-20 10:04:41  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w           193,024 2007-08-20 10:04:41  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w           671,232 2007-08-20 10:04:42  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w           102,400 2007-08-20 10:04:42  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w           105,984 2007-08-20 10:04:42  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w         1,152,000 2007-08-20 10:04:42  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w           232,960 2007-08-20 10:04:42  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w           824,832 2007-08-20 10:04:43  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w           124,928 2007-08-20 10:02:09  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w           214,528 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w           132,608 2007-08-20 10:02:09  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w            63,488 2007-08-20 10:02:09  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w            70,656 2007-08-17 10:12:34  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w           153,088 2007-08-20 10:02:09  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w           230,400 2007-08-20 10:02:09  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w           161,792 2007-08-17 07:29:55  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w         2,455,488 2007-04-17 09:28:12  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w           383,488 2007-08-20 10:02:09  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w           387,584 2007-08-20 10:02:09  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w         6,066,176 2007-08-20 10:02:10  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w            44,544 2007-08-20 10:02:10  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w           267,776 2007-08-20 10:02:10  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w            13,824 2007-08-17 10:12:35  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w           625,152 2007-08-17 10:12:49  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w            27,648 2007-08-20 10:02:10  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w           459,264 2007-08-20 10:02:10  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w            52,224 2007-08-20 10:02:10  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w         3,592,192 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w           478,208 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w           193,024 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w           671,232 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w           102,400 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w           105,984 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w         1,161,728 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w           232,960 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w           825,344 2007-08-20 10:02:11  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w            22,752 2007-03-06 01:22:34  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w           716,000 2007-03-06 01:22:59  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w           371,424 2007-03-06 01:23:51  C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w            14,048 2007-03-06 01:22:36  C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w           213,216 2007-03-06 01:22:41  C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w           683,520 2007-08-21 06:15:44  C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w           683,520 2007-08-21 06:25:02  C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w            22,752 2007-03-06 01:22:34  C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w           716,000 2007-03-06 01:22:59  C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w           371,424 2007-03-06 01:23:51  C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w           124,928 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\advpack.dll
----a-w           214,528 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\dxtrans.dll
----a-w           132,608 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\extmgr.dll
----a-w            63,488 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\icardie.dll
----a-w            63,488 2007-08-17 10:20:54  C:\WINDOWS\SYSTEM32\ie4uinit.exe
----a-w           153,088 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\ieakeng.dll
----a-w           230,400 2007-08-20 10:04:35  C:\WINDOWS\SYSTEM32\ieaksie.dll
----a-w           161,792 2007-08-17 07:34:25  C:\WINDOWS\SYSTEM32\ieakui.dll
----a-w           383,488 2007-08-20 10:04:35  C:\WINDOWS\SYSTEM32\ieapfltr.dll
----a-w           384,512 2007-08-20 10:04:35  C:\WINDOWS\SYSTEM32\iedkcs32.dll
----a-w         6,058,496 2007-08-20 10:04:37  C:\WINDOWS\SYSTEM32\ieframe.dll
----a-w            44,544 2007-08-20 10:04:38  C:\WINDOWS\SYSTEM32\iernonce.dll
----a-w           267,776 2007-08-20 10:04:38  C:\WINDOWS\SYSTEM32\iertutil.dll
----a-w            13,824 2007-08-17 10:20:54  C:\WINDOWS\SYSTEM32\ieudinit.exe
----a-w           683,520 2007-08-21 06:15:44  C:\WINDOWS\SYSTEM32\inetcomm.dll
----a-w            27,648 2007-08-20 10:04:39  C:\WINDOWS\SYSTEM32\jsproxy.dll
----a-w        18,089,592 2007-09-28 05:19:39  C:\WINDOWS\SYSTEM32\MRT.exe
----a-w           459,264 2007-08-20 10:04:39  C:\WINDOWS\SYSTEM32\msfeeds.dll
----a-w            52,224 2007-08-20 10:04:39  C:\WINDOWS\SYSTEM32\msfeedsbs.dll
----a-w         3,584,512 2007-08-20 10:04:41  C:\WINDOWS\SYSTEM32\mshtml.dll
----a-w           477,696 2007-08-20 10:04:41  C:\WINDOWS\SYSTEM32\mshtmled.dll
----a-w           193,024 2007-08-20 10:04:41  C:\WINDOWS\SYSTEM32\msrating.dll
----a-w           671,232 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\mstime.dll
----a-w           102,400 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\occache.dll
----a-w           582,656 2007-07-09 13:16:16  C:\WINDOWS\SYSTEM32\rpcrt4.dll
----a-w           105,984 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\url.dll
----a-w         1,152,000 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\urlmon.dll
----a-w           232,960 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\webcheck.dll
----a-w           824,832 2007-08-20 10:04:43  C:\WINDOWS\SYSTEM32\wininet.dll
----a-w           350,720 2007-06-19 07:24:36  C:\WINDOWS\SYSTEM32\xpsp3res.dll
-c----w           124,928 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
-c--a-w           214,528 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
-c--a-w           132,608 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
-c----w            63,488 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
-c----w            63,488 2007-08-17 10:20:54  C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
-c--a-w           153,088 2007-08-20 10:04:34  C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
-c----w           230,400 2007-08-20 10:04:35  C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
-c--a-w           161,792 2007-08-17 07:34:25  C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
-c----w           383,488 2007-08-20 10:04:35  C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
-c----w           384,512 2007-08-20 10:04:35  C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
-c----w         6,058,496 2007-08-20 10:04:37  C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
-c----w            44,544 2007-08-20 10:04:38  C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
-c----w           267,776 2007-08-20 10:04:38  C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
-c----w            13,824 2007-08-17 10:20:54  C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
-c----w           625,152 2007-08-17 10:21:21  C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
-c----w           683,520 2007-08-21 06:15:44  C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
-c--a-w            27,648 2007-08-20 10:04:39  C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
-c----w           459,264 2007-08-20 10:04:39  C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
-c----w            52,224 2007-08-20 10:04:39  C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
-c--a-w         3,584,512 2007-08-20 10:04:41  C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
-c--a-w           477,696 2007-08-20 10:04:41  C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
-c--a-w           193,024 2007-08-20 10:04:41  C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
-c--a-w           671,232 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
-c----w           102,400 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
-c----w           105,984 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
-c--a-w         1,152,000 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
-c----w           232,960 2007-08-20 10:04:42  C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
-c--a-w           824,832 2007-08-20 10:04:43  C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
----a-w            12,288 2007-10-12 17:37:09  C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\atpdrvnt.dll
----a-w            27,136 2007-02-02 14:23:17  C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\atprint.dll
.
----a-w           124,928 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\advpack.dll
----a-w           214,528 2006-10-17 17:57:50  C:\WINDOWS\SYSTEM32\dxtrans.dll
----a-w           132,608 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\extmgr.dll
------w            61,952 2006-10-17 17:58:20  C:\WINDOWS\SYSTEM32\icardie.dll
----a-w            63,488 2007-06-27 08:27:04  C:\WINDOWS\SYSTEM32\ie4uinit.exe
----a-w           153,088 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\ieakeng.dll
----a-w           230,400 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\ieaksie.dll
----a-w           161,792 2007-06-27 07:00:33  C:\WINDOWS\SYSTEM32\ieakui.dll
----a-w           383,488 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\ieapfltr.dll
----a-w           384,512 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\iedkcs32.dll
----a-w         6,058,496 2007-06-27 14:34:55  C:\WINDOWS\SYSTEM32\ieframe.dll
----a-w            44,544 2007-06-27 14:34:55  C:\WINDOWS\SYSTEM32\iernonce.dll
----a-w           267,776 2007-06-27 14:34:55  C:\WINDOWS\SYSTEM32\iertutil.dll
----a-w            13,824 2007-06-27 08:27:05  C:\WINDOWS\SYSTEM32\ieudinit.exe
----a-w           683,520 2007-05-16 15:12:02  C:\WINDOWS\SYSTEM32\inetcomm.dll
----a-w            27,648 2007-06-27 14:34:56  C:\WINDOWS\SYSTEM32\jsproxy.dll
----a-w        17,474,680 2007-09-06 02:50:42  C:\WINDOWS\SYSTEM32\MRT.exe
----a-w           459,264 2007-06-27 14:34:56  C:\WINDOWS\SYSTEM32\msfeeds.dll
----a-w            52,224 2007-06-27 14:34:56  C:\WINDOWS\SYSTEM32\msfeedsbs.dll
----a-w         3,583,488 2007-07-19 06:59:59  C:\WINDOWS\SYSTEM32\mshtml.dll
----a-w           477,696 2007-06-27 14:34:57  C:\WINDOWS\SYSTEM32\mshtmled.dll
----a-w           193,024 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\msrating.dll
----a-w           671,232 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\mstime.dll
----a-w           102,400 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\occache.dll
----a-w           581,120 2004-08-04 07:56:44  C:\WINDOWS\SYSTEM32\rpcrt4.dll
----a-w           105,984 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\url.dll
----a-w         1,152,000 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\urlmon.dll
----a-w           232,960 2007-06-27 14:34:59  C:\WINDOWS\SYSTEM32\webcheck.dll
----a-w           823,808 2007-06-27 14:34:59  C:\WINDOWS\SYSTEM32\wininet.dll
----a-w           248,320 2007-03-09 11:28:00  C:\WINDOWS\SYSTEM32\xpsp3res.dll
-c----w           124,928 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
-c--a-w           214,528 2006-10-17 17:57:50  C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
-c--a-w           132,608 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
-c----w            63,488 2007-06-27 08:27:04  C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
-c--a-w           153,088 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
-c----w           230,400 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
-c--a-w           161,792 2007-06-27 07:00:33  C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
-c----w           383,488 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
-c----w           384,512 2007-06-27 14:34:51  C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
-c----w         6,058,496 2007-06-27 14:34:55  C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
-c----w            44,544 2007-06-27 14:34:55  C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
-c----w           267,776 2007-06-27 14:34:55  C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
-c----w            13,824 2007-06-27 08:27:05  C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
-c----w           625,152 2007-06-27 08:27:30  C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
-c----w           683,520 2007-05-16 15:12:02  C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
-c--a-w            27,648 2007-06-27 14:34:56  C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
-c----w           459,264 2007-06-27 14:34:56  C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
-c----w            52,224 2007-06-27 14:34:56  C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
-c--a-w         3,583,488 2007-07-19 06:59:59  C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
-c--a-w           477,696 2007-06-27 14:34:57  C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
-c--a-w           193,024 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
-c--a-w           671,232 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
-c----w           102,400 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
-c----w           105,984 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
-c--a-w         1,152,000 2007-06-27 14:34:58  C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
-c----w           232,960 2007-06-27 14:34:59  C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
-c--a-w           823,808 2007-06-27 14:34:59  C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AECDBE9E-0F34-4F3A-9298-80184EF06D29}]
2003-07-16 16:26    105541  --a------   C:\WINDOWS\system32\dgsetu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-01-28 16:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 13:47]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 13:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0d\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC]
"C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1102310935\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCFCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scan Spyware]
"C:\Program Files\ScanSpyware v3.6\Scanner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\You've Got Pictures Screensaver]
C:\Program Files\Common Files\AOL\Screensaver\ygpsstra.exe

R0 bwtxznul;bwtxznul;C:\WINDOWS\system32\drivers\ozhvqaso.sys
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S3 hfznagrr;hfznagrr;C:\WINDOWS\system32\drivers\hfznagrr.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 PAC207;Basic Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 xlink;XLink Driver (xlink.sys);C:\WINDOWS\system32\Drivers\xlink.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\36287c26-6fe0-4d80-89df-1cb736ca253a]
C:\WINDOWS\system32\doxqaxo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\36287c26-6fe0-4d80-89df-1cb736ca253a]
C:\WINDOWS\system32\doxqaxo.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-14 15:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-17 02:23:02 C:\WINDOWS\Tasks\McAfee.com Update Check (JNE-Owner).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-17 00:47:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-10-17  0:51:04 - machine was rebooted 
C:\ComboFix-quarantined-files.txt ... 2007-10-17 00:50
C:\ComboFix2.txt ... 2007-10-13 20:31
C:\ComboFix3.txt ... 2007-10-12 10:17
.
    --- E O F ---