You are not connected. Please login or register

Cheetah-Fast Antivirus Forum (formerly The Ultimate Geek TaskForce!) » Malware/Threat Removal » "antiriceonline" virus ?

Goto page : 1, 2  Next

View previous topic View next topic Go down  Message [Page 1 of 2]

1 "antiriceonline" virus ? on Mon Jan 18, 2010 3:34 pm

TriciaM


Forum Enthusiast
Forum Enthusiast
I was doing a search a few min ago. I came across what I thought was a legitimate site for historic maps. Clicked on it, and I abruptly got the "your computer has viruses" pop up. I did not click on it. I brought up task manager and ended it that way. Upon opening Firefox again, I got the pop up again (I'm guessing Firefox restored my windows.) I ended it again and started a new session. I did a search on this "antiriceonline" and could not find much on it. I was directed to the antiriceonline site from "tigereyephotography.com" . Who knows what it put onto my computer. I guess I'll need to do a scan now.....Since I didn't find much info about the antiriceonline "site", I wanted to post it. Maybe next time I'll listen to my Web of Trust ratings !!!

View user profile

2 Re: "antiriceonline" virus ? on Mon Jan 18, 2010 3:48 pm

E-Mu


Expert
Web of Trust is there to help Smile

Please download Malwarebytes Anti-Malware from here.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

A trained advisor will help you out once the log has been posted but I might aswell ask you to post this now so they can start straight away.

You will have to hold off on this Missing RAID driver/BSOD topic for the time being as Malware clean ups take priority and nothing else should be altered until you are deemed clean.
Rest assure we will still help you with that problem once this issue is sorted. Smile


..........................................................
If I have not replied within 48hours, feel free to send me a PM
Forum Rules & Guidelines

Please reply to your post - good or bad - the feedback is invaluable.
View user profile

3 Re: "antiriceonline" virus ? on Mon Jan 18, 2010 6:18 pm

TriciaM


Forum Enthusiast
Forum Enthusiast
Thanks. It's scanning now. I'll be back tonight after it's done. I'm hoping that it didn't get the chance to do anything !

View user profile

4 Re: "antiriceonline" virus ? on Mon Jan 18, 2010 6:58 pm

TriciaM


Forum Enthusiast
Forum Enthusiast
I got the BSOD while scanning and had to turn the computer off to get out of it. Here is the "WhoCrashed" info on it. I also wrote down the specifics. It gave me some instructions after it directed me to the Microsoft page, which are in blue.

Download and install the driver for your RAID controller

Your RAID controller is missing a driver.

To solve this problem, follow these steps:
1. Click to download the driver from the Intel websiteClick to download the driver from the Intel website
2. Click Download for the multi-language driver or the appropriate language-specific driver if one is listed.
3. Read the license agreement, and then click Accept if you accept the terms and conditions.
4. Next to Download, click the link to download the driver.
5. In the File Download dialog box, click Run or Open.
6. Follow the steps in the installation wizard.

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Mon 1/18/2010 11:29:26 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x8086 (0x0, 0x0, 0x0, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini011810-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



Last edited by TriciaM on Mon Jan 18, 2010 7:13 pm; edited 1 time in total (Reason for editing : added info)

View user profile

5 Re: "antiriceonline" virus ? on Mon Jan 18, 2010 8:52 pm

DragonMaster Jay


Site Owner
Site Owner
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

6 Re: "antiriceonline" virus ? on Mon Jan 18, 2010 10:10 pm

TriciaM


Forum Enthusiast
Forum Enthusiast
ComboFix 10-01-18.02 - Tricia & Roger 01/18/2010 21:40:16.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.553 [GMT -5:00]
Running from: c:\documents and settings\Tricia & Roger\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-16 16:11 . 2010-01-16 16:15 -------- d-----w- c:\program files\WhoCrashed
2010-01-14 12:52 . 2010-01-14 12:52 -------- d-----w- c:\documents and settings\Tricia & Roger\Application Data\InstallShield
2010-01-06 22:20 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-26 13:08 . 2009-12-26 13:17 -------- d-----w- c:\documents and settings\Tricia & Roger\Application Data\ZoomBrowser EX
2009-12-23 18:52 . 2010-01-05 15:18 52224 ----a-w- c:\documents and settings\Tricia & Roger\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 21:10 . 2009-12-22 21:10 -------- d-----w- c:\windows\system32\syncdb
2009-12-22 13:50 . 2010-01-11 00:00 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 02:06 . 2004-11-23 07:52 -------- d-----w- c:\program files\Intel
2010-01-19 01:59 . 2007-09-30 02:24 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-19 01:44 . 2009-10-09 13:33 144 ----a-w- c:\windows\system32\pdfl.dat
2010-01-18 16:52 . 2008-10-02 00:43 61216 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-18 05:37 . 2010-01-18 13:31 1601536 ----a-w- c:\windows\Internet Logs\xDB59.tmp
2010-01-14 23:23 . 2010-01-15 12:38 8704 ----a-w- c:\windows\Internet Logs\xDB58.tmp
2010-01-14 23:06 . 2010-01-14 23:23 938496 ----a-w- c:\windows\Internet Logs\xDB57.tmp
2010-01-14 22:34 . 2009-10-06 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-14 05:14 . 2009-10-06 13:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-13 04:15 . 2010-01-13 11:41 522752 ----a-w- c:\windows\Internet Logs\xDB56.tmp
2010-01-13 01:42 . 2009-10-14 16:34 -------- d-----w- c:\documents and settings\Tricia & Roger\Application Data\#ISW.FS#
2010-01-12 03:39 . 2010-01-12 12:50 549376 ----a-w- c:\windows\Internet Logs\xDB55.tmp
2010-01-11 01:05 . 2010-01-11 11:56 8704 ----a-w- c:\windows\Internet Logs\xDB54.tmp
2010-01-11 00:54 . 2010-01-11 01:05 2342400 ----a-w- c:\windows\Internet Logs\xDB53.tmp
2010-01-11 00:54 . 2010-01-11 01:05 365056 ----a-w- c:\windows\Internet Logs\xDB52.tmp
2010-01-11 00:01 . 2009-09-30 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 00:00 . 2009-10-06 13:03 -------- d-----w- c:\program files\SpywareBlaster
2010-01-10 23:44 . 2005-07-14 00:46 -------- d-----w- c:\program files\Yahoo!
2010-01-09 05:50 . 2010-01-09 12:41 2322432 ----a-w- c:\windows\Internet Logs\xDB51.tmp
2010-01-09 05:50 . 2010-01-09 12:41 560640 ----a-w- c:\windows\Internet Logs\xDB50.tmp
2010-01-08 13:24 . 2010-01-08 13:25 782848 ----a-w- c:\windows\Internet Logs\xDB4F.tmp
2010-01-07 21:07 . 2009-09-30 12:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-09-30 12:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 04:17 . 2010-01-07 13:23 249856 ----a-w- c:\windows\Internet Logs\xDB4E.tmp
2010-01-06 22:30 . 2010-01-06 22:57 8704 ----a-w- c:\windows\Internet Logs\xDB4D.tmp
2010-01-06 22:27 . 2010-01-06 22:30 377856 ----a-w- c:\windows\Internet Logs\xDB4C.tmp
2010-01-06 02:07 . 2010-01-06 12:18 281600 ----a-w- c:\windows\Internet Logs\xDB4B.tmp
2010-01-05 19:29 . 2007-10-30 02:31 44337735 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-05 19:24 . 2010-01-05 19:29 2306560 ----a-w- c:\windows\Internet Logs\xDB4A.tmp
2010-01-05 15:18 . 2009-09-30 04:55 117760 ----a-w- c:\documents and settings\Tricia & Roger\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-05 11:50 . 2010-01-05 19:29 8704 ----a-w- c:\windows\Internet Logs\xDB49.tmp
2010-01-05 05:27 . 2010-01-05 11:50 2305024 ----a-w- c:\windows\Internet Logs\xDB48.tmp
2010-01-05 05:27 . 2010-01-05 11:50 849920 ----a-w- c:\windows\Internet Logs\xDB47.tmp
2009-12-26 13:09 . 2009-06-24 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-12-26 04:01 . 2009-12-26 12:39 1678336 ----a-w- c:\windows\Internet Logs\xDB45.tmp
2009-12-26 04:01 . 2009-12-26 12:39 2293248 ----a-w- c:\windows\Internet Logs\xDB46.tmp
2009-12-25 04:59 . 2009-12-25 12:38 2296320 ----a-w- c:\windows\Internet Logs\xDB44.tmp
2009-12-24 21:47 . 2004-11-30 03:32 37536 ----a-w- c:\documents and settings\Tricia & Roger\Application Data\wklnhst.dat
2009-12-24 04:04 . 2009-12-24 10:56 2301952 ----a-w- c:\windows\Internet Logs\xDB43.tmp
2009-12-23 18:54 . 2009-09-30 04:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-23 04:08 . 2009-12-23 11:43 832000 ----a-w- c:\windows\Internet Logs\xDB42.tmp
2009-12-22 21:23 . 2004-11-30 03:17 81744 ----a-w- c:\documents and settings\Tricia & Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 21:17 . 2004-12-04 05:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 05:29 . 2009-12-22 12:20 682496 ----a-w- c:\windows\Internet Logs\xDB40.tmp
2009-12-22 05:29 . 2009-12-22 12:20 2273280 ----a-w- c:\windows\Internet Logs\xDB41.tmp
2009-12-21 05:47 . 2009-12-21 12:10 579072 ----a-w- c:\windows\Internet Logs\xDB3F.tmp
2009-12-20 04:51 . 2009-12-20 12:38 2281984 ----a-w- c:\windows\Internet Logs\xDB3E.tmp
2009-12-20 04:51 . 2009-12-20 12:38 579072 ----a-w- c:\windows\Internet Logs\xDB3D.tmp
2009-12-19 23:09 . 2009-12-19 22:17 -------- d-----w- c:\documents and settings\Tricia & Roger\Application Data\Facebook
2009-12-19 05:44 . 2009-12-19 12:00 1218048 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
2009-12-17 05:02 . 2009-12-17 11:30 1124864 ----a-w- c:\windows\Internet Logs\xDB3B.tmp
2009-12-15 04:28 . 2009-12-15 11:16 2242560 ----a-w- c:\windows\Internet Logs\xDB3A.tmp
2009-12-15 04:28 . 2009-12-15 11:16 1045504 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-12-14 18:33 . 2009-12-08 01:30 -------- d-----w- c:\documents and settings\Tricia & Roger\Application Data\gtk-2.0
2009-12-12 12:20 . 2009-12-13 11:59 8704 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-12-12 06:04 . 2009-12-12 12:20 1461248 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-12-08 01:23 . 2009-12-08 01:22 -------- d-----w- c:\program files\GIMP-2.0
2009-12-07 12:22 . 2009-12-09 15:17 8704 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-12-07 05:46 . 2009-12-07 12:22 566784 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-12-06 05:06 . 2009-12-06 12:00 510464 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-12-05 05:19 . 2009-12-05 12:27 1148928 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-12-03 04:00 . 2009-12-03 11:18 1095168 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-12-01 03:46 . 2009-12-01 12:53 1224704 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-11-29 01:20 . 2009-11-29 01:21 2165248 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-11-29 01:20 . 2009-11-29 01:21 1346048 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-11-26 22:53 . 2009-11-26 22:50 -------- d-----w- c:\program files\QuickTime
2009-11-26 22:50 . 2006-07-08 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-26 08:17 . 2009-11-26 08:18 2164224 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-11-26 08:17 . 2009-11-26 08:18 920064 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-11-25 01:12 . 2009-11-25 02:51 445952 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-11-24 03:23 . 2009-11-24 12:18 1022464 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-11-22 04:24 . 2009-11-22 12:42 751104 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-11-21 15:51 . 2004-08-04 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 03:37 . 2009-11-21 10:50 1563648 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-11-18 02:07 . 2009-11-18 12:17 2664960 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-11-15 05:47 . 2009-11-15 11:50 2064896 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-11-12 04:23 . 2009-11-12 12:48 2627072 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-11-10 12:04 . 2009-11-10 12:06 2035712 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-11-07 04:28 . 2009-11-07 12:02 833536 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-11-06 02:51 . 2009-11-06 02:51 512512 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-11-05 05:26 . 2009-11-05 11:57 2013184 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-11-05 05:26 . 2009-11-05 11:57 728064 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-11-04 13:38 . 2009-11-04 13:38 152576 ----a-w- c:\documents and settings\Tricia & Roger\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 05:11 . 2009-11-04 12:48 526336 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-11-03 05:24 . 2009-11-03 12:53 2006528 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-11-03 05:24 . 2009-11-03 12:53 1122304 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-11-02 05:40 . 2009-11-02 10:37 2010624 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-11-01 19:53 . 2009-11-01 19:54 321024 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-11-01 19:53 . 2009-11-01 19:54 2014208 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-11-01 05:30 . 2009-11-01 12:45 713216 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-10-31 03:56 . 2009-10-31 11:36 1979392 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-10-31 03:56 . 2009-10-31 11:36 561664 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-10-30 04:08 . 2009-10-30 10:37 1982976 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-10-30 04:08 . 2009-10-30 10:37 547328 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-10-29 07:45 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 03:36 . 2009-10-29 11:37 8704 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-10-29 03:31 . 2009-10-29 03:36 1973248 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-10-29 03:31 . 2009-10-29 03:36 1560576 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-10-26 04:28 . 2009-10-26 12:52 1967104 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-10-26 04:28 . 2009-10-26 12:52 547840 ----a-w- c:\windows\Internet Logs\xDB11.tmp
.

((((((((((((((((((((((((((((( SnapShot_2009-11-22_01.17.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-09 13:33 . 2009-08-27 01:09 72584 c:\windows\zllsputility.exe
+ 2009-10-09 13:33 . 2009-10-17 06:39 72584 c:\windows\zllsputility.exe
+ 2010-01-19 01:42 . 2010-01-19 01:42 16384 c:\windows\temp\Perflib_Perfdata_3c0.dat
+ 2010-01-19 01:42 . 2010-01-19 01:42 16384 c:\windows\temp\Perflib_Perfdata_210.dat
- 2009-10-09 13:32 . 2009-08-27 01:08 99208 c:\windows\SYSTEM32\ZoneLabs\zlquarantine.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 99208 c:\windows\SYSTEM32\ZoneLabs\zlquarantine.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 65928 c:\windows\SYSTEM32\ZoneLabs\zatray.exe
+ 2009-11-22 13:45 . 2009-10-17 06:39 17288 c:\windows\SYSTEM32\ZoneLabs\updlog.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 20872 c:\windows\SYSTEM32\ZoneLabs\lib\zsys.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 20872 c:\windows\SYSTEM32\ZoneLabs\lib\zsys.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 14216 c:\windows\SYSTEM32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 14216 c:\windows\SYSTEM32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 24968 c:\windows\SYSTEM32\ZoneLabs\lib\zfde.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 85384 c:\windows\SYSTEM32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 85384 c:\windows\SYSTEM32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 35720 c:\windows\SYSTEM32\ZoneLabs\lib\UpdateUI.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 35720 c:\windows\SYSTEM32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1488.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1488.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1487.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1487.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1486.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1486.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 18824 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 18824 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1460.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1460.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 10120 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1454.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 10120 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1454.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 14216 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1440.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 14216 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 12168 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1413.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 12168 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1413.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 29064 c:\windows\SYSTEM32\ZoneLabs\lib\NavBar.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 29064 c:\windows\SYSTEM32\ZoneLabs\lib\NavBar.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 12680 c:\windows\SYSTEM32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 12680 c:\windows\SYSTEM32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 35720 c:\windows\SYSTEM32\ZoneLabs\lib\Alert.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 35720 c:\windows\SYSTEM32\ZoneLabs\lib\Alert.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 38280 c:\windows\SYSTEM32\ZoneLabs\featuremap.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 38280 c:\windows\SYSTEM32\ZoneLabs\featuremap.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 98184 c:\windows\SYSTEM32\ZoneLabs\fbl.dll
- 2009-10-09 13:33 . 2009-08-27 01:08 74632 c:\windows\SYSTEM32\ZoneLabs\camupd.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 74632 c:\windows\SYSTEM32\ZoneLabs\camupd.dll
+ 2009-12-04 02:27 . 2010-01-18 22:08 48260 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0009.dat
+ 2009-10-22 13:21 . 2010-01-15 12:44 77763 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0008.dat
+ 2009-10-09 14:33 . 2010-01-15 12:44 74445 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0007.dat
+ 2009-10-09 14:33 . 2010-01-15 12:44 69815 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0006.dat
+ 2009-10-09 14:33 . 2010-01-15 12:44 71053 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0005.dat
+ 2009-10-09 14:33 . 2009-12-23 00:46 80939 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0004.dat
+ 2009-10-09 14:33 . 2009-12-23 00:46 76120 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0003.dat
- 2009-10-09 14:33 . 2009-11-18 21:36 90122 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0002.dat
+ 2009-10-09 14:33 . 2009-12-23 00:46 90122 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0002.dat
- 2009-10-09 14:33 . 2009-11-18 21:36 90107 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0001.dat
+ 2009-10-09 14:33 . 2009-12-23 00:46 90107 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0001.dat
+ 2009-11-03 22:12 . 2010-01-14 12:51 51228 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\blst\bl0015.dat
+ 2009-11-22 18:37 . 2009-11-22 18:37 33011 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\av\qscan\i386\win\klark32.dat
+ 2009-10-19 17:58 . 2009-12-10 18:27 36176 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\av\ark\i386\win\mark32.dat
+ 2009-10-09 13:43 . 2010-01-19 01:48 60549 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0002.dat
+ 2009-10-09 13:43 . 2010-01-18 19:08 54495 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0001.dat
+ 2009-11-22 13:45 . 2009-10-12 23:15 10240 c:\windows\SYSTEM32\ZoneLabs\avsys\queue.dll
- 2009-10-09 13:32 . 2009-07-02 21:55 90112 c:\windows\SYSTEM32\ZoneLabs\avsys\prremote.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 90112 c:\windows\SYSTEM32\ZoneLabs\avsys\prremote.dll
- 2009-10-09 13:32 . 2009-07-02 21:55 81920 c:\windows\SYSTEM32\ZoneLabs\avsys\kavessi.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 81920 c:\windows\SYSTEM32\ZoneLabs\avsys\kavessi.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 81920 c:\windows\SYSTEM32\ZoneLabs\avsys\kavesd.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 25600 c:\windows\SYSTEM32\ZoneLabs\avsys\IpcLib.dll
- 2009-10-09 13:32 . 2009-07-02 21:55 25600 c:\windows\SYSTEM32\ZoneLabs\avsys\IpcLib.dll
+ 2009-11-22 13:45 . 2009-04-29 23:02 23040 c:\windows\SYSTEM32\ZoneLabs\avsys\install\psapi.dll
- 2009-10-09 13:32 . 2009-04-29 22:02 23040 c:\windows\SYSTEM32\ZoneLabs\avsys\install\psapi.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 73728 c:\windows\SYSTEM32\ZoneLabs\avsys\fssync.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 61440 c:\windows\SYSTEM32\ZoneLabs\avsys\CKAHComm.dll
- 2009-10-09 13:32 . 2009-07-02 21:55 61440 c:\windows\SYSTEM32\ZoneLabs\avsys\CKAHComm.dll
+ 2009-12-04 02:27 . 2010-01-18 22:08 48260 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0009.dat
+ 2009-10-22 13:21 . 2010-01-15 12:44 77763 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0008.dat
+ 2009-10-09 14:34 . 2010-01-15 12:44 74445 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0007.dat
+ 2009-10-09 14:34 . 2010-01-15 12:44 69815 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0006.dat
+ 2009-10-09 13:32 . 2010-01-15 12:44 71053 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0005.dat
+ 2009-10-09 13:32 . 2009-12-23 00:47 80939 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0004.dat
+ 2009-10-09 13:32 . 2009-12-23 00:47 76120 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0003.dat
- 2009-10-09 13:32 . 2009-11-18 21:36 90122 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0002.dat
+ 2009-10-09 13:32 . 2009-12-23 00:47 90122 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0002.dat
- 2009-10-09 13:32 . 2009-11-18 21:36 90107 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0001.dat
+ 2009-10-09 13:32 . 2009-12-23 00:47 90107 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\wmuf0001.dat
+ 2009-10-09 13:32 . 2009-12-10 18:27 36176 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\mark32.dat
+ 2009-11-22 18:37 . 2009-11-22 18:37 33011 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\klark32.dat
+ 2009-11-04 01:12 . 2010-01-14 12:51 51228 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\bl0015.dat
+ 2009-10-09 13:32 . 2010-01-19 01:48 60549 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\apu0002.dat
+ 2009-10-09 13:32 . 2010-01-18 19:08 54495 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\apu0001.dat
+ 2009-11-22 13:45 . 2009-10-17 06:39 69000 c:\windows\SYSTEM32\zlcomm.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 69000 c:\windows\SYSTEM32\zlcomm.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 41864 c:\windows\SYSTEM32\vswmi.dll
+ 2009-10-09 13:32 . 2009-10-17 06:39 41864 c:\windows\SYSTEM32\vswmi.dll
+ 2009-10-09 13:32 . 2009-10-17 06:39 58248 c:\windows\SYSTEM32\vsregexp.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 58248 c:\windows\SYSTEM32\vsregexp.dll
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\SYSTEM32\tzchange.exe
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\SYSTEM32\tzchange.exe
- 2004-08-04 11:00 . 2008-04-14 00:12 75776 c:\windows\SYSTEM32\strmfilt.dll
+ 2004-08-04 11:00 . 2009-10-21 05:38 75776 c:\windows\SYSTEM32\strmfilt.dll
- 2004-08-04 11:00 . 2008-04-14 00:12 79872 c:\windows\SYSTEM32\raschap.dll
+ 2004-08-04 11:00 . 2009-10-12 13:38 79872 c:\windows\SYSTEM32\raschap.dll
- 2004-11-23 07:44 . 2009-11-01 12:48 71732 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-11-23 07:44 . 2009-12-09 15:19 71732 c:\windows\SYSTEM32\PERFC009.DAT
+ 2006-10-17 18:33 . 2009-10-29 07:45 55296 c:\windows\SYSTEM32\msfeedsbs.dll
- 2006-10-17 18:33 . 2009-08-29 08:08 55296 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2007-11-26 19:51 . 2010-01-14 22:07 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2007-11-26 19:51 . 2009-10-04 03:58 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 11:00 . 2009-08-29 08:08 25600 c:\windows\SYSTEM32\jsproxy.dll
+ 2004-08-04 11:00 . 2009-10-29 07:45 25600 c:\windows\SYSTEM32\jsproxy.dll
+ 2004-08-04 11:00 . 2009-10-21 05:38 25088 c:\windows\SYSTEM32\httpapi.dll
+ 2004-08-04 11:00 . 2009-10-15 16:28 81920 c:\windows\SYSTEM32\fontsub.dll
- 2004-08-04 11:00 . 2009-06-16 14:36 81920 c:\windows\SYSTEM32\fontsub.dll
- 2009-06-20 12:48 . 2009-08-29 08:08 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
+ 2009-06-20 12:48 . 2009-10-29 07:45 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\SYSTEM32\DLLCACHE\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\SYSTEM32\DLLCACHE\raschap.dll
+ 2007-05-11 13:48 . 2009-10-29 07:45 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-05-11 13:48 . 2009-08-29 08:08 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2006-05-10 05:22 . 2009-08-29 08:08 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2006-05-10 05:22 . 2009-10-29 07:45 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\SYSTEM32\DLLCACHE\httpapi.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\SYSTEM32\DLLCACHE\fontsub.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\SYSTEM32\DLLCACHE\fontsub.dll
+ 2010-01-14 22:02 . 2010-01-14 22:03 87618 c:\windows\SYSTEM32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwMenu.dll
- 2008-09-15 21:34 . 2009-01-17 00:16 94208 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 79488 c:\windows\SYSTEM32\Adobe\Shockwave 11\gtapi.dll
+ 2009-11-26 08:00 . 2009-11-26 08:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
- 2004-11-23 07:57 . 2009-11-12 04:23 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2004-11-23 07:57 . 2009-12-09 03:00 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2004-11-23 07:57 . 2009-12-09 03:00 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-11-23 07:57 . 2009-11-12 04:23 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2004-11-23 07:57 . 2009-11-12 04:23 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2004-11-23 07:57 . 2009-12-09 03:00 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2004-11-23 07:57 . 2009-11-12 04:23 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2004-11-23 07:57 . 2009-12-09 03:00 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-12-09 03:01 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-09 03:01 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-09 03:01 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-11-26 08:01 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-26 08:01 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2009-12-09 03:01 . 2008-04-14 00:12 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2009-12-09 03:02 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-09 03:02 . 2008-04-14 00:11 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2009-12-09 03:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE8\update\spcustom.dll
+ 2009-12-09 03:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE8\spmsg.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 12800 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\xpshims.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 55296 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeedsbs.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 25600 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\jsproxy.dll
+ 2009-12-09 02:59 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-09 02:59 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:28 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-12-09 03:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-09 03:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2009-11-26 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-26 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2009-12-09 02:59 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-09 02:59 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2010-01-12 12:56 . 2010-01-14 21:53 2828 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\blst\bl0016.dat
+ 2009-10-09 14:31 . 2010-01-19 01:48 3017 c:\windows\SYSTEM32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0003.dat
+ 2010-01-12 12:56 . 2010-01-14 21:53 2828 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\bl0016.dat
+ 2009-10-09 13:32 . 2010-01-19 01:48 3017 c:\windows\SYSTEM32\ZoneLabs\avsys\bases\apu0003.dat
- 2008-09-15 21:34 . 2009-01-17 00:17 9216 c:\windows\SYSTEM32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:\windows\SYSTEM32\Adobe\Shockwave 11\DynaPlayer.dll
- 2004-11-23 07:57 . 2009-11-12 04:23 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2004-11-23 07:57 . 2009-12-09 03:00 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2004-11-23 07:57 . 2009-12-09 03:00 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2004-11-23 07:57 . 2009-11-12 04:23 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2004-11-23 07:57 . 2009-11-12 04:23 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-11-23 07:57 . 2009-12-09 03:00 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 141192 c:\windows\SYSTEM32\ZoneLabs\zlupdate.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 141192 c:\windows\SYSTEM32\ZoneLabs\zlupdate.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 172936 c:\windows\SYSTEM32\ZoneLabs\vsvault.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 172936 c:\windows\SYSTEM32\ZoneLabs\vsvault.dll
- 2009-10-09 13:31 . 2009-08-27 01:08 210824 c:\windows\SYSTEM32\ZoneLabs\vsdb.dll
+ 2009-10-09 13:31 . 2009-10-17 06:39 210824 c:\windows\SYSTEM32\ZoneLabs\vsdb.dll
+ 2009-11-22 13:45 . 2007-10-11 21:51 832984 c:\windows\SYSTEM32\ZoneLabs\updating.dll
- 2009-10-09 13:32 . 2007-10-11 20:51 832984 c:\windows\SYSTEM32\ZoneLabs\updating.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 434568 c:\windows\SYSTEM32\ZoneLabs\ssleay32.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 434568 c:\windows\SYSTEM32\ZoneLabs\ssleay32.dll
+ 2009-11-22 13:45 . 2009-12-11 22:16 135560 c:\windows\SYSTEM32\ZoneLabs\scheduler.dll
+ 2009-11-22 13:45 . 2009-07-14 04:58 722392 c:\windows\SYSTEM32\ZoneLabs\qrbase.dll
- 2009-10-09 13:32 . 2009-07-14 03:58 722392 c:\windows\SYSTEM32\ZoneLabs\qrbase.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 119688 c:\windows\SYSTEM32\ZoneLabs\lib\zui.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 119688 c:\windows\SYSTEM32\ZoneLabs\lib\zui.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 271240 c:\windows\SYSTEM32\ZoneLabs\lib\TrayTest.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 271240 c:\windows\SYSTEM32\ZoneLabs\lib\TrayTest.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 169352 c:\windows\SYSTEM32\ZoneLabs\lib\Overview.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 169352 c:\windows\SYSTEM32\ZoneLabs\lib\Overview.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 369544 c:\windows\SYSTEM32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 137608 c:\windows\SYSTEM32\ZoneLabs\lib\DashBoard.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 137608 c:\windows\SYSTEM32\ZoneLabs\lib\DashBoard.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 372104 c:\windows\SYSTEM32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 372104 c:\windows\SYSTEM32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-11-22 13:43 . 2009-10-10 01:33 579048 c:\windows\SYSTEM32\ZoneLabs\icslta.dll
- 2009-10-09 13:33 . 2009-08-26 21:34 284016 c:\windows\SYSTEM32\ZoneLabs\ffapi.dll
+ 2009-11-22 13:45 . 2009-10-14 21:54 284016 c:\windows\SYSTEM32\ZoneLabs\ffapi.dll
+ 2009-10-09 13:33 . 2008-03-17 21:52 813568 c:\windows\SYSTEM32\ZoneLabs\dbghelp.dll
- 2009-10-09 13:33 . 2008-03-17 20:52 813568 c:\windows\SYSTEM32\ZoneLabs\dbghelp.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 163840 c:\windows\SYSTEM32\ZoneLabs\avsys\prloader.dll
+ 2009-11-22 13:45 . 2009-04-29 23:01 626688 c:\windows\SYSTEM32\ZoneLabs\avsys\msvcr80.dll
- 2009-10-09 13:32 . 2009-04-29 22:01 626688 c:\windows\SYSTEM32\ZoneLabs\avsys\msvcr80.dll
- 2009-10-09 13:32 . 2009-04-29 22:01 548864 c:\windows\SYSTEM32\ZoneLabs\avsys\msvcp80.dll
+ 2009-11-22 13:45 . 2009-04-29 23:01 548864 c:\windows\SYSTEM32\ZoneLabs\avsys\msvcp80.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 245760 c:\windows\SYSTEM32\ZoneLabs\avsys\kavess.dll
- 2009-10-09 13:32 . 2009-07-02 21:55 245760 c:\windows\SYSTEM32\ZoneLabs\avsys\kavess.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 348160 c:\windows\SYSTEM32\ZoneLabs\avsys\kave8.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 198144 c:\windows\SYSTEM32\ZoneLabs\avsys\install\udinstaller64.exe
+ 2009-11-22 13:45 . 2009-10-12 23:15 139264 c:\windows\SYSTEM32\ZoneLabs\avsys\install\udinstaller32.exe
+ 2009-11-22 13:45 . 2009-10-12 23:15 317072 c:\windows\SYSTEM32\ZoneLabs\avsys\install\instdrivers\mklif\fre_wxp_x86\klif.sys
+ 2009-11-22 13:45 . 2009-10-12 23:15 305168 c:\windows\SYSTEM32\ZoneLabs\avsys\install\instdrivers\mklif\fre_wlh_x86\klif.sys
+ 2009-11-22 13:45 . 2009-10-12 23:15 128016 c:\windows\SYSTEM32\ZoneLabs\avsys\install\instdrivers\kl1\x86\kl1.sys
- 2009-10-09 13:32 . 2009-07-02 21:55 372736 c:\windows\SYSTEM32\ZoneLabs\avsys\CKAHUM.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 372736 c:\windows\SYSTEM32\ZoneLabs\avsys\CKAHUM.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 143360 c:\windows\SYSTEM32\ZoneLabs\avsys\CKAHStat.dll
- 2009-10-09 13:32 . 2009-07-02 21:55 143360 c:\windows\SYSTEM32\ZoneLabs\avsys\CKAHStat.dll
+ 2009-11-22 13:45 . 2009-10-12 23:15 135168 c:\windows\SYSTEM32\ZoneLabs\avsys\ckahrule.dll
- 2009-10-09 13:32 . 2009-07-02 21:55 135168 c:\windows\SYSTEM32\ZoneLabs\avsys\ckahrule.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 466312 c:\windows\SYSTEM32\ZoneLabs\av.dll
+ 2009-11-22 13:45 . 2009-10-17 06:39 103816 c:\windows\SYSTEM32\zlcommdb.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 103816 c:\windows\SYSTEM32\zlcommdb.dll
+ 2004-08-04 11:00 . 2009-08-25 09:17 354816 c:\windows\SYSTEM32\winhttp.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 109960 c:\windows\SYSTEM32\vsxml.dll
+ 2009-10-09 13:32 . 2009-10-17 06:39 109960 c:\windows\SYSTEM32\vsxml.dll
+ 2009-10-09 13:31 . 2009-10-17 06:39 620936 c:\windows\SYSTEM32\vsutil.dll
+ 2009-10-09 13:32 . 2009-10-17 06:39 299912 c:\windows\SYSTEM32\vspubapi.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 299912 c:\windows\SYSTEM32\vspubapi.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 107912 c:\windows\SYSTEM32\vsmonapi.dll
+ 2009-10-09 13:32 . 2009-10-17 06:39 107912 c:\windows\SYSTEM32\vsmonapi.dll
+ 2009-10-09 13:31 . 2009-10-17 06:39 227720 c:\windows\SYSTEM32\vsinit.dll
+ 2009-10-09 13:32 . 2009-10-17 06:39 486280 c:\windows\SYSTEM32\vsdatant.sys
+ 2009-10-09 13:31 . 2009-10-17 06:39 112008 c:\windows\SYSTEM32\vsdata.dll
- 2004-08-04 11:00 . 2009-06-16 14:36 119808 c:\windows\SYSTEM32\t2embed.dll
+ 2004-08-04 11:00 . 2009-10-15 16:28 119808 c:\windows\SYSTEM32\t2embed.dll
+ 2004-08-04 11:00 . 2009-10-12 13:38 149504 c:\windows\SYSTEM32\rastls.dll
- 2004-11-23 07:44 . 2009-11-01 12:48 442466 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-11-23 07:44 . 2009-12-09 15:19 442466 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-08-04 11:00 . 2009-10-29 07:45 206848 c:\windows\SYSTEM32\occache.dll
- 2004-08-04 11:00 . 2009-08-29 08:08 206848 c:\windows\SYSTEM32\occache.dll
+ 2004-08-04 11:00 . 2009-10-13 10:30 270336 c:\windows\SYSTEM32\oakley.dll
- 2004-08-04 11:00 . 2008-04-14 00:12 270336 c:\windows\SYSTEM32\oakley.dll
- 2006-10-17 18:33 . 2009-08-29 08:08 594432 c:\windows\SYSTEM32\msfeeds.dll
+ 2006-10-17 18:33 . 2009-10-29 07:45 594432 c:\windows\SYSTEM32\msfeeds.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2004-08-04 11:00 . 2009-08-29 08:08 184320 c:\windows\SYSTEM32\iepeers.dll
+ 2004-08-04 11:00 . 2009-10-29 07:45 184320 c:\windows\SYSTEM32\iepeers.dll
- 2004-08-04 11:00 . 2009-08-29 08:08 387584 c:\windows\SYSTEM32\iedkcs32.dll
+ 2004-08-04 11:00 . 2009-10-29 07:45 387584 c:\windows\SYSTEM32\iedkcs32.dll
+ 2004-08-04 11:00 . 2009-10-28 14:40 173056 c:\windows\SYSTEM32\ie4uinit.exe
- 2004-08-04 11:00 . 2009-08-28 10:35 173056 c:\windows\SYSTEM32\ie4uinit.exe
+ 2004-08-10 19:08 . 2009-12-23 11:43 280536 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2009-11-22 13:45 . 2009-10-12 23:15 317072 c:\windows\SYSTEM32\DRIVERS\klif.sys
+ 2009-11-22 13:45 . 2009-10-12 23:15 128016 c:\windows\SYSTEM32\DRIVERS\kl1.sys
+ 2004-08-04 11:00 . 2009-10-20 16:20 265728 c:\windows\SYSTEM32\DRIVERS\http.sys
- 2006-05-10 05:23 . 2009-08-29 08:08 916480 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2006-05-10 05:23 . 2009-10-29 07:45 916480 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\SYSTEM32\DLLCACHE\winhttp.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\SYSTEM32\DLLCACHE\t2embed.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\SYSTEM32\DLLCACHE\t2embed.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\SYSTEM32\DLLCACHE\rastls.dll
+ 2006-10-17 18:04 . 2009-10-29 07:45 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2006-10-17 18:04 . 2009-08-29 08:08 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\SYSTEM32\DLLCACHE\oakley.dll
+ 2007-05-11 13:48 . 2009-10-29 07:45 594432 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2007-05-11 13:48 . 2009-08-29 08:08 594432 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2009-06-20 12:48 . 2009-08-29 08:08 246272 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
+ 2009-06-20 12:48 . 2009-10-29 07:45 246272 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
- 2006-05-10 05:22 . 2009-08-29 08:08 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-05-10 05:22 . 2009-10-29 07:45 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-10-17 18:01 . 2009-10-29 07:45 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2006-10-17 18:01 . 2009-08-29 08:08 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2006-10-17 18:00 . 2009-10-28 14:40 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2006-10-17 18:00 . 2009-08-28 10:35 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\SYSTEM32\DLLCACHE\http.sys
+ 2009-10-29 04:55 . 2009-10-29 04:55 132472 c:\windows\SYSTEM32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwInit.exe
- 2008-09-15 21:34 . 2009-01-17 00:16 114688 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwHelper_1152602.exe
- 2008-09-15 21:34 . 2009-01-17 00:18 446464 c:\windows\SYSTEM32\Adobe\Shockwave 11\Proj.dll
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:\windows\SYSTEM32\Adobe\Shockwave 11\Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:\windows\SYSTEM32\Adobe\Shockwave 11\Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:\windows\SYSTEM32\Adobe\Shockwave 11\gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:\windows\SYSTEM32\Adobe\Shockwave 11\Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:\windows\SYSTEM32\Adobe\Director\SwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:\windows\SYSTEM32\Adobe\Director\np32dsw.dll
+ 2009-11-05 19:21 . 2009-11-05 19:21 537600 c:\windows\Installer\84a39f6.msp
+ 2009-11-26 08:00 . 2009-11-26 08:00 429568 c:\windows\Installer\641f180.msi
+ 2009-11-26 22:54 . 2009-11-26 22:54 796672 c:\windows\Installer\104e2f.msi
+ 2009-12-09 03:01 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-09 03:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-09 03:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-09 03:01 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-09 03:01 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-09 03:01 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-09 03:01 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-09 03:01 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-09 03:01 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\I386\http.sys
+ 2009-11-26 08:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-26 08:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2009-12-09 02:59 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-09 02:59 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-09 02:59 . 2008-04-14 00:12 270336 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-09 03:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-09 03:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-09 03:01 . 2008-04-14 00:12 150016 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-12-09 03:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-09 03:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-11-26 08:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-26 08:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2009-12-09 02:59 . 2008-12-16 12:30 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-09 02:59 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-09 02:59 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-12-09 03:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-09 03:02 . 2008-04-13 18:53 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-12-09 03:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976325-IE8\update\updspapi.dll
+ 2009-12-09 03:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976325-IE8\update\update.exe
+ 2009-12-09 03:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976325-IE8\spuninst.exe
+ 2009-12-09 02:49 . 2009-10-29 07:45 916480 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 206848 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\occache.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 594432 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeeds.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 246272 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieproxy.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 184320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iepeers.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 387584 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iedkcs32.dll
+ 2009-12-09 02:49 . 2009-10-28 14:10 173056 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ie4uinit.exe
+ 2009-12-09 02:59 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-09 02:59 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-09 02:59 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-09 03:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:28 . 2009-10-12 13:28 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-12-09 03:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-09 03:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-09 03:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-09 02:40 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2009-11-26 08:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-26 08:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-26 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2009-12-09 02:59 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-09 02:59 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-09 02:59 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:27 . 2009-08-25 09:27 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-09 03:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-09 03:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-10-09 13:32 . 2009-10-17 06:39 1238408 c:\windows\SYSTEM32\zpeng25.dll
- 2009-10-09 13:32 . 2009-08-27 01:08 1238408 c:\windows\SYSTEM32\zpeng25.dll
+ 2009-10-09 15:47 . 2010-01-10 16:40 1171968 c:\windows\SYSTEM32\ZoneLabs\zlqrtdb.dat
+ 2009-11-22 13:45 . 2009-10-17 06:39 1789320 c:\windows\SYSTEM32\ZoneLabs\vsruledb.dll
+ 2009-10-09 13:32 . 2009-10-17 06:41 2384240 c:\windows\SYSTEM32\ZoneLabs\vsmon.exe
+ 2009-11-22 13:45 . 2009-10-17 06:39 1536392 c:\windows\SYSTEM32\ZoneLabs\lib\zpy.zip.dll
- 2009-10-09 13:32 . 2009-08-27 01:09 1536392 c:\windows\SYSTEM32\ZoneLabs\lib\zpy.zip.dll
+ 2009-11-22 13:45 . 2009-10-13 22:19 1150976 c:\windows\SYSTEM32\ZoneLabs\avsys\updsdk.dll
- 2009-10-09 13:33 . 2009-06-23 21:31 1150976 c:\windows\SYSTEM32\ZoneLabs\avsys\updsdk.dll
- 2004-08-04 11:00 . 2009-08-29 08:08 1208832 c:\windows\SYSTEM32\urlmon.dll
+ 2004-08-04 11:00 . 2009-10-29 07:45 1208832 c:\windows\SYSTEM32\urlmon.dll
+ 2008-08-18 23:43 . 2009-07-31 15:05 1372672 c:\windows\SYSTEM32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\SYSTEM32\msxml4.dll
+ 2004-08-04 11:00 . 2009-07-31 04:35 1172480 c:\windows\SYSTEM32\msxml3.dll
+ 2004-08-04 11:00 . 2009-10-29 07:45 5940736 c:\windows\SYSTEM32\mshtml.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2006-10-17 17:57 . 2009-10-29 07:45 1985536 c:\windows\SYSTEM32\iertutil.dll
- 2006-10-17 17:57 . 2009-08-29 08:08 1985536 c:\windows\SYSTEM32\iertutil.dll
- 2006-05-10 05:23 . 2009-08-29 08:08 1208832 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2006-05-10 05:23 . 2009-10-29 07:45 1208832 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-08-18 23:43 . 2009-07-31 15:05 1372672 c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
+ 2008-11-12 14:16 . 2009-07-31 04:35 1172480 c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
+ 2006-05-19 15:08 . 2009-10-29 07:45 5940736 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2007-05-11 13:48 . 2009-08-29 08:08 1985536 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2007-05-11 13:48 . 2009-10-29 07:45 1985536 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:\windows\SYSTEM32\Adobe\Shockwave 11\iml32.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 1886320 c:\windows\SYSTEM32\Adobe\Shockwave 11\gt.exe
- 2008-09-15 21:34 . 2009-01-16 23:58 1798144 c:\windows\SYSTEM32\Adobe\Shockwave 11\dirapi.dll
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:\windows\SYSTEM32\Adobe\Shockwave 11\dirapi.dll
+ 2009-11-26 22:51 . 2009-11-26 22:51 9473024 c:\windows\Installer\104e1e.msi
+ 2009-12-09 03:01 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-09 03:01 . 2009-10-22 09:19 5939712 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-09 03:01 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2009-11-26 08:01 . 2008-09-10 01:14 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-26 08:01 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 1209344 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\urlmon.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 5944320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
+ 2009-12-09 02:49 . 2009-10-29 07:45 1986048 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iertutil.dll
+ 2009-11-25 08:03 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-25 08:03 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2005-05-11 02:43 . 2010-01-05 00:17 29634504 c:\windows\SYSTEM32\MRT.exe
+ 2006-10-17 18:33 . 2009-10-29 07:45 11069952 c:\windows\SYSTEM32\ieframe.dll
+ 2007-05-11 13:48 . 2009-10-29 07:45 11069952 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2009-12-09 03:01 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
+ 2009-10-29 18:15 . 2009-10-29 18:15 11070464 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --

View user profile

7 Re: "antiriceonline" virus ? on Mon Jan 18, 2010 10:11 pm

TriciaM


Forum Enthusiast
Forum Enthusiast
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 1174528]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 341504]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 1313792]
"Google Update"="c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-24 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AppMgrGui"="c:\program files\AppStream\WindowsClient\bin\exeForService.exe" [2006-09-27 24064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-04 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TBInfo"="iexplore.exe http:" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
2007-05-14 01:45 6656 ----a-w- c:\windows\SYSTEM32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\documents and settings\Tricia & Roger\Application Data\Facebook\facebook.exe"= c:\documents and settings\Tricia & Roger\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 APPSTREAM;APPSTREAM;c:\windows\SYSTEM32\DRIVERS\AppStream.sys [5/13/2007 8:33 PM 115284]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 10:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
R2 AppMgrService;AWE 5.1.0 Application Manager;c:\program files\AppStream\WindowsClient\bin\AppMgrService.exe [9/27/2006 6:49 PM 1990656]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/26/2009 11:20 AM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/26/2009 11:20 AM 476528]
R2 REGHOOK;REGHOOK;c:\windows\SYSTEM32\DRIVERS\RegHook.sys [9/27/2006 6:27 PM 54879]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [7/11/2006 7:22 AM 857088]
R2 VSPD;VSPD;c:\windows\SYSTEM32\DRIVERS\VSPD.sys [9/27/2006 6:27 PM 31321]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [8/26/2009 11:20 AM 35448]
S3 BW2NDIS5;BW2NDIS5;c:\windows\SYSTEM32\DRIVERS\BW2NDIS5.SYS [11/1/2004 1:16 PM 17536]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [9/30/2009 7:00 AM 38224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-186917913-2315771567-692555066-1006Core.job
- c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-24 11:55]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-186917913-2315771567-692555066-1006UA.job
- c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-24 11:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
Trusted Zone: broderbund.com\support
Trusted Zone: mypublisher.com\www
Trusted Zone: riverdeep.net\smartdownload
Trusted Zone: uspsoig.gov\portal2003
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://www.ansonncrod.org/imw32o40.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.ansonncrod.org/prntpro2.CAB
FF - ProfilePath - c:\documents and settings\Tricia & Roger\Application Data\Mozilla\Firefox\Profiles\10loo8z7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Tricia & Roger\Application Data\Mozilla\Firefox\Profiles\10loo8z7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Tricia & Roger\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
"ImagePath"="system32\DRIVERS\cd20xrnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
"ImagePath"="system32\DRIVERS\cmdide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
"ImagePath"="system32\DRIVERS\cpqarray.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
"ImagePath"="system32\DRIVERS\dac2w2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
"ImagePath"="system32\DRIVERS\dac960nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
"ImagePath"="system32\DRIVERS\dpti2o.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvmcdb]
"ImagePath"="system32\drivers\drvmcdb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvncdb]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drvnddm]
"ImagePath"="system32\drivers\drvnddm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DSBrokerService]
"ImagePath"="\"c:\program files\DellSupport\brkrsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DSproct]
"ImagePath"="\??\c:\program files\DellSupport\GTAction\triggers\DSproct.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dsunidrv]
"ImagePath"="system32\DRIVERS\dsunidrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E100B]
"ImagePath"="system32\DRIVERS\e100b325.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FilterService]
"ImagePath"="system32\DRIVERS\lvuvcflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]
"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FSLX]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\getPlusHelper]
"ServiceDll"="c:\program files\NOS\bin\getPlus_Helper.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GRTdiMon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="system32\DRIVERS\hpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="system32\DRIVERS\i2omp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IAANTMon]
"ImagePath"="c:\program files\Intel\Intel Application Accelerator\iaantmon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\drivers\iaStor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\icsak]
"ImagePath"="\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="system32\DRIVERS\ini910u.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC51]
"ImagePath"="system32\DRIVERS\IntelC51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC52]
"ImagePath"="system32\DRIVERS\IntelC52.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC53]
"ImagePath"="system32\DRIVERS\IntelC53.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISWKL]
"ImagePath"="\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IswSvc]
"ImagePath"="\"c:\program files\CheckPoint\ZAForceField\IswSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JL2005C]
"ImagePath"="System32\Drivers\jl2005c.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kl1]
"ImagePath"="System32\DRIVERS\kl1.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KLIF]
"ImagePath"="system32\DRIVERS\klif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]
"ImagePath"="%SystemRoot%\system32\tcpsvcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Lvckap]
"ImagePath"="\??\c:\windows\system32\drivers\Lvckap.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvmvdrv]
"ImagePath"="\??\c:\windows\system32\drivers\lvmvdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvpopflt]
"ImagePath"="system32\DRIVERS\lvpopflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta]
"ImagePath"="system32\drivers\lvusbsta.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUVC]
"ImagePath"="system32\DRIVERS\lvuvc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MBAMSwissArmy]
"ImagePath"="\??\c:\windows\system32\drivers\mbamswissarmy.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mohfilt]
"ImagePath"="system32\DRIVERS\mohfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPE]
"ImagePath"="system32\DRIVERS\MPE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="system32\DRIVERS\mraid35x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDV]
"ImagePath"="system32\DRIVERS\msdv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\omci]
"ImagePath"="system32\DRIVERS\omci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2pgasvc]
"ServiceDll"="%SystemRoot%\system32\p2pgasvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
"ImagePath"="system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
"ImagePath"="system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc]
"ImagePath"="\??\c:\windows\system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PNRPSvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PortProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
"ImagePath"="system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
"ImagePath"="system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
"ImagePath"="system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
"ImagePath"="system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
"ImagePath"="system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\REGHOOK]
"ImagePath"="\??\c:\windows\System32\Drivers\REGHOOK.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASENUM]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\senfilt]
"ImagePath"="system32\drivers\senfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SimpTcp]
"ImagePath"="%SystemRoot%\system32\tcpsvcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sisagp]
"ImagePath"="system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMP]
"ImagePath"="%SystemRoot%\System32\snmp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
"ImagePath"="system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbhk5]
"ImagePath"="system32\drivers\sscdbhk5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssrtln]
"ImagePath"="system32\drivers\ssrtln.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
"ImagePath"="system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
"ImagePath"="system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
"ImagePath"="system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
"ImagePath"="system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip6.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnboio]
"ImagePath"="system32\dla\tfsnboio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsncofs]
"ImagePath"="system32\dla\tfsncofs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndrct]
"ImagePath"="system32\dla\tfsndrct.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndres]
"ImagePath"="system32\dla\tfsndres.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnifs]
"ImagePath"="system32\dla\tfsnifs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnopio]
"ImagePath"="system32\dla\tfsnopio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnpool]
"ImagePath"="system32\dla\tfsnpool.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudf]
"ImagePath"="system32\dla\tfsnudf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudfa]
"ImagePath"="system32\dla\tfsnudfa.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TivoBeacon2]
"ImagePath"="\"c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
"ImagePath"="system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
"ImagePath"="system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="System32\vsdatant.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsmon]
"ImagePath"="c:\windows\SYSTEM32\ZoneLabs\vsmon.exe -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSPD]
"ImagePath"="\??\c:\windows\System32\Drivers\VSPD.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w32time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9F308F8A-7C99-4907-AE93-02A349C53899}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{AEA69CD6-BEF8-4F41-8F9F-E3364390A66B}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{D847D4EC-2128-4DCA-BEB1-8E73F1CC5BE3}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\ASWLNDLL.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'lsass.exe'(956)
c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'csrss.exe'(856)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2010-01-18 21:54:46
ComboFix-quarantined-files.txt 2010-01-19 02:54
ComboFix2.txt 2009-11-22 01:29

Pre-Run: 3,462,062,080 bytes free
Post-Run: 4,067,934,208 bytes free

- - End Of File - - 386A2A11759A5915B68EA47342C6DC2F

View user profile

8 Re: "antiriceonline" virus ? on Mon Jan 18, 2010 10:18 pm

TriciaM


Forum Enthusiast
Forum Enthusiast
A couple things:

I've not been able to rid my system of "Earthlink TotalAccess". I've called them, and they supposedly walked me through the process, but I think it is still here. I do not use Earthlink, and we have not been affiliated with them for at least a few yrs now.

Cinema Resident (I think it is Dell ?) keeps wanting to access my system (I may be using the wrong terms here.). Zone Alarm keeps giving me a warning about it. Not sure if it is related to something we use, but I don't think so.

View user profile

9 Re: "antiriceonline" virus ? on Tue Jan 19, 2010 12:13 am

DragonMaster Jay


Site Owner
Site Owner
Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

10 Re: "antiriceonline" virus ? on Tue Jan 19, 2010 2:15 am

TriciaM


Forum Enthusiast
Forum Enthusiast
I also tried again to scan with MBAM. I got the blue screen again. I was never able to complete it.

ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=b68cde5d8156bd4393013f7aa66faf76
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-04 01:53:19
# local_time=2009-10-03 09:53:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=98788
# found=5
# cleaned=5
# scan_time=18615
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\evhbbweu.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mxrqrqwp.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1748\A0197294.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1754\A0201434.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1754\A0201435.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b68cde5d8156bd4393013f7aa66faf76
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-19 07:01:09
# local_time=2010-01-19 02:01:09 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 8633578 8633578 0 0
# compatibility_mode=8192 67108863 100 0 9191077 9191077 0 0
# compatibility_mode=9217 16776533 100 77 2714554 7895128 0 0
# scanned=102411
# found=0
# cleaned=0
# scan_time=4741



Last edited by TriciaM on Tue Jan 19, 2010 2:18 am; edited 1 time in total (Reason for editing : add info)

View user profile

11 Re: "antiriceonline" virus ? on Tue Jan 19, 2010 2:54 am

DragonMaster Jay


Site Owner
Site Owner
Let's do this again.

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

12 Re: "antiriceonline" virus ? on Tue Jan 19, 2010 11:34 am

TriciaM


Forum Enthusiast
Forum Enthusiast
Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Tue 1/19/2010 1:42:08 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x8086 (0x0, 0x0, 0x0, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini011810-02.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Mon 1/18/2010 11:29:26 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x8086 (0x0, 0x0, 0x0, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini011810-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Thu 1/14/2010 12:43:09 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x8086 (0x0, 0x0, 0x0, 0x0)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini011410-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Tue 1/5/2010 7:29:00 PM your computer crashed
This was likely caused by the following module: klif.sys
Bugcheck code: 0x1000008E (0xC0000005, 0x8056CA2E, 0xEB61D564, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini010510-01.dmp
file path: C:\WINDOWS\system32\drivers\klif.sys
product: Kaspersky™ Anti-Virus ®
company: Kaspersky Lab
description: Klif Mini-Filter [fre_wxp_x86]



On Sat 12/26/2009 12:39:04 PM your computer crashed
This was likely caused by the following module: klif.sys
Bugcheck code: 0x1000008E (0xC0000005, 0x8056CA2E, 0xAE61C564, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Dump file: C:\WINDOWS\Minidump\Mini122609-01.dmp
file path: C:\WINDOWS\system32\drivers\klif.sys
product: Kaspersky™ Anti-Virus ®
company: Kaspersky Lab
description: Klif Mini-Filter [fre_wxp_x86]




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

5 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

View user profile

13 Re: "antiriceonline" virus ? on Tue Jan 19, 2010 11:38 am

DragonMaster Jay


Site Owner
Site Owner
Please visit this webpage for instructions for downloading and running SUPERAntiSpyware to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

14 Re: "antiriceonline" virus ? on Tue Jan 19, 2010 4:33 pm

TriciaM


Forum Enthusiast
Forum Enthusiast
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2010 at 12:35 PM

Application Version : 4.33.1000

Core Rules Database Version : 4492
Trace Rules Database Version: 2307

Scan type : Complete Scan
Total Scan Time : 00:49:37

Memory items scanned : 559
Memory threats detected : 0
Registry items scanned : 6822
Registry threats detected : 0
File items scanned : 27790
File threats detected : 14

Adware.Tracking Cookie
c:\documents and settings\tricia & roger\cookies\tricia_&_roger@ads.infinisource[2].txt
c:\documents and settings\tricia & roger\cookies\tricia_&_roger@at.atwola[1].txt

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\ASHKKBQE.DLL
C:\WINDOWS\SYSTEM32\FVXGQULA.DLL
C:\WINDOWS\SYSTEM32\GTKHCBWK.DLL
C:\WINDOWS\SYSTEM32\RFXBQBAB.DLL
C:\WINDOWS\SYSTEM32\SXGBQPBX.DLL
C:\WINDOWS\SYSTEM32\TGDWVOBP.DLL
C:\WINDOWS\SYSTEM32\UXPVOIDP.DLL
C:\WINDOWS\SYSTEM32\VHQBRIMT.DLL
C:\WINDOWS\SYSTEM32\YEJPSOBS.DLL
C:\WINDOWS\SYSTEM32\YNMVHDPQ.DLL
C:\WINDOWS\SYSTEM32\YVEREJBA.DLL
C:\WINDOWS\SYSTEM32\YYJXEUCL.DLL

View user profile

15 Re: "antiriceonline" virus ? on Tue Jan 19, 2010 10:09 pm

DragonMaster Jay


Site Owner
Site Owner
Now, kindly try Malwarebytes' scan.


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

View previous topic View next topic Back to top  Message [Page 1 of 2]

Goto page : 1, 2  Next

Cheetah-Fast Antivirus Forum (formerly The Ultimate Geek TaskForce!) » Malware/Threat Removal » "antiriceonline" virus ?

Permissions in this forum:
You cannot reply to topics in this forum